The CTDP Virtual Private Networking Reference Version 0.1.0 January 1, 2001
This document is under construction and is not complete!
Virtual Private Networking (VPN) allows information to be sent securely across media that is not secure. This media may typically be the internet, but may include any other connection media such as an internal network or leased line such as is used for a Wide Area Network (WAN) link.
- Client to Server (Client to LAN)
- Server to Server (LAN to LAN). Methods of providing LAN to LAN connection are:
- Dedicated lines
- Dial up line
- Tunneling (Encryption) - Data packets are encrypted, encapsulated into another protocol and transmitted between two locations.
- Authentication - Users must be authenticated to be sure no unauthorized persons are using the VPN. A security policy server may be used for this function. Digital certificates may be used for stronger authentication. A certificate server may be used to generate digital certificates.
- Address Management - For clients, a private address must be assigned and kept private.
- Key Management - Encryption keys must be generated.
VPN Protocols providing tunneling functions. Tunneling protocols are based on the OSI model layer 2 (data link layer) or layer 3 (network layer). Layer 2 protocols use frames to send the data and layer 3 protocols use packets to send the data. The tunneling protocols are listed below:
- L2TP - Supports IP, IPX, and AppleTalk. Supports frame relay, X.25, SONET, and ATM. Can make multiple tunnels. Combines L2F and PPTP.
L2TP is proprietary. It works at layer 2 of the network model which is the data link layer.
- L2F - Supports the connection and authentication of remote clients.
- PPTP - Provides for the encapsulation of network layer protocols. Since it is based on PPP it supports PPP compression schemes.
- IPSEC (Internet Protocol Security) - Ensures that IP packets are confidential and authentic. IPX and other network layer protocols are not supported. Only IP is supported. The original IP packet along with security headers and authentication information are encapsulated into a new IP packet. The security headers are used to decrypt the data on the receiving end. Several encryption schemes and security functions may be used such as:
IPsec is not proprietary. It works at Layer 3 of the network model which is the network layer. IPSEC has the strongest encryption and authentication methods. It also provides for key management. Performs:
- Digital signatures
- Digital certificates
- Certificate authorities
- Public key algorithms
IPSEC is normally considered the best VPN solution.
- SOCKS 5
Three protocol types used for tunneling are:
- Passenger - The protocol to be placed inside another protocol (encapsulated).
- Encapsulating - L2F is an example.
- Carrier - Used to transport the "encapsulated protocol".