Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Virtual private network
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Protocols== [[File:IPSec VPN-en.svg|300px|thumb|The life cycle phases of an IPSec tunnel in a virtual private network]] A virtual private network is based on a tunneling protocol, and may be possibly combined with other network or application protocols providing extra capabilities and different security model coverage. * [[Internet Protocol Security]] ([[Internet Protocol Security|IPsec]]) was initially developed by the [[Internet Engineering Task Force]] (IETF) for [[IPv6]], and was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation.{{ref RFC|6434|quote=Previously, IPv6 mandated implementation of IPsec and recommended the key management approach of IKE. This document updates that recommendation by making support of the IPsec Architecture RFC4301 a SHOULD for all IPv6 nodes. |p=17}} This standards-based security protocol is also widely used with [[IPv4]]. Its design meets most security goals: [[Information security#Key concepts|availability, integrity, and confidentiality]]. IPsec uses encryption, [[Encapsulation (networking)|encapsulating]] an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination. IPsec tunnels are set up by [[Internet Key Exchange|Internet Key Exchange (IKE)]] protocol. IPsec tunnels made with IKE version 1 (also known as IKEv1 tunnels, or often just "IPsec tunnels") can be used alone to provide VPN, but have been often combined to the [[Layer 2 Tunneling Protocol|Layer 2 Tunneling Protocol (L2TP)]]. Their combination made possible to reuse existing L2TP-related implementations for more flexible authentication features (e.g. [[XAUTH|Xauth]]), desirable for remote-access configurations. IKE version 2, which was created by Microsoft and Cisco, can be used alone to provide IPsec VPN functionality. Its primary advantages are the native support for authenticating via the [[Extensible Authentication Protocol|Extensible Authentication Protocol (EAP)]] and that the tunnel can be seamlessly restored when the IP address of the associated host is changing, which is typical of a roaming mobile device, whether on [[3G]] or [[4G]] [[LTE (telecommunication)|LTE]] networks. IPsec is also often supported by network hardware accelerators,<ref>{{Cite web |title=Security for VPNs with IPsec Configuration Guide, Cisco IOS Release 15S - VPN Acceleration Module [Support] |url=https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-s/sec-sec-for-vpns-w-ipsec-15-s-book/sec-vam.html |access-date=2024-07-09 |website=Cisco |language=en}}</ref> which makes IPsec VPN desirable for low-power scenarios, like always-on remote access VPN configurations.<ref>{{Cite web |title=VPN overview for Apple device deployment |url=https://support.apple.com/guide/deployment/vpn-overview-depae3d361d0/web |access-date=2024-07-09 |website=Apple Support |language=en}}</ref><ref>{{Cite web |last= |date=2023-05-22 |title=About Always On VPN for Windows Server Remote Access |url=https://learn.microsoft.com/en-us/windows-server/remote/remote-access/overview-always-on-vpn |access-date=2024-07-09 |website=learn.microsoft.com |language=en-us}}</ref> * [[Transport Layer Security]] ([[Transport Layer Security|SSL/TLS]]) can tunnel an entire network's traffic (as it does in the [[OpenVPN]] project and [[SoftEther VPN]] project<ref>{{Cite web |title=1. Ultimate Powerful VPN Connectivity |url=https://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#SoftEther_VPN's_Solution:_Using_HTTPS_Protocol_to_Establish_VPN_Tunnels |website=www.softether.org |publisher=SoftEther VPN Project |access-date=8 October 2022 |archive-date=8 October 2022 |archive-url=https://web.archive.org/web/20221008211349/https://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#SoftEther_VPN's_Solution:_Using_HTTPS_Protocol_to_Establish_VPN_Tunnels |url-status=live }}</ref>) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through TLS. A VPN based on TLS can connect from locations where the usual TLS web navigation ([[HTTPS]]) is supported without special extra configurations, * [[Datagram Transport Layer Security]] ([[Datagram Transport Layer Security|DTLS]]) β used in Cisco [[AnyConnect]] VPN and in [[OpenConnect]] VPN<ref>{{Cite web |title=OpenConnect |url=https://www.infradead.org/openconnect/index.html |access-date=2013-04-08 |quote=<nowiki>OpenConnect is a client for Cisco's AnyConnect SSL VPN [...] OpenConnect is not officially supported by, or associated in any way with, Cisco Systems. It just happens to interoperate with their equipment.