Talk:Virtual private network/Archive 1

clarification
At the early stage, this page was about the technique details of VPN. I thought it should be more readible to general readers, and then I partitioned it into sections and made titles for them. So feel free to improve the structure.

I added "Authentication Mechanism" section, trying to explain "how does VPN work" as 65.213.77.129 concerned. But maybe it still seemed to be confusing. Now I have just made a little bit correction. Chenghui 01:19, 18 December 2005 (UTC)

Is Cryptography Project the right place, rather than Computer Networking
Many VPNs, such as GRE, do not use even cleartext authentication, much less encryption for authentication or confidentiality. If that broader definition is accepted, Authentication Mechanism should not be the first heading, since there certainly are VPNs, such as GRE, that do not require authentication.

I suspect that this article could be reorganized to be a subset of Tunneling Protocol, which can encompass VPNs as well as VLANs and other miscellaneous encapsulated protocols. That would take it out of Cryptography. Perhaps there should be a secure VPN section in Cryptography?

Other classification schemes may be appropriate, such as the somewhat artificial IETF distinction between provider-provisioned and customer-provisioned VPNs. The real difference here is in scalability rather than who provisions the VPN; a large enterprise may well use virtual routers, BGP/MPLS VPNs, etc. The important point of that distinction is whether the user organization defines policies, including security, for the VPN, or if the VPN is offered as a service. Howard C. Berkowitz 19:16, 6 July 2007 (UTC)

Better Introduction?
It basically introduces the concept by saying that a VPN is a private network used to communicate over a public network. That's not very clear. It is something that allows people to communicate privately over a public network, but what? The article elaborates fairly clearly, but never comes out and says what a VPN is. Is it a subnetwork? Is it really a network? Maybe it is the use of public network for private data transmission. --BK 65.213.77.129 12:59, 18 October 2005 (UTC)


 * I've tried to address this with administrative, rather than technical, distinctions to start, such as intranet and extranet. The distinction in the current article between trusted and secure VPNs needs to be brought up closer to the beginning.


 * Tunneling also needs to be introduced earlier, and perhaps in less detail here and more in Tunneling Protocols Howard C. Berkowitz 03:00, 7 July 2007 (UTC)


 * I tried to help this a bit and also to focus on the use someone like Autochthony below would be most likely to encounter

Autochthony writes: this article confuses me. We are to get VPNs at work, and I tried to find out what they are. I was lost in the first line. Sure, I'm not a techie, but I hoped for some simple introduction. Could someone review this article, and - perhaps - help me [and probably millions like me]? Autochthony wrote. 1340z 8 October 2009. 62.73.148.164 (talk) 13:41, 8 October 2009 (UTC)


 * I tried to at least make the intro a bit more palatable for non-experts. Hope this helps. Kbrose (talk) 16:00, 8 October 2009 (UTC)

I stopped reading this article after the first two paragraphs. It's terribly written. I went to the Simple Wikipedia instead, although that article could use a bit more muscle. --174.16.19.14 (talk) 13:49, 2 February 2010 (UTC)

"Authentication Mechanism"
I think this section definitely needs rewriting:

Generally, a firewall sits between a remote user's workstation or client and the host network or server.

This statement seems to be incorrect. My understanding is that a firewall generally sits between a private network and the internet. The wikipedia article on firewalls elaborates on this with reference to "zones of trust" (a private network being one, the internet being another).

You are not considering the explanation's context. Off course it would not be precise as a stand-alone sentence but it is being coherent thanks to the "two parts" described in the sections's beginning. --M. B., Jr. 20:06, 4 July 2006 (UTC)

''The firewall may pass authentication data to an authentication service in a host network. A known trusted person with privileged access, sometimes only using trusted devices, can be allowed to access resources not available to general users. That's why the user feels that the network is private, even though it is not.''

Not sure what to make of this.

"Many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN is active, for better security." Where does this help security? I can understand blocking routing to a tunneled interface but blocking all non tunneled IP traffic is just going to be a nuisance. If the worry is about confidential files being accessed from the client computer, blocking non tunneled traffic won't help because the files will still be there when the tunnel closes. And it doesn't do anything about non-IP communications. I suspect this configuration option came about by creative marketing of a VPN implementation that couldn't coexist with non tunneled traffic. This whole piece should be removed (or at least change "for better security" to "in a vein attempt at better security") unless there is a demonstrable security concern that is really addressed by this restriction. -- Dan Oetting 17:14 13 April 2006 (UTC)

Perhaps reducing (not removing) the sarcastic remark (1) as well as the inappropriate joke (2) and being more specific would infer a higher quality to this section. Examples: --M. B., Jr. 20:06, 4 July 2006 (UTC)
 * 1) "sometimes it is not always the case" (besides being redundant: sometimes = not always)
 * 2) "the internet is the biggest 'jungle'"

Introduction
What about this?

