What Is a Virtual Private Network?

Virtual private network refers to the technology of establishing a private network on a public network. It is called a virtual network mainly because the connection between any two nodes of the entire VPN network does not have the end-to-end physical links required by traditional private networks, but is instead built on the network provided by public network service providers. Platforms, such as the logical network on the Internet, ATM (Asynchronous Transfer Mode), Frame Relay, etc., user data is transmitted over logical links.

A virtual private network refers to a technology for establishing a private network on a public network. It is called a virtual network mainly because the connection between any two nodes of the entire VPN network does not have the end-to-end physical links required by traditional private networks, but is instead built on the network provided by public network service providers Platforms, such as the logical network on the Internet, ATM (Asynchronous Transfer Mode), Frame Relay, etc., user data is transmitted over logical links.

Chinese name: Virtual private network
Foreign name: Virtual Private Network

Short name: VPN
Attributes: network technology
Applied discipline: Communication

Introduction to Virtual Private Network Technology

In the traditional enterprise network configuration, to interconnect remote LANs, the traditional method is to lease a DDN (Digital Data Network) leased line or Frame Relay. Such a communication scheme inevitably leads to high network communication / maintenance costs. For mobile users (mobile office workers) and remote individual users, they usually enter the local area network of the enterprise through dial-up lines (Internet), and this will inevitably bring security risks.

Virtual private network refers to the technology that relies on ISP (Internet Service Provider) and other NSP (Network Service Provider) to establish a dedicated data communication network in the public network. In a virtual private network, the connection between any two nodes does not have the end-to-end physical links required by the traditional private network, but is dynamically composed using some kind of public network resources. The IETF draft understands IP-based VPNs as: "Using the IP mechanism to simulate a private wide area network" is a private tunnel technology that emulates a point-to-point dedicated line technology on public data networks ^[1] . The so-called virtual means that users no longer need to have actual long-distance data lines, but use long-distance data lines of the Internet public data network. The so-called private network means that users can develop a network that best meets their needs for themselves.

The frame relay (Frame Relay) leased by the user in the telecommunications department and data networks such as ATM provide fixed virtual circuits (PVC-Permanent Virtual Circuit) to connect units that need to communicate, and all permissions are in the hands of others. If users need some other services, they need to fill in a lot of documents and wait for quite a while before they can enjoy the new services. What's more important is that the terminal equipment at both ends is not only expensive, but also requires certain professional and technical personnel for management, which undoubtedly increases costs, and the frame relay and ATM data networks will not be like the Internet, and can be immediately connected with any one in the world Connect using an Internet network. On the Internet, VPN users can control their contact with other users, while supporting dial-up users.

Therefore, the virtual private network we refer to generally refers to a private network that can be self-managed on the Internet, rather than a network that provides virtual fixed line (PVC) services such as Frame Relay or ATM. VPN with IP as the main communication protocol can also be called IP-VPN.

As the VPN is a secure and dedicated virtual network temporarily established on the Internet, users save the cost of leased dedicated lines. In addition to the purchase of VPN equipment, the company only pays a certain amount of Internet access to the ISP where the company is located. The cost also saves long-distance phone charges. This is why VPNs are inexpensive.

More and more users realize that with the booming development of the Internet and e-commerce, the best way for economic globalization is to develop Internet-based business applications. With the increasing frequency of business activities, companies have begun to allow their business partners and suppliers to access their own LANs, thereby greatly simplifying the way of information exchange and increasing the speed of information exchange. These cooperations and connections are dynamic and rely on the network to maintain and strengthen, so companies have found that such information exchange not only brings network complexity, but also management and security issues, because the Internet is a global And open, TCP / IP technology-based, unmanageable international internet, therefore, Internet-based business activities face non-good faith information threats and security risks.

Virtual Private Network Causes

The proposal of the virtual private network is to solve these problems:

(1) The use of VPN can reduce costs-Establishing a VPN through a public network can save a lot of communication costs without having to invest a lot of manpower and materials to install and maintain WAN (wide area network) equipment and remote access equipment.

(2) The transmission data is safe and reliable-the VPN products use security technologies such as encryption and identity verification to ensure the reliability of the connected users and the security and confidentiality of the transmitted data.

(3) Convenient and flexible connectionIf users want to network with partners, if there is no virtual private network, the information technology departments of the two parties must negotiate how to establish leased lines or frame relay lines between the two parties. With the virtual private network, All parties need to configure secure connection information.