</nowiki> |archive-date=29 June 2022 |archive-url=https://web.archive.org/web/20220629202852/https://www.infradead.org/openconnect/index.html |url-status=live }}</ref> to solve the issues [[Transport Layer Security|TLS]] has with tunneling over [[Transmission Control Protocol|TCP]] (SSL/TLS are TCP-based, and tunneling TCP over TCP can lead to big delays and connection aborts<ref>{{Cite web |title=Why TCP Over TCP Is A Bad Idea |url=http://sites.inka.de/~W1011/devel/tcp-tcp.html |access-date=2018-10-24 |website=sites.inka.de |archive-date=6 March 2015 |archive-url=https://web.archive.org/web/20150306050429/http://sites.inka.de/~W1011/devel/tcp-tcp.html |url-status=live }}</ref>). * [[Microsoft Point-to-Point Encryption]] ([[Microsoft Point-to-Point Encryption|MPPE]]) works with the [[Point-to-Point Tunneling Protocol]] and in several compatible implementations on other platforms. * Microsoft [[Secure Socket Tunneling Protocol]] ([[Secure Socket Tunneling Protocol|SSTP]]) tunnels [[Point-to-Point Protocol]] (PPP) or Layer 2 Tunneling Protocol traffic through an [[Transport Layer Security|SSL/TLS]] channel (SSTP was introduced in [[Windows Server 2008]] and in [[Windows Vista]] Service Pack 1). * Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered [[trademark]] "MPVPN".{{relevance inline|date=March 2023}}<ref>{{Cite web |title=Trademark Status & Document Retrieval |url=https://tarr.uspto.gov/servlet/tarr?regser=serial&entry=78063238&action=Request+Status |website=tarr.uspto.gov |access-date=8 October 2022 |archive-date=21 March 2012 |archive-url=https://web.archive.org/web/20120321221027/http://tarr.uspto.gov/servlet/tarr?regser=serial&entry=78063238&action=Request+Status |url-status=live }}</ref> * Secure Shell (SSH) VPN β [[OpenSSH]] offers VPN tunneling (distinct from [[port forwarding]]) to secure{{ambiguous|reason=unclear whether "secure" is a verb or adjective|date=March 2023}} remote connections to a network, inter-network links, and remote systems. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication.<ref>{{Cite web |title=ssh(1) β OpenBSD manual pages |url=https://man.openbsd.org/ssh.1#SSH-BASED_VIRTUAL_PRIVATE_NETWORKS |website=man.openbsd.org |access-date=4 February 2018 |archive-date=5 July 2022 |archive-url=https://web.archive.org/web/20220705224554/https://man.openbsd.org/ssh.1#SSH-BASED_VIRTUAL_PRIVATE_NETWORKS |url-status=live }} *{{Cite web |last=Barschel |first=Colin |title=Unix Toolbox |url=http://cb.vu/unixtoolbox.xhtml#vpn |website=cb.vu |access-date=2 August 2009 |archive-date=28 May 2019 |archive-url=https://web.archive.org/web/20190528153959/http://cb.vu/unixtoolbox.xhtml#vpn |url-status=dead }} *{{Cite web |title=SSH_VPN β Community Help Wiki |url=https://help.ubuntu.com/community/SSH_VPN |website=help.ubuntu.com |access-date=28 July 2009 |archive-date=2 July 2022 |archive-url=https://web.archive.org/web/20220702025833/https://help.ubuntu.com/community/SSH_VPN |url-status=live }}</ref> SSH is more often used to remotely connect to machines or networks instead of a site to site VPN connection. * [[WireGuard]] is a protocol. In 2020, WireGuard support was added to both the Linux<ref>{{Cite web |last=Salter |first=Jim |date=2020-03-30 |title=WireGuard VPN makes it to 1.0.0βand into the next Linux kernel |url=https://arstechnica.com/gadgets/2020/03/wireguard-vpn-makes-it-to-1-0-0-and-into-the-next-linux-kernel/ |access-date=2020-06-30 |website=Ars Technica |language=en-us |archive-date=31 March 2020 |archive-url=https://web.archive.org/web/20200331182738/https://arstechnica.com/gadgets/2020/03/wireguard-vpn-makes-it-to-1-0-0-and-into-the-next-linux-kernel/ |url-status=live }}</ref> and Android<ref>{{Cite web |title=Diff - 99761f1eac33d14a4b1613ae4b7076f41cb2df94^! - kernel/common - Git at Google |url=https://android.googlesource.com/kernel/common/+/99761f1eac33d14a4b1613ae4b7076f41cb2df94%5E! |access-date=2020-06-30 |website=android.googlesource.com |archive-date=29 June 2022 |archive-url=https://web.archive.org/web/20220629213243/https://android.googlesource.com/kernel/common/+/99761f1eac33d14a4b1613ae4b7076f41cb2df94%5E! |url-status=live }}</ref> kernels, opening it up to adoption by VPN providers. By default, WireGuard utilizes the [[Curve25519]] protocol for [[key exchange]] and [[ChaCha20-Poly1305]] for encryption and message authentication, but also includes the ability to pre-share a symmetric key between the client and server.