… | |
… | |
145 | nodes over an untrusted network. This document first gives an introduction |
145 | nodes over an untrusted network. This document first gives an introduction |
146 | to VPNs in general and then describes the specific implementation of \s-1GVPE\s0. |
146 | to VPNs in general and then describes the specific implementation of \s-1GVPE\s0. |
147 | .Sh "\s-1WHAT\s0 \s-1IS\s0 A \s-1VPN\s0?" |
147 | .Sh "\s-1WHAT\s0 \s-1IS\s0 A \s-1VPN\s0?" |
148 | .IX Subsection "WHAT IS A VPN?" |
148 | .IX Subsection "WHAT IS A VPN?" |
149 | \&\s-1VPN\s0 is an acronym, it stands for: |
149 | \&\s-1VPN\s0 is an acronym, it stands for: |
150 | .IP "" 4 |
150 | .IP "Virtual" 4 |
151 | .IX Xref "Virtual" |
151 | .IX Item "Virtual" |
152 | Virtual means that no physical network is created (of course), but a |
152 | Virtual means that no physical network is created (of course), but a |
153 | network is \fIemulated\fR by creating multiple tunnels between the member |
153 | network is \fIemulated\fR by creating multiple tunnels between the member |
154 | nodes by encapsulating and sending data over another transport network. |
154 | nodes by encapsulating and sending data over another transport network. |
155 | .Sp |
155 | .Sp |
156 | Usually the emulated network is a normal \s-1IP\s0 or Ethernet, and the transport |
156 | Usually the emulated network is a normal \s-1IP\s0 or Ethernet, and the transport |
157 | network is the Internet. However, using a \s-1VPN\s0 system like \s-1GVPE\s0 to connect |
157 | network is the Internet. However, using a \s-1VPN\s0 system like \s-1GVPE\s0 to connect |
158 | nodes over other untrusted networks such as Wireless \s-1LAN\s0 is not uncommon. |
158 | nodes over other untrusted networks such as Wireless \s-1LAN\s0 is not uncommon. |
159 | .IP "" 4 |
159 | .IP "Private" 4 |
160 | .IX Xref "Private" |
160 | .IX Item "Private" |
161 | Private means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
161 | Private means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
162 | inject (\*(L"spoof\*(R") packets. This means that nodes can be connected over |
162 | inject (\*(L"spoof\*(R") packets. This means that nodes can be connected over |
163 | untrusted networks such as the public Internet without fear of being |
163 | untrusted networks such as the public Internet without fear of being |
164 | eavesdropped while at the same time being able to trust data sent by other |
164 | eavesdropped while at the same time being able to trust data sent by other |
165 | nodes. |
165 | nodes. |
166 | .Sp |
166 | .Sp |
167 | In the case of \s-1GVPE\s0, even participating nodes cannot sniff packets |
167 | In the case of \s-1GVPE\s0, even participating nodes cannot sniff packets |
168 | send to other nodes or spoof packets as if sent from other nodes, so |
168 | send to other nodes or spoof packets as if sent from other nodes, so |
169 | communications between any two nodes is private to those two nodes. |
169 | communications between any two nodes is private to those two nodes. |
170 | .IP "" 4 |
170 | .IP "Network" 4 |
171 | .IX Xref "Network" |
171 | .IX Item "Network" |
172 | Network means that more than two parties can participate in the network, |
172 | Network means that more than two parties can participate in the network, |
173 | so for instance it's possible to connect multiple branches of a company |
173 | so for instance it's possible to connect multiple branches of a company |
174 | into a single network. Many so-called \*(L"\s-1VPN\s0\*(R" solutions only create |
174 | into a single network. Many so-called \*(L"\s-1VPN\s0\*(R" solutions only create |
175 | point-to-point tunnels, which in turn can be used to build larger |
175 | point-to-point tunnels, which in turn can be used to build larger |
176 | networks. |
176 | networks. |