One of the big challenges we have with local area networks is sometimes people want to connect to our local area network, but they're not very local. Now, what I'm talking about here is you are in a airport in Denver, and you want to connect to the local area network in Houston. Now, when I say connect to the local area network, I'm saying that you connect as though someone ran an ethernet cable from your switch all the way to your computer in Denver. If I'm in Denver, I want to have the same IP addresses as the computers that are within my local area network. I want to be within the same broadcast domain, I want to be able to do everything as though I was connecting directly to that local your network. This is important, folks, because a lot of people hear me say something like this and they're like, oh, you're talking about remote desktop or something like that.
That's a very different animal. When we talk about remote desktops, what we're talking about is emulating the desktop of a computer that's in that local area network from far away. If I want to connect to start And be in that network. I can copy files from a file server, and it's going to go on to my laptop here in the Denver Airport, just as if I was in that actual network. When you do remote desktop, what you're doing is you're connecting to a computer far away. And if you copy a file from a server, it's not coming into your laptop, it's coming into that one computer that is actually on the local area network.
So never confuse this type of jumping into the network with remote desktop. Now, there's two ways to connect to a remote local area network. Number one, and this is the expensive way to do it is that you can lease your own, why you can lease a T three line or whatever you want. And people will do it if you want. They cost 10s of thousands of dollars a month, but you can run a dedicated line from your local area network all the way out to the airport in Denver, and that would be really expensive and not a good way to go. So the cool part to all this We already have a connection between my laptop in the airport in Denver, and my office in Houston.
And that connection is the internet itself. Now the downside to the internet is that it's a public network. pretty much anybody who wants to can sniff and observe what you're doing. And we don't want to see people as we're grabbing critical files and things like that. We don't want people grabbing that stuff. So what we want to do is we want to take a public network the Internet, and virtualize it in essence, we're going to we're going to treat it like a virtual private network or a VPN.
And that's what this episode is all about. VPN. Now, before we get into this in too much detail, I need to warn you for the exam. They're really looking for conceptual answers, overview stuff. So we're going to keep it fairly light in terms of understanding and a broad spectrum what a VPN is. But I will also tell you that actually setting up a VPN can be a real pain.
So we're going to keep it live for here but be warned, it can be a challenge. To understand VPN, the most important thing you need to wrap your head around is the concept of endpoints. Let me show you what I mean. Here's a local area network that this is my home base. So just for fun, I'm going to say that my local area network has an internal IP address range of 192 168, four dot whatever. So anybody inside my local your networks going to have that IP address.
Now on the other end, here is some computers in an airport in Denver. Now this computer in an airport in Denver is going to have an IP address whatever the wireless network they're Denver gives them so for fun, I'm just going to say it's 10 dot 10 dot 10 dot, whatever. Okay. Now, what I want to do is I want to make this computer in Denver have the same IP address as all these computers at my local area network. So to do this, I am going to create a VPN tunnel. A VPN tunnel is a connection between two VPN endpoints.
Now in this case, my VPN endpoint on the land side could be here on my router itself, it could have some extra VPN software built into it. Or I could have a computer inside my local area network. And the router passes through VPN traffic to this little computer inside my network. And he could be the endpoint. I could even have a dedicated box, we call it a VPN concentrator whose only job is to take incoming VPN data, and then do something with it, which I'm about to explain. So that's one endpoint.
On the other side, here's my laptop, he's going to be the other VPN endpoint. So what takes place is this, I have to go through the process of making a connection. So on my laptop, I'm going to click on something and I'm going to say, create a VPN connection. And what we're actually making is a tunnel. So it looks kind of like a pipe between my laptop here and whatever VPN endpoint I happen to be using here. So when I make that connection, the VPN endpoint, the VPN, concentrator gateway, it has so many different names is actually going to use his public IP connection on the laptop.
So whatever that is, and he will create this connection to get to the local area network. But then the VPN concentrator, the VPN endpoint in my local area network will pass my laptop, an IP address that makes it part of my network. So we'll say the laptop is now 192 dot 168 dot four dot 100. So this type of example, where we have a single computer that's trying to phone home to a local area network is what we call a remote access VPN. But there's another very cool way to do it, and that's called site to site. Let me show you how that works.
So going back to our earlier diagram, what I want to do is instead of having one computer that wants to connect to a local area network, I want to have an entire Second local area network that wants to connect to my primary local area network. So let's pretend like my local area network here is in Houston. So now we got a bunch of computers in a field office in Dallas, that want to connect to Houston. So in this case, what I'm going to create is what's called a site to site VPN. In this case, I'm usually going to have two VPN endpoints, except on each side, they'll manifest as either a router or a VPN concentrator or some software running on a dedicated server or something like that. So that all these computers here in Dallas can get that 192 168 for a dress like the folks do in Houston.
