A virtual private network (VPN) enables a computing device to exchange data with a private network across a shared or public network, such as the Internet, while benefiting from the functionality, security and management policies of the private network. To implement a VPN, a computing device establishes a secure connection over a shared or public network with a VPN gateway that is typically provided at the edge of a private network. A tunneling protocol is typically used to implement the connection between the remote computing device and the VPN gateway.
A VPN connection may be established using any of a variety of standard tunneling protocols such as, for example, the Layer 2 Tunneling Protocol (L2TP), the Internet Key Exchange protocol (IKE or IKEv2), the Point-to-Point Tunneling Protocol (PPTP), and the Secure Sockets Tunneling Protocol (SSTP). Different VPN gateways may support different ones of these standard tunneling protocols. By providing a computing device with the ability to support a variety of such standard tunneling protocols, interoperability between the computing device and a variety of different standards-based VPN gateways can be ensured.
Currently, in order to implement standard tunneling protocols on computing devices, static connection profiles must first be provisioned to the computing devices. If the computing devices are mobile devices, this may entail providing additional mobile device management (MDM) infrastructure to perform the provisioning. This may also entail requiring users to perform complex interaction steps to get up and running with their remote access or site-to-site VPN experiences. Furthermore, in conventional implementations, higher-layer policies, such as tariff-based policies and multi-network connection routing policies, cannot be enforced on these static connection profiles.
As an alternate approach to pushing static connection profiles to computing devices, some vendors have pushed the industry towards proprietary tunneling protocols to enable a simpler connectivity experience enabled through the dynamic exchange of proprietary session parameters between a computing device and a VPN gateway. However, this type of approach fundamentally breaks the principle of interoperability between computing devices and VPN gateways that implement standard tunneling protocols.