Virtual Private
Networks
Ed Wagner
CS 7493
Overview
•
•
•
•
•
Introduction
Types of VPNs
Encrypting and Tunneling
Pro/Cons the VPNs
Conclusion
Introduction
•
Virtual Private Network
o
a secure network that uses primarily public
telecommunication infrastructures, such as the
internet, to provide remote offices or traveling users
an access to a centralized organizational network.
Types of VPNs
•
•
•
•
•
•
PPTP
IPSEC
L2TP
OpenVPN (SSL)
Hybrid VPN
MPLS VPN
PPTP
•
Point to Point Tunneling Protocol
The most common and widely used VPN.
o Defined in RFC 2637, in 1999
o Developed by Microsof and 3com.
o PPTP uses a control channel over TCP and a GRE
tunnel operating to encapsulate PPP packets.
o PPTP does not specified encryption or
authentication.
 Security and authentication provided by the
Microsoft PPTP software stack.
o Authentication and Encryption
 Authentication - MS-CHAPv2
o
PPTP
•
Pros/Cons of PPTP
+ Cheap to setup
- not as
secure
+ pre-existing technology - security not native
IPSEC
•
Internet Protocol Security Protocol
a protocol suite for securing IP communications by
authenticating and encrypting each IP packet.
o Developed at the Naval Research Lab.
o Operates in the OSI layer 3, much lower than other
VPN protocols.
o 2 modes of transmission:
 Tunnel - entire packet is encrypted , then
encapsulated in a new ip packet.
• used in network to network vpns, and host to network vpn
• NAT transversal
 Transport - Only the payload of the IP packet is
encrypted
o
IPSEC
Pros/Cons of IPSEC
+ Highest security
+ when used with l2tp, data is encapsulated
twice.
- harder to setup
- possible routing issues
- requires more processing power
L2TP
•
Layer 2 Tunneling Protocol
a tunneling protocol used to support vpns.
o does not provide any encryption or authentication
 usually used encrypted with IPsec.
o Proposed in 1999, RFC 2661
o Entire packet, both header and payload are sent as
a UDP packet on port 1701.
o
L2TP
•
Pros/Cons of L2TP
+ native windows support
+ feature rich backend allows use of other
protocols
- No native security
- slower than other vpn sources
OpenVPN
•
•
•
•
An open source software applications that
implements VPN techniques for creating
secure point to point or site to site
connections in routed/bridged networks
Created in 2002, by James Yonan
Uses SSL for encryption
Authentication is done with pre-shared keys
OpenVPN
Pros/Cons of OpenVPN
+ great community support
+ free
+ easy to setup
- SSL can require more processing power.
Hybrid VPNs
•
•
Hybrid VPN servers are able to accept
connections from multiple types of VPN
clients.
For example, combining the features of SSL
and IPSEC
Hybrid VPNS
Pros/Cons of Hybrid
+ Ability to use different protocols to provide
greater usage.
- expensive to implement.
MPLS VPN
•
Multi-Protocol Label Switching
o
o
a family of methods for harnessing the power of
multiprotocol label switching to create VPNs.
MPLS VPNs give network engineers the flexibility to
transport and route several types of network traffic
using the technologies of a MPLS backbone
 Related to telecommunication standards
MPLS
Pros/Cons of MPLS
+ use of different network technologies to
provide a VPN network.
- Not easy to setup.
Encrypting and Tunneling
•
Encrypting
o
•
o
Encoding a packet of information using a known and
tested algorithm.
Ex: IPsec, MPPE
Tunneling
o
o
Creating a path where all packets are routed to the
next path in the circuit, whether encrypted or not.
Ex: L2TP, PPTP (not with MPPE)
Conclusion
There are various options for VPNs. The major
factors for an SA setting up a VPN network
would be the Needs for Mobility, the
complexity of security, and the expense that
will be used to implement the VPN
Questions?
Works cited
•
•
•
•
•
•
http://en.wikipedia.org/wiki/Virtual_private_network
http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
http://techpp.com/2010/07/16/different-types-of-vpn-protocols/
http://www.alliancedatacom.com/how-vpn-works.asp
http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol
http://en.wikipedia.org/wiki/OpenVPN