5.3 Differences between VPN Server and VPN Bridge
PacketiX VPN Bridge is a software product for creating a connection
(bridge) between a Virtual HUB at a remote location and a physical
network adapter, minus some of the functions of PacketiX VPN Server.
With the exception of the differences noted here, the descriptions of
PacketiX VPN Server in 「Chapter 3 PacketiX VPN Server 2.0 Manual」 can be used to understand the use, principles
of operation, and management of PacketiX VPN Bridge. For the detailed
setup method of PacketiX VPN Bridge, refer to this chapter while
replacing all descriptions of VPN Server with VPN Bridge
and vpnserver with vpnbridge.
5.3.1 Features and Usage of VPN Bridge
VPN Server and VPN Bridge
PacketiX VPN Server described in 「Chapter 3 PacketiX VPN Server 2.0 Manual」 is a software product that
provides VPN server functions to the VPN client computer. This software
allows you to place several Virtual HUBs on a single VPN Server so VPN
Client or VPN Bridge can establish a VPN connection to a Virtual HUB
over the network from a remote location. In addition, this software
comes with a function for connecting a virtual network and physical
network using the local bridge function (see 「3.6 Local Bridges」) and SecureNAT
function (see 「3.7 Virtual NAT & Virtual DHCP Servers」), which connect a Virtual HUB on VPN Server and a
physical network adapter on the computer running VPN Sever.
VPN Bridge does not have the following functions of VPN Server, which
has the features described above.
- Function for receiving a VPN connection (as a VPN server) and
associated functions
- Function for creating several Virtual HUBs
- Virtual Layer 3 switching function
- Packet filtering function using the access list
Technical Positioning of VPN Bridge
Technically speaking, PacketiX VPN Bridge is a software program
optimized for bridge bases without the VPN Server function for receiving
a connection from PacketiX VPN Client or PacketiX VPN Server on a
separate computer and the function for creating multiple Virtual HUBs.
When PacketiX VPN Bridge is installed, only one Virtual HUB, with the
name "BRIDGE", is created. The network administrator creates a local
bridge with the base LAN bridging to the Virtual HUB and connects to the
Virtual HUB on the destination PacketiX VPN Server.
VPN Bridge Applications and Usage
VPN Bridge is optimized for use of the two functions for creating a
cascade connection to VPN Server and creating a bridge with a physical
network using a local bridge connection, and nearly all other extra
functions have been eliminated.
You can make effective use of VPN Bridge, for example, by placing a
Virtual HUB on an existing VPN Server at the head office, installing VPN
Bridge to the base LAN at each branch to be connected to the Virtual
HUB, and creating a VPN configured to remain constantly connected to the
head office network over the Internet.
Number of VPN Server and VPN Bridge Computers Generally Required
To create a VPN connecting multiple bases on a general scale, as
described in 「10.5 Setting Up a LAN-to-LAN VPN (Using Bridge Connections)」 and 「10.6 Setting Up a LAN-to-LAN VPN (Using IP Routing)」, install VPN Server at one base, install
VPN Bridge at the other bases, and create a cascade connection from the
Virtual HUB of VPN Bridge to the Virtual HUB of VPN Server, while at the
same time creating a local bridge connection between the Virtual HUB and
physical network adapter at each base.
In this case, VPN Bridge must be installed on one less number of
computers than the total number bases to be connected to VPN Server.
Generally speaking, to establish a peer VPN connection between N-number
of bases, provide VPN Bridge on N-1 computers and connect to one VPN
Server computer.
Figure 5-3-1 Connecting VPN Server and VPN Bridge at Each
Base |
Configuration File Name
The configuration file name in VPN Server is vpn_server.config, but
in VPN Bridge, the name is vpn_bridge.config.
5.3.2 Virtual HUB on VPN Bridge
Only one Virtual HUB can exist in the program on VPN Bridge. The name
of that Virtual HUB is fixed to "BRIDGE".