Virtual Private Network or VPN is extension of Local Area Network allowing distant nodes achievable via Wide Area Network (ie. Internet) to behave (logically) like they were connected directly to LAN. VPN is often used by companies or organization to make distant workers or agencies seamlessly integrated into same network.


 * Again, my argument is that the defining property is first administrative (who controls and what is trusted) and only then technological--WAN vs. LAN are not really relevant to the administrative connectivity. I personally consider VLANs to fall under VPNs, and, indeed, the original IEEE 802.10 VLAN specification was originally for security. Howard C. Berkowitz 03:02, 7 July 2007 (UTC)


 * I made some changes that align with this. My language is simpler though. I considered mentioning WANs but thought that might be confusing. But what has there said that a VPN is a network that connects networks, and I felt that was worse.--Elinruby (talk) 16:05, 2 May 2010 (UTC)

Etiquette?
I'm not sure what the etiquette is here for doing a complete rewrite of an entire entry. The current article is a mess. I am able and willing to do the rewrite (I'm the director of the VPN Consortium, www.vpnc.org), but some might consider that to be overboard. How does one proceed on a page that needs a major overhaul? (by Paulehoffman)


 * Essentially, dive in and Be bold. Please do! &mdash; Matt Crypto 13:23, 13 December 2005 (UTC)


 * I think that almost everything will be better than what is now. countryhacker 19:50, 15 December 2005 (UTC)


 * Hear hear! Knowing what a VPN is, I can understand the article, but if I didn't, I wouldn't —Preceding unsigned comment added by 81.2.101.220 (talk) 17:14, 21 June 2008 (UTC)

SSL VPN
I would consider changing the exising (bolded) comment. "SSL used either for tunneling the entire network stack, such as in OpenVPN, or for securing what is essentially a web proxy. Although the latter is often called a "SSL VPN" by VPN vendors, it is not really a fully-fledged VPN." There are now true SSL VPN implimentation, I use Terminal Services through one now. The vender of this version is by a company called F5 Networks. This is the info on it. The comment that "it is not really a fully-fledged VPN." is an opinion. VPN is being done over/through SSL.


 * Forgive me if I'm misunderstanding, but the product you mention appears to work as a web proxy as described above. See the data sheet on it. : "F5’s FirePass® SSL VPN appliance provides secure access to corporate applications and data using a standard web browser."  This is a method of wrapping traffic through HTTPS using a proxy, which may have the same effect as a VPN, but is not an actual virtual private network - just a secure means of accessing network content.  To qualify as an actual VPN, it would need to encrypt the actual network traffic itself, such as PPP-over-SSL.  This is possible, but not the same thing advertised by many network appliance vendors, like the one above.
 * --Jordan W 22:59, 4 May 2006 (UTC)


 * The product actually does both, that's probably what's confusing you.

"tunneling" vs. "port forwarding"
Is "tunneling" really synonymous with "port forwarding?" Port forwarding would seem to imply TCP or UDP. Lower-level protocols, e.g. Ethernet and IP, can also be tunneled, and as far as I know, neither of those protocols has the "port" notion. The port forwarding article seems to be about TCP/UDP, although it never explicitly says that. —Fleminra 22:06, 24 March 2006 (UTC)


 * You are correct to doubt. Tunneling is the encapsulation of one sort of protocol traffic within another. The result is necessarily gibberish (and lots of errors) to the outer protocol stack. Port forwarding involves no such 'tampering' with content. If the tampering is cryptographic, intended to be gibberish to any listener save the intended (with the proper keys and such) then the tunneling might be termed a VPN. Actually, there is much additional scaffolding required (eg, key exchange, authentication, integrity checking, ...), see the RFCs concerned with IPSec. Though they are more complex than absolutely required as they include network-to-network VPN operation, as well as end-to-end VPN methods.
 * No logical connection, but often travel together in practice. ww 09:05, 26 March 2006 (UTC)


