We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
Accept
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Client-to-Site VPN

  • Last updated on

With client-to-site VPNs, mobile workers can remotely access corporate information resources. VPNs provide access without the bandwidth, scalability, and manageability limitations of RAS implementations.

With the Barracuda NG Firewall, you can set up the following types of client-to-site VPNs:

Barracuda TINA

TINA is a Barracuda Networks proprietary VPN protocol. It offers a secure end-to-end solution that does not require additional third-party software or input. Every Barracuda NG Firewall includes a root-level Certificate Authority (CA), letting you create, delete, and renew X.509 certificates for strong authentication. TINA offers substantial improvement over the IPsec protocol. It provides the following:

  • High level of security. For supported encryption standards, see Authentication, Encryption, and Transport.
  • A full-featured Certificate Authority (CA) for TINA VPNs on every Barracuda NG Firewall, for use of self-signed certificates.
  • X.509 certificate-based VPN authentication with password request.
  • Immunity to NAT or proxy (HTTPS, SOCKS) traversal.
Supported VPN Clients

The following VPN clients are supported for use with Barracuda VPNs:

Setting Up a Barracuda Client-to-Site VPN

For instructions on how to set up a Barracuda VPN, see the following articles:

IPsec

IPsec is the most widely used secure cross-platform VPN protocol. It provides the following:

  • High level of security. For supported encryption standards, see Authentication, Encryption, and Transport.
  • Multiple VPN authentication methods:
    • Pre-shared Keys for iOS and Android devices
    • External X.509 certificate.
    • External X.509 certificate with username and password request using an external authentication server.
    • External X.509 certificate with username and password request. The username must match the one contained in the X.509 certificate. Can also be combined with external authentication.
  • Support for multiple external authentication methods (MSAD, MSNT, LDAP, RADIUS, RSA-ACE, TACACS+).
Limitations

IPsec VPNs have the following limitations:

  • Not every vendor adheres to the IPsec standard, so compatibility issues might be a problem.
  • Certificate management requires more effort (external CA or self-signed certificates).
  • Additional configuration might be needed if the client is behind a NAT router, which does not support IPsec passthrough or NAT traversal.
Supported VPN Clients

Every IPsec client adhering to the IPsec standard should work. the following VPN clients are supported for use with IPsec VPNs with or without PSK:

Setting Up an IPsec Client-to-Site VPN

For instructions on how to set up an IPsec VPN, see the following articles:

L2TP/IPsec

Layer 2 Transport Protocol over IPsec (L2TP/IPsec) is a Layer 2 protocol that uses IPsec for authentication and securing the payload of the data. It provides the following:

  • Native support in many modern operating systems (macOS, Linux, iOS, and Android).
  • IPsec used to secure data and VPN authentication.
  • Pre-shared X.509 certificates.
  • Support for external authentication over MS-CHAP-v2 or a local user database.
Limitation

With L2TP VPNs, additional configuration might be needed if the client is behind a NAT router.

Setting Up an L2TP Client-to-Site VPN

For instructions on how to set up an L2TP VPN, see How to Configure a Client-to-Site L2TP/IPsec VPN.

PPTP

As of 2012, PPTP is no longer considered secure. It is highly recommended that you switch away from PPTP because of the security risks involved.

Point-to-Point-Tunnel-Protocol (PPTP) is offered with up to 128-bit of MPPE encryption. It provides the following:

  • Long standing widespread support across many platforms.
  • Use if no other VPN client is available for client platform.
  • Use if VPN performance is more important than security.
  • Support for external authentication over MS-CHAP-v2 or a local user database.
Limitations

PPTP VPNs have the following limitations:

  • No data integrity verification.
  • Weak encryption using only a 128-bit key. 
Supported VPN Clients

Almost every modern operating system includes a PPTP client. The following clients are officially supported by Barracuda Networks:

  • Native VPN clients included in Windows, macOS, and Linux.
  • Native VPN clients included in iOS and Android.
Setting Up a PPTP Client-to-Site VPN

For instructions on how to set up a PPTP VPN, see How to Configure a Client-to-Site PPTP VPN.

Last updated on
Previous Article Next Article