Helpful VPN Terminology

Sabai Technician -

Terms to Know

A

AES Advanced Encryption Standard, a set of encryption schemes that is considered very strong. It is based on the Rijndael cipher which is, frankly, ridiculously complicated (although our developers think it's cool).

AP Access Point, a device that serves wireless to client devices.

B

 

C

Client, a desktop computer or workstation that is capable of obtaining information and applications from a server.

D

DHCP Dynamic Host Configuration Protocol, the method by which routers assign IP addresses automatically. This allows you to connect to the coffee shop wireless even after more than 254 people have already; IP addresses are recycled as wireless clients come and go.

DNS Domain Name System, translates people-friendly domain names (www.google.com) into computer-friendly IP addresses (1.1.1.1). DNS is especially important for VPNs as some countries return improper results for domains intentionally as a way of blocking that web site.

DSL Digital Subscriber Line, a type of internet connection that uses phone lines to create a constant digital connection via cable and fiber.

E

Ethernet The standard for most network connections, connections usually run over CAT5 cable and use an 8P8C/RJ45 plug these days.

F

Firewall A program that checks traffic coming in and out and sorts through it accordingly. It's usually used for blocking unauthorized or suspicious connections. A common setup in routers is to allow all outgoing traffic (assuming devices on the network are not malicious) and any incoming traffic that is part of an established connection.

G

Gateway A machine that serves internet; on most LANs this is the device the router's WAN connects to (like your modem). Sabai VPN Routers have the multi gateway feature which gives the user simple access to both their local ISP's gateway and their remote VPN's gateway.

H

 

I

Interface See Network Interface.

IP Internet Protocol, usually seen in reference to an IP address, this is how internet service providers know a computers location in order to deliver the packets of information you request. If two computers shared an IP address, the net doesn't know which computer requested to see Google and which requested to see Netflix.

IPsec Internet Protocol Security, an encryption method used in VPN. Requires client software to be accessed by each device. IPSEC is important because unlike with PPTP and OpenVPN, where packets are encrypted and sent out through normal packets, IPSEC encrypts them at a more fundamental layer. All packets between two machines with IPSEC set up are encrypted (not just those routed through a tunnel). IPSEC is essentially an agreement to encrypt communications between the two devices, which is why L2TP needs PPP for routing. Encrypting all packets between a client and server is not enough to set up a VPN; that also requires the client to forward all its outgoing communications to the server so the server can then forward them to their destination, which requires a tunnel program to handle.

ISP Internet Service Provider, the company that provides your basic internet service. These companies are usually regional and vary depending on your location in the world. Your ISP also provides your DNS service and firewalls, which can be intentionally broken to block either websites or PPTP in countries exercising internet control.

J

 

K

 

L

L2TP Layer 2 Tunneling Protocol, another form of VPN, L2TP is more secure and stable than PPTP and usually faster, although application effects this speed. L2TP uses encryption that, like OpenVPN, is based on OpenSSL and AES. This, like with OpenVPN, can be changed (but usually isn't).

LAN Local Area Network, the very common network that a router operates on. See also WAN.

M

MAC Address Media Access Control Address, MAC addresses are distinct addresses on the device level and is comprised of a manufacturer number and serial number.

Mpbs Megabit Per Second, literally 1,000,000 bits per second. Generally refers to speed of VPN or Internet connection.

This is a bit muddled by a major nerd oversight for the last fifty years. Mega as a standard prefix refers to 10^6. However, computers count in powers of 2, not 10. By all rights a kilobit should be 1000 bits, but computers consider it 1024 (2^10) bits, just as they consider a Megabit 1048576 bits (1024*1024=2^20). They created new prefixes, kibi, mebi, gibi (kilo binary, mega binary, giga binary) for 1024, 1048576, and 1073741824 (2^10, 2^20, 2^30). So... a service provider may supply their speeds in conflicting notations, though this is usually in the user's favor, as 'kilobits' usually means 1024 bits instead of 1000 bits for ISPs, as opposed to HDDs where users expect 1024 of a unit and get shortchanged by 24 of them.