 * FWIW, port forwarding as implemented by OpenSSH would seem to qualify as tunneling, but of course port forwarding as implemented in the Linux kernel (iptables) would not. So port forwarding may be one application of tunneling, or in other words, tunneling is just one implementation choice for port forwarding.  Anyway, I just thought I'd mention it here before changing the article (currently reads "Tunneling, also known as port forwarding …").
 * For the sake of argument, it seems to me that not all tunneling involves lots of errors. AFAIK, most VPN techniques work on the IP/TCP/UDP level, where there is no presumed payload protocol (in this sense, all encapsulation — TCP over IP, IP over Ethernet — involves gibberish w.r.t. the outer protocol).  Only the subversive IP-over-DNS, IP-over-ICMP, etc. would be generating traffic that is likely to violate some RFC.  —Fleminra 20:09, 27 March 2006 (UTC)
 * My mistake in the wording re errors. What I had in mind is that, having originated with some other protocol, an attempt by a different protocol to make sense of the content will generate errors, If the content is merely data, the different protocol won't actually look at the data, so no errors. I agree that the bald equating of tunneling with port forwarding is off base, seriously and misleadingly.
 * As for the example cited about port forwarding being a sort of tunneling, this raises a somewhat important linguistic point. When a term is used sufficiently often, differently than it once had been, meanings shift. When a new term -- originating in technical work where precision is vital (and achievable) -- is so treated, what should we do? I think that clarity of concept should be the overriding concern, not the general pattern of linuistic drift so evident in English and perhaps all languages. The glottochronology folks claim there is drift in the meaning of even the most common, non-technical words.
 * In this instance, I would suggest that the example is one of a port-forwarded tunneling protocol, not mere port-forwarding. ww 20:30, 29 September 2006 (UTC)


 * Actually, I'm not sure I agree with the basic definition of "tunneling" in the article. I would say that tunneling is protocol encapsulation where the encapsulated protocol is not a lower level protocol (OSI) than the encapsulating protocol.  E.g.:
 * Not tunneling: IP over Ethernet; TCP over IP; UDP over IP; DNS over UDP
 * Tunneling: Ethernet over IP; Ethernet over UDP; Ethernet over TCP; TCP over UDP; IP over DNS
 * And that encryption, private vs. public, corporate vs. non-corporate are not broadly relevant. —Fleminra 20:29, 27 March 2006 (UTC)
 * I'd agree with the distinction you make re tunneling not being a lower level protocol carried on a higher one. Perhaps carrying would an appropriate term for this in disctinction to tunneling? I'd suggest you be bold and include this refinement in the article. ww 20:30, 29 September 2006 (UTC)
 * Tunneling is traditionally seen as the same layer protocol (OSI) encapsulating another one or a higher layer protocol encapsulating a lower one. Examples- IP in IP tunnels for routing private networks over the Internet.  This is a tunnel not private though.  IPSEC tunnels usually tunnel PPP (or other layer 2 traffic) over AH or ESP.  PPTP tunnels tunnel PPP packets inside of a GRE packet.  GRE, ESP, and AH are all layer four protocols whereas PPP is a layer 2 protocol.  Furthermore, what is your definition of port fowarding?  Forwarding means that we will send traffic to a device who will decide to forward the message to another.  In this case we will forward based on ports (assumed you mean TCP and UDP).  This has nothing to do with a definition of a VPN but more how you would implement one with NAT or firewalls.  Why we would we care about this in a definition for a VPN?  This would be better stated in a NAT article. —The preceding unsigned comment was added by 69.139.69.140 (talk) 19:13, 22 December 2006 (UTC).
 * I with the agree that the section about OpenSSH may perhaps be correct -- I don't know and don't have time to research it -- but is waaaaay too much info in what is supposed to be an overview of the different flavors. I mean, the switches? Come on guys. You don't give commands in any of the other sections and 95% of your audience, the ones who want to know why the IT department insists they use a vpn, will stop reading right there. I am taking the syntax out. Here is the original sentence in case the group feels I am wrong: This feature (option -w) should not be confused with port forwarding (option -L/-R/-D).

Mentioning CIPE with Tinc and their vulnerabilities
This famous article by Peter Gutmann (search Google for ) http://diswww.mit.edu/bloom-picayune/crypto/14238

should be at least mentioned by the article. It talks about CIPE, vtun and tinc; of the three, CIPE is the most widespread for what I've heard and understood; however, the page only mentions tinc; it should instead also mention CIPE and note about their without talking of its possible vulnerabilities, some are also acknowleged by the tinc authors themselves:

http://www.tinc-vpn.org/security

I was expecially astonished in finding no specific entry about CIPE in Wikipedia (and no, I've not the time or the knowledge to write it, sorry). Blaisorblade 23:56, 19 April 2006 (UTC)
 * It's now a red link, so someone may notice. I've not the time to create the article either. ww 20:32, 29 September 2006 (UTC)

Concerning WASTE
After reading over the WASTE Wiki, and official site I disagree that it should be in the See Also section. It appears to act similiar to IRC rather then a VPN Program. It talks about being a way for peers to exchange text and downloads, but doesn't actually talk about creating a P2P VPN. Cr0w 15:00, 23 May 2006 (UTC)

I agree with cr0w on this. WASTE does not seem to actually create a network connection with another computer, it acts more as a peer-to-peer file-sharing/messaging app. Jstone123 13:18, 24 May 2006 (UTC)

clear opacity: meaning concealment successful!
The current authentication section, both paragraphs, have tortured syntax, confused if not entirely opaque meaning and fail to meet any reasonable standard for WP even for such an inherently twisty topic (for the Average Reader) as VPNs. I'm part of the choir here, and if one objects that the Average Reader shouldn't be expected to follow this (akin to some matehmatics articles, for instance), the argument fails since I can't make much sense of this. I find my speculation as to what might have been menat to be most of what I take from reading this, especially the 1st para.

