Autotunnnel provides quick, easy and secure access to remote networks. The typical use case is where you require short-term access to a remote network, as in these situations it typically doesn't make sense to go through the lengthy and complex process of setting up a traditional site-to-site or client VPN.
Autotunnel is particularly suited for uses such as consulting, where you may need quick access to client networks in order to perform some activity. A real-world example of this could be a security consultant requiring access to a client's internal network to perform a security assessment. Setting up a traditional VPN each time a remote assessment is due to take place would take up significant IT resources, and also assumes the remote side has the technical know-how to do so. With Autotunnel, the process is greatly simplified so that neither you or your client need to be a network and security engineer.
From a user's perspective, the general flow of establishing a tunnel with Autotunnel looks as follows:
- Define the peering within the Autotunnel Dashboard
- Download and run the Autotunnel Virtual Appliance
- Input the key generated from step 1, as well as a shared secret
Within seconds, the Autotunnel Virtual Appliances on both sides will negotiate a secure tunnel between each other. Traffic sent to your virtual appliance will now be routed over the tunnel, provided the source and destination match the subnets defined in step 1. Any traffic that does not match the expected source and destination subnets will simply be forwarded to the gateway of the virtual appliance, and will not traverse the tunnel. Peer subnets will not be able to initiate traffic towards your private (node) subnets, therefore there is a layer of protection even when connecting to untrusted remote networks. All of this is achieved without the need to install any additional VPN software on your machines.
Remote (peer) subnets do not need to use the peer virtual appliance as their gateway, as all network traffic flows are initiated from the node side, and are NATed to the peer virtual appliance IP address prior to being forwarded to any peer subnets.
The sections that follow will go through the process in greater detail.