(4) Full control-The virtual private network allows users to use the facilities and services of the ISP, while at the same time fully controlling the control of their own network. Users only use the network resources provided by the ISP. Other security settings and network management changes can be managed by themselves. You can also build your own virtual private network within the enterprise.

Virtual Private Network Technology Features

Virtual Private Network Security

Although there are many technologies and methods for implementing VPNs, all VPNs should ensure the specificity and security of data transmission through public network platforms. Establish a logical, point-to-point connection on a non-connection-oriented public IP network, which is called establishing a tunnel. You can use encryption technology to encrypt the data transmitted through the tunnel to ensure that the data is only specified by the sender and receiver. Understand to ensure the privacy and security of the data. In terms of security, since VPN is built directly on the public network, it is simple, convenient, and flexible to implement, but at the same time its security issues are more prominent. Businesses must ensure that the data transmitted on their VPNs are not peeked and tampered by attackers, and that they prevent unauthorized users from accessing network resources or private information. ExtranetVPN expands corporate networks to partners and customers, placing higher requirements on security.

Virtual Private Network Service Quality Assurance

(QoS)

VPN networks should provide different levels of service quality assurance for corporate data. Different users and services have different requirements for service quality assurance. For mobile office users, providing extensive connectivity and coverage is a major factor in guaranteeing VPN services. For dedicated VPN networks with many branches, interactive internal corporate network applications require the network to provide good stability. Other applications (such as video) have more specific requirements on the network, such as network delay and bit error rate. All of the above network applications require the network to provide different levels of service quality as needed. In terms of network optimization, another important requirement for building a VPN is to make full and effective use of limited WAN resources to provide reliable bandwidth for important data. The uncertainty of WAN traffic makes its bandwidth utilization very low, which causes network congestion during traffic peaks, network bottlenecks, and data that requires high real-time performance cannot be sent in a timely manner; it also causes a large number of networks when traffic is low Bandwidth is free. QoS can allocate bandwidth resources according to priorities through traffic prediction and flow control policies to achieve bandwidth management, so that various types of data can be sent in a reasonable order and prevent blocking from occurring.

VPN scalability and flexibility

The VPN must be able to support any type of data flow through the intranet and extranet, facilitate the addition of new nodes, support multiple types of transmission media, and meet the needs of new applications such as simultaneous transmission of voice, images, and data for high-quality transmission and increased bandwidth .

Virtual Private Network Manageability

It should be easy to manage and maintain from the perspective of users and operators. In terms of VPN management, VPNs require companies to seamlessly extend their network management functions from the LAN to the public network, even customers and partners. Although some minor network management tasks can be left to the service provider to complete, enterprises still need to complete many network management tasks themselves. Therefore, a complete VPN management system is essential. The goals of VPN management are: to reduce network risks, to have the advantages of high scalability, economy, and high reliability. In fact, VPN management includes security management, device management, configuration management, access control list management, and QoS management.

Advantages and disadvantages of virtual private networks

Advantages: Compared with traditional wide area networks, virtual private networks can reduce operating costs and reduce connection costs for remote users. In addition, the fixed communication costs of virtual private networks help companies better understand their operating expenses. VPNs can also provide low-cost global networking opportunities.

Disadvantages: The reliability and performance of Internet-based VPNs are no longer under the direct control of the enterprise. Organizations must rely on Internet service providers who provide virtual private networks to keep their services up and running. This factor is very important for negotiating a service level agreement with the Internet service provider to create an agreement that guarantees various performance indicators.

Advantages: The virtual private network provides a high level of security, uses advanced encryption and identification protocols to prevent data from being snooped, and prevents data thieves and other unauthorized users from spying on the data.

Disadvantages: It is not very easy for enterprises to create and deploy a virtual private network. This technology requires a high level of understanding of network and security issues and careful planning and configuration. Therefore, it is a good idea to choose an Internet service provider to handle more specific operational issues.

Advantages: Well-designed broadband virtual private networks are modular and scalable. VPN technology allows users to use an easy-to-setup Internet infrastructure, allowing new users to be added to this network quickly and easily. This capability means that enterprises can provide a large amount of network capacity and applications without adding additional infrastructure.

Disadvantages: Virtual private network products and solutions from different vendors are not always compatible with each other, because many vendors are unwilling or unable to comply with virtual private network technology standards. Therefore, mixing and matching equipment may cause technical difficulties. On the other hand, using equipment from one vendor may increase costs.

