DEVELOPMENT OF PRINCIPLES OF VPN-TUNNELING
[1. Інформаційні системи і технології]
Автор: Afanasieva A.M., student, Department of Electronic Computers, Kharkiv National University of Radio Electronics, Kharkiv, Ukraine
It is difficult to imagine a modern organization without the use of the Internet, in addition, at the moment it is the most accessible way to communicate between offices of a distributed organization. Affordable, but not secure and far from the most reliable. VPN (Virtual Private Network) technology has long been widely used to solve the first problem.
VPN is a generalized name for technologies that allow one or more network connections to be provided over another network, such as the Internet. Despite the fact that networks with a lower or unknown level of trust are used for communication (for example, public networks), the level of trust in the constructed logical network does not depend on the level of trust in the underlying networks due to the use of cryptographic tools (encryption, authentication, public key infrastructure, tools protection against repetitions and changes of messages transmitted over the logical network). Depending on the protocols used and the destination, a VPN can provide three types of connections: node-to-node, node-to-network, and network-to-network.
A VPN consists of two parts: an "internal" (controlled) network, of which there may be several, and an "external" network through which the encapsulated connection passes (usually the Internet is used). It is also possible to connect a single computer to a virtual network.
A remote user is connected to the VPN through an access server that is connected to both the internal and external (public) networks. When connecting a remote user (or when establishing a connection to another secure network), the access server requires the identification process to go through, and then the authentication process. After the successful completion of both processes, the remote user (remote network) is empowered to work on the network, that is, the authorization process takes place.
This is not always convenient, since it is not so easy to organize automatic switching of VPN connections from one provider to another. In addition, the task is exacerbated by the problem of choice: from the huge number of VPN tools that are available on the market, it makes sense to consider only certified.
The main goal is development of principles of vpn-tunneling
In this case, the concepts of "main" and "backup" tunnels lose their original meaning, because, unlike a solution based on classical technologies, all tunnels are built dynamically and automatically backed up without administrator intervention or configuration of complex dynamic routing protocols. Connection to various types of Internet providers is carried out without problems, their number can reach 16. The administrator is able to control the activation of one or another tunnel for certain types of traffic, prioritize not only the VPN stream itself, but also individual streams inside the VPN tunnel . For example, you can put in IP-Office branches and provide voice communication over encrypted communication channels, which will significantly save on telephone conversations. At the same time, all settings are carried out through a single management system through which centralized monitoring, management, collection of logs from all branches is carried out with the possibility of strict accounting of VPN traffic.
1. Ruban, I. Securing the Internet of Things via VPN technology / I. Ruban, M. Hunko, K. Hvozdetska // 2021: Fifth International Scientific and Technical Conference "COMPUTER AND INFORMATION SYSTEMS AND TECHNOLOGIES". — 2021. — С. 94-95.
2. VM, Tkachov Increasing the fault tolerance of the application that determines the occupancy of the communication line / Tkachov VM, Hunko MA. // ДП" ПДПРОНДІАВІАПРОМ". — 2021. — С. 80.
3. Tkachov V. Architecture of overlay network with nested vpn tunneling / M. Hunko, V. Tkachov, M. Bondarenko // "Сучасні напрями розвитку інформаційно комунікаційних технологій та засобів управління" : матеріали Дев'ятої міжнар. наук.-техн. конф., 9–10 квітня 2020 р. – Харків, 2020. – С. 36.