You've got two totally different things going on here, Mark.
VPN (virtual private network) is a mechanism whereby two separate
NETWORKS connect together using the public internet as the conduit and
securing the data by using encryption keys. For example, your work
network and your home network connect together via a VPN. In that
case, each network has a "router" with one interface on the local
network and the other interface on the VPN:
worksys1 --+ +-- homesys1
worksys2 --+-- router ---- VLAN ---- router --+-- homesys2
worksys3 --+ +-- homesys3
The two routers must know what type of VLAN is being used and know what
the encryption keys are for it to work. Any traffic that doesn't go
to a local box gets transmitted by the router via the VLAN to the other
network.
SSH is entirely different. SSH is essentially telnet with encryption
(it has much more, but that's the easiest way to think of it). It only
connects one system to another system--it does NOT do networks.
The main thing to remember is that VPNs connect networks to networks,
ssh connects system to system (a.k.a. "point to point").
Rick,
I get what you are saying, so maybe I'm not communicating my perspective
well enough, or not applying your picture clearly enough. I completely get
that the SSH connection is between my Linux box and my Dad's Linux box.
(point to point) that's not the question. I was wrong by implying anything
else, even though it was not my intention to do so.
Let's take your diagram, but let's extend it and apply it to how my real
home network (and possibly Brad's) looks, and how my home network works with
Windows VPN clients:
ISP DNS
worksys1 --+ | +-- (VPN) homesys1
worksys2 --+-- router ---- VLAN --+-- firewall --+-- homesys2
worksys3 --+ | +-- homesys3
worksysDNS-+ Yahoo
First, I don't really have a 'router' at home, as I understand routers. I
have a firewall that is capable of being configured as a router, but I don't
have that button clicked. The M$ VPN link happens without a 'router'.
(Please correct me on this point if I'm wrong as I understand this could be
critical in my getting this.)
Maybe the concept here is that the M$ VPN client is the 'router' in your
diagram for homesys1 only?
When I run M$'s VPN client on homesys1, only homesys1 becomes part of the
worksys network. homesys1 uses worksysDNS and is attached like it's part of
worksys. However, homesys2 & 3 don't know anything about me doing that. If
they want to go to Yahoo, they use ISP_DNS.
When I look at your picture above it is exactly what we do here at
ControlNet. We use this between buildings here and go halfway around the
world at times to other sites. However, that's not what I'm doing at home.
When I turn on the M$ VPN client it has no effect on the connections
homesys2/3 see, except possibly they cannot see me.
Help!!! ;-)