Additionally, as the first seciton of an article, it fails entirely to help build a structure in the reader's mind which can help with succeeding more complex material. Altogether, I suggest that this section be dumped entirely. Or, whoever claims to understand it, rewrite it with clarity uppermost in mind.

I'll try to come back here in a few days to see what's happened, and if there's been little improvement, will attempt a major rewrite. Or, at least, I'll try to remember to do so. ww 13:25, 25 May 2006 (UTC)

Layer 2/3
Shouldn't there be a section about layer 2 vs. layer 3 VPNs? What do others think on this? Relevant?Danielcohn 18:20, 8 June 2006 (UTC)

Why dont we talk about MPLS while we are it?

Hamachi: snakeoil crypto checklist test to be passed
Until it can be demonstrated that Hamachi is secure by the criteria of http://www.schneier.com/crypto-gram-9902.html#snakeoil I'll take out the link to Hamachi as it suggests that it is up to the same security standards as regular VPNs.

VPN connections
It seems that the main article is missing some crucial points:

1) VPN does not relate only to remote users accessing a network but also provides connection between two routers (gateway-to-gateway connection) or two users; 2) VPN can also be established between two VPN-firewalls;

--Rygar81 22:39, 16 July 2006 (UTC)

Point 2 is different from point one how? You used the word firewall instead of gateway? Next time I will throw in you can make VPN connections between 6509 switches also. Maybe that will make things more clear. This dicussion needs to involve less implementation (discussions on firewalls, users, and branch office scenarios) and more on the concepts.

Subjective statements in Characteristics in application
The "Characteristics in application" part of the article says: A well-designed VPN can provide great benefits for an organization. It can:

The statements I selected in bold text are examples of subjective judgments from my point of view. Should this phrases come with citations? Should them be deleted? &#91;&#91;User:Negrulio&#124;Negrulio]] 19:34, 25 September 2006 (UTC)
 * Extend geographic connectivity.
 * Improve security where data lines have not been ciphered.
 * Reduce operational costs versus traditional WAN.
 * Reduce transit time and transportation costs for remote users.
 * Simplify network topology in certain scenarios.
 * Provide global networking opportunities.
 * Provide telecommuter support.
 * Provide broadband networking compatibility.
 * Provide faster ROI (return on investment) than traditional carrier leased/owned WAN lines.
 * Show a good economy of scale.
 * Scale well, when used with a public key infrastructure.


 * N, Not every WP statement requires citation. In this case, each of the points are self-evident (if partially redundant) and so needn't be revised. Perhaps the missing bit is a more complete explanation why these points are essentially self-evident? ww 04:25, 26 September 2006 (UTC)


 * I agree that "Not every WP statement requires citation". Nevertheless, some of this phrases would need links to concepts such as "economy of scale". I will also add that the phrase "Reduce operational costs versus traditional WAN" still doesn't make sense to me. --Negrulio 17:28, 26 September 2006 (UTC)
 * N, Contrast the costs and personnel required to manage leased lines and special (one-off or small user community amortization) software with using a VPN over an existing network which (for others' reasons) goes 'everywhere'. The latter is cheaper and easier, though all VPN implmentations require considerable caution in selection and operation lest they fail silently but spectacularly. In contrast, leased lines are have some (not enough, of course) physical security. ww 17:33, 26 September 2006 (UTC)

Redundancy in Authentication
This article incurs in redundancy when explaining what Authentication is in VPN security dialogs, doesn't it? This matter is already explained in the Authentication wiki article. --&#91;&#91;User:Negrulio&#124;Negrulio]] 19:48, 25 September 2006 (UTC)
 * N, Again, I'd counsel caution. The object here is not maimum parsimony of phrase, but rather intelligibility for the reader. In this case, we must avoid the assumption that the reader is a crypto or security expert (since many readers, of a general encyclopedia will not be) and so keep an eye on intelligibility foremost. I don;t think much need be changed here. ww 04:28, 26 September 2006 (UTC)
 * I think the intelligibility for the reader is achieved by linking the [perhaps new (for the reader)] conecpt with its appropiate article, not by duplicating parts of the [perhaps new] conecept's article in this section.
 * If every article were to follow the rule you have proposed, WP would end with many different versions of the same concepts --Negrulio 17:22, 26 September 2006 (UTC)
 * N, It is indeed true that WP can arranged as you suggest. But htis requires the Gentle Reader to flit from hither to yon and assemble an understanding of a subject by welding together those assorted and separated accounts. This is an uncommon talent, especially for technical material like this, and so this structure will be an impediment to the Gentle Reader's understanding.
 * I have objected, on just these grounds, to such approaches in several other subject areas ranging from hisotyr (Attack on Pearl Harbor) to cryptography to information theory to diabetes mellitus. We are writing an encyclopedia here, and the effort will be pointless if what we end up with raises unnecessary (and high) barriers for our Gentle Readers -- most of whom must be expected to be non-experts in technical fields. Else why would they be reading an article on a technical subject in a general encyclopedia?
 * Your objeciton, that there might be several accounts of the same topic if WP adopts a policy of duplicating content in various articles is well taken. But I would observe that it is the duty of editors here to defang that slay that particular monster (hydra-headed though it be) as part of their responsibilities here. To their Readers, recall.
 * Optimization is a very tempting goal, but I am very strongly convinced that -- with humans involved -- it's unattainable. Sanger is trying to optimize article quality (ie, authoritativeness) in an improved version of WP (or a return to the ideals of Nupedia) and I think he will fail for the same reasons your suggested approach is untenable. ww 17:46, 26 September 2006 (UTC)

