Introduction > Security > VPN and the KVM

VPN and the KVM
The KVM administrator can set up VPN (Virtual Private Network) connections to establish encrypted communications between the KVM and an individual host or all the hosts on a remote subnetwork. The encryption creates a security tunnel for communications through an intermediate network which is untrustworthy.
A security gateway with the IPSec enabled-service must exist on the remote network. The IPSec gateway encrypts packets on their way to the KVM and decrypts packets received from the KVM. A single host running IPSec can serve as its own security gateway. The KVM takes care of encryption and decryption on its end.
Connections between a machine like the KVM to a host or to a whole network are usually referred to as host-to-network and host-to-host tunnel. KVM host-to-network and host-to-host tunnels are not quite the same as a VPN in the usual sense, because one or both sides have a degenerated subnet consisting of only one machine.
The KVM is referred to as the Local or “Left” host, and the remote gateway is referred to as the Remote or “Right” host.
In summary, you can use the VPN features on the KVM to create the two following types of connections:
Create a secure tunnel between the KVM and a gateway at a remote location so every machine on the subnet at the remote location has a secure connection with the KVM.
The gateway in the former example and the individual host in the second example both need a fixed IP address.
To set up a security gateway, you can install IPSec on any machine that does networking over IP, including routers, firewall machines, various application servers, and end-user desktop or laptop machines.
The ESP and AH authentication protocols are supported. RSA Public Keys and Shared Secret are also supported.

Introduction > Security > VPN and the KVM