Introduction to Network Tunnels

You might hear many time acronym VPN which stands for Virtual Private Network, but the question is what it is, how it works and why we need it. Before that, we need to clarify few things first.

Technically speaking, VPN is a network tunnel. So what network tunnel is?

It is a logical conduit through which network data flows. This conduit is usually encrypted providing security to non-protected data.

Three are 3 types of network tunnel solutions:

  • Proxy
  • Socks 4/5
  • VPN

They all do the same thing but in a different way. Different setup and installation procedures. Some of them are automatically supported by all communication software, some requires special integrations. Some requires special appliances; some are very expensive and some are free.

Here is a simple table showing the differences.

Proxy Socks 4/5 VPN
Layer Software Protocol Network
Auto-available No No Yes
Isolate network No No Yes
Level of security Moderate Very Good Excellent
Network Appliance No No Optional

Proxy

Proxy is type of tunnel mostly used by the browsers, but not limited to.  Inside browser one will enter proxy URL, port and optionally credentials. Purpose of the proxy is to anonymize identity of a user. Remote service will see IP address of the proxy server instead of original client. Some more advanced proxies preprocess requests and removes sensitive data or blocks adware and other online resources reaching the client browser.

Does not require special client installation. If software product supports proxy, all what is needed is to enter proxy access point data in software itself.

Socks 4/5

Socks tunneling is more general and works with any protocol and any software with Socks support. Desktop software connects to the sock’s client running on the same machine instead to the remote service. Socks client itself will act as a caller to the remote service.

Standard socks protocol has a data handshake during connection initialization where desktop client tells to the sock client where to connect.

Unfortunately, many products do not support socks protocol. However, there are socks clients which works as a pure network passthrough without socks protocol requirements. Such sockets are instance per/target. For any client connecting to a specific target, an individual target IP address must be set. If multiple ports are required, all ports must be set also. This complicates situation a little bit, but still allows tunneled secure connection for client software without socks support.

Requires special client installation which works as a small software router. Requires desktop software to connect to localhost.

VPN

VPN might be considered as a big brother of Socks. It solves issues that exist in Socks protocol by installing virtual network driver. All communications goes through network driver which takes care of tunneling. Software clients does not require any special setup or does not need to support any special protocols.

However, activating VPN will cut off all other connections in different networks. This might be good or troublesome to some clients, depending on usage and user requirements.

In many cases, such products are the most expensive and sometimes requires special network appliance to be installed in company infrastructure. However, brings the best level of security.

Green Screens Tunnel

Green Screens Tunnel implementation lays somewhere between Socks 4/5 and VPN combining features from both type of tunneling technologies. It has twofold features enabling Green Screens VPN service to run as special Socks 5 / VPN protocol built for Green Screens Server running in cloud to allow access to the IBM i machine hidden behind NAT/Firewall or to run as a standalone service for custom network tunneling layer for our VPN standalone client.

Green Screens Tunnel use HMAC for requests validations during auto-discovery and modern fast network encryption based on AEAD, CHACHA20, and POLY1305 algorithms.