Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Virtual private network
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==VPN protocols to highlight== [[File:IPSec VPN-en.svg|300px|thumb|The life cycle phases of an IPSec tunnel in a virtual private network]] A virtual private network is based on a tunneling protocol, and may be possibly combined with other network or application protocols providing extra capabilities and different security model coverage. * [[Internet Protocol Security]] ([[Internet Protocol Security|IPsec]]) was initially developed by the [[Internet Engineering Task Force]] (IETF) for [[IPv6]], and was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation.{{ref RFC|6434|quote=Previously, IPv6 mandated implementation of IPsec and recommended the key management approach of IKE. This document updates that recommendation by making support of the IPsec Architecture RFC4301 a SHOULD for all IPv6 nodes. |p=17}} This standards-based security protocol is also widely used with [[IPv4]]. Its design meets most security goals: [[Information security#Key concepts|availability, integrity, and confidentiality]]. IPsec uses encryption, [[Encapsulation (networking)|encapsulating]] an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination. IPsec tunnels are set up by [[Internet Key Exchange|Internet Key Exchange (IKE)]] protocol. IPsec tunnels made with IKE version 1 (also known as IKEv1 tunnels, or often just "IPsec tunnels") can be used alone to provide VPN, but have been often combined to the [[Layer 2 Tunneling Protocol|Layer 2 Tunneling Protocol (L2TP)]]. Their combination made possible to reuse existing L2TP-related implementations for more flexible authentication features (e.g. [[XAUTH|Xauth]]), desirable for remote-access configurations. IKE version 2, which was created by Microsoft and Cisco, can be used alone to provide IPsec VPN functionality. Its primary advantages are the native support for authenticating via the [[Extensible Authentication Protocol|Extensible Authentication Protocol (EAP)]] and that the tunnel can be seamlessly restored when the IP address of the associated host is changing, which is typical of a roaming mobile device, whether on [[3G]] or [[4G]] [[LTE (telecommunication)|LTE]] networks. IPsec is also often supported by network hardware accelerators,<ref>{{Cite web |title=Security for VPNs with IPsec Configuration Guide, Cisco IOS Release 15S - VPN Acceleration Module [Support] |url=https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-s/sec-sec-for-vpns-w-ipsec-15-s-book/sec-vam.html |access-date=2024-07-09 |website=Cisco |language=en}}</ref> which makes IPsec VPN desirable for low-power scenarios, like always-on remote access VPN configurations.<ref>{{Cite web |title=VPN overview for Apple device deployment |url=https://support.apple.com/guide/deployment/vpn-overview-depae3d361d0/web |access-date=2024-07-09 |website=Apple Support |language=en}}</ref><ref>{{Cite web |last= |date=2023-05-22 |title=About Always On VPN for Windows Server Remote Access |url=https://learn.microsoft.com/en-us/windows-server/remote/remote-access/overview-always-on-vpn |access-date=2024-07-09 |website=learn.microsoft.com |language=en-us}}</ref> * [[Transport Layer Security]] ([[Transport Layer Security|SSL/TLS]]) can tunnel an entire network's traffic (as it does in the [[OpenVPN]] project and [[SoftEther VPN]] project<ref>{{Cite web |title=1. Ultimate Powerful VPN Connectivity |url=https://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#SoftEther_VPN's_Solution:_Using_HTTPS_Protocol_to_Establish_VPN_Tunnels |website=www.softether.org |publisher=SoftEther VPN Project |access-date=8 October 2022 |archive-date=8 October 2022 |archive-url=https://web.archive.org/web/20221008211349/https://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#SoftEther_VPN's_Solution:_Using_HTTPS_Protocol_to_Establish_VPN_Tunnels |url-status=live }}</ref>) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through TLS. A VPN based on TLS can connect from locations where the usual TLS web navigation ([[HTTPS]]) is supported without special extra configurations, * [[Datagram Transport Layer Security]] ([[Datagram Transport Layer Security|DTLS]]) β used in Cisco [[AnyConnect]] VPN and in [[OpenConnect]] VPN<ref>{{Cite web |title=OpenConnect |url=https://www.infradead.org/openconnect/index.html |access-date=2013-04-08 |quote=<nowiki>OpenConnect is a client for Cisco's AnyConnect SSL VPN [...] OpenConnect is not officially supported by, or associated in any way with, Cisco Systems. It just happens to interoperate with their equipment.