VPN protocols

There are three main forms of VPN protocol currently in use, these are:

PPTP (Point to Point Tunnelling Protocol)

PPTP was designed in a consortium led by Microsoft, which included an implementation of the protocol as a standard component of Windows NT 4. Microsoft also released PPTP as a free add-on to Windows 95 and Windows 98, allowing users of (at the time) the most popular version of Windows to access corporate networks.

cc739465.118b42a3-b645-4a73-a207-eba262e5be75(v=ws.10)You can access a private network through the Internet or other public network by using a virtual private network (VPN) connection with the Point-to-Point Tunneling Protocol (PPTP).

PPTP enables the secure transfer of data from a remote computer to a private server by creating a VPN connection across IP-based data networks. PPTP supports on-demand, multiprotocol, virtual private networking over public networks, such as the Internet.

PPTP proved unsuited to large companies (being limited to 255 connections per server), but more seriously, the PPTP standard did not settle on a single form of user authentication or encryption; therefore two companies could offer software supporting PPTP, yet each product would be incompatible with the other! From Windows 2000 onwards, Microsoft replaced PPTP with L2TP (see below).

L2TP (Layer 2 Tunnelling Protocol)

This is an adaptation of a VPN protocol known as L2F originally developed by Cisco to compete with PPTP. In an attempt to improve L2F, a successor was devised by a group composed of the PPTP Forum, Cisco and the Internet Engineering Task Force (IETF). L2TP combines features of both PPTP and L2F.

The Layer 2 Tunneling Protocol (L2TP) is a standard protocol for tunneling L2 traffic over an IP network. Its ability to carry almost any L2 data format over IP or other L3 networks makes it particularly useful. But L2TP remains little-known outside of certain niches, perhaps because early versions of the specification were limited to carrying PPP — a limitation that is now removed.

It is desirable to tunnel L2 traffic over routed L3 networks because L2 networks are generally more transparent, easier to configure and easier to manage than L3 networks. These are desirable properties for a range of applications. In data centers, a flat network is essential for promoting virtual machine (VM) mobility between physical hosts. In companies with multiple premises, the sharing of infrastructure and resources between remote offices can be simplified by L2 tunneling.

The L2TP protocol itself is an open standard defined by the IETF. This article concentrates on the latest Version 3 of the specification, which describes tunneling multiple L2 protocols over various types of packet-switched networks (PSN). The standard discusses tunneling over IP, UDP, Frame Relay and ATM PSNs.

IPSec (Internet Protocol Security)

IPSec was designed by an international committee (The Internet Engineering Task Force (IETF)) between 1992 with a first draft standard published in 1995, the revised standard was published in 1998. IPSec is now the most widely supported protocol with backing from Intel, IBM, HP/Compaq and Microsoft (among others).

IPSec has gained a reputation for security thanks to its use of well-known and trusted technologies. Rather than invent new techniques for encryption, the designers of the protocol built their system on top of existing encryption technologies, which had, in themselves been subjected to intense scrutiny.


L2TP/IPSec as a VPN

Today, with diverse mobile devices used throughout businesses, and pervasive availability of broadband in the home, most corporate networks must provide remote access as a basic necessity. Virtual private network (VPN) technologies are an essential part of meeting that need.

Since L2TP doesn’t provide any authentication or encryption mechanisms directly, both of which are key features of a VPN, L2TP is usually paired with IPSec to provide encryption of user and control packets within the L2TP tunnel. Figure 1 shows a simplified VPN configuration. Here the corporate network on the right contains an L2TP Network Server (LNS) providing access to the network. Remote workers and mobile devices may join the corporate network via IPSec-secured L2TP tunnels over any intermediate network (most likely the Internet).


Figure 1

Clients attaching to the VPN will often run L2TP and IPSec software directly. It is normally unnecessary to install extra software in client systems to communicate with an L2TP VPN server: L2TP VPN software is provided with Windows, OS X, iOS, Androidand Linux systems.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.