VPDN
Could add link to VPDN or put short info here Zephyr103 07:12, 12 December 2006 (UTC)

A link would be great.

VNC
VNC should be considered a vpn as much as RDP should be. —Preceding unsigned comment added by 69.139.69.140 (talk • contribs)
 * Agreed; as far as I can tell, VNC just allows one to access a computer's desktop remotely; wildly different from the concept of VPNs. -- intgr 23:36, 15 January 2007 (UTC)

A SERIOUSLY Flawed Introduction
I am sorry. The opening definition:


 * "A virtual public network (VPN) is a public communications network often used ouside a company, or by outside several companies or organizations, to communicate unconfidentially over a public network. VPN traffic can be carried over a private networking infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider's private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider."

This is out and out the wrong description of Virtual Private Networks/Networking. VPNs exist in two favors: as controlled access from public space to a private space (i.e. tunnelling and port forwarding) which is close to what is described, but not fully correct. The second form is as a mechanism within a network (public or private) to allocate bandwidth across a transport medium. That is to say dedicate "X" percentage of traffic for "X" data type. This allocation methodology can be defined based on packet content, V-LAN assignments, IP-Addresses, device type, etc. This was the original intent for implementation of VPNs and has been in use going back to the mid- to late-1980's.

To consider how important this distinction is try extending a Voice V-LAN and QoS policy across a network under "denial of service" attack without a VPN for that same voice traffic between nodes. The result is always the same. It fails everytime. I've been there and seen that way too many times and proven it to numerable institutions. A VPN can quarantee bandwidth availability where no other mechanism can. RandMKaos 18:55, 13 February 2007 (UTC)


 * Is actually anyone using the term "VPN" to describe the latter meaning, these days? Perhaps it used to stand for that a decade ago, but I've only heard "VLAN" or "virtual LAN" used to describe this. Can you point out any sources using "VPN"?
 * If indeed the meaning is in use then Wikipedia already has an article virtual LANs. As the meanings are conceptually very different, I'd propose a for template &mdash; the term "VPN" is certainly not in popular use with this meaning.
 * I agree that the introduction and article are pretty low quality. You are very welcome to help fix it. -- intgr 19:34, 13 February 2007 (UTC)


 * V-LAN versus VPN by the there nature are mutually exclusive. V-LAN carries within a distinct and local network domain. Whereas, VPN as a means of bandwidth management carries across domain boundaries (i.e. via a transport network link). Two, V-LANs do not impose bandwidth management, but act as a mechanism to logically segregate data types. It is then, based on that VLAN assignment local priority is assigned. However, once outside the local domain boundary that assignment becomes meaningless. In terms of a VPN (as termed in allocation), the assigned bandwidth is guaranteed across the trasnsport network. I can reference the material i.e. AT&T Bell Labs. However, in doing so would violate the copyright restrictions. I'll gladly re-write the introduction. Who can I sbmit for review before adoption. RandMKaos 08:18, 23 February 2007 (UTC)


 * Ok, that clears up the confusion. Yes, this meaning sounds relevant to the article. -- intgr 15:33, 23 February 2007 (UTC)


 * Not to contradict RandMKaos' remarks, just to add a bit of a context -- it is a perfectly practical setup to exchange 802.1q (VLAN) traffic over some form of Layer 2 tunnel. The mutual exclusivity above (I assume) refers mostly to the traffic delivery guarantees and not technical difficulties in implementing VLAN-over-VPN scenario. Alex Pankratov 22:02, 23 February 2007 (UTC)


 * Alex, you would be correct. It is the traffic guarantee that makes the distinction as included in here. Establishing a VLAN over a VPN Tunnel is definitely a different animal. If we are in agreement here, give me a few days and I would like to post a revised introduction here for group review. RandMKaos 23:40, 28 February 2007 (UTC)

VPN vs VLAN, VPLS
This page doesn't make clear the distinction between a VPLS, VLAN or a VPN. Regards, Ben Aveling 01:32, 24 May 2007 (UTC)

Shoulder-smurfed?
"A stolen smart card and a shoulder-surfed login name / PIN sequence is not hard to achieve and will pass a strong authentication two-factor test handily."

