VPN – from the home office into the network, any time

As companies around the world are now realizing: A concept for digital working from the home or when on the move is essential for maintaining profitability. Be it a precautionary measure or a strategy in the interest of business continuity management, accessing corporate data, e-mails, networks, servers, telephones and digital services from home and when on the road is absolutely essential in this digital age.

From an employee perspective, it is just plain practical: The home office makes it easier to balance work and family life, and for many commuters it is a relief to not have to be physically present at the workplace so often. However, site connectivity needs to be implemented effectively for everything to work properly, i.e. teleworking stations have to be fully integrated into the company network. This article is about the necessary considerations.

Extending the company network into the home

One prerequisite for any connection is a standard internet connection via DSL, cable or cellular networking, which every modern company has today. The connection is secured by a virtual private network (VPN). In the same way as a company networks its sites, VPN enables mobile employees and home offices to be quickly and, most importantly, securely integrated into the company network. The only “must have” is one small software tool: A VPN client on your laptop or PC. Once configured, one click is all it takes to establish a strongly encrypted VPN channel over the best available medium. Mobile devices such as smartphones and tablet PCs can also communicate securely with the company via VPN. An app is used to establish a secure VPN connection to the central company gateway.

The solution for the secure home office – LANCOM Advanced VPN Client

LANCOM VPNWith our tried and tested solution, the LANCOM Advanced VPN Client, employees can access the company network via a secure VPN tunnel with just one click. Equipped with a stateful inspection firewall, the software VPN client automatically detects secure and unsecure networks for protected communication over the Internet at all times. Security for company data is the top priority: VPN tunnels are established using encryption technologies such as the highly efficient VPN protocol IKEv2. Also, the LANCOM Advanced VPN Client supports the latest encryption algorithms including AES-CBC or AES-GCM, the signature functions SHA-256, SHA-384 or SHA-512, and current Diffie-Hellmann groups.

Many paths lead to the goal

The LANCOM Advanced VPN Client on the employees’ laptops is configured remotely by the central IT department and is very easy to do. Access to the company headquarters is easily set up with a “1-Click Setup Wizard”. The configuration is exported to a file and then imported to the VPN client as a profile. It includes all of the information about the configuration of the VPN peer at the headquarters, and is supplemented by randomly generated values, such as the pre-shared key. This allows multiple VPN access accounts to be created for employees and set up in the shortest possible time—a real time saver for admins. The VPN handshake between the VPN gateway at the company and the software VPN client takes place in different ways—depending on the company’s size and requirements:

  • For small to medium-sized companies, this is easy to set up and operate based on password entry (i.e. authentication by pre-shared key, PSK)

  • For larger scenarios with stronger security requirements: the use of IKEv2 with digital certificates

  • For large-scale scenarios with Windows server infrastructure: IKEv2 EAP for authentication via the Windows server by means of user name and password
  • For large-scale scenarios with central user administration: Direct and inexpensive authentication via a RADIUS server

Support of both IPv4 and the increasing number of IPv6 connections means that smooth workflows are assured. Thanks to seamless roaming, VPN connections remain intact even when changing the connection medium. For example, this keeps VPN connections alive even when traveling by train and moving between mobile phone cells. Likewise, users in buildings who roam from cellular to Wi-Fi or Ethernet enjoy an “always on” experience.

Clearing up any concerns

Large numbers of users in the home office can push the company network to its limits; load can be relieved if Internet traffic can be routed directly to the Internet, for example when an employee is in a trusted network. Data intended for the company network is still routed through the VPN tunnel (split tunneling). However, if the employee is in an open, unencrypted Wi-Fi, i.e. with an unsecure connection, all data is securely encrypted by the VPN tunnel to the central office, and from there it is securely routed to the Internet (full tunneling).

When it comes to the costs of security infrastructure for mobile working, companies often shy away from the investment. It’s easy to put those prejudices to rest: All you need at the company location is a single device in the form of a VPN-capable router, a central VPN gateway, or a VPN-capable firewall. All the employees need is the inexpensive LANCOM Advanced VPN Client, which is compatible with the products from many different manufacturers. An investment that pays off—on both sides.

Tip: You will find an extensive collection of information and assistance for the configuration on our website: Knowledge Base.

Our world is constantly changing—mobility is becoming a vital factor for many companies and their employees. A VPN client enables employees to use their laptops, tablets and smartphones to connect to the Internet and enjoy secure access to your company network and confidential data, wherever they are. This gives them maximum flexibility, whether they are traveling on business or working from home.

No Comments Yet

Leave a Reply

Your email address will not be published. Required fields are marked *

When you leave a comment, the system automatically stores the following data:

    • your name or your pseudonym (mandatory information / will be published)
    • your e-mail address (mandatory / will not be published)
    • your IP address (the IP address will be deleted automatically after 60 days)
    • date and time of the comment submitted
    • a website (optional)
    • your comment text and personal data contained therein
    • I also agree that all personal data entered together with my IP address will only be checked and stored by the Akismet spam filter in the USA for the purpose of spam prevention. Further information on Akismet and revocation options can be found here.