We use VPN. Simple lessons. What is a VPN network: why is it needed and how does it work?
Today, Internet users increasingly use the term VPN. Some recommend using it more often, while others recommend avoiding it. Let's take a closer look at what is hidden behind this term.
VPN connection, what is it?
VPN(Virtual Private Network) is technology, which provides communication closed from external access in the presence of a high connection speed. This connection is carried out according to the principle “ dot - dot" In science, this connection method is called tunnel. You can join the tunnel at PC with any OS, wherein VPN client installed. This program “forwards” a virtual port using TCP/IP to another network.
To implement such a connection, you need a platform that quickly scales and ensures data integrity and confidentiality.
In order for the PC to IP address 192.168.1.1-100 connected via a gateway to an external network, you need to set the connection rules on the router. When a VPN connection is made, the message header contains the address of the remote PC. The message is encrypted by the sender and decrypted by the recipient using a shared key. After this, a secure connection is established between the two networks.
How to connect a VPN
A brief diagram of the protocol's operation was previously described. Now we’ll find out how to connect a client on a specific device.
On a computer and laptop
Before you set up VPN connection to Windows 7 PC, should specify IP address or server name. To do this in " Network Sharing Center" on " Control panels" need to " Create a new connection».
Select item "" - " (VPN)».
At the next stage you should specify Name And server address.
You need to wait for the connection to complete.
Let's check the VPN connection. To do this in " Control Panel" In chapter " Network connections» Call the context menu by double-clicking on the shortcut.
On the " Details" need to check IPv4 address. It must be within the IP range specified in the VPN settings.
On your phone, iPhone or tablet
Now let's look at how to create a VPN connection and configure it on gadgets running Android OS.
For this you need:
- smartphone, tablet; login, network password; server address.
To set up a VPN connection, you need to select “” in your phone settings and create a new one.
An icon with a new connection will appear on the screen.
The system requires a login and password. You need to enter the parameters and select the "" option. Then at the next session you will not have to confirm these data again.
Once the VPN connection is activated, a characteristic icon will appear on the toolbar.
If you click on the icon, the connection details will appear.
How to set up a VPN to work correctly
Let's take a closer look at how to automatically configure VPN on computers with Windows 10 OS.
Go to PC settings.
In chapter " Options"go to the subsection "".
... and add a new VPN connection.
On the next page you should specify the VPN connection parameters:
- Service provider - Windows;Connection name;Server address;VPN type;Username and password.
Once the connection is established, you need to connect to it.
How to create a VPN server
All providers record the activities of their clients. If a request is received from law enforcement agencies, they will provide complete information about which sites the offender visited. Thus, the provider relieves itself of all legal liability. But sometimes situations arise in which the user needs to protect his data:
- Companies transmit their data via the Internet via an encrypted channel. Many services on the Internet operate based on geographic location. For example, the Yandex.Music service operates only on IP from the Russian Federation and CIS countries. A Russian living in Europe will not be able to listen to his favorite music. In offices, access to social networks is often blocked.
Next, you need to create a user and give him limited rights only to the VPN. You will also have to come up with a new long password. Select a user from the list. At the next stage you need to select the connection option " Through the Internet" Next you need to specify the connection parameters. If you don’t need access to files and folders when working with a VPN, you can uncheck all the boxes and click on the “” button.
How to use a VPN
After a new connection has been created, all you need to do is open the browser and load any page. Beginners can skip creating the connection and immediately download the VPN client from the Internet or install a special extension in the browser. After downloading the program, you need to launch it and click the “ Connect" The client will join another network and the user will be able to view sites prohibited in his region. The disadvantage of this method is that the IP is issued automatically. The user cannot select a country. But the connection is set up very quickly, by pressing just one button. The option of adding an extension also has disadvantages. Firstly, the user must be registered on the official website of the program, and secondly, the extension often crashes. But the user can choose the country through which the connection to the external network will be made. The connection process itself also does not raise any questions. Just press the button " Start" and the browser will reboot on the new network. Let's look at how to install the extension using an example ZenMate VPN.Download the program from the official website. After installation, the following icon will appear in the browser:Click on the icon. The extension window will appear:
If you move the mouse cursor to icon with the Russian flag, then the screen will display current IP. If you move the cursor over the icon with the Romanian flag, the IP of the selected server will appear. If desired, you can change the connection country. To do this, click on the globe and select one of the automatic addresses.
