A Virtual Private Network (VPN) allows you to create a secure connection to another network via the Internet. VPNs are one of the easiest ways to set up secure data communications and should be the first place you look when exploring secure network connection options. With the right software and knowledge, setting up your own VPN is relatively easy to do and is a budget-friendly option for secure data communications.
There are two main types of VPN security protocols that are suitable for different purposes. Read our guide below to find out which type is best for your needs and to learn how you can set it up with your own software and minimal (if any) help from a third party.
1. Internet Protocol Security (IPsec) VPN
IPsec VPNs are the traditional VPN method. IPsec protocols use encryption. IPsec has additional security advantages besides encryption and requires special software (or a special device with the IPsec functionality built in, like a Cisco ASA firewall device). IPsec has two modes: transport and tunnel.
- Transport mode: only your data is encrypted. Transport mode is used between end stations.
- Tunnel mode: the entire IP packet is encrypted and then encapsulated in a new IP packet with a new header. This mode is typically used between gateways.
With IPsec VPN your server is treated as full member of the network. Therefore, these connections are best for those looking for remote access to another network or cloud provider.
For example, a site-to-site VPN is a permanent connection between two or more networks, such as a corporate network and the data center network. More specifically, this example could be the connection between your hosting services at Leaseweb and e.g. Azure (VPN Gateway). This type of VPN is typically setup as an IPsec VPN (or L2TP* over IPsec).
You can run IPsec directly from the server by creating the IPsec VPN server in Windows or Linux (which will be self-service), or you can use a VPN software application that enables IPsec VPN. It is also possible to use a connected network device (e.g. Cisco ASA firewall device, which can be set up together with the support of your hosting provider).
* L2TP (Layer 2 Tunnelling Protocol) and enables Layer 2 networking over the Layer 3 IPsec connection.
2. Secure Sockets Layer (SSL) VPN
SSL is a newer method for implementing VPNs that is rising in popularity. The SSL protocol and its successor Transport Layer Security (TLS) are interchangeable, and the term “SSL” is still widely used for both. SSL VPNs can be implemented through a remote user’s web browser, for example, and do not require the installation of special software (this is also known as clientless VPN). This makes SSL easy to set up and use.
SSL VPN also gives users more specific access than IPsec VPNs. Rather than becoming a full member of the network, remote team members can be granted access to particular applications. A few use cases this connection is best for is portals, remote users/workers, and application layer functions. A well-known SSL VPN software solution is OpenVPN.
SSL has two modes: portal and tunnel.
- Portal mode: also known as web mode, users access the VPN through a page in their web browser (the portal). This mode can only be used for web-based programs.
- Tunnel mode: users can access any applications on the network.
For example, a common SSL VPN usage is using a remote access VPN as a temporary connection between the remote user device and a data center VPN gateway.
While VPN connections provide safe and easy-to-setup network connections, they may not be for everyone. Companies with bandwidth-heavy workloads or high network latency requirements may find that VPN does not suit all their needs and may turn to alternative connections such as direct private connections. If you are unsure about what kind of connection is best for you, you can always send a message to your local Leaseweb sales team.