Conventional methods for routing packets from a client computer to a private network using a Virtual Private Network (VPN) gateway include methods for packet interception and re-routing. In some methods, an administrator uses a network abstraction layer, such as the Network Device Interface Specification (NDIS) network abstraction layer provided in the Microsoft Windows Operating System. An administrator may implement NDIS to create virtual adapters that expose a routing interface to Windows or to NDIS intermediate drivers. These virtual adapters (also known as NDIS shims) capture packet traffic sent across routing interfaces. Alternatively, administrators may implement a dialer-type interface to intercept packets. The dialer-type interface may include interfaces such as a TUN/TAP interface, which enables virtual point-to-point network devices and virtual Ethernet network devices.
These software interfaces are typically logical software layers residing above a physical interface and intercepting packets as the packets are transmitted from the physical interface through an operating system network stack. The software interfaces may encrypt and send the intercepted packets to a virtual private network gateway responsible for decrypting the packets and re-routing them to the original destinations.
Typically, when deploying VPN client applications on client computers, administrators install the software interfaces on each client computer. Installation of these software interfaces typically requires administrative privileges on the client computer and may require physical access to the client computer. Such installations may be cumbersome for an information technology administrative staff to manage and deploy. A flexible method for providing secure access to a private network, enabling authentication of packets prior to transmission to a VPN gateway, and providing ease of installation, would be desirable.