Here's a question: What's the number 1 vector for security outbreaks today? Given the title of the article we hope you answered Virtual Private Networks (VPNs). Today's convenient world of mobile access to critical applications and information has come with a hefty burden for the world's already overburdened security teams.

Although you can go the DIY way and set up your own VPN server, using a dedicated VPN service provider would save you a lot of work and time. There are a few reputable VPN service providers out there, but for my money, StrongVPN is the best of the bunch. It offers reliable service and excellent support at competitive prices. I'm not affiliated with StrongVPN in any way, but I've been using their VPN solution for almost a year, and it has been a smooth ride so far.

To make your Ubuntu machine play nicely with StrongVPN, you have to configure a VPN connection using Gnome Network Manager.

For this setup I'll assume that you have two networks, A and B, in different locations, both connected to the Internet with broadband. At each location you will need a Linux system acting as a router/firewall to serve as the VPN end point. I'm using two Asus WL-500G Deluxe routers running OpenWRT RC5 -- a Linux distribution for embedded routers -- but you're free to use the hardware and distribution of your choice. You can use one of the BSDs, Mac OS X, or even Windows...

Virtual private networks (VPN) let remote users connect back to corporate networks over encrypted links. Many VPNs are built with proprietary technology and can be tricky and expensive to set up. For a small business or an individual who needs a simple way to securely access remote networks, setting up a true VPN might be prohibitively expensive in terms of both money and time. Let's look at two simple approaches that bring you transparency without the cost. All you need is Secure Shell (SSH) access to a server on the network you're trying to access.

So, we started thinking about how we might set up a VPN between the application server and our internal software mirror. The only requirement is that the VPN be initiated from the "inside-out" and that the connection is only active for as long as we need to use. In other words, it would only be active during an administration session. Ideally, it wouldn't be a lot of work to setup and tear down either.

SSH to the rescue...

Fortunately, SSH client and server come with support for this out of the box, requiring no additional software to be installed, and no configuration changes. On the server side, sshd, the setting "AllowTcpForwarding" defaults to "yes" unless your sshd_config file explicitly disables it. On the client side, all you have to do is request the forwarding.

A VPN, or Virtual Private Network, is a cryptosystem that allows you to secure your data as it travels over an insecure network such as the Internet. While this may sound similar to the SSH cryptosystem, VPNs have a different purpose. SSH was designed to allow a user to login securely to and remotely administer another computer. A VPN is designed to allow a user to access transparently the resources of a network. As far as the user is concerned, she will be able to do anything she normally would be able to do, even when she is away from the network. Because of this, VPNs are popular with telecommuters and with offices that need to share resources over physically separate locations.

OpenVPN is scalable; it permits creation of numerous endpoints through scripted interactions that work with push/pull options. This lets central servers quickly configure remote computers in a way that's completely transparent to end-users.

This document will introduce OpenVPN as a free, secure and easy to use and configure SSLbased VPN solution. The document will present some simple (and verified) scenario’s that might be useful for preparing security/networking labs with students, for creating a remote access solution or as a new project for the interested home user.

The cover declares that it is a “practical guide” for comparing such things as IPsec, MPLS Layer 3, L2TP (versions 2 and 3), AtoM, and SSL virtual private networks. What makes it a practical guide is that almost every chapter begins with a Benefits and Drawbacks section for the technology being discussed and immediately lets you know whether you should consider this or not. I found this approach extremely helpful and appreciated having that information at the beginning of the chapter.