Advantages: Virtual private networks allow mobile employees, telecommuters, business partners, and others to access the company's network using locally available, high-speed broadband access technologies, such as DSL, cable, and wifi technologies. In addition, high-speed broadband connections provide a cost-effective way to connect remote offices.

Disadvantages: Virtual private networks pose security risks when used with wireless devices. Roaming between access points is particularly prone to problems. When users roam between access points, any solution that relies on high-level encryption will be broken. Fortunately, there are some third-party solutions that address this shortcoming. ^[2]

Virtual Private Network Security Technology

Since private information is transmitted, VPN users are more concerned about the security of the data.

VPN mainly uses four technologies to ensure security. These four technologies are Tunneling, Encryption & Decryption, Key Management, and User and Device Authentication. .

Virtual Private Network Tunnel Technology

Tunnel technology is the basic technology of VPN. It is similar to the point-to-point connection technology. It establishes a data channel (tunnel) in the public network and allows data packets to be transmitted through this tunnel. Tunnels are formed by tunneling protocols and are divided into Layer 2 and Layer 3 tunneling protocols. The second layer tunneling protocol is to first encapsulate various network protocols into PPP, and then package the entire data into the tunneling protocol. The data packets formed by this double-layer encapsulation method are transmitted by the second layer protocol. Layer 2 tunneling protocols include L2F, PPTP, and L2TP. The L2TP protocol is a standard of the IETF. It is formed by the fusion of PPTP and L2F by the IETF.

The Layer 3 tunneling protocol is to load various network protocols directly into the tunneling protocol, and the data packets formed depend on the Layer 3 protocol for transmission. Layer 3 tunneling protocols include VTP and IPSec. IPSec (IP Security) is composed of a set of RFC documents. It defines a system to provide services such as security protocol selection, security algorithms, and determination of keys used by services, so as to provide security at the IP layer.

Virtual private network encryption and decryption technology

Encryption and decryption technology is a relatively mature technology in data communication, and VPN can directly use the existing technology.

Virtual Private Network Key Management Technology

The main task of key management technology is how to transfer keys securely on the public data network without being stolen. The current key management technology is divided into SKIP and ISAKMP / OAKLEY. SKIP mainly uses the Diffie-Hellman algorithm to transmit keys over the network. In ISAKMP, both parties have two keys, which are used for public and private use.

Virtual private network user and device identity authentication technology

The most commonly used user and device authentication technologies are username and password or card authentication.

Virtual Private Network Vulnerability

Security issues are at the core of VPNs. VPN security is mainly achieved through firewall technology, routers equipped with tunnel technology, encryption protocols, and security keys, which can ensure that corporate employees can safely access the corporate network.

However, if an enterprise's VPN needs to be extended to remote access, it should be noted that these direct or always-on connections to the corporate network will be the main targets of hacking. Because remote workers can access core content such as company budgets, strategic plans, and engineering projects through personal computers outside the firewall, which constitutes a weakness in the company's security defense system. Although employees can double their productivity and reduce the time spent on transportation, they also provide hackers, competitors, and business spies with countless opportunities to enter the core of the company's network.

However, companies don't pay enough attention to the safety of long distance work. Most companies believe that the company's network is behind a network firewall, and employees can dial into the system, and the firewall will reject all illegal requests; some network administrators believe that establishing a firewall for the network VPNs are secure so that they can dial into the corporate network through an encrypted tunnel. These views are all wrong.

Working from home is fine, but from a security standpoint, it's a huge threat because most security software used by companies doesn't protect home computers. What some employees do is simply enter a home computer and follow it into the corporate network system through an authorized connection. Although, the company's firewall can isolate intruders and guarantee VPN information security between the main office and the home office. The problem is that an intruder can enter the network through a trusted user. Therefore, the encrypted tunnel is secure and the connection is correct, but this does not mean that the home computer is secure.

