What is a VPN?

What is a VPN?
VPN stands for Virtual Private Network.  A VPN uses the Internet as it's transport mechanism, while maintaining the security of the data on the VPN.

But really, what IS a VPN?
There are several answers to that question.  It really depends on your network layout.  The most common configuration is to have a single main internal network with remote nodes using VPN to gain full access to the central net.  The remote nodes are commonly remote offices or employees working from home.  You can also link two small (or  large) networks to form an even larger single network.



So how does it work?
Put simply, to make a VPN, you create a secure tunnel between the two networks and route IP through it.  If I've lost you already, you should read The Linux Networking Overview HOWTO to learn more about networking with Linux.
Here are some diagrams to illustrate this concept:

The above diagram shows how the network might be set up.  If you don't know what IP Masquerading is, you should probably read the The Linux Networking  Overview HOWTO and come back once you understand how it works.
The Client Router is a Linux box acting as the gateway/firewall for the remote network.  The remote network uses the local IP address 192.168.12.0.  For the sake of a simple diagram, I left out the local routing information on the routers.  The basic idea is to route traffic for all of the private networks (10.0.0.0, 172.16.0.0, and 192.168.0.0) through the tunnel.  The setup shown here is one way.  That is, while the remote network can see the private network, the private network cannot necessarily see the remote network.  In order for that to happen, you must specify that the routes are bidirectional. From the diagram you should also note that all of the traffic coming out of the client router appears to be from the client router, that is, all from one IP address.  You could route real numbers from inside your network but that brings all sorts of security problems with it.

 SSH and PPP
The system that I describe to implement VPN uses SSH and PPP.  Basically I use ssh to create a tunnel connection, and then use pppd to run TCP/IP traffic though it. That's what makes up the tunnel.
The real trick to getting ssh and pppd to play well together is the utility written by Arpad Magosanyi that allows the redirection of standard in and standard out to a pseudo tty.  This allows pppd to talk through ssh as if it were a serial line.  On the server side, pppd is run as the users shell in the ssh session, completing the link. After that, all you need to do is the routing.

Alternative VPN Systems
There are of course other ways of setting up a VPN.  Here are a couple of other systems:
 PPTP
PPTP is a Microsoft protocol for VPN.  It is supported under Linux, but is known to have serious security issues.  I do not describe how to use it here since it is covered by the Linux VPN Masquerade HOWTO.
 IP Sec
IP Sec is a different set of protocols from SSH.  I don't actually know all that much about it, so if someone wants to help me out with a description, I'd be most appreciative.  Again, I do not describe how to use it here since it is covered by the Linux VPN Masquerade HOWTO.

CIPE
CIPE is a kernel level network encryption system that may be better suited to enterprise setups.  You can find out more about it at the CIPE homepage.