Is that a technical term?


 * It's a common phrase that is used by many professionals - whether or not it's "officially" a technical term is another question! (Shoulder surfing (computer security))  —Preceding unsigned comment added by 217.34.51.167 (talk) 11:07, 5 February 2008 (UTC)

L2TP vs. proprietary L2F & PPTP
Since Microsoft's PPTP was still named as Microsoft proprietary, I restored the explanation that L2F was Cisco proprietary. Having participated in some of the IETF work that led to the definition of the L2TP standard, I can say, from personal experience, that there was a conscious effort to come up with a compromise that met the requirements that both Microsoft and Cisco defined for their proprietary methods. Howard C. Berkowitz 16:20, 17 July 2007 (UTC)

VPN access with disposable passwords?
There seems to be no mention of VPN access with disposable passwords. A disposable password can only be used once, so even it is recorded by a malicious user it is of little use. This improves security when accessing a vpn from a public terminal. Pgr94 11:04, 5 October 2007 (UTC)

BGP/MPLS PPVPN
The abbervations are not explained anywhere in the article. This needs clarification on what it all even means. —Preceding unsigned comment added by 194.249.198.32 (talk) 13:25, 19 May 2008 (UTC)

Needs History section
This entry is more of a spec guide, not an encyclopedia entry. There's no historical context of VPN. When was it invented? By whom? Why? --70.167.58.6 (talk) 04:04, 13 July 2008 (UTC)

Please make this more accessible to nonspecialists
Today I read that everyone should protect their financial information by using an VPN. I didn't know what that was, and after reading the introduction to this article, I still didn't. It's very abstract. Can you give at least one practical explanation so that the rest of us know what a VPN is and why it's important? —Preceding unsigned comment added by 75.73.166.54 (talk) 19:40, 6 August 2008 (UTC)


 * Agree entirely. (see my talk post here:Talk:Virtual_private_network ) Jimthing (talk) 19:34, 18 February 2010 (UTC)

Creating a new wiki page for IP-VPN Lite
There are currently wiki pages for VPN (this page)and VRF, but there is not a wiki page for (IP-VPN Lite), which is briefly referenced on both the VPN and VRF wiki pages.

I'd like to create a new wiki for IP-VPN Lite, using insight from my product experts. However, I'm from Nortel, and am wondering if this would create a perceived conflict of interests -- since IP-VPN Lite is a Nortel technology. Of course, since it's our technology, we (theoretically) could write a more in-depth wiki than anyone else.

Guidance is appreciated here.

Technobabble (talk) 20:46, 1 December 2008 (UTC)
 * There's nothing wrong with you creating a page on the IP-VPN Lite provided you can do the following;


 * Demonstrate it is significantly different from VPN to merit a seperate article.
 * Provide adequate cites from reputable sources that show it's notable.
 * Although you'll probably include references to Nortel, cites to them alone wouldn't be adequate, and would make the article look like a company brochure. Third party cites from sources that are impartial are best.
 * Don't write it like an advert or sales pitch. Make it factual and neutral.
 * Be upfront on on the article talk page that you are employed by the company. Be prepared to show you are not letting your personal interests conflict with Wikipedia's aims of a neutral and balanced article.
 * Do not base anything simply on your, or your collegues, personal expertise and inside knowledge. Wikipedia doesn't accept previously unpublished facts or opinions, no matter how true, accurate or expert they may claim to be.  Above everything, what you write needs to be verifiable from the sources.

-- Escape Orbit (Talk) 21:09, 1 December 2008 (UTC)

Cleanup and rewrite for clarity
I tagged this article for cleanup. It's wonderfully detailed, but I am a computer software professional and I cannot understand it. It should be rewritten for an audience of user-level computer literate people. Technical details are great, but they should not get in the way of understanding the broad concepts. A diagram or two would help.

I would be happy to do the editing myself, but I'm not expert enough in the subject matter--which is why I came to the article in the first place.