Now, as you might imagine, a VPN compared to an actual Ethernet local area network connection is very, very slow. And this can be a challenge with VPNs because you're asking some internet connection to act like a gigabit Ethernet connection that's in your local area network. So things like showing all your network computers can be very, very slow file copying can be very, very slow. But it at least lets you get onto your local area network. They are wildly popular and total seminars, we have a VPN we use all the time. So speed is a big issue, we're always looking at ways to speed things up.
And one of the biggest problems we have, particularly with remote access VPN, is the concept of split versus full tunneling. Let's talk about that. So here's my laptop in Denver, and here's my local area network. Now normally, when I'm sitting in the Denver Airport, I want to go to google.com. I just type www.google.com. And he goes through however, the Denver Airport gets him to the internet and goes straight to Google.
But now let's go ahead and put that tunnel in now. So now, this laptop is connected to my local area network. So if he wants to transfer files or Anything that's no problem within the local network. But what happens if he types www.google.com right now? Well, let me show you what happens. Instead of going straight to Google through the ISP at the Denver Airport, he goes through the VPN over to the local area network, the local area network then sends it out the router, the router at your local area network in Houston goes to Google, it comes back to the local area network and gets sent out through the VPN endpoint and back over to my laptop in Denver.
As you can imagine, this process is a real pain and we don't want to do that. In fact, when the VPN client the laptop in Denver, sends the data through like that. We call that a full tunnel, and it's something we usually avoid. Normally, what we'll do instead is called a split tunnel and a split tunnel is very simple. The VPN endpoint on the laptop itself recognizes the type of traffic That's going out. So if traffic is going to my local area network on 192 168 dot four in this example, it goes in and sends it to the VPN tunnel.
That's a good thing. However, if I do anything else that's going to different IP addresses, a well designed VPN is going to go Oh, no, no, no, ignore the tunnel. For now. Just go ahead and use the regular connection and split tunnels speed things up dramatically. All right. So what I want to do now is talk about the different ways we can do VPN, now VPNs have been around for quarter of a century.
And as you might imagine, the technologies have changed and improved quite a bit over the years. In fact, there's a number of different ways to do VPN. So what I'd like to do is take a moment and go through the different processes, the different technologies, the different protocols we can use to set up a VPN. Now the biggest thing you need to keep in mind here is that when you're setting up a VPN, in most cases, not all but in most cases, you've got two separate steps. Number one, you have to have some kind of protocol that actually sets up the tunnel itself makes the connection makes everything happy. And then the second thing you're going to be doing is you'll have another protocol involved that handles the authentication and the encryption because we want this stuff encrypted.
We don't want anybody looking at it. So what I'd like to do right now is do a quick run through of the many popular VPN protocols that are out there. One of the oldest VPN protocols out there is known as point to point tunneling protocol or pptp. pptp uses the old PPP protocol as the tunnel, and it doesn't really have any kind of serious authentication and just uses a password and very, very basic encryption. pptp is very old. It uses TCP port 1723 and most people don't like it anymore.
It's just a little bit too easily hacked. Second is layer two tunneling protocol or l two TP This is Cisco proprietary. Terry stuff, it's very similar to pptp. But it uses an L two TP tunnel and then IP sec for encryption. IP SEC is good IP SEC is so fast and it also uses UDP ports 540 500. Now if you really want to get fancy, you can go to an IP sec VPN, or better just a what I call a pure IP sec.
Pure IP sec uses IP sec both for the tunnel, as well as all the authentication and encryption. It also uses UDP ports 540 500, and it's very good for ipv6 networks. Next is SSL TLS. Yep, this is the same stuff we use on secure web pages. It's going to use TCP port 443. It's kind of cool in that it often will work within a web browser.
So your laptops don't even need client software in many cases. And so we call it a client list type of VPN. It uses what's known as a tn slash t AP virtual network driver tunnel. These are built into Every operating system and uses good old TLS for encryption. Last is a kind of an interesting one. It's called Open VPN.
Open VPN is a program, but it has its own type of unique tunnel and encryption that's based on the SSL TLS protocol. It's an open standard, which is very handy, but no one else quite does it the way open VPN does, it uses TCP port 1194. But you can easily change that if you want. Setting up a VPN can be a real challenge. And I don't even need to cover that to make sure we catch what's on the exam. However, I do want to mention a few things.
If you're going to do a VPN, you really need to think about how you're going to set that up in particular are you going to do remote access which most people do or you might want to do a site to site just depends on what your needs are. Also keep in mind, the client itself is very important especially on remote access, windows, Macs, Linux to a lesser degree We all have some form of VPN client built within them, but they have limitations. So that can be a bit of a problem for folks. So you really have to think about this a little bit. Now, personally here, total seminars. We love open VPN.
We've been using it for a long, long time. It's robust and it's powerful, and it's free. So, for the exam, make sure you think about where I would be using VPNs and make sure you're comfortable with the different protocols.