VPN Technologies: TLS/SSL, PPTP, L2TP - Prof. Ching-Cheng Lee, Study notes of Computer Systems Networking and Telecommunications

Download VPN Technologies: TLS/SSL, PPTP, L2TP - Prof. Ching-Cheng Lee and more Study notes Computer Systems Networking and Telecommunications in PDF only on Docsity!

Other VPNsTLS/SSL, PPTP, L2TP^ Advanced Computer Networks SS2005Jürgen Häuselhofer

Overview^ „^ Introduction to VPNs^ „^ Why using VPNs^ „^ What are VPNs^ „^ VPN technologies^ „^ ...^ „^ TLS/SSL^ „^ Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)

ACN SS2005, Häuselhofer

What are VPNs?„A virtual private network is the extension of aprivate network that encompasses linksacross shared or public networks like theinternet“ (Microsoft, White Paper – Virtual Private Networking in Windows 2000)

ACN SS2005, Häuselhofer

VPN technologies „^ Secure VPNs^ „^ Networks that are constructed using encryption^ „^ IPSec, L2TP/IPSec, TLS/SSL „^ Trusted VPNs^ „^ VPN customer trusted the VPN provider to maintain integrityof the circuits^ „^ Layer 2 frames over MPLS „^ Hybrid VPNs^ „^ Combined use of secure & trusted VPNs^ „^ Secure parts controlled by customer or provider providingthe trusted part

ACN SS2005, Häuselhofer

Common uses (2/3)„ Connecting networks over internet^ „^ Dedicated lines to connect a branch office to corporate LAN^ „^ Dial-up line to connect a branch office to corporate LAN

ACN SS2005, Häuselhofer

Common uses (3/3)„ Connecting computers over intranet^ „^ e.g. departments LAN physically disconnected from intranetbecause of very sensitive data^ „^ Connection via separated VPN server

ACN SS2005, Häuselhofer

Tunneling (1/3)„^ Method for transfering data of a private network overa public network^ „^ Tunnel:^ „^ Logical path through which encapsulated packets travel

ACN SS2005, Häuselhofer

Tunneling (2/3)„^ Voluntary tunnel:^ „^ User or client computer is tunnel endpoint^ „^ Acts as tunnel client

ACN SS2005, Häuselhofer

Layer 2 VPNs - PPP„^ Point-to-Point Protocol (PPP) [RFC 1661, RFC 2153]^ „^ Standard method for transporting multiprotocol datagrams over point-to-point links^ „^ Originally developed as encapsulation protocol for IP traffic^ „^ Protocol Structure:^ Flag^ ... indicates beginning or end of frame (b^01111110)^ Address^ ... contains standard broadcast address^ Control^ ... calls for transmission in user data^ Protocol^ ... identifier for encapsulated protocol in information field^ Information^ ... datagram for protocol^ FCS^ ... Frame Check Sequence

ACN SS2005, Häuselhofer

Layer 2 VPNs – PPTP (1/4)

„^ Point-to-Point Tunneling Protocol (PPTP) [RFC 2637] „^ Mainly implemented and used by Microsoft „^ Extension of PPP „^ Allows tunneling of PPP datagrams over IP networks „^ Easy to use and to implement „^ Use of 2 connections^ „^ Control connection^ „^ Tunnel connection ACN SS2005, Häuselhofer

Layer 2 VPNs – PPTP (3/4)

„^ Creating a tunnel:1. Establishing control connection between PAC and PNS onport 17232. Exchanging information between PAC and PNS (e.g.encryption)3. Establishing tunnel connection ACN SS2005, Häuselhofer

Layer 2 VPNs – PPTP (4/4)„^ Structure of PPTP packet:PPP payload can be encrypted and/or compressedGRE header contains information about tunnel protocol and encryption algorithm

ACN SS2005, Häuselhofer

Layer 2 VPNs – L2F (2/2)

„^ Establishing connection:1. Remote user initiates PPP connection to ISP2. ISP undertakes authentication via CHAP or PAP3. No tunnel exists:^ „^ Tunnel will be createdTunnel exists:^ „^ New multiplex ID will be allocated -> notification to home gateway^ „^ Home gateway accepts or declines new connection ACN SS2005, Häuselhofer

Layer 2 VPNs – L2TP (1/2)

„^ Layer 2 Tunneling Protocol (L2TP) [RFC 2661] „^ Combines best features of L2F and PPTP „^ Uses UDP „^ Can be transported over Frame Relay, ATM, X.25, ... „^ Allows multiple tunnels with mutliple sessions insideevery tunnel „^ Commonly used with IPSec -> L2TP/IPSec ACN SS2005, Häuselhofer