Secure Remote Access — BSD VPN — General VPN Overview
This document offers an easy-to-understand technical description of Virtual Private Networks (VPNs) and encryption.
Note: If you intend to use the BSD VPN, you will need to enroll in DUO Two-Factor Authentication and register a qualifying device. This is a requirement for the BSD instance of VPN. Step-by-step instructions are available at University of Chicago Information Technology Services Knowledge Base: Two-factor Authentication.
VPNs (General VPN Overview)
The topic of Virtual Private Networks (VPNs) is a necessarily complicated one. This article endeavors to explain it in the most understandable terms possible. For you VPN enthusiasts out there, this document is describing the use of a remote access VPN.
What is a VPN?
A VPN is an extension of a private network; like the Biological Sciences Division’s. VPNs are created by encrypting traffic from a remote computer so it can travel securely over an insecure, public medium (like the Internet). The traffic is then decrypted by a VPN server and re-directed to its intended destination.
For example, let’s say you want to access a private web page that is not available to the outside (public) world but it is available from within the University’s (private) network. A VPN allows you to access that document from an outside location. Here’s how:
The remote computer, called a client, establishes an encrypted connection with a server inside the private network. This allows the client to send its traffic over a potentially insecure connection (through an outside ISP, for example) in a manner only the VPN server will be able to decode. The VPN server decrypts the information and forwards it to whatever system it was intended to reach. For example, in requesting a private web page, the VPN server receives the request from the VPN client, decrypts it, grabs the page from the web server containing the private page, encrypts it, and sends it back to the client computer.
What Is Encryption?
Encryption is a method of “scrambling” data so that you have to know what was done originally to unscramble it. Coding information so that it can be decoded is done through carefully selected algorithms (precise sequences of mathematical operations) which the receiver has some method of undoing but an outside listener can’t. To be effective, both the VPN client and server must share some private knowledge about what algorithms are going to be used to obfuscate the original data.
Because the VPN client encrypts data before it sends it (as does the server on the return trip), someone intercepting the message in transit has no mechanism for reading it.
A VPN encrypts traffic between two systems so that it can travel over an insecure medium like the Internet. Because of the security provided by encryption, services that are restricted to a private network can be made available from remote locations. To begin using this service, you may visit https://bsdvpn.uchicago.edu.