VPN TUNNELING PROTOCOLSPPTP, L2TP, L2TP/IPsec

Ashkan YousefpourAmirkabir University of Technology

• PPTP1

• L2TP2

• L2TP/IPsec3

TODAY’S OVERVIEW

WHY USING VPNS?

fast, secure and reliable connection betweenseparated networks

full access on resources from everywhere ->building a virtual local connection

reasonable access: building connection onlyto local ISP

PPTP - enables secure data transfers between a remote client and an enterprise server by creating a VPN across an IP-based internetwork

POINT-TO-POINT TUNNELING PROTOCOL (PPTP) [RFC 2637]

Standard method for transporting multiprotocol datagrams over point-to-point links

Mainly implemented and used by Microsoft Extension of PPP Allows tunneling of PPP datagrams over IP

networks Easy to use and to implement Use of 2 connections

Control connection Tunnel connection

Operates at layer 2 of OSI Uses TCP Port 1723

POINT-TO-POINT TUNNELING PROTOCOL (PPTP) [RFC 2637] - CONTINUED

PPTP is a tunneling protocol provided by Microsoft, which provides remote users, encrypted, multi protocol access to a corporate network over the Internet.

It encapsulates PPP frames in IP data grams Microsoft’s implementation of PPTP has been

found to have several problems that make it vulnerable to attacks, and it also lakes the scalability in that it only supports 255 concurrent connections per server.

Require an IP Network between PPTP Client and PPTP Server ( either LAN or dial- up)

PPTP can support only one tunnel at a time for each user.

PPTP

Uses Generic Routing Encapsulation (GRE) to carry PPP packets

PPP payload can be encrypted and/or compressed

GRE header contains information about tunnel protocol and encryption algorithm

Structure of PPTP packet:

LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]

Uses UDP Can be transported over IP, Frame Relay,

ATM, X.25, ... Allows multiple tunnels with multiple

sessions inside every tunnel UDP Port 1701 Commonly used with IPsec -> L2TP/IPsec

LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]CONTINUED

Structure of L2TP packet:

LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]CONTINUED

A hybrid of Microsoft’s PPTP and Cisco Systems’ Layer 2 Forwarding - L2F protocol

can support multiple, simultaneous tunnels for each user.

It Uses UDP and supports any routed protocol, including IP, IPX and AppleTalk, including frame relay, ATM, X. 25

Because of L2TP’s use of PPTP, it is included as part of the remote access features of most Windows Products

It does not provide cryptographically key security features

LAYER 2 TUNNELING PROTOCOL (L2TP) [RFC 2661]CONTINUED

L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP or asynchronous transfer mode (ATM).

L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc.

It can support IPsec for data encryption and integrity

L2TP/IPSEC

Uses IPsec Encapsulating Security Payload (ESP) an IPsec Authentication trailer provides

message integrity and authentication Structure of encrypted packet:

L2TP/IPSEC VS. PPTP

PPTP L2TP/IPsec

data encryption begins after PPP connection is established

data encryption begins before connection is established by negotiating an IPsec Security Association (SA)

use Microsoft Point-to-Point Encryption (MPPE) stream cipher using RSA RC-4 (40, 56, 128 Bits)

use Data Encryption Standard (DES) or 3-DES block cipher (56 or 168 bits)

requires only user-level authentication

user-level and computer-level authentication

still implemented in Windows VPN Client software needed

THANK YOU!Any Questions?