</nowiki> |archive-date=29 June 2022 |archive-url=https://web.archive.org/web/20220629202852/https://www.infradead.org/openconnect/index.html |url-status=live }}</ref> to solve the issues [[Transport Layer Security|TLS]] has with tunneling over [[Transmission Control Protocol|TCP]] (SSL/TLS are TCP-based, and tunneling TCP over TCP can lead to big delays and connection aborts<ref>{{Cite web |title=Why TCP Over TCP Is A Bad Idea |url=http://sites.inka.de/~W1011/devel/tcp-tcp.html |access-date=2018-10-24 |website=sites.inka.de |archive-date=6 March 2015 |archive-url=https://web.archive.org/web/20150306050429/http://sites.inka.de/~W1011/devel/tcp-tcp.html |url-status=live }}</ref>). * [[Microsoft Point-to-Point Encryption]] ([[Microsoft Point-to-Point Encryption|MPPE]]) works with the [[Point-to-Point Tunneling Protocol]] and in several compatible implementations on other platforms. * Microsoft [[Secure Socket Tunneling Protocol]] ([[Secure Socket Tunneling Protocol|SSTP]]) tunnels [[Point-to-Point Protocol]] (PPP) or Layer 2 Tunneling Protocol traffic through an [[Transport Layer Security|SSL/TLS]] channel (SSTP was introduced in [[Windows Server 2008]] and in [[Windows Vista]] Service Pack 1). * Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered [[trademark]] "MPVPN".{{relevance inline|date=March 2023}}<ref>{{Cite web |title=Trademark Status & Document Retrieval |url=https://tarr.uspto.gov/servlet/tarr?regser=serial&entry=78063238&action=Request+Status |website=tarr.uspto.gov |access-date=8 October 2022 |archive-date=21 March 2012 |archive-url=https://web.archive.org/web/20120321221027/http://tarr.uspto.gov/servlet/tarr?regser=serial&entry=78063238&action=Request+Status |url-status=live }}</ref> * Secure Shell (SSH) VPN β [[OpenSSH]] offers VPN tunneling (distinct from [[port forwarding]]) to secure{{ambiguous|reason=unclear whether "secure" is a verb or adjective|date=March 2023}} remote connections to a network, inter-network links, and remote systems. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication.<ref>{{Cite web |title=ssh(1) β OpenBSD manual pages |url=https://man.openbsd.org/ssh.1#SSH-BASED_VIRTUAL_PRIVATE_NETWORKS |website=man.openbsd.org |access-date=4 February 2018 |archive-date=5 July 2022 |archive-url=https://web.archive.org/web/20220705224554/https://man.openbsd.org/ssh.1#SSH-BASED_VIRTUAL_PRIVATE_NETWORKS |url-status=live }} *{{Cite web |last=Barschel |first=Colin |title=Unix Toolbox |url=http://cb.vu/unixtoolbox.xhtml#vpn |website=cb.vu |access-date=2 August 2009 |archive-date=28 May 2019 |archive-url=https://web.archive.org/web/20190528153959/http://cb.vu/unixtoolbox.xhtml#vpn |url-status=dead }} *{{Cite web |title=SSH_VPN β Community Help Wiki |url=https://help.ubuntu.com/community/SSH_VPN |website=help.ubuntu.com |access-date=28 July 2009 |archive-date=2 July 2022 |archive-url=https://web.archive.org/web/20220702025833/https://help.ubuntu.com/community/SSH_VPN |url-status=live }}</ref> SSH is more often used to remotely connect to machines or networks instead of a site to site VPN connection. * [[WireGuard]] is a protocol. In 2020, WireGuard support was added to both the Linux<ref>{{Cite web |last=Salter |first=Jim |date=2020-03-30 |title=WireGuard VPN makes it to 1.0.0βand into the next Linux kernel |url=https://arstechnica.com/gadgets/2020/03/wireguard-vpn-makes-it-to-1-0-0-and-into-the-next-linux-kernel/ |access-date=2020-06-30 |website=Ars Technica |language=en-us |archive-date=31 March 2020 |archive-url=https://web.archive.org/web/20200331182738/https://arstechnica.com/gadgets/2020/03/wireguard-vpn-makes-it-to-1-0-0-and-into-the-next-linux-kernel/ |url-status=live }}</ref> and Android<ref>{{Cite web |title=Diff - 99761f1eac33d14a4b1613ae4b7076f41cb2df94^! - kernel/common - Git at Google |url=https://android.googlesource.com/kernel/common/+/99761f1eac33d14a4b1613ae4b7076f41cb2df94%5E! |access-date=2020-06-30 |website=android.googlesource.com |archive-date=29 June 2022 |archive-url=https://web.archive.org/web/20220629213243/https://android.googlesource.com/kernel/common/+/99761f1eac33d14a4b1613ae4b7076f41cb2df94%5E! |url-status=live }}</ref> kernels, opening it up to adoption by VPN providers. By default, WireGuard utilizes the [[Curve25519]] protocol for [[key exchange]] and [[ChaCha20-Poly1305]] for encryption and message authentication, but also includes the ability to pre-share a symmetric key between the client and server.