Before 1995, there were few choices for VPN’s. If you wanted to access your corporate networks or home network remotely you had to dial in (remember, using that modem thingy) or you were somebody important and had a private line into the company. Which was usually a expensive frame relay line, or a T-1.
Due to the huge leaps the Internet has made in terms of reliability and speed (With the wide spread deployment of broadband) since 1995. VPN’s are now a common and real option for most information technology users who need to access resources at work, and or at home from a remote location.)
Nortel, Cisco, and Netscreen ship hardware that can handle thousands, upon thousands of simultaneous VPN sessions into a corporate network. Aside from the fact these VPN’s provide a huge cost savings for companies, in addition with the advent of wireless the products can add the indirect cost benefit of helping to secure the wireless connections. By allowing people to VPN in over a wireless connection, wireless users are able to negate the security issues that inherent with 802.11a/b/g. Now workers can access the corporate network anywhere they have an Internet connection, whether the connection is wireless, broadband (DSL, Cable, Satellite), or even dial up. VPN’s can even be used to provide a low cost secure connection for the branch office that needs to connect to headquarters. No longer are expensive private lines, or slow dial up connections required.
Under Mac OS X there are several options, depending on your application and our requirements.
The first option is IPSec (IP Security Protocol), a standard that after a slow start, is fast becoming the preferred standard for VPN’s. IPSec is a cross platform standard that is supported under FreeBSD, OpenBSD, NetBSD, Linux, Solaris, Windows, and many different hardware devices. IPSec operates on the network layer (Layer 3 of the OSI model), which provides it with added scalability. Apple currently does not have a GUI configuration tool for ipsec, but you can configure it manually. This is because IPSec is a complicated specification, and there are currently some incompatibilities between some of the implementations of ipsec on the market. Apple seems to be waiting until this issue is hammered out before it implements a GUI tool for IPSec. Apple has included all the software at the command line to implement a IPSec VPN.
Two third parties have come up with GUI clients for IPSec. The first is Vapor Sec is freeware client/server from AFP548. Vapor Sec currently does not support configurations of some of the more advanced features of IPSec like Certificates, and Policies, but is a very solid client/server ipsec tool. Vapor SecOs web page lists it as being tested with numerous SonicWalls and a Linksys BEFVP41. The second product is VPN Tracker ($199.00) is a Mac OS X IPsec client from equinox Software. VPN Tracker lists support for Linux FreeS/WAN, PGPnet, Windows 2000/XP, SonicWALL, Check Point VPN-1 and ZyXEL ZyWALL wall ipsec clients. Equinox also has documentation on there web site for connecting to third party devices. Cisco, and Nortel also use IPSec in their VPN clients.
Point-to-Point Tunneling Protocol (PPTP) is another VPN protocol popularized by Microsoft. The PPTP client is popular because it supported under all versions of Windows. The fact that it was the first VPN protocol built in to Windows NT, the PPTP implementation in Mac OS X uses Challenge-Handshake Authentication Protocol (CHAP) as an authentication mechanism. It does not use PAP. The server implementation of PPTP can only be found on Mac OS X server.
The third option that I will go into briefly is SSH. SSH is a protocol that is designed to replace telnet, rloing, rsh, etc. The protocol is ubiquitous and available on almost every operating system in use today. SSH provides features such as port forwarding, PKI, and the choice of multiple encryption algorithms. In the sharing control panel when you start remote login, you are starting SSH.
In the enterprise software category there are products from Cisco, and Nortel. The products from Cisco, and Nortel scale from a hundred users to hundreds of thousands of users, and are cross platform.
As this article has shown, Mac OS X provides many options for VPN solutions. Some that are often over looked. Over the next couple of weeks I will go into detail about these solutions.