VPN
( virtual private network ) It is no longer a simple encrypted access tunnel , It has integrated access control , Transmission management , encryption , Routing , Availability management and other functions , And plays an important role in the global information security system . Also on the network , About various VPN The advantages and disadvantages of the agreement are different , Wise men see wisdom , Many technicians consider that , Include access control ,
Safe and user-friendly , Flexible expansion and other aspects , weigh the advantages and disadvantages , Cruel Dilemma ; Especially in VOIP In voice environment , Network security is particularly important , So now more and more VoIP and voice gateway support VPN agreement .
<>PPTP
Point to point Tunneling Protocol (PPTP)
By including Microsoft and 3Com And other companies PPTP A point-to-point tunneling protocol developed by the Forum , Dial up based PPP Protocol use PAP or CHAP Encryption algorithms like , Or use Microsoft Point to point encryption algorithm based on MPPE. It is based on
TCP/IP Data network creation for VPN Secure data transmission from remote client to dedicated enterprise server .PPTP Support through public network ( for example
Internet) Build on demand , Multi protocol , Virtual private network .PPTP Allow encryption IP communication , And then when you want to cross the company IP Network or public IP network ( as
Internet) Sent IP Encapsulate it in the header .
<>L2TP
Section 2 Layer tunneling protocol (L2TP) yes IETF be based on L2F (Cisco Layer 2 Forwarding Protocol for ) Developed PPTP Subsequent versions of . Is an industry standard Internet
Tunneling Protocol , It can be a point-to-point protocol for sending across packet oriented media (PPP)
Frame provides encapsulation .PPTP and L2TP All use PPP Protocol encapsulates data , Then add additional packet headers for data transmission on the Internet .PPTP Only a single tunnel can be built between two end points .
L2TP Support the use of multiple tunnels between two end points , Users can create different tunnels for different quality of service .L2TP Tunnel verification can be provided , and PPTP Tunnel verification is not supported . But when L2TP
or PPTP And IPSEC When used together , Can be IPSEC Provide tunnel verification , No need to 2 Verify tunnel usage on layer protocol L2TP.
PPTP The Internet is required to be IP network .L2TP Only tunnel media is required to provide packet oriented point-to-point connections ,L2TP Can be found in IP( use UDP), Frame relay permanent virtual circuit
(PVCs),X.25 Virtual circuit (VCs) or ATM VCs Use on the network .
<>IPSec
IPSec
The tunnel is encapsulated , The whole process of routing and de encapsulation . Tunnel hides raw packets ( Or encapsulation ) Inside the new packet . The new packet may have new addressing and routing information , So that it can be transmitted over the network . When tunnel is used in combination with data confidentiality , Those who eavesdrop on the network will not be able to obtain the original packet data ( And the original source and target ). After the encapsulated packet arrives at the destination , Package will be deleted , Raw packet headers are used to route packets to their final destination .
<> Common tunnel technology
network layer :IPv6 Tunnel ,ICMP Tunnel ,GRE Tunnel
Transport layer :TCP Tunnel ,UDP Tunnel , General port forwarding
application layer :SSH Tunnel ,HTTP Tunnel ,HTTPS Tunnel ,DNS Tunnel
Technology