HOB RD VPN NetAccess
HOB RD VPN NetAccess is part of the comprehensive security solution
HOB RD VPN and uses the HOB PPP Tunnel to provide complete network access to all resources in
the central corporate network.
The PPP Tunnel in HOB RD VPN also has the abbreviation HOB-PPP-T1.
The US Patent Office has granted a patent for HOB PPP T1, the patent number is US 8 910 272 B2.
The HOB PPP Tunnel from the User's Perspective
The user starts a browser and connects to
HOB RD VPN in the corporate offices. There, the user has to (depending on the
procedure chosen, see below) authenticate him-or herself and then lands at the HOB RD VPN
start page. Insofar as it has been configured by the administrator, The "Start PPP
Tunnel" menu item will be displayed on this page.
Now the user can access, via the PPP Tunnel, all resources in the central network; all protocols, such as TCP, UDP or ICMP will go through the PPP Tunnel.
The PPP Tunnel is controlled via the tray icon. When the user clicks the tray icon, a statistic will appear. From the window in which this statistic appears, the user also can terminate the PPP Tunnel.
Nothing needs to be installed locally in order to use the PPP Tunnel, and the user need not have any administrator rights. Especially interesting, no special drivers are required on the client either.
The only requirement on the client besides a browser is that it have a Java Virtual Machine (JVM) installed.
Other resources on the Internet can still be used after the PPP Tunnel is
started on the user's client machine; also, users still have access to other HOB RD VPN
functions; when properly installed and configured in the central network, these
connections will not go over the PPP
Reconnect After a Short Interruption of the Connection
If there is a temporary network interruption and the client loses its
connection, the user does not need to restart the PPP Tunnel, rather, as soon as
the network interruption is remedied, the PPP Tunnel automatically
resynchronizes itself with the network in the central office. In most cases, the
applications continue running on the client without any problems.
The HOB WebSecureProxy in the Corporate Center
The core component of HOB RD VPN is the server component HOB WebSecureProxy. The current version of the WebSecureProxy, or in short, the WSP. is 2.2, available for Windows, Linux and Unix in altogether 11 different platform-specific versions.
The WSP can also run in HOB SCS, the Open-Source Unix-based server operating system from HOB. HOB SCS stands for Secure Communications Server.
The WSP works with SSL encryption. HOB SSL supports all current encryption algorithms, including AES (Advanced Encryption Standard) with up to 256-bit key lengths.
The Web-Server Integrated in the HOB WebSecureProxy
The HOB WSP has a built-in Web server, the HOB PPP Tunnel components are
downloaded from this Web server.
For server authentication over SSL, the WSP needs an X.509 certificate which, for example, is also used in SSL /HTTPS equipped Web servers.
Feeding the Network Packets into the Corporate Center's Network
The HOB WSP v. 2.2 has no special functions for the PPP Tunnel; the HOB WSP
only en- and decrypts the PPP Tunnel's data. The HOB program xbipgw16 runs in
the enterprise network. This program splits the TCP connection to the client and
converts it to L2TP over UDP.
It can be advantageous to feed the network packets from the PPP
Tunnel directly into the enterprise network, and not in the DMZ.
Part of the HOB PPP Tunnels is a component which executes NAT in the
IP header and in DNS-UDP packets. Through this, the PPP Tunnel
can be used to reach several non-interconnected networks (sub-networks) in the
Authentication with HOB RD VPN
User authentication can be carried out in three different was, depending on the type of installation:
Authentication is performed over a browser with an SSL / HTTPS connection to the WSP. Thus the authentication process itself is encrypted and secure.
The HOB WSP has an integrated Radius interface enabling authentication to all conventional Radius servers.
The HOB WSP also has an integrated OCSP (Online Certificate Status Protocol) interface enabling client SSL certificates to be inspected for validity.
Integrity Check before the Client is Granted Access
The client can, as an option, also be inspected according to specific criteria before being granted access to enterprise-internal data. When desired, this can be configured during installation in the corporate network.
HOB Enterprise Access for Central Configuration
Configuration and authentication data such as User ID and password are either
stored in an XML file in the WSP configuration (HOB RD VPN Compact, under
preparation) or in the component HOB Enterprise Access.
Common Criteria Certification
The HOB PPP Tunnel is part of the comprehensive security solution HOB RD VPN. HOB RD VPN has been certified in accordance with the Common Criteria by the German Federal Office for Information Security (BSI Bundesamt für Sicherheit in der Informationstechnik).
In larger installations, all HOB RD VPN components can be redundantly installed in the enterprise network. Thus there is no single-point-of failure and uninterrupted operation is enabled.
HOB SCS can also be purchased from an:
Questions about HOB RD VPN?
For sales information, please contact the international sales office nearest you.
For technical questions, please contact HOB international support.
HOB RD VPN can also be purchased from an: