Maybe some of you heard about Open VPN, or SoftEther VPN, a VPN technologies allowing you to set up advanced VPN tunneling for your organization. One might ask why then do we have our own VPN product. This blog post is to clarify that.
Several books have been written about Open VPN, and it is a well-known solution. The question is "Can Open VPN be used instead of Green Screens VPN"? The Simple answer is: "Yes, it can". However, we do not provide any kind of technical support for this.
The same goes for SoftEther VPN - free open-source VPN solution.
The reason is simple. Setup and configuration are complex, and quite overwhelming for an end user, but also requires our support with remote access to the client company internal network to set up an environment. For larger organizations with multiple branches, it is even more tedious. Thus, we decided to create our own and easier to use solution.
Don't get us wrong here, both, Open VPN and SoftEther are extremely powerful products with a lot of features, which is also a common reason to be hard to set up requiring a lot of understanding how VPN works.
Our main point was to enable Green Screens Terminal Server running in the cloud and being able to connect to the IBM i running inside the client internal network with high industry grade security standards. And nothing more. Thus, we created VPN Client / Service apps that works as full VPN but without implementing all the features full VPN has but not required here. For an example, not requiring tap/tun network driver installation.
Additionally, a Green Screens VPN service works as an instance-per-server mode because VPN service itself filters all incoming packets, allowing / redirecting only to an IBM i server internal network IP. No access to other internal resources, which brings one more layers of security and gives a full control under client hands.
Regarding security, Green Screens VPN uses the same techniques full VPN solutions has by implementing TLS 1.3 full client / server certificate-based authorization, authentication and strong modern encryption using proven industry standard protocols. Green Screens VPN is no less secure than any other VPN solution.
Compared to Open VPN and other solutions, a Green Screens VPN setup for TLS is straight forward. If used with Green Screens Terminal Server, during IBM i tunnel registration, Green Screens Server will generate 2 files which should be copied to the VPN Service. The Second step is to open the port on the router, and that's all. No other special installations and setups.
Implementing this feature, give us a fully rounded solution for installing Green Screens Terminal Server and connecting it to the IBM i in all possible ways with the easiest as possible setup.
A Green Screens VPN service can also work in standalone mode where it can be used in conjunction with a VPN Client, allowing remote workers to securely access IBM i with a favorite telnet program and / or other services. In that case, password only (the easiest way) or TLS protection (the strongest way) is available.
To use TLS in standalone mode, generate certificates with our Certgen tool by simply configure some values in config file, run certgen tool to generate certificates, copy certificates to VPN Service and you are good to go. VPN Service will create a binary file containing all what is needed. Send bin file to the remote worker to copy files in VPN Client location and run the client. Nothing else to do. Easy and simple.
Conclusion
Green Screens VPN is a specially developed solution for IBM i with a goal to make it as easy as possible to set up an encrypted tunnel for the end user without requiring special knowledge or multiple installation from drivers, various tools and other requirements but keeping high industry grade security standards. This approach might be ideal from small businesses with limited knowledge or resources.
This brings us to the next feature. Green Screens Terminal Server can be installed and managed inside Cloud by us, and small VPN Service program can run inside client company network to enable secure link with extremely easy Green Screens Product setup and install ideal for small business.
Green Screens VPN is a closed source but absolutely free, non-chargeable solution made for one purpose and to do it well. That's the bottom line.
Of course, if someone wants more features as connecting and accessing company internal network resources from remote locations, then sure, solutions as Open VPN, SoftEther or other commercial products with specialized appliances might be a better choice.
The choice is up to you.