What is VPN monitoring
VPN monitoring is the application of network performance monitoring to a VPN connection. Specifically, it’s the process of gaining visibility into the connectivity, throughput, latency and overall performance of a VPN, or virtual private network.
Why use a VPN? Well for companies who can’t, or just don’t, host all their information and applications in the public cloud, VPNs are a gateway to business critical resources that employees need to do their jobs when they’re not in the office.
Since the start of the global pandemic in 2020, most of us can’t go into our offices. But bills still need to be paid, customers still need to be contacted, and internal resources like business applications need to be accessed.
As a result, you may be monitoring and managing an unprecedented number of remote VPN users who, for the most part, are using new and potentially unfamiliar technology. Problems are bound to arise. Here’s what you need to know in order to put out fires from a distance.
What’s a VPN?
VPNs (virtual private networks) create an encrypted tunnel between two devices. This can be a user’s computer and a remote network, or two independent networks connected together via a secure tunnel. There are two primary VPN types: site-to-site VPNs (or network-based VPNs), and remote access VPNs (or client-based VPNs). In this article, let’s focus on remote access VPNs.
In most remote access VPN scenarios, a user will manually start a VPN client and authenticate themselves with a username and password. The VPN client then creates an encrypted tunnel between the user and a remote network, giving them access to privately hosted applications and resources on the network.
To grant this access, a VPN client uses one of two security protocols to create an encrypted tunnel: IPsec or SSL. The two protocols provide secure remote access, but they’re fundamentally different in how they do it.
IPsec requires you to install and configure a VPN client on each individual device, and keep the software updated. With IPsec, each device then has direct access to the complete central company network.
SSL, on the other hand, can be much simpler to use. In the simplest form, an SSL VPN portal, the VPN is browser-based and doesn’t require any software install. The SSL VPN portal also only gives users access to specific applications and not the entire network. More commonly, SSL VPN clients also give a full IPsec experience. But thanks to ease of setup and the ability to restrict access, SSL VPNs are the more popular of the two options.
How VPN monitoring works
The tactics used to monitor a VPN will first depend on the type in use, whether it’s a remote access VPN, or a site-to-site VPN. In either case, your network management system, like Auvik, should be able to perform the VPN monitoring functions.
There’s lots of options out there, so if you don’t yet have a network management system, we’ve put together a list of our top network monitoring tools. Just ensure that system security is at the top of your requirement list when evaluating solutions.
Monitoring remote access VPNs
For remote access VPNs, there are two ways to approach monitoring, and IT administrators need to be doing both.
Firstly, monitoring the overall performance of the tunnel. The network appliances that are handling the connectivity between the end users and your network, most commonly a firewall, have a limited physical capacity on the number of remote access connections they can support. There may also be licensing restrictions on the number of VPN users connected. IT professionals need to keep a close eye on the number of connected users, and the overall performance of the firewall, which we’ll talk more about below.
Second, the overall end user experience over the VPN needs to be monitored for a variety of contributing factors. If your end users are VPN split tunneling, where only the traffic that needs to be routed through the VPN tunnel is, then your VPN performance monitoring need only focus on that subset of traffic. If you aren’t using split tunneling, then all the end users’ traffic is being tunneled through that VPN connection, so their productivity can be impacted pretty quickly, as every web-based application they access could get bogged down. You’ll have to keep an eye on the overall throughput through the VPN, get visibility into the types of traffic flowing through the VPN (and possibly even do deep packet inspection on that traffic for security reasons), and monitor latency across that VPN that could crop up.
Monitoring site-to-site VPNs
The same principles apply to monitoring site-to-site VPNs. While device capacity and license counts can occasionally become an issue with site-to-site VPNs, the number of VPNs is typically static – meaning you’re not setting up and taking down site-to-site VPNs every day – so monitoring VPN tunnel counts isn’t as high priority.
It’s critical to pay attention to availability, throughput, and latency on site-to-site VPN links, as there are often a lot of users and critical services relying on these. And while typically site-to-site VPN traffic is considered “Internal” (if you manage both sites), you may want to get increased visibility into the types of traffic flowing through a VPN tunnel, either through NetFlow data collection, or DPI.
How to monitor VPNs with Auvik
When you’re supporting VPN users, there are three common types of problems that eventually come up: setup, capacity, and performance.
1. Common VPN setup issues
As you set up workers with a VPN en masse, you’ve likely been asked “How do I install a VPN client?” or “Is my VPN client set up correctly?” dozens of times. For times like these, it’s always good to have a canned answer or a shareable resource in your back pocket. Here are a few that we’ve found helpful:
- How to Set up a VPN in Windows
- How to set up a VPN Connection on Mac
- How to Check if a VPN is Working
2. Managing VPN capacity issues
Once users are successfully set up, your next batch of problems may be caused by a firewall at capacity. Firewalls usually license VPNs by the number of concurrent sessions allowed. Some firewalls also have a practical maximum limit for VPN sessions based on the hardware’s capacity.
If the number of users trying to connect to a firewall through a VPN exceeds the license count or maxes out the hardware limit, they won’t connect successfully and won’t be able to access the business-critical applications hosted on the network.
But Auvik has you covered on monitoring and managing VPN capacity issues. Without any manual setup, you can quickly and easily monitor and report on SSL VPN sessions across multiple firewall vendors and multiple sites.
Having data on real-time VPN usage at your fingertips eliminates hours you’d otherwise have to spend manually collecting the data one device at a time. Plus, four alerts automatically notify you when sessions reach—or surpass—defined thresholds:
- The number of SSL VPN sessions has maxed out
- There’s a high number of SSL VPN sessions in use
- There’s a low number of available SSL VPN sessions
- There’s a high percentage of SSL VPN sessions in use
With this info, you can proactively add VPN session capacity by purchasing more VPN licenses or upgrading the firewall hardware. By making changes to the network ahead of capacity becoming an issue, you can avoid frustrated users bombarding you with tickets and ensure the business continues to run smoothly.
3. Troubleshooting network performance issues
Once users are successfully set up with a VPN, and capacity is dealt with, performance problems that are typical on any network are next to crop up. These issues often point to problems with device, network, or application performance, and not necessarily the VPN’s performance.
Troubleshooting poor device performance is something Auvik has always been able to help with. If you’ve ruled out missteps during VPN set up or capacity bottlenecks as the culprit behind a VPN user’s issue, here are some resources to explore:
- 3 Minor Network Alerts You Shouldn’t Ignore
- How to Solve Network Cases Like a Super Sleuth With Auvik TrafficInsights™
- Network Monitoring: How to Handle High CPU Utilization Alerts
- Packet Errors, Packet Discards, and Packet Loss: What’s the Difference?
- I Can’t Access My Network Device! What Do I Do?
Interested in learning more about Auvik’s VPN monitoring? If you’re a current Auvik customer, the Auvik Knowledge Base tells you how to get started. If you aren’t using Auvik yet, you can try it (including the full VPN monitoring capabilities) absolutely free for 14 days.