The disadvantage of the free version of the program is the small number of available servers and the imposition of advertising.
The most common mistakes
Various antivirus programs and firewalls may block the connection. In this case, an error code is displayed on the screen. Let's look at the most popular problems and ways to solve them.| Error | Cause | Solution |
|---|---|---|
| 678 | Encryption is not allowed in the OS | You need to open the command line and check the “ProhibitIpSec” parameter in the registry “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters”. It should be equal to 0. If the provider itself uses an encryption channel to provide services, then changing this setting will affect Internet access. |
| 691 | Incorrect login/password entered | You need to log in to the network again |
| 692 | Firewall Error | Disable your firewall |
| 720/738 | User is already connected | Error 720 occurs only on Windows 7. All other operating systems display code 738. If you have to work from different PCs through one client, then you need to create several user names. |
| 734 | Automatic VPN | You need to change the connection type from “Automatic” to “L2TP IPSec VPN” in the connection properties. If the error does not disappear, you need to re-create the connection. |
| 766/781 | Key not saved/not entered | Open the VPN properties, on the “Security” tab, select “Advanced settings” and enter the key in the new window |
| 768/789 (Windows 7, Vista, XP) | IPSec doesn't work | RMB on the shortcut “My Computer” - “Management”. In the “Services” section, select “IPSec”. Set the connection type to Auto. |
In the 21st century, information technologies occupy an integral place in the life of almost any person. Even an 80-year-old grandmother from a village who does not know how to turn on a computer is indirectly connected with them. Databases, bank accounts, messenger accounts - all this requires a high level of security. The Internet, which has grown to a global scale, like any other mechanism, becomes more vulnerable as its design becomes more complex. To protect confidential information, VPN technology was invented.
VPN connection (from the English Virtual Private Network - virtual private network) is a technology that allows you to artificially form a local network of Internet participants who are not physically connected by a direct connection. This is an add-on to the global network that provides communication between nodes that appears direct from the client side.
How a VPN connection works
A VPN virtual network works on the principle of establishing a fixed connection. Communication can be established directly, between two nodes of the same level (on a network-to-network or client-client basis), or (more commonly) between a network and a client. One of the elements (the connection initiating server) must have a static (permanent) IP address at which other network nodes will find it. An access point is created on the server in the form of a gateway with Internet access. Other network participants join it, the connection is made in the form of an isolated tunnel. 
For all switching nodes through which data packets pass, the information is encrypted. It is transmitted in the form of an unintelligible stream, the interception of which will give hackers nothing. Encoding-decoding keys for many protocols (for example, OpenVPN) are stored only on end devices. And without them, attackers cannot do anything with the intercepted data. For maximum security, an archive with certificates and keys (without which it will not be possible to install a secure VPN) can be sent in encrypted form, or manually transferred to a flash drive. In this case, the likelihood of unauthorized access to network computers is reduced to zero.
Why do you need a VPN?
Direct communication
On the Internet, the physical distance between participants and the complexity of the route along which they exchange data do not matter. Thanks to IP addressing and DNS nodes, you can access another computer on the World Wide Web from anywhere in the world. The level of security of the connection is much more important, especially when exchanging confidential information. The more switching points (routers, gateways, bridges, nodes) data passes through, the higher the likelihood of it being intercepted by attackers. Having the physical parameters of a PC or server (for example, its IP address) - through vulnerable connection methods, hackers can penetrate it by breaking password protection. It is precisely from such attacks that the VPN protocol is designed to protect.
Unblocking access to resources
The second function of VPN networks is to open access to blocked resources. If there is Internet censorship in one form or another on the territory of a country (as in China), its citizens may be limited in access to certain resources. Accessing the network through foreign VPN servers allows you to avoid the threat of reprisals to representatives of opposition forces in totalitarian countries. State authorities that interfere with freedom of speech (as in China or the DPRK) will not be able to bring charges of viewing “ideologically harmful” resources, even if providers provide them with a backup of all intercepted data.
