====== VPN Overview ======
VPN stands for Virtual Private Network – networks connections that pretend they are private, but use the Internet for connection instead of expensive dedicated private cables.

VPN is a concept – not a technology. There are several different technologies, standards, one can use to establish a VPN connection: PPTP, L2TP, IPSec to name a few.

IPSec is the most widespread technology for VPN connections.

Read more: [[wp>VPN]] [[wp>IPsec]]

===== What is VPN used for? =====
Virtual Private Networking (VPN) uses a public network (i.e. the Internet) to securely connect two different networks. For example, an employee can access the corporate network from home using VPN.

{{:vpn:vpn_ipsec_subnets.gif|VPN connection}}

Contrary to popular beliefs VPN (using IPSec technology at least) does **not** put remote clients on the same subnet. 
They still are - :!: must be((**A** (in the figure) must be on a different subnet (= another IP address/mask combination) than **B** to be able to recognise which packets it should forward by IPSec and which packets are to be sent locally on the LAN)) - on different subnets, but they can securely communicate with each other.

===== Pass-through vs. termination =====
The Internet Gate can handle VPN pass through. When VPN pass-through is used the Internet Gate doesn't perform any encryption or authentication in the VPN tunnel. The termination is done in the client computer and the Internet Gate only lets the tunnel traffic pass through. [[wp>IPsec_Passthrough#NAT_traversal_and_IPsec|IPsec pass-through]]

VPN termination means the VPN connection is made between the Internet Gate itself and the remote VPN client. It is the Internet Gate that authenticates and encrypts the VPN tunnel. The clients on your LAN do not need to have any VPN capability on their own.

For more information regarding pass-through configuration see:\\
[[web_gui:pptp_pass-through|PPTP tunnel pass-throughs]]\\
[[web_gui:ipsec_pass-through|IPSec tunnel pass-throughs]]\\
[[web_gui:ipsec_nat-t_pass-through|IPSec NAT-T pass-throughs]]
<if !vpn>
^ :!: Your Internet Gate does not have VPN license. ^
| You need to purchase a VPN [[:license]] to be able to activate the VPN termination in your unit.\\ Only VPN pass-through is available otherwise. |
</if>

===== VPN Configuration =====
You configure VPN termination on the [[web GUI:VPN page]]. You can either use the [[EasyServer]] and [[EasyClient]], or configure [[configure server manually|server]] or [[configure client manually|client]] manually.

===== Common tasks =====
Create:
  * IPSec [[VPN:Server]]
  * IPSec [[VPN:Client]]
  * IPSec [[VPN:Tunnel]]
  * [[VPN:Certificates]]

Monitor/troubleshoot:
  * [[web_gui:vpn_status_page|IPSec Status page]] and [[web_gui:vpn_log_page|VPN log page]]