Johanna Brito, Marketing Communications Manager on Jun 26, 2018
This blog was originally posted on Grandstream.com
As more businesses rely on the Internet to fuel their networks, adding extra layers of protection to secure these networks is essential. That’s where VPNs come in— they’re private networks that help encrypt information exchanged through the Internet, ultimately safeguarding your entire network and everything connected to it.
Grandstream offers a variety of VPN tunnel options through our GWN7000 router including OpenVPN®, PPTP site-to-site and L2TP. In this post, I’ll explain how you can configure these secure VPN tunnels using our router.
Before we start, it’s worth pointing out the main advantages VPNs provide, equipping users with truly secured networks, including: client authentication to forbid any unauthorized user from accessing your VPN network, encryption and confidentiality to prevent man-in-middle attacks and eavesdropping on network traffic, as well as data integrity to maintain the consistency and trustworthiness of all messages exchanged. These client and user tunnels always use passwords or digital certificates and users must be authenticated before establishing secure VPN tunnels, making them truly secure and invaluable to your networks.
This type of VPN is the most reliable and stable out of all other two options. It also has the highest encryption configuration because it uses custom security protocols that utilize SSL/TLS for key exchange. Users must authenticate each other to initiate communication through secret keys, certificates or usernames and passwords. One main deployment scenario used with OpenVPN® is a site-to-site configuration, for example, setting up a secured tunnel from a core site to a branch site, using the GWN7000. In this scenario the GWN7000 router acts as the VPN server with remote VPN clients, or it can act as the VPN client connected to a remote OpenVPN®.
The first step is to create client and server certificates to allow encrypted communication between the clients and router acting as the server. Once completed, the system administrator can start the implementation of an Open VPN® server on the core site. To do this, access the GWN7000’s Web UI on the core site and navigate to VPN > OpenVPN® > Server. The next step is the branch site configuration to allow the core site to connect to it. Access the branch site’s router and in the Web UI locate VPN > OpenVPN® > Client for its configuration. The final step is verifying the core site and branch site are connected and reachable through the OpenVPN® tunnel.
You can find a step-by-step guide on this configuration here.
PPTP (Point to Point Tunneling Protocol)
This type of VPN model has the most basic encryption methods and is easy to set up, specifically on Windows computers. Essentially, PPTP encrypts data, places them into packets and creates a tunnel that provides secured communication flows over LAN or WAN. Lets explore how to establish a PPTP connection through the Internet using the GWN7000 router to connect site A to site B.
First, establish a core site set up that will accept the connection from PPTP clients, in this case we will refer to the core site as site A. Next, administrators must create PPTP users or sites that will be connected to it under the Web UI of the GWN7000 in System Settings > User Manual. For this scenario we will refer to the PPTP user as site B. Once completed, administrators must create a PPTP server instance on the router located in site A by accessing VPN > PPTP > Server. The next step is site B configuration by navigating towards VPN > PPTP > Client and adding site A’s public IP under Remote PPTP Server. The last and final step consists of verifying that site A’s LAN is listed and reachable through the PPTP tunnel.
Learn more details on this set up here.
L2TP/IPsec (Layer 2 Tunneling Protocol)
This type of tunneling protocol is an extension of PPTP used by Internet Service Providers (ISP) to enable the operation of a VPN over the Internet. It was designed to provide more encryption than PPTP. L2TP does not provide encryption on its own, but rather relies on encryption protocols that pass within the tunnel to provide privacy.
You can set up the configuration of a L2TP client on the GWN7000 to a remote server by accessing the router’s Web UI under VPN > L2TP/IPSec and connecting the remote server to the router to establish a connection.
For more details visit this configuration guide here.
Whether you chose OpenVPN®, PPTP or L2TP/IPSec, Grandstream equips users with the options they need to create secured virtual private networks. Our GWN7000 router integrates with comprehensive WiFi and VPN solutions which allows users to expand their network throughout different locations, making it flexible, adaptable and increasingly secured.