Intranet basics

From Ubuntu Doctors Guild

An intranet is one or more local area networks (LANs) that have connectivity to each other, generally through an encrypted "tunnel" through the Internet. Your organization will generally have a central network backbone (central LAN), to which either remote satellite networks (LANs) and/or remote users connect through these tunnels.

The ability to allow the remote parts of your network (satellite LANs and remote users) to connect to your main network while keeping out unwanted connections from the Internet is the primary concern of building an intranet.

A virtual primary network (VPN) is the primary method for allowing this level of connectivity. There are VPN clients for individual remote users that will connect to a VPN server on the central LAN. For the satellite LANs, many modern "VPN-capable" routers will make the connections to the VPN server located on the central network LAN "transparently".

Contents 1 VPN servers 1.1 Router-VPN servers 1.2 PC-based VPN servers 1.3 VPN-passthrough routers 2 VPN clients 2.1 Windows clients 2.2 (K)Ubuntu Linux clients

VPN servers

Router-VPN servers

There are many options for VPN servers. The easiest, lowest cost solution (for around $100) is a hardware router that contains VPN server capability. There are several of these, such as:

• Netgear FVS318 ProSafe -- 8 port switch/router/VPN "endpoint" with 8 VPN tunnel capability (IPSec-enabled or VPNC) or individual remote user VPN connections (using VPNClient for Windows (purchased separately) or available Linux client software)
• Cisco RV082 -- 2 WAN, 8 port switch/router/VPN "endpoint" with 100 VPN tunnel capability (IPSec-enabled) or 50 individual user VPN connections (using QuickVPN for Windows (included) or available Linux client software)
• Cisco RV042 -- 2 WAN, 4 port switch/router/VPN "endpoint" with 50 VPN tunnel capability (IPSec-enabled) or 30 individual user VPN connections (using QuickVPN for Windows (included) or available Linux client software)

Note that these are true VPN servers, not merely "VPN-passthrough" routers. These VPN routers have the server built-in (usually using a small Linux OS integrated into the firmware). A VPN-passthrough router, in contrast, merely allows VPN connections to traverse its firewall to a separate VPN server (most commonly a standalone server PC with VPN server software installed on it) that resides on the LAN.

There are quite expensive VPN-server routers that can handle dozens or hundreds of simultaneous tunnels, many made by Cisco. By the time customers are considering that price range, they will be able to afford Cisco-technicians as well. (That type of customer generally isn't reading this guide, so those high-priced routers will not be discussed here.)

PC-based VPN servers

A PC can run VPN server software. Linux servers are ideal for this service, using packages such as OpenVPN. They can generally allow an unlimited number of tunnels, but must be used in conjunction with a VPN-passthrough capable router (or must be connected directly to the Internet). They generally require 2 ethernet cards: one to connect to the Internet (or to an Internet-connected router) and one to connect to the remainder of the central LAN. VPN-servers usually also have firewall software installed.

Until the advent of low cost VPN-server routers, this was the most economical method of providing VPN services (and still is if a large number of simultaneous VPN tunnels is required).

VPN-passthrough routers

Most routers that are advertised as being VPN routers are really remote LAN "VPN-passthrough" client routers. For the satellite LAN, this type of router can be used. They will make a connection from the satellite LAN to the central VPN "endpoint" (server) router (that is located on the central LAN). There are many, many inexpensive routers with VPN-passthrough capabilities.

VPN clients

Windows clients

Windows users often have a client available for purchase from the manufacturer of the router. For example, an individual remote user can purchase and then connect to the Netgear FVS318 using the Netgear VPNClient Software package. Cisco VPN users can connect to the Cisco routers using the Cisco QuickVPN client package, available for download to Cisco product customers.

(K)Ubuntu Linux clients

Ubuntu and Kubuntu uses Network Manager VPN capabilities, including a plugin that is compliant with Cisco VPN connections and IPSec connections (vpnc).