Hackers need to probe IP addresses in order to hack into employees' home computers. Statistics show that IP addresses using dial-up connections are scanned by hackers almost daily. Therefore, if the home office staff has an uninterrupted connection link such as DSL (usually this connection has a fixed IP address), it will make hacking easier. Because a dial-up connection is assigned a different IP address each time it is accessed, it can be hacked, but it is relatively difficult. Once a hacker breaks into a home computer, he can remotely run employees' VPN client software. Therefore, there must be corresponding solutions to plug the security loopholes of remote access VPNs, so that employees' connections to the network can fully reflect the advantages of VPNs and not become a security threat. Installing a personal firewall on a personal computer is an extremely effective solution. It can prevent illegal intruders from entering the corporate network. Of course, there are some practical solutions for remote workers:

* All remote workers must be approved for VPN

* All remote workers need a personal firewall, which not only prevents computers from being hacked, but also records how many times the connection has been scanned

* All remote workers should have an intrusion detection system that provides a record of hacking information

* Monitor software installed in remote systems and restrict it to work only

* IT staff need to perform periodic scheduled checks on these systems in the same way as office systems

* Out-of-office staff should encrypt sensitive files

* Install an access control program that requires a password. If the password is incorrect, alert the system administrator through the modem

* When choosing a DSL vendor, you should choose a vendor that can provide security features.

Virtual Private Network Solution

VPN has three solutions, users can choose according to their own situation. These three solutions are: Remote Access Virtual Network (AccessVPN), Enterprise Internal Virtual Network (IntranetVPN), and Enterprise Extended Virtual Network (ExtranetVPN). These three types of VPNs are different from traditional remote access networks and intranets within the enterprise. Corresponds to the extranet formed by the corporate network and the corporate network of related partners.

AccessVPN Virtual Private Network AccessVPN

AceessVPN Structure If your company's internal personnel are mobile or need remote work, or if the business wants to provide B2C secure access services, you can consider using AccessVPN.

AccessVPN provides remote access to corporate intranets or extranets through a shared infrastructure with the same policies as private networks. AccessVPN enables users to access corporate resources anytime, anywhere they want. AccessVPN includes analog, dial-up, ISDN, digital subscriber line (xDSL), mobile IP, and cable technologies to securely connect mobile users, remote workers, or branch offices.

AccessVPN is most suitable for situations where mobile personnel often work remotely within the company. Traveling employees can establish a private tunnel connection with the company's VPN gateway by using the VPN service provided by the local ISP. The RADIUS server can authenticate and authorize employees to ensure the security of the connection, while greatly reducing the cost of telephone calls.

The appeal of AccessVPN to users is:

* Reduce funds and costs for related modems and terminal services equipment and simplify the network

* Implement the function of local dial-up access to replace long-distance access or 800 telephone access, which can significantly reduce the cost of long-distance communication

* Great scalability, easy to schedule new users joining the network

* Remote Authentication Dial-in User Service (RADIUS) is a standards-based, policy-based security service

* Turning the focus of work from managing and retaining staff who operate dial-up networks to the company's core business.

IntranetVPN Virtual Private Network IntranetVPN

IntranetVPN structure diagram If you want to interconnect the branches of an enterprise, using an intranetVPN is a good way.

More and more enterprises need to establish various offices, branches, research institutes, etc. in the country and even the world. The traditional network connection method between the branches is generally leased dedicated lines. Obviously, as the number of branches increases and business development becomes more extensive, the network structure tends to be complicated and expensive. The VPN feature can be used to form a worldwide intranet VPN on the Internet. The use of Internet lines to ensure network interconnection, and the use of tunnels, encryption and other VPN features can ensure the secure transmission of information across the entire intranetVPN. IntranetVPN connects corporate headquarters, remote offices, and branch offices through a shared infrastructure that uses a dedicated connection. Enterprises have the same policies as private networks, including security, quality of service (QoS), manageability, and reliability.

The appeal of IntranetVPN to users is:

* Reduce the cost of WAN bandwidth

* Ability to use flexible topologies, including full network connections

* New sites can be connected faster and easier

* The connection redundancy of the equipment supplier's WAN can extend the available time of the network.

ExtranetVPN Virtual Private Network ExtranetVPN

ExtranetVPN structure diagram If it is to provide secure access services between B2B, you can consider ExtranetVPN.

With the advent of the information age, companies are paying more and more attention to the processing of various information. I hope to provide customers with the fastest and most convenient information services, understand the needs of customers in various ways, at the same time, the cooperation between various enterprises is increasing, and information exchange is becoming more frequent. The Internet provides a good foundation for such a development trend, and how to use the Internet for effective information management is an inevitable key issue in the development of enterprises. The use of VPN technology can form a secure extranet, which can not only provide effective information services to customers and partners, but also ensure the security of its own internal network.

ExtranetVPN connects customers, suppliers, partners, or interest groups to the corporate intranet through a shared infrastructure that uses a dedicated connection. Enterprises have the same policies as private networks, including security, quality of service (QoS), manageability, and reliability.

