Monitoring the VPN experience of remote employees is very important as this is a key digital service for today’s organizations. The newly released 2023 State of Remote Work highlighted that 83% of hybrid or fully remote organizations use VPN services to offer secure and encrypted connectivity to their employees. In the past, we wrote about monitoring VPN connections using NetBeez cloud or virtual network agents.
In this article we will review how it’s possible to monitor the VPN experience. We will use the NetBeez’s remote worker agents for Windows and Mac. Before starting, let’s do a quick overview of client-based virtual private networks and what are the different types and configurations used.
What’s a VPN?
VPN stands for Virtual Private Network. It is a transport technology that enables individuals to securely access a private network from a remote location over the internet or some other unprotected network. VPNs provide a secure, encrypted connection that ensures confidentiality and protects users’ data from eavesdropping. This is implemented by creating a virtual tunnel, or connection, between two endpoints.
Split Tunnel and Full Tunnel Mode
There are two main types of VPN configurations: split tunnel and full tunnel.
In a split tunnel configuration only the communications to private, corporate resources are routed via the VPN tunnel. The rest of the traffic is sent through the regular Internet connection, off tunnel. This setup is easier to configure and manage but is more prone to cyber attacks and eavesdropping. Take the example of a user connecting to their bank using the free wifi at the corner’s coffee shop. The benefit is that a split tunnel doesn’t add extra delay to Internet connections since these take the most direct route.
Full tunnel VPNs are the right choice for organization that need to ensure the highest level of security and privacy. All network traffic is routed through the VPN connection, including Internet traffic. For this reason, they are more challenging to configure and support, when compared to split tunnels. Full tunnels also increase latency to Internet applications due to the extra routing and processing.
In conclusion, split tunnel VPNs allow for more flexibility, full tunnel VPNs provide the highest level of security.
Difference Between TUN and TAP
Another important aspect to consider about virtual private networks is the OSI layer at which they operate. You can find two main types of VPN connections: TUN and TAP based.
TUN stands for “network TUNnel”, which is a point-to-point IP network device. It operates at the network layer of the OSI model and is used to create a secure tunnel between the VPN client and server. It is designed to carry IP traffic only, and is therefore more efficient for VPN connections that primarily handle IP traffic.
TAP stands for “network TAP”, which is a virtual Ethernet adapter that operates at the data link layer of the OSI model. It is used to create a virtual network segment between the VPN client and server. TAP tunnels allow for the transmission of non-IP protocols such as NetBIOS and IPX across the connection.
To summarize: TUN is more suitable for VPN connections that handle primarily IP traffic, while TAP is more suitable for VPN connections that need to support non-IP protocols.
NetBeez’s VPN Target
NetBeez provides an easy way to monitor the VPN experience of remote users. Continuous end-to-end tests across the VPN tunnel provide real-time detection of performance issues, historical analysis, and alerting when performance degradation occurs. This is how it works.
On the dashboard, the administrator creates a monitoring target by selecting the VPN template. In the configuration step, the administrator specifies an internal IP address, or hostname, that is reachable when the VPN is up and connected. This destination host will act as the “reflector node” to verify performance within the VPN tunnel.
Once the configuration is saved, the NetBeez endpoint clients that are associated with the target are instructed to run periodic tests against the specified remote host. This test reports important performance metrics such as latency, packet loss, Jitter, and Mean Opinion Score (MOS). Alert detectors associated with the target alert the central IT should conditions with high latency or packet loss occur. The administrator can also customize the alert rules to match specific SLAs.
On the dashboard, the user can retrieve other vital information from the endpoints, such as the up-down state of the VPN interface, its IP address, and driver type (TUN vs. TAP). In the screenshot below, you can review the VPN interface information from a Windows based remote endpoint.
Monitoring the VPN experience of remote users allows IT to quickly detect, troubleshoot, and resolve events that impact the end-user experience.
A VPN is a technology that enables individuals to securely access a private network from a remote location. Today, 83% of hybrid or fully remote organizations use VPN services and are a critical part of their digital adoption. There are different types of VPN. Split tunnel VPNs allow for more flexibility, full tunnel VPNs provide the highest level of security. NetBeez allows to monitor the VPN experience of remote users thanks to Windows and Mac clients.