<ref>{{Cite journal|last=Younglove|first=R.|date=December 2000|title=Virtual private networks - how they work|url=https://ieeexplore.ieee.org/document/892887|journal=Computing & Control Engineering Journal|volume=11|issue=6|pages=260β262|doi=10.1049/cce:20000602|doi-broken-date=7 December 2024 |issn=0956-3385}}{{dead link|date=July 2024|bot=medic}}{{cbignore|bot=medic}} *{{Cite journal|last=Benjamin Dowling, and Kenneth G. Paterson|title=A cryptographic analysis of the WireGuard protocol|journal=International Conference on Applied Cryptography and Network Security|date=12 June 2018|isbn=978-3-319-93386-3}}</ref> *[[OpenVPN]] is a [[Free and open-source software|free and open-source]] VPN protocol based on the TLS protocol. It supports perfect [[Forward secrecy|forward-secrecy]], and most modern secure cipher suites, like [[Advanced Encryption Standard|AES]], [[Serpent (cipher)|Serpent]], [[Twofish|TwoFish]], etc. It is currently{{Current event inline|date=March 2023}} being developed and updated by OpenVPN Inc., a [[Nonprofit organization|non-profit]] providing secure VPN technologies. *Crypto IP Encapsulation (CIPE) is a free and open-source VPN implementation for tunneling [[IPv4 packet]]s over [[User Datagram Protocol|UDP]] via [[Encapsulation (networking)|encapsulation]].<ref>{{cite book |last1=Fuller |first1=Johnray |last2=Ha |first2=John |date=2002 |title=Red Hat Linux 9: Red Hat Linux Security Guide |url=https://archive.download.redhat.com/pub/redhat/linux/9/en/doc/RH-DOCS/pdf-en/rhl-sg-en.pdf |location=United States |publisher=[[Red Hat|Red Hat, Inc.]] |pages=48β53 |access-date=8 September 2022 |archive-date=14 October 2022 |archive-url=https://web.archive.org/web/20221014101152/https://archive.download.redhat.com/pub/redhat/linux/9/en/doc/RH-DOCS/pdf-en/rhl-sg-en.pdf |url-status=live }} *{{cite book |last=Petersen |first=Richard |date=2004 |title=Red Hat - The Complete Reference Enterprise Linux & Fedora Edition |url=http://litux.nl/Reference/index.html?page=books%2F7213%2Fddu0001.html |location=United States |publisher=[[McGraw-Hill Osborne|McGraw-Hill/Osborne]] |chapter=Chapter 17: Internet Protocol Security: IPsec, Crypto IP Encapsulation for Virtual Private Networks |chapter-url=http://litux.nl/Reference/index.html?page=books/7213/ddu0125.html |isbn=0-07-223075-4 |access-date=17 January 2023 |archive-date=17 January 2023 |archive-url=https://web.archive.org/web/20230117215057/http://litux.nl/Reference/index.html?page=books%2F7213%2Fddu0001.html |url-status=live }}</ref> CIPE was developed for [[GNU/Linux|Linux]] operating systems by Olaf Titz, with a [[Windows 2000|Windows]] [[Port (software)|port]] implemented by Damion K. Wilson.<ref>{{cite web |url=http://sites.inka.de/sites/bigred/devel/cipe.html |title=CIPE - Crypto IP Encapsulation |last=Titz |first=Olaf |date=2011-12-20 |website=CIPE - Crypto IP Encapsulation |access-date=2022-09-08 |archive-date=18 May 2022 |archive-url=https://web.archive.org/web/20220518123239/http://sites.inka.de/sites/bigred/devel/cipe.html |url-status=live }}</ref> Development for CIPE ended in 2002.<ref>{{cite web |url=https://sourceforge.net/projects/cipe-linux/ |title=CIPE - encrypted IP in UDP tunneling |last=Titz |first=Olaf |date=2013-04-02 |website=[[SourceForge]] |access-date=2022-09-08 |archive-date=8 September 2022 |archive-url=https://web.archive.org/web/20220908122718/https://sourceforge.net/projects/cipe-linux/ |url-status=live }} *{{cite web |url=https://cipe-win32.sourceforge.net/ |title=CIPE-Win32 - Crypto IP Encapsulation for Windows NT/2000 |last=Wilson |first=Damion |date=2002-10-19 |website=[[SourceForge]] |access-date=2022-09-08 |archive-date=8 September 2022 |archive-url=https://web.archive.org/web/20220908122719/http://cipe-win32.sourceforge.net/ |url-status=live }}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Virtual private network
(section)
Add topic
