Hacker News new | ask | show | jobs
by na4ma4 1399 days ago
> the private part indicates the privacy it provides not the destination.

I wouldn't entirely agree with that (although out of context I do agree).

It's a Virtual Private Network connection, you create a Virtual (not physical) Private Network (between your device and another device/server) there's no real difference between a site-to-site VPN and a client-access VPN other than if the devices at each end route more than just the partner traffic over the private network.

If I connect a "site-to-site VPN" between my computer and your computer, if I add a route to send all traffic for a particular network to your computer as the next hop, that makes it "client-access" for that particular network, if I add a default route it then sends any internet request I make to your device as the next hop.

If your device decides to forward the packets (and probably NAT them) then I now have some privacy for my internet traffic.

VPNs were originally designed to replace dial-up modem connections since the internet was becoming more ubiquitous and it would be far cheaper for someone to connect to their local ISP then use a VPN to connect to their remote network (either personally or usually between sites), than dial directly to their other site (also it was usually far cheaper for one internet connection than a bank of modems and ISDN lines (if you wanted 56.6Kbps or 64Kbps connections)
1 comments
_8j50 1399 days ago
> It's a Virtual Private Network connection, you create a Virtual (not physical) Private Network (between your device and another device/server) there's no real difference between a site-to-site VPN and a client-access VPN other than if the devices at each end route more than just the partner traffic over the private network.

The difference is one end is not a network but an endpoint part of a network. Multiple client access VPNs can be part of the same subnet.

> If I connect a "site-to-site VPN" between my computer and your computer, if I add a route to send all traffic for a particular network to your computer as the next hop, that makes it "client-access" for that particular network, if I add a default route it then sends any internet request I make to your device as the next hop.

In site-to-site VPN, your computer would need to route a separate site network as would the remote end. With client access only the remote end routes a sparate network. Windows for example cannot be used (unless server versions) to provide site-to-site connectivity because it does not route between NICs. Your tunnel IP is used for connectivity with client access but with site-to-site the remote end expects you to adverise a route or have a separate config for a static route back to some other network on your end which is what it will route (won't work otherwise). Hope that is more clear. You can turn your nix box to a s2s vpn terminator but in every VPN type this requires different config which is why the different terms exist.

link