Some online services may block access to customers from countries and regions where they are not officially present. This is sometimes done by online games, international payment systems, trading platforms, online stores, online distribution systems for digital content (music, films, games). A VPN server based in a country where access is open removes such restrictions and allows you to make purchases.
Protection against hacking of private resources
Another reason why private clients need a VPN connection is remote administration. If you want to protect your server as much as possible from outside interference, you can create a “white list” of IP addresses that have access to it. When one of them (addresses) belongs to a private VPN server, you can safely connect to the administered server from anywhere in the world using encrypted communication. The administration object will consider that it was connected to from an authorized terminal, and the administrator does not have to worry about the risk of hacking. 
Protection of trade secrets
VPN protocols are in demand in commercial structures that work with money and economic secrets. The virtual secure network prevents hackers from hacking accounts or finding out industrial secrets and technologies. Employees who, due to their duties, need to gain access to the company’s network resources from home or on a business trip, can organize a connection via VPN without exposing the corporate network to the threat of hacking.
In this article, we will take a closer look at the process of setting up a VPN server in the Windows Server operating system, and also answer the questions: What is a VPN and how to set up a VPN connection?
What is a VPN connection?
VPN (Virtual Private Network) is a virtual private network that is used to provide a secure connection to the network. A technology that allows you to connect any number of devices into a private network. As a rule, via the Internet.
Although this technology is not new, it has recently gained relevance due to the desire of users to maintain data integrity or privacy in real time.
This connection method is called a VPN tunnel. You can connect to a VPN from any computer, with any operating system that supports a VPN connection. Or a VPN-Client is installed, which is capable of forwarding ports using TCP/IP to a virtual network.
What does a VPN do?
VPN provides remote connection to private networks
You can also safely combine several networks and servers
Computers with IP addresses from 192.168.0.10 to 192.168.0.125 are connected through a network gateway, which acts as a VPN server. Rules for connections via the VPN channel must first be written on the server and router.
VPN allows you to safely use the Internet when connecting even to open Wi-Fi networks in public areas (in shopping centers, hotels or airports)
And also bypass restrictions on displaying content in certain countries
VPN prevents cyber threats from interception of information by an attacker on the fly, unnoticed by the recipient.
How VPN works
Let's look at how a VPN connection works in principle.
Let's imagine that transmission is the movement of a packet along a highway from point A to point B; along the path of the packet there are checkpoints for passing the data packet. When using a VPN, this route is additionally protected by an encryption system and user authentication to secure the traffic containing the data packet. This method is called “tunneling” (tunneling - using a tunnel)
In this channel, all communications are reliably protected, and all intermediate data transmission nodes deal with an encrypted package and only when the data is transmitted to the recipient, the data in the package is decrypted and becomes available to the authorized recipient.
VPN will ensure the privacy of your information along with a comprehensive antivirus.
VPN supports such certificates as OpenVPN, L2TP, IPSec, PPTP, PPOE and it turns out to be a completely secure and safe way to transfer data.
VPN tunneling is used:
- Inside the corporate network.
- Consolidation of remote offices, as well as small branches.
- Access to external IT resources.
- For building video conferences.
Creating a VPN, selecting and configuring equipment.
For corporate communications in large organizations or combining offices remote from each other, hardware is used that is capable of maintaining uninterrupted operation and security in the network.
To use the VPN service, the role of the network gateway can be: Linux/Windows servers, a router and a network gateway on which the VPN is installed.
The router must ensure reliable operation of the network without freezes. The built-in VPN function allows you to change the configuration for working at home, in an organization or in a branch office.
Setting up a VPN server.
If you want to install and use a VPN server based on the Windows family, then you need to understand that client machines Windows XP/7/8/10 do not support this function; you need a virtualization system, or a physical server on the Windows 2000/2003/2008/ platform 2012/2016, but we will look at this feature on Windows Server 2008 R2.
1. First, you need to install the “Network Policy and Access Services” server role. To do this, open the server manager and click on the “Add role” link:
Select the Network and Access Policy Services role and click next:
Select "Routing and Remote Access Services" and click Next and Install.
