vpn tunneling protocols pptp, l2tp, l2tp/ipsec ashkan yousefpour amirkabir university of technology
TRANSCRIPT
VPN TUNNELING PROTOCOLSPPTP, L2TP, L2TP/IPsec
Ashkan YousefpourAmirkabir University of Technology
• PPTP1
• L2TP2
• L2TP/IPsec3
TODAY’S OVERVIEW
WHY USING VPNS?
fast, secure and reliable connection betweenseparated networks
full access on resources from everywhere ->building a virtual local connection
reasonable access: building connection onlyto local ISP
PPTP - enables secure data transfers between a remote client and an enterprise server by creating a VPN across an IP-based internetwork
POINT-TO-POINT TUNNELING PROTOCOL (PPTP) [RFC 2637]
Standard method for transporting multiprotocol datagrams over point-to-point links
Mainly implemented and used by Microsoft Extension of PPP Allows tunneling of PPP datagrams over IP
networks Easy to use and to implement Use of 2 connections
Control connection Tunnel connection
Operates at layer 2 of OSI Uses TCP Port 1723
POINT-TO-POINT TUNNELING PROTOCOL (PPTP) [RFC 2637] - CONTINUED
PPTP is a tunneling protocol provided by Microsoft, which provides remote users, encrypted, multi protocol access to a corporate network over the Internet.
It encapsulates PPP frames in IP data grams Microsoft’s implementation of PPTP has been
found to have several problems that make it vulnerable to attacks, and it also lakes the scalability in that it only supports 255 concurrent connections per server.
Require an IP Network between PPTP Client and PPTP Server ( either LAN or dial- up)
PPTP can support only one tunnel at a time for each user.
PPTP
Uses Generic Routing Encapsulation (GRE) to carry PPP packets
PPP payload can be encrypted and/or compressed
GRE header contains information about tunnel protocol and encryption algorithm
Structure of PPTP packet:
LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]
Uses UDP Can be transported over IP, Frame Relay,
ATM, X.25, ... Allows multiple tunnels with multiple
sessions inside every tunnel UDP Port 1701 Commonly used with IPsec -> L2TP/IPsec
LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]CONTINUED
Structure of L2TP packet:
LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]CONTINUED
A hybrid of Microsoft’s PPTP and Cisco Systems’ Layer 2 Forwarding - L2F protocol
can support multiple, simultaneous tunnels for each user.
It Uses UDP and supports any routed protocol, including IP, IPX and AppleTalk, including frame relay, ATM, X. 25
Because of L2TP’s use of PPTP, it is included as part of the remote access features of most Windows Products
It does not provide cryptographically key security features
LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]CONTINUED
L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP or asynchronous transfer mode (ATM).
L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc.
It can support IPsec for data encryption and integrity
L2TP/IPSEC
Uses IPsec Encapsulating Security Payload (ESP) an IPsec Authentication trailer provides
message integrity and authentication Structure of encrypted packet:
L2TP/IPSEC VS. PPTP
PPTP L2TP/IPsec
data encryption begins after PPP connection is established
data encryption begins before connection is established by negotiating an IPsec Security Association (SA)
use Microsoft Point-to-Point Encryption (MPPE) stream cipher using RSA RC-4 (40, 56, 128 Bits)
use Data Encryption Standard (DES) or 3-DES block cipher (56 or 168 bits)
requires only user-level authentication
user-level and computer-level authentication
still implemented in Windows VPN Client software needed
THANK YOU!Any Questions?