<ref>{{Cite journal|last=Younglove|first=R.|date=December 2000|title=Virtual private networks - how they work|url=https://ieeexplore.ieee.org/document/892887|journal=Computing & Control Engineering Journal|volume=11|issue=6|pages=260β262|doi=10.1049/cce:20000602|doi-broken-date=7 December 2024 |issn=0956-3385|url-access=subscription}}{{dead link|date=July 2024|bot=medic}}{{cbignore|bot=medic}} *{{Cite journal|last=Benjamin Dowling, and Kenneth G. Paterson|title=A cryptographic analysis of the WireGuard protocol|journal=International Conference on Applied Cryptography and Network Security|date=12 June 2018|isbn=978-3-319-93386-3}}</ref> *[[OpenVPN]] is a [[Free and open-source software|free and open-source]] VPN protocol based on the TLS protocol. It supports perfect [[Forward secrecy|forward-secrecy]], and most modern secure cipher suites, like [[Advanced Encryption Standard|AES]], [[Serpent (cipher)|Serpent]], [[Twofish|TwoFish]], etc. It is currently{{Current event inline|date=March 2023}} being developed and updated by OpenVPN Inc., a [[Nonprofit organization|non-profit]] providing secure VPN technologies. *Crypto IP Encapsulation (CIPE) is a free and open-source VPN implementation for tunneling [[IPv4 packet]]s over [[User Datagram Protocol|UDP]] via [[Encapsulation (networking)|encapsulation]].<ref>{{cite book |last1=Fuller |first1=Johnray |last2=Ha |first2=John |date=2002 |title=Red Hat Linux 9: Red Hat Linux Security Guide |url=https://archive.download.redhat.com/pub/redhat/linux/9/en/doc/RH-DOCS/pdf-en/rhl-sg-en.pdf |location=United States |publisher=[[Red Hat|Red Hat, Inc.]] |pages=48β53 |access-date=8 September 2022 |archive-date=14 October 2022 |archive-url=https://web.archive.org/web/20221014101152/https://archive.download.redhat.com/pub/redhat/linux/9/en/doc/RH-DOCS/pdf-en/rhl-sg-en.pdf |url-status=live }} *{{cite book |last=Petersen |first=Richard |date=2004 |title=Red Hat - The Complete Reference Enterprise Linux & Fedora Edition |url=http://litux.nl/Reference/index.html?page=books%2F7213%2Fddu0001.html |location=United States |publisher=[[McGraw-Hill Osborne|McGraw-Hill/Osborne]] |chapter=Chapter 17: Internet Protocol Security: IPsec, Crypto IP Encapsulation for Virtual Private Networks |chapter-url=http://litux.nl/Reference/index.html?page=books/7213/ddu0125.html |isbn=0-07-223075-4 |access-date=17 January 2023 |archive-date=17 January 2023 |archive-url=https://web.archive.org/web/20230117215057/http://litux.nl/Reference/index.html?page=books%2F7213%2Fddu0001.html |url-status=live }}</ref> CIPE was developed for [[GNU/Linux|Linux]] operating systems by Olaf Titz, with a [[Windows 2000|Windows]] [[Port (software)|port]] implemented by Damion K. Wilson.<ref>{{cite web |url=http://sites.inka.de/sites/bigred/devel/cipe.html |title=CIPE - Crypto IP Encapsulation |last=Titz |first=Olaf |date=2011-12-20 |website=CIPE - Crypto IP Encapsulation |access-date=2022-09-08 |archive-date=18 May 2022 |archive-url=https://web.archive.org/web/20220518123239/http://sites.inka.de/sites/bigred/devel/cipe.html |url-status=live }}</ref> Development for CIPE ended in 2002.<ref>{{cite web |url=https://sourceforge.net/projects/cipe-linux/ |title=CIPE - encrypted IP in UDP tunneling |last=Titz |first=Olaf |date=2013-04-02 |website=[[SourceForge]] |access-date=2022-09-08 |archive-date=8 September 2022 |archive-url=https://web.archive.org/web/20220908122718/https://sourceforge.net/projects/cipe-linux/ |url-status=live }} *{{cite web |url=https://cipe-win32.sourceforge.net/ |title=CIPE-Win32 - Crypto IP Encapsulation for Windows NT/2000 |last=Wilson |first=Damion |date=2002-10-19 |website=[[SourceForge]] |access-date=2022-09-08 |archive-date=8 September 2022 |archive-url=https://web.archive.org/web/20220908122719/http://cipe-win32.sourceforge.net/ |url-status=live }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)