Virtual Private Networks (VPN) part 1 site to site

We use VPNs to enhance network security in two ways : site to site VPN and remote access vpn

A site to site VPN creates a connection between two private networks via the internet. The simplest example is a business with two sites. Each has its own internet connection

site 1 : router R1 external IP address

site 2 : router R2 external IP address

Ideally, each of the external IP addresses are static IP addresses – that is they do not change. The two routers create a secure tunnel between themselves and create a tunnel interface. Let’s say R1 has a tunnel interface of and R2 has a tunnel interface of

The static route from site 1 (network 1) to network 2 needs to be set in router 1 ie

Ip route

so an attempt to go to a computer on network 2 C2 from a computer in network 1 C1 is as follows

the C1 determines that the packet needs to go out of the subnet, sends it to the default gateway R1. R1 matches the destination against the static route and sends it to the tunnel interface on R2. R2 knows how to send the packet to C2 and does so

You will need the opposite route configured as well ie

Ip route

Now computers can see each other regardless of which site they are on.

This functionality is built into Next Generation Firewalls but often is available too on cheaper commodity modem routers as well. It is possible to tunnel from within the network with technology such as SoftEther or OpenVPN but the routing is more difficult