Remote VPN Software
company headquarters network. In a site-to-site VPN configuration, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway. The VPN gateway is responsible for encapsulating and encrypting outbound traffic, sending it through a VPN tunnel over the internet to a peer VPN gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts the content and relays the packet toward the target host inside its private network.
Remote-access VPNs connect individual hosts to private networks - for example, travelers and teleworkers who need to access their company's network securely over the internet. In a remote-access VPN, every host must have VPN client software. Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the internet to the VPN gateway at the edge of the target network. Upon receipt, that VPN gateway behaves just like site-to-site VPNs. If the target host inside the private network returns a response, the VPN gateway performs the reverse process to send an encrypted response back to the VPN client over the internet.IPSec vs. SSL VPNs
Remote-access VPN protocols
The most common secure tunneling protocol used in site-to-site VPNs is the IPsec Encapsulating Security Payload, an extension to the standard IP used by the internet and most corporate networks today. Most routers and firewalls now support IPsec, and it can be used as a VPN gateway for the private network behind them. Another site-to-site VPN protocol is MPLS - although, MPLS does not provide encryption.
Remote-access VPN protocols are more varied, ranging from the Point-to-Point Tunneling Protocol to IPsec alone. These approaches require VPN client software on every host, as well as a VPN gateway that supports the same protocol and options or extensions for remote access.