Figure 5-3-2 Virtual HUB with the Name "BRIDGE" |
VPN Bridge is managed using VPN Server Manager or the vpncmd utility,
in the same way as VPN Server, but with the "BRIDGE" Virtual HUB.
By connecting the "BRIDGE" Virtual HUB to the network adapter
physically connected to the computer with the local bridge function, you
can join the segment between the "BRIDGE" Virtual HUB and the physical
network. Now by creating a cascade connection to the "BRIDGE" Virtual
HUB and configuring a constant connection to the desired VPN Server, a
VPN connection can be easily created between the bases.
5.3.3 Cascade Connection Function on VPN Bridge
The Virtual HUB of VPN Bridge can be cascade-connected to a Virtual
HUB operating on a separate computer in the same way as a Virtual HUB of
VPN Server. For more information about cascade connections, please refer
to 「3.4.11 Cascade Connection Functions」.
Because the Virtual HUB of VPN Bridge cannot receive a VPN
connection, it is meaningless if VPN Bridge does not cascade-connect to
an external VPN Server. When using VPN Bridge, be sure to use the
cascade connection function.
Figure 5-3-3 Cascade Connection Function on VPN Bridge |
5.3.4 Receiving a Connection on VPN Bridge
Unlike VPN Server, VPN Bridge does not have a function for receiving
a VPN connection. PacketiX VPN Server is the only product in the
PacketiX VPN software series with a function for receiving a VPN
connection, namely a VPN server function.
However, VPN Bridge is similar to VPN Server in that it has a TCP/IP
listener port. By default, the three enabled TCP/IP listener ports are
443, 992, and 8888, the same as those on VPN Server. These TCP/IP
listener ports are required for management connection from a local or
remote client to VPN Bridge using VPN Server Manager or the vpncmd
utility.
Figure 5-3-4 Management Connection to VPN Bridge |
5.3.5 Local Bridge Function on VPN Bridge
A local bridge connection can be configured between the "BRIDGE"
Virtual HUB on VPN Bridge and a physical network adapter on the computer
running VPN Bridge. This function allows you to connect the Virtual HUB
of VPN Bridge to a network on an existing base using Layer 2, using this
function as a bridge.
The method for setting up a local bridge is the same as that for VPN
Server. For details, please refer to 「3.6 Local Bridges」.
Please note that the local bridge function is not available in VPN
Bridge for operating systems other than Windows, Linux, or Solaris.
Therefore, VPN Bridge is not very useful on operating systems other than
Windows, Linux, or Solaris. However, the SecureNAT function can be used.
Figure 5-3-5 Local Bridge Setup Window in VPN Bridge |
5.3.6 SecureNAT Function on VPN Bridge
The "BRIDGE" Virtual HUB on VPN Bridge has a virtual NAT function
using SecureNAT and a virtual DHCP server function similar to those of
VPN Server. You can enable these functions when necessary. For
information about using these functions, please refer to 「3.7 Virtual NAT & Virtual DHCP Servers」.
For examples of how to use PacketiX VPN with the SecureNAT function
of VPN Bridge, please refer to 「10.11 Using SecureNAT to Set Up a Remote Access VPN With No
Administrator Rights」.
5.3.7 Virtual Layer 3 Switch Function on VPN Bridge
Because VPN Bridge only has one Virtual HUB, a virtual Layer 3 switch
is meaningless. Therefore, the virtual Layer 3 switch function has been
eliminated in VPN Bridge and cannot be used.
5.3.8 Coexistence of VPN Bridge and VPN Server
PacketiX VPN beginning users often make the mistake of installing
both VPN Server and VPN Bridge on the same computer, which creates
conflicting operations. Just as the descriptions of VPN Server and VPN
Bridge are separate in this manual, there is no reason to install both
VPN Server and VPN Bridge on the same computer.
Because VPN Server has a function for creating a local bridge between
a Virtual HUB and a physical network, the Virtual HUB of VPN Server can
be connected to a physical network adapter using Layer 2 on VPN Server
alone. To make this type of connection, you do not need to use VPN
Bridge.
Do not install VPN Server and VPN Bridge on the same computer.
|