Please enable JavaScript.
Coggle requires JavaScript to display documents.
VPNs (Remote Access VPN (Teleworker)
Currently using this :check: (Each…
VPNs
-
-
-
VPN Service
-
Useful for anonymity, security, privacy, unblocking censorship
Does not solve the problem of connecting to a remote LAN, but can be a link in the chain if desirable
VPN protocol
Speed
All VPN connections use some form of encryption. Unencrypted is always faster, but has no security.
A connection through a VPN can only be AS FAST as the VPN. Sometimes a connection can be marginally faster with a VPN if there are slowdowns through usual routes that would otherwise have been avoided
A VPN tunnel is instigated from one end (the 'dial-out') end, and the remote end (the 'dial-in' or end) accepts the connection. Regardless of which end initiates the connection, once the tunnel is created, it makes no difference and data can flow freely in either direction.
AUTHENTICATION
PPTP is the simplest VPN authentication method. It's also the least secure and most outdated. Most Oses have dropped support for it
L2TP (Layer 2 Tunneling Protocol) is an authentication method that takes place over IPSEC (Internet Protocol Secure). It can be combined with IKE (Internet Key Exchange) to encrypt the tunnel. It's widely supported, secure, but difficult to set up. :check:
OPENVPN (Not to be confused with the VPN service of the same name) is an authentication method that relies on certifcates. It's newer and not as widely supported by devices out of the box, but easy to set up.
SoftEther
-
- Ethernet (L2) Site-to-Site VPN with SoftEther VPN as Center and Cisco Routers as Branches
-
'Dial In' end Public IP address must always be known to be connectable. Without configuration, IP addresses change. SOLUTIONS:
Use a static Public IP address leased from ISP
(Would have to upgrade to TPG NBN Business plan for extra $30 a month)Pros:
- No dynamic DNS service needed
- No additional third parties
- Simple
Cons:
- No additional security
- No DDOS protection
Use a dynamic DNS servicePros:
- Some DDNS offer advanced security and protection
- Cheaper than Static IP
- Some are free, offer SSL and custom domain
Cons:
- Additional third party
- Access depends on their reliability
- There will always be some level of downtime when an IP address changes. The Draytek router will automatically detect an IP address change and notify the DDNS service. But it still changes, unlike a static public IP
Currently using this :check: