Importance of VPN Connections
Virtual Private Networks are encrypted and authenticated connections established between two hosts across an insecure and public network, namely the Internet. These connections enable remote workers and frequent travelers to access private and internal company resources from an external location such as a home environment, or coffee shop. In this scenario, one end of the tunnel is the user’s computer running a VPN client, while on the other end there’s a VPN server (or VPN concentrator) located at a corporate site. Other use case of VPN connections is when organizations have to connect two locations across an insecure network, and pass traffic back and forth in an encrypted manner.
Virtual Private Networks (VPNs) often use RFC1918 addresses to establish secure connections between remote users and the organization’s internal network. This practice maintains security while enabling authorized users to access resources as if they were on the local network. On the other end, certain applications and protocols going through VPN might require adjustments to function properly in environments with RFC1918 addresses and NAT. This is particularly relevant when dealing with real-time communication, peer-to-peer connections, and certain gaming applications.
LAN to LAN VPN Connections
A LAN-to-LAN connection is another type of VPN configuration common across enterprises . In this setup, two endpoints, oftentimes routers or firewalls, establish a VPN tunnel to enable several users at each location to access resources on the other side of the tunnel. The main difference from the previous configuration is that here, the two endpoints are VPN routers located in two geographically separate corporate facilities. For the network end-users, this setup is transparent. That is, they don’t need to install any VPN client on their computers because the VPN configuration is applied to the routers. In the following diagram we represent a typical LAN-to-LAN VPN configuration.
VPN Monitoring with NetBeez
Let me present a simple method for VPN monitoring with NetBeez. This monitoring method covers the first type of VPN setup (client-based) since the lan-to-lan would be transparent also for a NetBeez agent. The setup is fairly simple and can be implemented in “few clicks”. It took me no more than twenty minutes (excluding the time needed to download the software involved). With this procedure, I am looking to validate the availability and performance of the VPN service that is established between a user’s computer and VPN concentrator.
This setup is valid no matter what VPN technology your company is using, such as:
- Cisco AnyConnect
- F5 Networks
- Dell SonicWALL VPN
- Citrix VPN
- OpenVPN
- Palo Alto Global Protect
Requirements for VPN monitoring
To monitor your VPN service, you will need the following resources:
- An existing VPN setup, including a working VPN account that will be used to monitor the VPN service.
- A Linux, Windows, or Mac OS X computer that will be used to load the NetBeez monitoring agent.
- A NetBeez instance.
After the setup, you will be able to:
- Verify that the VPN concentrator is working and accepting VPN connections
- Measure network performance across the tunnel
- Measure uptime of the tunnel
Setup NetBeez to Monitor a VPN
- If you don’t already have a NetBeez instance, request one here.
- Install the VPN client software you will be using to establish the secure tunnel.
- Install the NetBeez monitoring agent on the computer:
- If you have Linux, just follow the instructions to install a Linux software agent
- If you have Mac OS X or Windows, install the endpoint client for the corresponding OS
- Once you see the agent reporting to your NetBeez dashboard, you configure:
- One test to an internal corporate resource. This test traffic is flowing across the VPN tunnel, monitoring availability and performance
- One test to the public interface of the VPN concentrator (assuming it allows ICMP traffic inbound).
- If you have an agent on your internal network, you can also create a periodic iperf test to measure bandwidth available across the tunnel.
- That’s all, folks! Now you can review the up/down status of your VPN tunnel as well as network performance metrics, like the network latency as shown in the test below.
I hope this post provided a starting point to start monitoring your VPN service in a simple yet effective way. This setup will allow you to detect when the VPN service is unavailable to your remote users. If you want to learn more about this configuration, or just need help in the setup, feel free to reach out by scheduling a demo.
