A mobile VPN is a network configuration in which mobile devices such as notebook computers or personal digital assistants (PDAs) access a virtual private network (VPN) or an intranet while moving from one physical location to another.
An effective mobile VPN provides continuous service to users and can seamlessly switch across access technologies and multiple public and private networks. The functioning of an effective mobile VPN is transparent to the end user without compromising security or privacy.
From an article on SearchMobileComputing.com, Lisa Phifer, vice-president of Core Competence Inc., explains the special requirements of mobile VPNs and how they work:
PPTP, IPsec and SSL VPNs identify the device at the far end of the tunnel by IP address. This works well for users who tunnel from stationary devices: a home PC over residential broadband, a laptop over a hotel LAN, or even a PDA at a Wi-Fi hot spot. But put that device in motion, and physical connectivity, point of network attachment, and IP address are all likely to change. A conventional VPN client simply cannot survive such changes. The tunnel breaks, application sessions disconnect or time out, and the user must restart the business communication from scratch.
Mobile VPN solutions from such vendors as Columbitech, Ecutel, IBM, ipUnplugged, Motorola, NetMotion, Nokia, Padcom and Radio IP are designed to adapt transparently to these changes. In a mobile VPN, a VPN server still sits at the edge of your company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam. For example, a mobile VPN client can:
- Roam from one wireless AP to another at a public Wi-Fi hot spot.
- Leave Wi-Fi coverage and start using a 3G connection (e.g., EV-DO).
- Leave 3G coverage and start using a slower 2G connection (e.g., 1xRTT).
- Return to the office and start using a docked Ethernet LAN connection.
In this example, the mobile VPN client uses four or five different physical IP addresses while retaining one logical IP address. Applications running on the mobile device and inside the corporate network communicate through that one logical IP address, remaining blissfully unaware of the user's motion and associated physical/network transitions.