|
|
|
ViPNet network nodes can connect with an external network directly or they can work through a firewall or other device with NAT (including, ViPNet Coordinator).
The IP addresses server notifies its own network nodes about the status (such as current IP addresses and connection ways) of other nodes in order to interact with them.
ViPNet network nodes can be located inside any local network that supports the IP protocol. Ways of connecting can be anything from Ethernet, PPPoE (ie. xDSL) and Dial-Up, to mobile access types like GPRS/UMTS GPRS/UMTS, Wireless LAN, and WiFi hot spot. ViPNet automatically detects the transfer protocols in the network layer. Two IP protocols are used for the encapsulation of encrypted IP traffic to create a VPN connection. They are IP/241 and IP/UDP.
Connections between network nodes that are able to receive broadcasts from each other (through their local IP addresses) and between which there are no NAT systems, are automatically established through the more economical IP/241 protocol, which does not have a 12-byte UDP-Header. In this case, after encrypting, the source packet is encapsulated into the IP packet with the 241 number of protocol.
If network nodes are inaccessible to each other directly by real address (ie. there is NAT system between them, including ViPNet Coordinator), the UDP protocol, which provides the easy passing of IP packets though any NAT device, is automatically used. In this case, after encrypting, the source packet is encapsulated into the UDP packet with the specified number of the destination port (55777 by default).
To create a secure connection between network nodes anywhere on the network, you make settings in ViPNet Manager for ViPNet software (Client or Coordinator). The settings depend on the type of connection to the external network:
When connecting to the network, client nodes inform their coordinators, and coordinator nodes inform other coordinators, about their addresses and ways to access these addresses.
When connecting to the network and while operating, client nodes receive from their coordinators, and coordinator nodes receive from other coordinators, the address information of other nodes and ways to access these addresses.
If a network node has an IP address, which can be reached by applying general routing rules for interaction with other nodes (for example, the node has its local Internet address as its public Internet address), it is enough to send out the IP address of this node to other nodes. In this case, connection type 1 is sufficient.
If a network node has a private IP address, which is not reachable by applying general routing rules for interaction with other nodes (for example, there is firewall or NAT device between local and external networks), the node has to give more information about itself. To provide continuous access to this node, additional information about current addresses and access ports through the NAT device is required. In this case, one of the other three connection types (2, 3 or 4) has to be used.
Connection 2 can be chosen on the client if ViPNet Coordinator is installed in the internal network as a firewall for ViPNet clients of this local work. ViPNet Coordinator can work or not work through other firewall (or NAT devices).
Connection 3 can be chosen on the client if there is no ViPNet Coordinator in the local network, but on the border of the local network there is firewall (or other NAT device) with the ability to set static rules of addresses translation.
Connection 4 can be chosen on the client if there is no ViPNet Coordinator in the local network, but on the border of the local network there is firewall (or other NAT device) where setting static rules static rules of address translation is difficult or impossible. Connection 4 is universal and can be used in any case.
Note: If network nodes are in one local network and can exchange broadcasts, interaction between nodes is realized directly by IP address of node, regardless of connection type.
© 2007 Infotecs