"VPN" is an overloaded term. Here are several different usages: - Remote Access Creates a secure tunnel from a VPN client machine to a remote/corporate network. Depending on the VPN client/server configuration, it may route only traffic destined to the remote network through the VPN while all other traffic goes directly to the Internet. That is called "split-tunnel". The other way routes all traffic through the VPN such that you end up using the remote network's ISP for all of your Internet traffic too. That is called "full-tunnel". This the most common traditional usage of the term "VPN". Standard VPN protocols: IPsec, SSL/TLS, L2TP, etc. Proprietary clients (may use standard protocols, but with proprietary extensions): Cisco Anyconnect Pulse Secure Palo Alto GlobalProtect etc. Standard clients (may interoperate with servers from the above companies, but with reduced functionality) Built-in Microsoft Windows L2TP client Built-in Android VPN client Built-in MacOS VPN client etc. Open Source clients (may interoperate with above companies, but with reduced functionality) openconnect / NetworkManager-openconnect - IPsec, SSL/TLS, etc. openswan/freeswan - IPsec openvpn - this one stands on its own as a non-standard but open protocol/software There are also other VPN plugins for NetworkManager - Site-to-Site Creates a secure site-to-site connection between networks. Often uses the same technologies as the remote access use case above, but instead of running a VPN client on an end-user machine and connecting to a VPN server, it is often configured to run directly on routers and/or firewalls so that an entire site's traffic is securely tunneled to one or more remote sites. - "Anonymizer" Create a secure tunnel to a VPN provider for the purposes of "hiding" your traffic from your own ISP (but not the VPN provider or its ISPs) or appearing to Internet services as if you are located in a different geographical region (e.g. to bypass content restrictions) There are various for-pay and possibly free-of-cost services. As far as I know, they are all proprietary and use their own clients, but I could be wrong. - Routed Provider-Provisioned VPN Creates a private "overlay" network using esoteric protocols such as MPLS and VXLAN, etc. They may be encrypted (using IPsec or some other technology), but are often NOT encrypted because their purpose is different. These are used internally by ISPs, medium/large enterprises, etc. to private a virtual private overlay for segmentation reasons, optionally allowing for overlapping IP address spaces (e.g. mulitple customers of an ISP can be using 192.168.1.0/24 and 10.0.0.0/8 at the same time in separate private network overlays that share the same equipment in the ISPs internal backbone.) Examples: VRF-Lite MPLS-based L3VPN MPLS-based L2VPN/L2 Circuits MPLS-based VPLS EVPN-MPLS EVPN-VXLAN other VXLAN-based overlays etc. On Tue, Jul 13, 2021 at 09:55:27AM -0400, Tim Keller via WLUG wrote:
Ron,
There are a zillion VPN products on the market.. though generally a specific VPN client is somewhat wed to the server side. Personally I have a dim view of all things McAffee, but who knows maybe they bought a good VPN from someone and rebranded it. Personally I've used Shrewsoft on windows and frankly the built in windows 10 VPN isn't *horrible*.
Tim.
On Sun, Jul 11, 2021 at 11:25 AM hammerron via WLUG <wlug@lists.wlug.org> wrote:
Hey everybody:
A friend asked me about VPNs and I don't know a whole lot lot on the topic. They have a Windows computer and are using a McAfee VPN. The question is, is this a decent product, should they use it or not or consider something else?