Introduction to Client VPN
Today I am going to talk about another important topic as many of you already requested to write something on the Client VPN technology. Client VPN is a tunnelling protocol and you can say that client VPN service uses the L2TP tunneling protocol and can be deployed without any additional software on PCs, Macs, iOS devices, and Android devices, since all of these operating systems natively support L2TP VPN connections.
As i told that it is tunneling protocol and i wrote some of the articles earlier on the various protocols like DMVPN, IPSEC and other. Please go through the below link to understand these as well if you want to have a look on that.
Client VPN is a full tunneling client using SSL/TCP that installs an app on the machine and envelopes the vpn traffic into the ssl session and also has an ip address assigned so the tunnel is two way, not uni-directional. It allows for application support over the tunnel without having to set up a port forward for each application.
 |
| Fig 1.1- VPN Client |
Authentication in Client VPN
I am talking about the Meraki devices where client VPN uses PAP as the authentication method. PAP authentication is always transmitted inside an IP-sec tunnel between the client device and the MX security appliance using strong encryption.
User credentials are never transmitted in clear text over the WAN or the LAN. An attacker sniffing on the network will never see user credentials because PAP is the inner-authentication mechanism used inside the encrypted IP-sec tunnel.
