VPN Tunneling Protocols


VPN is a conglomerate of useful technologies that originally were assembled by hand. Now the networking companies and ISPs have realized the value of a VPN and are offering products that do the hard work for you. In addition, there is an assortment of free software available on the Internet (usually for Unix systems) that can be used to create a VPN. In this book, we’re going to look at some of the commercial and free solutions in detail. Which one you choose for your network will depend on the resources available to you, the platforms you run, your network topology, the time you wish to spend installing and configuring the software, and whether or not you want commercial-level support.

In a VPN tunnel there is a sender of data on one end and a recipient on the other. Between these two parties secure logical connection (a tunnel) is created. Then data of a particular protocol can be encapsulated into data packets of another protocol.
VPN technology has incorporated additional functionality into PPP creating different protocols like PPTP-Point-to-point tunneling protocol, L2TP-Layer-2 tunneling protocol and IPSec- IP security protocol. The diversity in VPN protocols is to cater to different requirements. Some protocols cater to remote access VPN connections from mobile users or branch offices that use a local ISP. Other protocols cater to communication between ‘LAN-to-LAN’. PPTP, L2TP and L2F-Layer two forwarding have been developed for dial-up VPN’s where as IPSec caters to ‘LAN-to-LAN’ solutions

PPTP- Point-to-Point Tunneling Protocol
PPTP is one of VPN’s first protocols built on PPP to provide remote access for VPN solutions. PPTP encapsulates PPP packets using GRE-Generic routing Protocol. This had been modified to give PPTP the flexibility of handling protocols other than IP like IPX-Internet Packet Exchange. PPTP uses authentication mechanisms within PPP, i.e. PAP-Password Authentication Protocol. Various other authentication and security mechanism have been developed by Microsoft and is utilized in its Operating System software.

L2F- Layer Two Forwarding Protocol
This was designed to tunnel data from corporate sites (for example, via Wi-Fi) to their respective users. It differs from PPTP in a way that it does not depend on IP. This could work on alternate media like frame relays or ATM-Asynchronous transfer Mode. L2F accepts other authentication mechanisms and allows tunnels to s upport more than one connection. L2F uses PPP for authentication of remote user. The authentication is done twice, one at the ISP and the second at the gateway to the connecting LAN.

L2TP – Layer Two Tunneling Protocol
The best features of PPTP and L2F were combined to form L2TP. It exists in the second layer (data link) of the OSI-Open Systems Interconnect model and so its name L2TP. Approved by IETF L2TP transport is defined for packet media, Frame relay, ATM and X.25 (Standard for packet switching networks defining layers 1, 2 and 3 of the OSI model). It has its own tunneling protocol and uses PPP’s PAP and other advanced mechanisms for authentication. Its encryption method is based on that of IPSec.

IPSec – Internet Protocol Security
IPSec is a complete VPN protocol solution. Existing in the third layer of the OSI model it uses the IKE-Internet Key Exchange to exchange and manage cryptographic keys used in a data encryption session. IPSec uses a number of encryption technologies to provide confidentiality and data integrity. IPSec allows the sender to authenticate/encrypt or authenticate and encrypt each IP packet. For this it uses two modes either of which can be chosen dependent of situations of security and traffic.
– Transport mode for authentication and encryption of the transport segment of an IP packet
– Tunnel mode authenticates and encrypts the whole IP packet.

IPSec’s strong security measures are designed mainly for IP packets and cannot handle multi-protocol non-IP network environments.

Scroll to Top