Introduction > Security > VPN and the KVM/netPlus

VPN and the KVM/netPlus
The KVM/netPlus administrator can set up VPN (Virtual Private Network) connections to establish encrypted communications between the KVM/netPlus and an individual host or all the hosts on a remote subnetwork. The encryption creates a security tunnel for communications through an intermediate network which is untrustworthy.
A security gateway with the IPSec enabled-service must exist on the remote network. The IPSec gateway encrypts packets on their way to the KVM/netPlus and decrypts packets received from the KVM/netPlus. A single host running IPSec can serve as its own security gateway. The KVM/netPlus takes care of encryption and decryption on its end.
Connections between a machine like the KVM/netPlus to a host or to a whole network are usually referred to as host-to-network and host-to-host tunnel. KVM/netPlus host-to-network and host-to-host tunnels are not quite the same as a VPN in the usual sense, because one or both sides have a degenerated subnet consisting of only one machine.
The KVM/netPlus is referred to as the Local or “Left” host, and the remote gateway is referred to as the Remote or “Right” host.
The following figure shows a single host running IPsec acting as its own security gateway on the right end and the KVM/netPlus acting as its own gateway on the left end.
KVM/netPlus VPN Example
In summary, you can use the VPN features on the KVM/netPlus to create the two following types of connections:
Create a secure tunnel between the KVM/netPlus and a gateway at a remote location so every machine on the subnet at the remote location has a secure connection with the KVM/netPlus.
The gateway in the former example and the individual host in the second example both need a fixed IP address.
To set up a security gateway, you can install IPSec on any machine that does networking over IP, including routers, firewall machines, various application servers, and end-user desktop or laptop machines.
The ESP and AH authentication protocols are supported. RSA Public Keys and Shared Secret are also supported.

Introduction > Security > VPN and the KVM/netPlus