The appeal of ExtranetVPN to users is that it can easily deploy and manage extranets. The extranet connections can be deployed using the same architecture and protocols as the intranet and remote access VPNs. The main difference is access permissions, users of extranets are allowed only one chance to connect to their partner's network.

Advantages of VPN technology

Internet service providers (ISPs) and businesses will be direct beneficiaries of VPNs. ISPs promote VPN as a value-added service to enterprises and get returns from enterprises. Therefore, the ultimate purpose of VPN is to serve enterprises, bring considerable economic benefits to enterprises, and provide a secure and reliable way for information sharing of modern enterprises.

ISP Virtual private network ISPs benefit

For ISPs, VPNs offer huge business opportunities. Mr. Xue Tao of 21Vianet said: 21Vianet uses a national network based on China Netcom and has good hardware conditions. Faced with the fierce competition of IDC in 2001, 21Vianet hopes to find new growth points based on IDC. Because the website has shrunk, 21Vianet turned its attention to large and medium-sized traditional enterprises and analyzed what they need for telecommunications resources. As a result, VPN was an opportunity. 21Vianet is exploring that VPN solutions and technologies are ready. 21Vianet's target users are units with branches across the country and information construction has reached a certain level. 21Vianet will integrate existing resources, including network, hosting and technical forces to provide services to users. By providing VPN value-added services to enterprises, ISPs can establish closer long-term cooperative relationships with enterprises, while making full use of existing network resources and increasing business volume. In fact, VPN users have much more data traffic than ordinary users, and they are staggered in time. VPN users usually form a peak of traffic during working hours, while the peak period of traffic for ordinary users is outside working hours. ISP provides two kinds of services to the outside world, the resource utilization rate and business volume will greatly increase. At the same time, VPNs enable ISPs to economically maintain development customer base, increase profits, and provide enhanced services such as video conferencing, e-commerce, IP telephony, distance learning, multimedia business applications, and more.

VPN users benefit

Which users are suitable for VPN? After meeting basic application requirements, there are three types of users who are more suitable for VPN:

1) There are many locations, especially single users and remote office sites, such as corporate users and distance education users;

2) Users / sites have a wide range of distribution, with a long distance between each other, all over the world, and users who need to be contacted through long-distance telecommunications or even international long-distance means

3) The bandwidth and delay requirements are relatively moderate;

4) Users who have certain requirements for line confidentiality and availability.

Relatively speaking, there are four situations that may not be suitable for VPN:

1) attaches great importance to the security of transmitted data

2) No matter how much the price is, performance is the first priority;

3) Application of uncommon protocols, which cannot transfer applications in IP tunnels

4) Most communications are real-time communications applications such as voice and video. But in this case, a public switched telephone network (PSTN) solution can be used in conjunction with a VPN.

For enterprises, VPN provides a secure and reliable Internet access channel, which provides a reliable technical guarantee for the further development of enterprises. And VPN can provide dedicated line type services, which is a convenient and fast corporate private network. Enterprises don't even need to set up their own WAN maintenance system, and leave this onerous task to a professional ISP.

The main role of virtual private networks

With the advent of VPNs, users can benefit from:

Virtual private network for network security

With a high degree of security, it is extremely important for the network. New services such as online banking and online transactions require absolute security, while VPNs enhance the intelligence and security of the network in a variety of ways. First, it provides authentication for distributed users at the beginning of the tunnel and on existing enterprise authentication servers. In addition, VPNs support security and encryption protocols such as SecureIP (IPsec) and Microsoft Point-to-Point Encryption (MPPE).

VPNs simplify network design

Network managers can use VPNs instead of leased lines to connect branch offices. This minimizes the task of installing, configuring, and managing remote links, which can greatly simplify the design of enterprise WANs. In addition, VPN accesses external services from ISPs or NSPs through dial-up, reducing modem pools, simplifying required interfaces, and simplifying equipment and processing related to remote user authentication, authorization, and accounting.

Virtual private network reduces costs

VPNs can reduce costs immediately and significantly. When using the Internet, you only pay for short-distance calls, but receive the effect of long-distance communication. Therefore, with the help of ISP to establish a VPN, you can save a lot of communication costs. In addition, VPN also saves enterprises from having to invest a lot of manpower and material resources to install and maintain WAN equipment and remote access equipment, which can be left to the ISP. VPN enables users to reduce the following costs:

Communication costs for mobile users. VPNs can save mobile users money by reducing long-distance or 800 fees.

