Network Layer vs. Transport Layer VPNs

Virtual private networks (VPNs) such as Microsoft’s Routing and Remote Access Service (RRAS) technology work between the data link layer and the Internet Protocol (IP) network layer. They use encryption to tunnel all IP packets between the client and devices on the networks behind the VPN access server, independent of which higher-layer application protocols are carried in that packet, such as Server Messenger Block, File Transfer Protocol, or Simple Mail Transfer Protocol. Once an authorized user has been authenticated and the secure VPN tunnel established, IP traffic is relayed between his client PC and other devices on the private network behind the access server in such a way that it appears that the client device is connected directly to the private network.

Initially, Microsoft’s RRAS technology was based on the Point-to-Point Tunneling Protocol technology, but with Windows 2000 this was expanded to include support for the Layer 2 Tunneling Protocol, which provides similar functionality but works over the more secure Internet Protocol Security standard.