2. After installing the role, you need to configure it. Go to Server Manager, expand the "Roles" branch, select the "Network and Access Policy Services" role, expand it, right-click on "Routing and Remote Access" and select "Configure and enable routing and remote access"
After starting the service, we consider the configuration of the role complete. Now you need to allow users access to the server and configure the issuance of IP addresses to clients.
Ports that VPN supports. After the service is raised, they open in the firewall.
For PPTP: 1723 (TCP);
For L2TP: 1701 (TCP)
For SSTP: 443 (TCP).
The L2TP/IpSec protocol is more preferable for building VPN networks, mainly for security and higher availability, due to the fact that a single UDP session is used for data and control channels. Today we will look at setting up an L2TP/IpSec VPN server on the Windows Server 2008 r2 platform.
You can try to deploy on the following protocols: PPTP, PPOE, SSTP, L2TP/L2TP/IpSec
Let's go to Server Manager: Roles - Routing and Remote Access, right-click on this role and select “ Properties", on the “General” tab, check the IPv4 router box, select “local network and demand call”, and IPv4 remote access server:
Now we need to enter the pre-shared key. Go to the tab Safety and in the field Allow special IPSec policies for L2TP connections, check the box and enter your key. (About the key. You can enter an arbitrary combination of letters and numbers there; the main principle is that the more complex the combination, the safer it is, and remember or write down this combination; we will need it later). In the Authentication Provider tab, select Windows Authentication.
Now we need to configure Connection security. To do this, go to the tab Safety and choose Authentication Methods, check the boxes EAP and Encrypted Authentication (Microsoft version 2, MS-CHAP v2):
Next let's go to the tab IPv4, there we will indicate which interface will accept VPN connections, and also configure the pool of addresses issued to L2TP VPN clients on the IPv4 tab (Set the Interface to “Allow RAS to select an adapter”):
Now let's go to the tab that appears Ports, right-click and Properties, select a connection L2TP and press Tune, we will display it in a new window Remote access connection (incoming only) And On-demand connection (incoming and outgoing) and set the maximum number of ports, the number of ports must match or exceed the expected number of clients. It is better to disable unused protocols by unchecking both checkboxes in their properties.
List of ports that we have left in the specified quantity.
This completes the server setup. All that remains is to allow users to connect to the server. Go to Server Manager Active Directory – users – we find the user we want allow access press properties, go to the bookmark incoming calls
Soon there will be articles on the site talking about anonymity on the Internet using a VPN. We will set up VPN on different devices. In order not to write every time in every article what a virtual private network VPN is, I decided to write this article.
If you are interested in issues of anonymity on the Internet, I advise you to read the article “” where we talked about proxy connections, why proxies are needed and what types there are.
In this article I will not dig deep. I will only tell you about the most important things that a person who is thinking about anonymity on the Internet needs to know.
Virtual Private Network (VPN) is a technology that provides the ability to provide one or several network connections over another network, such as the Internet.
This connection takes the form of an encrypted tunnel that directly connects the user’s computer and the remote server, which allows not only but also to encrypt your traffic. In other words, this way you will be able to download anything from anywhere, and no one will know about it.
Types of VPN connections
You can set up the following types of VPN connections: As I said earlier, all information is reduced to the necessary minimum. Read more in specialized literature.
Virtual private network PPTP
RRTR- Point-toPoint Tunneling Protocol is a point-to-point tunnel protocol that will help establish a secure tunnel in an unsecured network. It is the most popular VPN connection method, but many Internet providers block such applications.
OpenVPN Virtual Private Network
OpenVPN- is a free implementation of this technology with the provision of open code for creating your own encrypted channels using the “point-to-point” or “server-client” types. The latter allows you to use another computer as a VPN server. However, setting up a tunnel requires the installation of special software along with knowledge to work with it.
L2TP Virtual Private Network
L2TP(Layer 2 Tunneling Protocol) is the most labor-intensive type of VPN tunnel to set up, but allows you to create it with specified access priorities, making it the most secure.
And although VPNs are not literally anonymizers, today most sites providing CGI-proximity services offer to purchase their own VPN channel. This technology is gaining momentum, so it is likely that soon the number of familiar anonymizers will be reduced to the required minimum.
