| … | |
… | |
| 145 | nodes over an untrusted network. This document first gives an introduction |
145 | nodes over an untrusted network. This document first gives an introduction |
| 146 | to VPNs in general and then describes the specific implementation of \s-1GVPE\s0. |
146 | to VPNs in general and then describes the specific implementation of \s-1GVPE\s0. |
| 147 | .Sh "\s-1WHAT\s0 \s-1IS\s0 A \s-1VPN\s0?" |
147 | .Sh "\s-1WHAT\s0 \s-1IS\s0 A \s-1VPN\s0?" |
| 148 | .IX Subsection "WHAT IS A VPN?" |
148 | .IX Subsection "WHAT IS A VPN?" |
| 149 | \&\s-1VPN\s0 is an acronym, it stands for: |
149 | \&\s-1VPN\s0 is an acronym, it stands for: |
| 150 | .IP "" 4 |
150 | .IP "Virtual" 4 |
| 151 | .IX Xref "Virtual" |
151 | .IX Item "Virtual" |
| 152 | Virtual means that no physical network is created (of course), but a |
152 | Virtual means that no physical network is created (of course), but a |
| 153 | network is \fIemulated\fR by creating multiple tunnels between the member |
153 | network is \fIemulated\fR by creating multiple tunnels between the member |
| 154 | nodes by encapsulating and sending data over another transport network. |
154 | nodes by encapsulating and sending data over another transport network. |
| 155 | .Sp |
155 | .Sp |
| 156 | Usually the emulated network is a normal \s-1IP\s0 or Ethernet, and the transport |
156 | Usually the emulated network is a normal \s-1IP\s0 or Ethernet, and the transport |
| 157 | network is the Internet. However, using a \s-1VPN\s0 system like \s-1GVPE\s0 to connect |
157 | network is the Internet. However, using a \s-1VPN\s0 system like \s-1GVPE\s0 to connect |
| 158 | nodes over other untrusted networks such as Wireless \s-1LAN\s0 is not uncommon. |
158 | nodes over other untrusted networks such as Wireless \s-1LAN\s0 is not uncommon. |
| 159 | .IP "" 4 |
159 | .IP "Private" 4 |
| 160 | .IX Xref "Private" |
160 | .IX Item "Private" |
| 161 | Private means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
161 | Private means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
| 162 | inject (\*(L"spoof\*(R") packets. This means that nodes can be connected over |
162 | inject (\*(L"spoof\*(R") packets. This means that nodes can be connected over |
| 163 | untrusted networks such as the public Internet without fear of being |
163 | untrusted networks such as the public Internet without fear of being |
| 164 | eavesdropped while at the same time being able to trust data sent by other |
164 | eavesdropped while at the same time being able to trust data sent by other |
| 165 | nodes. |
165 | nodes. |
| 166 | .Sp |
166 | .Sp |
| 167 | In the case of \s-1GVPE\s0, even participating nodes cannot sniff packets |
167 | In the case of \s-1GVPE\s0, even participating nodes cannot sniff packets |
| 168 | send to other nodes or spoof packets as if sent from other nodes, so |
168 | send to other nodes or spoof packets as if sent from other nodes, so |
| 169 | communications between any two nodes is private to those two nodes. |
169 | communications between any two nodes is private to those two nodes. |
| 170 | .IP "" 4 |
170 | .IP "Network" 4 |
| 171 | .IX Xref "Network" |
171 | .IX Item "Network" |
| 172 | Network means that more than two parties can participate in the network, |
172 | Network means that more than two parties can participate in the network, |
| 173 | so for instance it's possible to connect multiple branches of a company |
173 | so for instance it's possible to connect multiple branches of a company |
| 174 | into a single network. Many so-called \*(L"\s-1VPN\s0\*(R" solutions only create |
174 | into a single network. Many so-called \*(L"\s-1VPN\s0\*(R" solutions only create |
| 175 | point-to-point tunnels, which in turn can be used to build larger |
175 | point-to-point tunnels, which in turn can be used to build larger |
| 176 | networks. |
176 | networks. |
