VPN monitoring for an efficient remote working environment

What is VPN monitoring?

VPNs are largely used in today’s corporate world. Their features and efficiency are the backbone on which many employees work and the infrastructure of their companies use. But an inefficient VPN means sluggish connections and difficulties in accomplishing work-related tasks. Their promise of security is vital for many companies. VPN needs to be monitored too, same as any other component of an IT’s infrastructure, since there is no guarantee that a VPN will work at all times.

VPN monitoring is here to ensure that every VPN is as efficient as it should be, and that the data is only seen by authorized eyes. VPN monitoring is done either through specific software or via the generic monitoring solutions that plenty of companies implement for their network monitoring strategy.

VPN monitoring examines the health of all related VPN devices that constitute the private networks, and monitors VPN traffic, making sure all the data moves through the VPN network without delay, and all information is encrypted. Additionally, VPN monitoring can report on each user’s traffic bandwidth usage and notify about spikes or abnormalities. Resources can then be allocated when and where needed. VPN monitoring does not only help administrators have a good performing enterprise network, but also inform them on how to maintain and optimize it.

What is actually a VPN?

A VPN is, as the acronym suggests, a virtual private network. In practice, it means one of two things. A VPN can extend a private network across a public network, enabling its users to send and receive traffic as if it were one single private network. It can also allow individual users who are not necessarily connected to a private corporate network to connect to one remotely, and have the same permissions and access as if they were physically connected to the other hosts on the network. Therefore, a VPN is not only a method to merge different networks, but to also add a specific host to a remote network.

Regardless of whether they are networks or individual users, a VPN connects several of them through the use of tunneling protocols that take care of encapsulating the local traffic and transferring it over a public network. The traffic is encrypted at the origin and decrypted at the destination, making it safer from third-parties and sniffers. Through the use of VPN tunnels, confidentiality, efficiency, and full features are ensured across different private networks.

To make a secure connection in a VPN possible, an ad-hoc protocol is used. There are a few that can create the necessary tunnels in a VPN, authenticate users, encrypt the traffic, and maintain high efficiency. The most common ones are IPSec, SSH, and OpenVPN. These allow workers to communicate across different networks with adequate security, performance, and transparency, which is the main use case for a VPN.

The different types of VPNs

Remote-access VPNs

Site-to-Site VPNs

MPLS-based VPNs

A subcategory of site-to-site VPNs are MPLS-based VPNs. They work in all regards as normal VPNs, but instead of relying on the hardware of a single company, they are cloud-based VPNs. A third party takes care of setting up the VPN and connecting your private networks with each other, ensuring stability and confidentiality. The MPLS network functions as the tunnel by which a company creates virtual connections between office sites. Traffic therefore goes through this cloud-based network, where the VPN monitoring takes place.

The main advantage of this solution is speed. As they are dedicated businesses, MPLS-based VPNs are generally very efficient. VPN monitoring is usually done by the companies offering this VPN solution, thus outsourcing the needs of a VPN monitor altogether. Furthermore, MPLS-based VPNs offer interface independence, meaning that each of your networks can have different types of connection and still work together as a VPN. Their main downside is that it is a paid solution with an increased weight on the company's budget.

VPN tunnel monitoring

At the core of a VPN, there are its tunnels. VPN tunnel monitoring is thus also the core of VPN monitoring. Most of VPN monitoring is about VPN tunnel monitoring and only marginally about checking VPN status.

There are multiple network protocols that act as tunneling protocols. Any VPN tunnel monitoring is therefore done with a monitoring tool that can support the protocol used in your organization, or directly checks the traffic at gateway level. Most commonly these are either IPSec, SSL/TLS, SSH, L2TP, and OpenVPN, with a few alternatives that are OS-specific or rarely used.

Why is VPN monitoring essential?

As with any type of network monitoring, checking the health of your VPN is essential to have an efficient network. VPNs are increasingly used for remote working and connecting different networks, often very far away from each other. Both are critical aspects of operating a modern company. Monitoring the VPN is important to understand how well it is working, improve its performances whenever necessary and, in the end, guarantee an optimal experience to everybody who is using it. VPNs can be the principal way to how employees connect to the company’s network, and ensuring that they suffer no disruption and slowness is fundamental for them to perform their tasks as well as they can.

A VPN is an effective way to maintain a good level of security when transferring sensitive data, as the VPN tunnels are encrypted end-to-end. In network security monitoring, it is important to include VPN monitoring, and checking that the traffic is actually encrypted. Keeping track of who is connecting to a VPN is a good method to know who is authorized and who is not. Unknown attempts of connection can signal attempts of intrusion. Old accounts of former employees that have not been disabled yet may still access internal resources, and a VPN monitor is necessary to discover them before a security emergency arises.

What to monitor in a VPN?

Whether your infrastructure has a site-to-site VPN or a remote-access one, there are a number of key metrics to monitor that are common for both. Checking the VPN status, if it is up or down, is the most basic check to make in VPN monitoring. Metrics that focus on the health of the VPN are the next logical step. Round-trip time (RTT) is a measure of how long in milliseconds it takes for a request to go from a starting point to the destination and back again. In VPN monitoring, this is often checked by collecting the average and the maximum RTT of both public and private networks. RTT will give you insight on how efficient the VPN is.

Packet loss rate is the natural metric to collect to identify congestions or overworked network devices. Along with the actual traffic being used, where it goes and where it comes from, this can give the network administrator a good view of why there may be a large packet loss rate at a particular point in the VPN.

Naturally, knowing the overall bandwidth usage is important for being aware of what is being used and by whom. Usage spikes may signal an anomaly or intrusion. This is usually collected on a VPN gateway that monitors all traffic coming and going in a VPN.

The total number of VPN sessions and tunnels is indicative of how many active users are connected through the VPN. Any number that deviates from the norm may indicate an intrusion or a security misconfiguration.

How VPN monitoring works

In practice, VPN monitoring is done with the help of a network monitoring solution that can handle monitoring of the various devices through which VPN traffic is routed. This includes routers, gateways, switches and dedicated VPN servers. Everything that goes from a network to another via VPN, plus anything under the control of the company in the case of remote-access VPNs, needs to be monitored. This is a large amount of data to check, especially if we consider that the traffic in a VPN is encrypted and then decrypted, with further burden put on the CPUs.

Therefore, all the metrics that can interest a VPN connection are to be collected. VPN traffic monitoring is a key part of VPN monitoring, with bandwidth, number of open VPN sessions, number of active VPN tunnels, error rates, and packet loss contributing to the general view of how a VPN is performing. It also checks the CPU utilization of each VPN device. Most network monitoring tools include these metrics by default.

Once the basic VPN status is checked, and all the useful data about VPN traffic is captured, real-time monitoring in order to set usage threshold is commonly set up. In many cases, but not always, VPNs have to impose limits to not be abused. A real-time VPN monitoring system can apply threshold by user, network and/or tunnel.

VPN monitoring solutions present all the collected data with a visual dashboard and with data reports. While the dashboard is usually used to check the health of the VPN on a daily basis, in-depth reports can help you to identify possible issues and bottlenecks better. Some monitoring tools allow for an automated response to events with preset and custom rules. Leveraging rules to respond quickly to issues and alerts means a reduced manual intervention with fewer possible human mistakes and less workload for administrators. Checkmk does support all these features for an easy VPN monitoring solution that does not skimp on metrics.