Virtual Private Networks by Guus Sliepen ========================================== Virtual Private Networking is an interesting phenomenon that appears at a lot of places in one form or another. VPNs have a lot of applications, from tunnelling through firewalls, getting a fixed IP address in a dynamic IP environment or in one where there aren't many IP addresses, to connecting private networks spread all over the world together. Although the concept is quite simple, the principles and implementations of VPNs can be very complex. Next to the fact that maintaining a VPN gives the same problems as maintaining a real network, there are some problems specific to VPNs that will be treated in-depth: Authorisation, key-exchange algorithms, encryption, performance impact of the used tunnelling protocol, kernel or userspace approach, scalability, routing, redundancy and coherence. An explanation will be given for the principles behind the most well-known VPN standards like PPtP, L2TP and IPsec. The advantages and disadvantages of these protocols will be discussed. Using examples from the source code and the implemented algorithms, an explanation will be given about how the VPN program "tinc" (written for Linux) works and how it tries to solve problems most other VPN implementations encounter. At the end an example of how to set up a real-life VPN using "tinc" will be given.