Further complicating understand speed units is the fact that computers, despite popular misunderstanding, don't communicate in bits. Bits are not addressable as memory; rather, computers speak in what are usually units of 8 bits--the byte. (Though some computers have larger bytes, even as many as 256 bits to a byte--this is not, BTW, the difference between 32 and 64 bit computers; that has to do with the size of the processor's instructions, and I won't even go there!) So a user who gets 8 Megabits/second may be nonplussed when running Speedtest and sees 1MByte/s, even though that's what they pay for.

MRU Maximum Receive Unit, the largest data packet size that can be received by a system. This is an adjustable setting that can cause login lags and problems with Outlook issues. See your VPN service provider for setting help. See also MTU, below.

MSS Maximum Segment Size, specifies the largest amount of data that a device can receive in a single TCP segment. Specific to OpenVPN.

MTU Maximum Transmission Unit, the largest data packet size that can be transmitted through a system. This is an adjustable setting that can cause login lags and problems with Outlook issues. See your VPN service provider for setting help. See also MRU, above.

N

Network Interface a network hardware device, usually identical to an ethernet port. However, there are also virtual interfaces like pppN and tunN (ppp5 and tun0 for PPTP and OpenVPN on a Sabai router) that don't correspond to physical devices, but are used logically for creating the VPN connection and giving it something to route over.

NIC Network Interface Controller, the piece of hardware in your computer that connects to the network.

O

OpenVPN Not just a VPN protocol, OpenVPN is an open source program that facilitates VPN. OpenVPN is a more secure option and will work anywhere in the world.

P

P2P Peer-to-Peer, allows access and sharing of files in such a way that distributes the workload and only requires a central server to operate as a tracker - a server that sends out client information so that peers can connect to each other. Without the tracker, peers are just like a person sitting by a phone with no phone book.

Packets data sent over networks is divided into discrete, regularly sized pieces called packets. These have a definite form and size, though there are several kinds of packet.

Port An IP is not enough of an address for all purposes. A single machine may receive all sorts of communications, and so packets come not just with an IP but also with a port. The protocol is usually specified with the port, as the two often go together. Port 80/TCP is used for HTTP--serving web pages; however port 80/UDP is not generally used at all. Port 443 (TCP) is common too (for HTTPS), and port 53 (UDP) carries DNS. Other important ports include 123 (UDP) for time servers, 1723 (TCP) for PPTP, and port 1194 (TCP or UDP) for OpenVPN's default. The combination of an IP, protocol, and port for two sides of a connection is known as a socket.

PPTP Point-to-Point Tunneling Protocol, possibly the simplest form of VPN, PPTP is fast but not the most secure option and is easy to block. Learn more about PPTP.

Protocol (TCP and UDP) Two common protocols for packets. UDP is light-weight and fast, but has no confirmation. Information sent using UDP can arrive incomplete because there is no method for identifying when packets are lost. Video and audio streams are usually sent using UDP because it is very fast and the occasional lost packet doesn't greatly effect the resulting A/V signal. TCP is generally larger, contains more information, and 'always' arrives, as when packets aren't received they're requested again.

Q

 

R

 

S

Subnet the range of IP addresses a router can talk to on a certain interface. For our routers it's commonly 192.168.199.1-192.168.199.254. You can get the subnet by taking the router's LAN IP and applying the subnet mask.

SSID Service Set Identifier, SSID is the unique identifier for a network. SSID functions similar to an IP address or domain name, and can be defined by the network owner.

SSL Secure Socket Layer, a security scheme which commonly involves certificates, which are hard to fake numbers exchanged between two computers.

T

TCP (see Protocol)

U

UDP (see Protocol)

V

VPN Virtual Private Network, VPN's create a secure, private network over a larger network like the internet. Most use a client service to connect to VPN. Common uses of VPN include unblocking government blocked websites, security, anonymity, virtual firewall, American IP, safe public WiFi, static IP, and lower skype rates.

W

WAN Wide Area Network, generally a connection to the wider, outside world. The internet is the best and possibly the largest example.

WEP Wired Equivalent Privacy, a misleading name because it is not very secure. WEP is an old wireless security scheme that has been widely deprecated in favor of WPA/WPA2.

Wireless A, B, G and N Each a different wireless protocol. A and N both use 5GHz frequencies, while B and G use the 2.4GHz bands. There are some major differences in them, but the frequencies are almost all that ever matter.

WPA Wi-fi Protected Access, a system of wireless security; this is less a protocol or encryption scheme as a way of using protocols and encryption schemes.

X

 

Y

 

Z

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.