VPNs create "virtual" point-to-point connections using a technique called tunneling.

As the name suggests, tunneling acts like a "pipe" which penetrates through a network to connect two points. Normally activated by remote users, tunneling encrypts data into standard TCP/IP packets and encapsulates it for safe transmission across the Internet.

---

VPN ensures the confidentiality and integrity of information as it travels over the public internet because it requires:

Remote user identity authentication

Secure private transmission of data (no unauthorized listeners

Verification of unadulterated data transmission

---

The VPN connection behaves like this:

You connect to the Internet in the normal manner, through your ISP.

The VPN client software on your computer initiates a connection with the VPN server.

The VPN server encrypts the data on the connection so it cannot be read by others while it is in transit.

The VPN server decrypts the data and passes it on to other servers and resources.

For a more detailed explanation of how a VPN works, see this article

Check this great article for a simple illustrated explanation of Diffie-Helman Key Exchange process.

Currently, there is VPN client software available for the following platforms:

• Mac OS 7.6 - 9, OS X
• Linux
• Windows 95/98
• Windows NT 4.0, (Service Pack 3, or later
• Windows 2000 & XP
• Windows Me

VPNs use the tunneling capability of IPSec to transparently move private data across the public Internet. Tunneling treats entire packets from a private internetwork as payload data that must be transported across a public transport network.

A VPN gateway acts as one end of a "tunnel," encapsulating entire packets from the private inter-network in new IP packets before they travel across the public Internet. The new packets, carrying the private source and destination addresses, are simply directed to a second VPN gateway that protects the other end of the transmission. The receiving gateway then recognizes and disassembles the encapsulated packet before passing its contents on to the correct address on the private internetwork.

A variety of different network devices and software products can act as VPN gateways, including VPN access servers, VPN routers, and computers with VPN client software installed.

The private network resources on each internal network, whether single machines or entire internetworks, remain unaware of the fact that the Internet is being used as a transmission medium. A VPN gateway forms the foundation of a secure Internet-based portal to those resources, since it is designed to unconditionally reject all Internet traffic that is not tunneled IPSec.

By default, when most clients connect to a vpn server all traffic initiating from your computer is sent across the VPN tunnel. However, the VPN server is configured only to treat and forward traffic with specific destinations configured as secured routes, all other traffic not matching a destination "secure network" list is dropped by the VPN server.

Split tunneling is commonly configured on the connecting client to receive pushed secure route's or set statically. In this situation, only specific traffic matching a "secure" destination address is forwarded out the virtual tunnel interface. All other traffic is routed normally and un-secured through the configured default gateway. These specific routes are configured on the VPN server and can normally be seen injected into the client's route table while connected to the VPN.

The advantages of split-tunneling is that it allows the connected client connectivity to both secure networks AND normal un-secured traffic while connected. The disadvantage is that the client is putting the remote connected network at risk because they are bypassing secure gateways that might normally be found on the remote network's infrastructure, making it accessible through the non-secured public network.

Try this site for one answer to Linux installations.

There is software available to permit your handheld device to connect to the VPN.

One such system is here
And another one for PALM� Devices
One that works with PocketPC: Freeswan-PocketPC

A VPN will set up a "tunnel" via one or more "ports" (often via the TCP protocol). The exact ports used will vary with the type of VPN, and sometimes also with the advanced setup options for the VPN. However, the VPN "tunnel" itself is just standard IP (internet) traffic, albeit strongly encrypted traffic. As such, any firewall that is configured to block any of the "ports" needed for that VPN, will also block the VPN "tunnel" (preventing you from using the VPN).

The "flip side" of this, is that a VPN "tunnel" really does "tunnel" internet traffic for all "ports" via the VPN connection. This means that if the VPN itself isn't blocked (see above), than traffic on ports that are supposedly blocked for some reason (be that because of some firewall, or some restriction of your ISP), can still go out via the (unblocked) VPN tunnel! This can be both a useful "feature" (allowing you to do things with the VPN that you couldn't do directly via the internet), or a security weakness that is all too easy to overlook.

For example, I telecommute a couple of days a week. At my office, the company firewall blocks all attempts to access (from the internet) files on our Windows servers (for obvious security reasons). However, the VPN ports are not blocked at the firewall (so that remote users can connect to the VPN). When I setup a VPN connection to the office, it "tunnels" all traffic (for the IP numbers at our office) via the VPN. This means that when I have a VPN connection setup, I am essentially bypassing all restrictions of the office firewall! This is "a good thing", because I can pretty much do anything (including accessing files) that other machines on the office LAN can do (even when the firewall supposedly blocks that traffic from the internet). However, it also means that my home office machine better be secured "better than most", if I don't want to be "the weak link" that lets some jerk use my VPN connection to make it much easier to "hack" the machines "at the office"!