Automatic hardware-enabled virtual private network system

The present invention provides a technique for automatically establishing efficient, remote, secure client connections to one or more locations using a smart card enabled client driver and a smart card enabled network edge device (“Subnet Box”) capable of establishing an end-to-end hardware encrypted tunnel between itself and the client. In an embodiment of the invention, a method of establishing a secure communications tunnel comprises the steps of: authenticating a remote client to a subnet box on a private network, wherein the remote client is connected to the subnet box via a public network, establishing a tunnel between the remote client and the subnet box, and encapsulating all traffic in the tunnel, wherein the tunnel is established only when a unique physical token is coupled to the remote device. The unique physical token comprises a smartcard and is configured to be inserted into a communications port of the remote device. The step of authenticating comprises the steps of: receiving an authentication packet, wherein the first authentication packet comprises an identifier identifying the unique physical token and a first random number, and transmitting a response authentication packet, wherein the response authentication packet comprise a second random number. The step of establishing a secure communications tunnel comprises the step of generating a cryptographic key based on the first and second random numbers.