1) VPN
networks are often operated as client-server applications.
2) VPN
server is directly running on a firewall, where it creates virtual network
interface and additional virtual network subnet.
3) VPN
server is waiting for connections on the external network interface of the
firewall where it performs authentication of a VPN client application.
4) After
successful VPN client authentication a VPN client is given an IP address from a
virtual subnet.
5) Consequently,
an encrypted tunnel is created between VPN client and VPN server, which is used
for safe transfer of packets between two distant networks via the Internet.
6) Services,
which a VPN client can connect to, can furthermore be defined by firewall
rules.
7) This
way firewall ensures that VPN client can connect only to services it is allowed
to connect.
