VPN¶
About VPN¶
- Encription vs Tunneling Protocol
+-------+----------+------------+
| Layer | Protocol | Encryption |
+-------+----------+------------+
| L2 | PPTP | NO |
| L2 | L2TP | NO |
| L3 | GRE | NO |
| L3 | IP in IP | NO |
| L3 | IPsec | YES |
+-------+----------+------------+
IPsec(IP Security)¶
L2TP over IPsec
GRE over IPsec
IP in IP と IPsec
Transparent mode
- 暗号化範囲: TCP/UDPヘッダ - ESPトレイラ
- 認証範囲: ESPヘッダ - ESPトレイラ
- ex.)
+-----------+--------+--------+------+---------+--------------+ | Original | ESP | TCP | Data | ESP | ESP | | IP Header | Header | Header | | Trailer | Auth. Header | +-----------+--------+--------+------+---------+--------------+
Tunnel Mode
- 暗号化範囲: IPヘッダ - ESPトレイラ
- 認証範囲: ESPヘッダ - ESPトレイラ
- ex.)
+-----------+--------+-----------+--------+------+---------+--------------+ | NEW | ESP | Original | TCP | Data | ESP | ESP | | IP Header | Header | IP Header | Header | | Trailer | Auth. Header | +-----------+--------+-----------+--------+------+---------+--------------+
Protocols in IPsec
+----------+---------------------------+----------+-------------+ | Protocol | Usage | Port | IP Protocol | +----------+---------------------------+----------+-------------+ | IKE | KeyExchange | 500(UDP) | - | | ESP | Encryption/Authentication | - | 50 | | AH | Authentication | - | 51 | +----------+---------------------------+----------+-------------+
IKE(Internet Key Exchange)
ESP(Encapsulating Security Payload)
AH(Authenticaton Header)
SA(Security Association)
ISAKMP(Internet Security Association and Key Management Protocol)
L2TP/IPsec(Layer 2 Transport Protocol / IP Security)¶
- L2TP/IPSec PSK
- L2TP/IPSec RSA
SSL VPN(Secure Socket Layer VPN)¶
PPTP(Point to Point Transfer Protocol)¶
IP-VPN / MPLS(Multi Protocol Label Switching¶
- いわゆる閉域網.