144.29.1.16 (talk) 18:52, 3 December 2008 (UTC)

I agree with the comment above. Let me also add that a sentence or two that explains why a person would want to use a VPN when, say, at the beach, would be very helpful. An Apple employee, a computer science graduate, explained to me today that one would want to use a VPN at the beach in order to take advantage of a local WiFi network. I don't myself understand why a VPN is useful in this case. That's why a paragraph explaining the advantage of a VPN in a case like this would be useful, if it is both correct and well-stated. —Preceding unsigned comment added by Ruffwiki (talk • contribs) 19:17, 18 July 2009 (UTC)

addition
- What are the limitations of using a VPN ? - What is the maximum distance between two nodes ? - Can a VPN run over the internet/broadband connection ? Peter Munro (talk) 16:20, 8 December 2009 (UTC)

Rewrite
I'm going to start on a rewrite of this page. The content needs to be split clearly between 'secure vpns' such as your standard remote access/ipsec/ssl stuff and 'trusted vpns' such as service provider based mpls style. The entire article seems to be a mix of both with a strong slant towards service provider, and clarity is needed. I'm finding it very difficult to follow as it currently stands. Fancy steve (talk) 00:56, 6 January 2010 (UTC)

I've shuffled the page somewhat but the trusted vpn section needs a cleanup. I'll get to that soon if noone else does. I'm hoping this resegmentation improves the overall readability of the article

Fancy steve (talk) 00:49, 7 January 2010 (UTC)


 * Hi Kbrose, thankyou for helping with the clean up of this article. My rationale for the reshuffling of the paragraphs before was to make a clear distinction between the two 'major' categories of vpn, that being the larger carrier types and the smaller organisational types. I know there are many that do not fall neatly within these boundaries but I felt that being as multiple people have arrived at this page complaining that it does not explain the secure vpns (likely remote access) that most end users are familiar with, it needed to be split up to be clarified. My expertise is more in the security field than the carrier mpls/atm field so I would appreciate any help in cleanup of the PPVPN and carrier stuff, but I feel that your recent edits have joined a lot of these sections back to exactly as they were which I thought made the whole article difficult to follow. Can we discuss some options for clarifying the article further here? Cheers Fancy steve (talk) 23:07, 17 January 2010 (UTC)


 * This distinction between secure and trusted networks appears purely a marketing ploy by vendor associations to differentiate their products. I objected to the one-sided presentation, delegating anything else into the 'further running' category. If anything, the emphasis should be the reverse, discussing general concepts and foundations first, and then distinguishing these specialized product classes and marketing schemes. The discussion should start with the framework of VPNs provided by the open IETF documents that don't require special products. A strong indication of the marketing aspect of the classes was the use of proper nouns for them, when the notions of 'secure VPN' or 'trusted VPN' are completely general concepts. Kbrose (talk) 02:02, 18 January 2010 (UTC)


 * Ok I see where you are coming from here. The reason I disliked the IETF discussion as being the primary focus for the page was because it was extremely verbose and acronym laden. I felt it made the page difficult to consume from an average computer user perspective. I saw that multiple talk page requests had been made for very basic mostly remote access style topics and I felt that this would likely be the experience by many of the viewers of the page. I do agree that secure/trusted is a convention brought about by the vpnc, a consortium of vendors, however I did actually spend some time to research whether there were any generally accepted terminologies to describe the broad space and could find none that were appropriate. I'm happy to come to a compromise for renaming/rewriting the sections but I think we are doing ourselves a disservice to drop the article back to pure IETF/IEEE terminologies as I dont feel they reflect what I believe a substantial portion of readers are looking for.

The problem is that the space has already been muddied by vendors across the board, but I'm not sure of the best way to address it. Fancy steve (talk) 02:42, 18 January 2010 (UTC)


 * I have no idea what an average reader would be looking for here. I don't think an encyclopedia should provide readers what they 'expect', what would the purpose of that be? and it would be highly biased. That is the function of marketing brochures to satify a need and sell the product. I look for things in an encyclopedia that is fairly unbiased material that I don't already know and that presents a wider scope of what I am familiar with. If I want specialized information about something I expect or need, I go to technical monographs or vendor specification sheets. I am not suggesting to go back, that's why I left your additions in the article, the article was indeed not very good, very disorganized and confusing. Nor do I suggest that my organization of the material is good. Indeed the space is muddied, but this is no reason to create new classifications or adopt vendor-biased schemes. There is nothing wrong with presenting the variety of concepts and implementations by discussing them in a paragraph each. But it all should start out with the fundamentals, as are expressed generally in the current lead and the IETF effort of clarifying the space is very notable, albeit not in tune with the market place trends. A VPN is foremost a network on top of a network and remote access is not a VPN per se, it is simply an extension, a new link, of a VPN onto the accessing device. The principles of larger carrier VPN networks and small home or office networks is very much the same, only camouflaged by marketing speak and product labels. I think that's the proper starting framework. Kbrose (talk) 03:26, 18 January 2010 (UTC)