Cost of leased lines. VPN can control and manage leased lines at 40% to 60% of the cost of each connection. For international users, this savings is extremely significant. For voice data, the savings will increase further.

Cost of major equipment. By enabling dial-up access to external resources, VPNs allow businesses to reduce growing modem costs. In addition, it allows a single WAN interface to serve multiple purposes, from branch network interconnections, external network terminals of business partners, and local high-bandwidth connections to dial-up access service providers. Therefore, very few WAN interfaces and devices. Because the VPN can be fully managed and can perform policy-based control from a central website, it can greatly reduce the overhead on the equipment required to install and configure the remote network interface. In addition, because the VPN is independent of the initial protocol, this allows remote access users to continue to use traditional equipment, protecting users' investments in existing hardware and software systems.

Easy VPN extension

If the enterprise wants to expand the capacity and coverage of the VPN. There are few things companies need to do, and they can be realized in time: companies only need to sign a new IPS and establish an account; or re-sign a contract with an existing ISP to expand the scope of services. Adding VPN capabilities to a remote office is also easy: a few commands can make an extranet router have Internet and VPN capabilities, and the router can automatically configure workstations.

VPN can be networked with partners at will

In the past, if companies wanted to connect with partners, the information technology departments of both sides had to negotiate how to establish leased or frame relay lines between the two parties. With a VPN, this kind of negotiation is unnecessary, and it is true that you have to connect even if you are disconnected.

VPN has full control

With the help of VPNs, companies can take advantage of ISP facilities and services while fully controlling their network. For example, enterprises can give dial-up access to ISPs, and they are responsible for user inspection, access rights, network addresses, security, and network change management.

Virtual private network supports emerging applications

Many private networks are inadequately prepared for many emerging applications, such as those requiring high-bandwidth multimedia and collaborative interactive applications. VPN can support a variety of advanced applications, such as IP voice, IP fax, and various protocols, such as RSIP, IPv6, MPLS, SNMPv3, and so on.

Because of the many benefits that VPNs can bring to users, VPNs are booming globally. VPNs are already a very common business in North America and Europe; in the Asia-Pacific region, this service has also been rapidly launched.

Virtual Private Network Development Trend

In foreign countries, the Internet has become the information infrastructure of the whole society, and enterprise-side applications are mostly based on IP. It has become an inevitable trend to build application systems on the Internet. Therefore, IP-based VPN services have gained tremendous growth space. Infornetics Research predicts that the global VPN market will reach $ 12 billion in 2001. It is predicted that by 2004, North America's VPN business revenue will increase to $ 8.8 billion.

In China, the factors that restrict the development and popularization of VPNs can be broadly divided into objective and subjective factors.

1. Objective factors include Internet bandwidth and quality of service (QoS) issues.

In the past, regardless of the remote access or dedicated line access of the Internet, and the bandwidth of the backbone transmission was very small, QoS could not be guaranteed. As a result, corporate users would rather spend a lot of money to invest in their own dedicated line network or would like to spend huge long-distance phone charges To provide remote access. With the large-scale application and promotion of new technologies such as ADSL, DWDM, and MPLS, the above problems will be fundamentally improved and resolved. For example, in the past, the maximum dedicated line access rate was only 2Mbps. In the future, corporate users in China can enjoy 10Mbps or even 100Mbps Internet dedicated line access. The backbone network now has a maximum of 40Gbps and will grow to hundreds or even more in the next few years. Thousands of Gbps, this is not a technical issue but a matter of time. With the development of Internet technology, it can be said that VPN will develop rapidly in the next few years.

2. One of the subjective factors is that users are always afraid that their internal data is not securely transmitted on the Internet.

In fact, the VPN technology introduced earlier can already provide sufficient security protection, which can prevent user data from being viewed and modified. The second subjective factor is also the biggest obstacle to VPN applications. The customer's own applications cannot keep up. Only when the enterprise completely connects its business with the network can VPNs have a real use.

It is conceivable that when we remove all these obstacles, VPN will become a major part of our network life. In the near future, VPN technology will become the best solution for WAN construction. It will not only greatly save the WAN construction and operation and maintenance costs, but also enhance the reliability and security of the network. At the same time, VPNs will speed up the pace of corporate network construction, enabling group companies to not only build internal LANs, but also quickly connect the LANs of branches across the country to truly play the role of the entire network. VPN will play an inestimable role in promoting the entire e-commerce and electronic trade. ^[3]