Tired of managing certificates? Automate it with ZeroSSL   Learn about ZeroSSL Automation x

SSL VPN Servers

What is an SSL VPN Server?

How an SSL VPN WorksA VPN (Virtual Private Network) simulates a private network over the public Internet by encrypting communications between the two end-points. It allows you to create a separate, virtual network on top of a physical network. For example, you can connect your home computer to the network at your office and have the same connectivity and privacy as if your computer were physically at the office.

Common application used with SSL VPN servers include e-mail, file sharing, remote backup, and remote system management. With SSL VPN security you can securely access your files and applications anywhere in the world.

How does an SSL VPN server work?

An SSL VPN server works by creating a virtual channel over the public Internet using symmetric encryption. Both sides of the channel have keys that are used to encrypt and decrypt the traffic. Because symmetric encryption algorithms (AES, Blowfish, etc.) are so fast, they are used to encrypt the majority of the traffic. However, a different method must be used, at first, in order to transfer the keys to the correct parties. This ensures that you are talking with who you think you are talking to. This is where SSL certificates come into play. SSL certificates use Public Key Cryptography using a public and a private key. Any data encrypted with the public key can only be decrypted with the private key, and vice versa. Once identities are verified, a symmetric key is generated and used to encrypt the rest of the data.

How do you set up an SSL VPN?

To set up an SSL VPN you will need to use a special device or software. If you’re low on cash, we recommend the excellent, free SSL VPN solution OpenVPN. You can also check out one of the following commercial solutions:

SSL VPN Server Links

Originally posted on Sun Jan 18, 2009



Actually, using a web browser is the most common way to access an SSL VPN. The US National Institue of Standards and Technology define an SSL SPN this way:

"An SSL VPN consists of one or more VPN devices that users connect to using their Web browsers."

If you are using client certificates to authenticate usesr you definitely want to create your own CA certificate. OpenVPN has some great instructions for doing this here:



Is there any possibility to register one device for one particular user. Like: one of my user is accessing his SSL VPN from home PC, when he enter his user name and password, THE SSL VPN SERVER automatically register his home PC's mac address infromation and register for that perticuallr user and after that, that user cant not access the SSL vpn from sm other PC. Is it possile???/



Uses UDP on port 1194, and uses tap/tun type devices to create a network tunnel, I fail to see how this would even be created by a browser.


From the "Guide to SSL VPN" document linked to above:

"An SSL VPN consists of one or more VPN devices to which users connect using their Web browsers. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol. This type of VPN may be referred to as either an SSL VPN or a TLS VPN. This guide uses the term SSL VPN. SSL VPNs provide remote users with access to Web applications and client/server applications, and connectivity to internal networks. Despite the popularity of SSL VPNs, they are not intended to replace Internet Protocol Security (IPsec) VPNs. The two VPN technologies are complementary and address separate network architectures and business needs. SSL VPNs offer versatility and ease of use because they use the SSL protocol, which is included with all standard Web browsers, so the client usually does not require configuration by the user. SSL VPNs offer granular control for a range of users on a variety of computers, accessing resources from many locations. There are two primary types of SSL VPNs:

* SSL Portal VPNs. This type of SSL VPN allows a user to use a single standard SSL connection to a Web site to securely access multiple network services. The site accessed is typically called a portal because it is a single page that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies himself or herself to the gateway using an authentication method supported by the gateway, and is then presented with a Web page that acts as the portal to the other services.

* SSL Tunnel VPNs. This type of SSL VPN allows a user to use a typical Web browser to securely access multiple network services, including applications and protocols that are not web-based, through a tunnel that is running under SSL. SSL tunnel VPNs require that the Web browser be able to handle active content, which allows them to provide functionality that is not accessible to SSL portal VPNs. Examples of active content include Java, JavaScript, Active X, or Flash applications or plug-ins."

"The “tunnel” in an SSL tunnel VPN is both similar and quite different from the tunnels seen in typical IPsec VPNs. The two types of tunnels are similar in that almost all IP traffic is fully protected by the tunnel, giving the user full access to services on the network protected by the VPN gateway. The tunnels are quite different in that SSL/VPN tunnels are usually created in SSL using a non-standard tunneling method, while IPsec tunnels are created with methods described in the IPsec standard.
The tunneling in an SSL tunnel VPN allows a wide variety of protocols and applications to be run through it. For example, essentially any protocol that runs over TCP or UDP can be tunneled through such a gateway, making the remote user’s experience of the protected network very similar to being directly on the network. To the user, an SSL tunnel VPN may appear quite different from a typical Web site because the tunneling plug-in or application needs to be loaded into the user’s browser before the user can access the VPN. This might involve warning messages about the software being loaded, and it could also prevent users from entering the VPN if their Web browsers are instructed not to allow such programs to run. Because of the active content requirement, SSL tunnel VPNs may be accessible to fewer users than SSL portal VPNs."


This is completely misleading, you don't use web browsers with SSL VPN unless it's some kind of java client, and even then still nothing to do with the browser since Java has it's own key store.

This is one application where you SHOULD only use self signed certificates otherwise you run the risk of some third party letting others onto your network if they re-issue certificates by mistake for an attacker.


I wouldn't trust browsers to be host to any VPN, the amount of access plugins have they would then be given almost free reign to any network supposedly protected by the VPN, nightmare waiting to happen. :)

OpenVPN has it's own client/server model that doesn't, to the best of my knowledge, use browsers, most of the time it uses UDP by default, where as https is over TCP.

Bikers Gear Germany(2020-03-18)

Lovely information! It may helps us. Thanks:)

Advertisement • Hide