Casual virtual private network

Virtual Private Networks (VPNs) [1] allow individuals and business to create and maintain secure communication channels between their own local networks using public and insecure networks, like Internet, instead of private and leased lines. The main purpose of a VPN is to securely and transparently connect two or more remote networks to form virtually a single network. Network architectures defined by VPNs are inherently more scalable and flexible than pure private networks because they allow organizations to add and remove branch offices in an easier way. Other benefits of VPNs include obtaining almost the same capabilities of private or leased lines at much lower cost, and providing roaming users (or “Road-Warriors”) with secure connections to their corporate or personal networks whenever they need them. VPNs achieve the same level of protection as private networks using security mechanisms like encryption and authentication schemes. Those security mechanisms are centrally managed by a pre-defined security policy, which controls all communications inside the VPN by dictating when and how the protection is applied. In most cases, for security reasons, VPN users cannot change the security policy, and they cannot dynamically choose whether their communications are going to be protected or not. This high level of protection and connectivity achieved by VPNs, although desirable and necessary, is not useful for networks which do not want to provide transparent access to their resources within their networks, but only want to provide temporary secure access to internal services based on users’ demands. Although it is possible to provide protection for every service using modified clients and protocols, it could be useful to have an architecture that provides a userinitiated, transparent and secure connection between networks without securing every individual service. We call the