10.1 Types of VPNs

10.1.1 PC-to-PC VPN

This is the simplest network topology to construct using SoftEther VPN. A PC-to-PC VPN is most useful under the following conditions:

• Only one to a few dozen computers will connect to the VPN.
• VPN Client can be installed on each of the client computers.
• The VPN network does not need to be able to connect to a physical LAN. (When you want the entire network to be the VPN only.)

In order to connect to the VPN using this method you must install VPN Client on each client computer. VPN Client will then directly connect to the layer 2 network created by the Virtual Hub on a VPN Server connected to the Internet.

Using this method you can set up a VPN which will allow only those computers connected to the Virtual Hub via a physical network such as the Internet to communicate with each other. Therefore, as long as functions such as local bridging or routing on a client computer are not used the physical network will not affect the VPN and vice-versa.

PC-to-PC VPN.

Furthermore, once you have VPN Client installed you can use the startup connection feature explained in 4.4 Making Connection to VPN Server to stay connected to a specified VPN server's Virtual Hub whenever the computer is on. By installing VPN Client on a server computer and having it stay connected to a specified VPN at all times, you can set up a server which can only be accessed by computers connected to that VPN.

Please refer to section 10.3 Build a PC-to-PC VPN for more detailed information on how to build a PC-to-PC VPN.

Setting up a server which can only be accessed via the VPN.

10.1.2 Remote Access VPN

A remote access VPN is used to allow remote access from an external location to a physical layer 2 network.

Using this type of VPN it is possible to connect to a company LAN from outside the office (for example, from an employee's house or from a hotel on a business trip) just as if they were connected by an extremely long Ethernet cable.

To use a remote access VPN you will make a connection between the network adapter connected to the LAN and the VPN Server's Virtual Hub. This is achieved via a local bridge, which is explained in section 3.6 Local Bridges. As a result, a VPN Client connected to the proper Virtual Hub will automatically be connected to the LAN connected by the local bridge, and will be able to operate through the VPN as if it was right there inside the office.

Please refer to section 10.4 Build a Generic Remote Access VPN for more detailed information on how to build a remote access VPN.

Remote Access VPN.

10.1.3 LAN-to-LAN VPN

A LAN-to-LAN VPN links existing physical layer 2 networks at different sites together into a single network.

By using SoftEther VPN you can create a faster, more flexible, and more stable LAN-to-LAN network compared to current layer 3 based LAN-to-LAN connections such as private network services, frame relay services, or older VPN protocols such as L2TP/IPSec and layer 2 based connections such as wide area Ethernet.

To connect more than 2 LANs together you must install VPN Server on one LAN (such as at your company's main office) and VPN Bridge on all the others. Now you have two options. On each LAN, connect the Virtual Hub to the physical network adapter via a local bridge connection or create a cascade connection to the VPN Server from VPN Bridge. This will allow layer 2 segments at different sites to function as a single segment.

You can also use layer 3 routing instead of layer 2 bridging. To do this, use the Virtual Layer 3 Switching function described in section 3.8 Virtual Layer 3 Switches.

Please refer to sections 10.5 Build a LAN-to-LAN VPN (Using L2 Bridge) and 10.6 Build a LAN-to-LAN VPN (Using L3 IP Routing) for more detailed information on how to build a LAN-to-LAN VPN.

LAN-to-LAN VPN.

See Also

•  3.6 Local Bridges
•  3.8 Virtual Layer 3 Switches
•  4.4 Making Connection to VPN Server
•  10.3 Build a PC-to-PC VPN
•  10.4 Build a PC-to-LAN Remote Access VPN
•  10.5 Build a LAN-to-LAN VPN (Using L2 Bridge)
•  10.6 Build a LAN-to-LAN VPN (Using L3 IP Routing)