 * Could you provide some reference to the IETF frameworking documentation that you mention above? I would like to see if there is anything that can be salvaged to help better classify things. I do agree with most of your points, but I think there is a reality here that most of these technologies have existed for a long time in two completely different streams, one networking and one security focussed. If we generalise too much I feel that we are ignoring what is the current state of the VPN world. This was really my intention of collecting these sections as they are, definitely not to introduce any vendor bias. I think that the reason that this article (and this talk page) has become so much of a hodge podge so far because noone can agree on what the definitions should be, but maybe there just isnt a neat way of doing this. Fancy steve (talk) 05:48, 18 January 2010 (UTC)


 * Simplify the first paragraph after more user feedback. I'm thinking a diagram or two here might help as well. The rest of the page I'll get to but I'm thinking about broadening the classification schemes to encompass whatever schemes I can find, rather than sticking to any particular one. Fancy steve (talk) 01:26, 15 February 2010 (UTC)

An example of a well written computer term page for the COMPLETE re-write...
IMO, the en.wikipedia URI page is a good example of how to reasonably clearly explain a computing subject in both simple and technical detail, using clear "real world" analogies: http://en.wikipedia.org/wiki/Uniform_Resource_Identifier

The same rule applies for this article as any other that is used by layman rather than specialisms only likely to be read specifically by those studying a subject. This article needs to be written for two SEPARATE kinds of people. They are:
 * (a) the "amateur/home user" who basically use the internet/email in a basic fashion; then
 * (b) the "professional/student" who needs the technical details.

(a) Intro and first sections: Amateurs need info on what a VPN does in simple terms (using simple analogies to the real world); who they are available to (eg. mainly business users currently, home user...?); how amateur users can access them (optain from who/where?, use in clients/programs/apps...?); reason for using (security, obfuscation...?); and rough explanation on good/ideal times to make use of them (eg. only for public wifi access?...).

(b) Later sections: The latter needs full details on technical specifications, detail on side/related topics, highly specialised versions/applications, and differences/similarities between technologies, etc.

As an "amateur", though with a bit more than basic understanding of computers, I'm still none the wiser after reading this article on just HOW one could or should make use of these things?! Jimthing (talk) 19:31, 18 February 2010 (UTC)

Rewrite is needed
Hi there,

I am an networking specialist (with 14+ years IT experience) and I am extremely confused by this article. It mixes up many subject and in the end is very far from the broad and wide acceptance of what a VPN is.

A VPN is a Virtual Private Network in opposition to a Enterprise Private Network. Nobody in the telecom and networking industry ever considered leased lines as VVPPVNDS (or what ever acronym it is tagged under ;-) (sorry if this sounds rough but I really found this article super complex).

Leased lines are contracts between a business (university, government, charity etc) and a service provider (telco) and have been used to build enteprise networks since the 1970's. Only since the creation of VPN did people start to consider what was known as Enterprise Networks or just Networks (everybody's heard someone complain about the fact that "the network's down" or "the network's slow" etc) and built extra complexity that was not required and does not help in the end.

VPN's are just encrypted channels over the Internet used to carry enterprise private data between sites that would normally be linked via leased lines. They came about with the Internet era because leased lines can be very expensive (specially if crossing an ocean) and Internet access made it cheaper to build and operate a private enterprise network (over this infrastructure rather than telecom networks).

For any other technical details such as the difference between leased lines, MPLS tunnels, and VPDN should be dealt with outside of this article and aggregated in a stub (Computer network anyone?).

Ludovic.ferre (talk) 22:30, 21 April 2010 (UTC)

History
I removed this paragraph:  With the rise of Internet in the mid-1990s developers, network administrators and hardware manufacturers could create new disruptive technologies to offer brand new services or offer competitive services.

It made my eyes glaze over and I felt it was not really shedding any light there anyway. --Elinruby (talk) 16:42, 2 May 2010 (UTC)

Tunnels that Use Internet Protocol
I rewrote this to make it (I think) easier to read, but I do not know enough about the use case presented to give an example or explain why you would have this. Someone should do this if this is a section worth having, which I question at the moment.

I do think that it is way too much information about an exception before the rule has been fully explained. I am leaving it where it is in its edited form, at least for now.

I came here to learn and found that impossible
The person who said basically stop bellyaching and suggest improvements sounds like he has a point but he really doesn't. Many people will come here to learn about a VPN who will have no way to write anything. Me for example. The key is to stop referring to things by shortcuts like acronyms and jargon and write narrative paragraphs instead. A link is not an explanation since a link points to a multivariate discussion of all sorts of aspects of a term which is most likely being used in only a single meaning in the original article. Get the nerds out out of the explanations. Get in writers instead. Plenty of people can write English but nerds (developers, coders) cannot. Just like Scientific American sets a de facto standard for good writing, I suggest Leo Notenboom at askleo.com. Leo is a fabulous explainer for computer issues. Hire him as the Master of Explanation for Wikipedia. Zerowaster (talk) 08:48, 4 August 2012 (UTC)