Always online: "Seamless" Roaming in a Remote Access VPN Environment

There are three ways for mobile devices to set up a secure VPN tunnel (Virtual Private Network) to the company network: the traditional wire-bound Ethernet LAN, Wireless LAN (WiFi) at public hotspots, hotels or companies as well as cellular network connections. For cellular network connections the system has to support the following three technologies: the GSM network, 3G connections and high-speed connections via 4G networks (LTE, Long Term Evolution).

With "Seamless Roaming" the devices are able to automatically change between various networks. Increasing mobility and employees who roam freely within a building or company premises will profit from seamless roaming and a permanent availability of applications. This flexibility, however, poses a challenge to a remote access VPN solution. They have to

  • automatically support any change of communication medium
  • dynamically redirect an existing VPN tunnel during a change of the medium and
  • prevent session loss.

NCP's IPsec VPN Client software is one of the first client software's worldwide that supports seamless roaming of VPN connections across various mediums - without compromises regarding security. Seamless roaming is only available in conjunction with NCP Secure Enterprise VPN Server The client is able to automatically change the communication medium during a session and to dynamically redirect the VPN tunnel. Combined with this, the client also ensures "Location Awareness", which means automatic recognition of secure and insecure networks. The feature "Friendly Net Detection" ensures that the system activates or deactivates the appropriate firewall policy without the user's help.

Furthermore, the VPN client ensures that the VPN tunnel remains in place even if the connection has been interrupted; for example when the cellular network has been disconnected during a train journey. In such a case, the logical connection remains in place even if the VPN client has no access to the VPN server. The client software informs the user of the temporary disconnection of the physical connection by setting the state of the VPN tunnel, displayed by the monitor, from green to yellow. 

During seamless roaming operation, the software automatically controls DPD handling so that neither gateway nor client terminate the VPN connection during an interruption of a physical connection. DPD (Dead Peer Detection) is a process that recognizes if a VPN connection on the basis of IPsec has been interrupted and allows fresh set up of the tunnel. 

For VPN access via a cellular network, as with the example of the train journey, it is important that the VPN solution automatically re-establishes the connection as soon as the network is available. This process is transparent to the user so that no operation error occurs and that he is relieved from this task.

Operating comfort is further increased since the user of the VPN client does not have to worry about which medium is "best" - WiFi or cellular network. Ideally the user only has to click the connect button and the client software selects the appropriate available communication medium which the network manager specified under policies. 

Click here for detailed information on NCP's Secure Enterprise Client.