Tag Archive | "vpn"

How VPN Encryption Works


Encryption is the process of obscuring information to make it unreadable without special knowledge, key files, and/or Passwords. You could use encryption to secure files on your computer or the electronic messages you send to friends or colleagues. An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt it.

We have two most common forms of encryption, which are symmetric-key encryption or public-key encryption:

In symmetric-key encryption, all computers (or users) share the same key used to both encrypt and decrypt a message.

In public-key encryption, each computer (or user) has a public-private key pair. One computer uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.

In a VPN, the computers at each end of the tunnel encrypt the data entering the tunnel and decrypt it at the other end. However, a VPN needs more than just keys files to apply encryption. That’s where protocols come in. A site-to-site VPN could use either Internet protocol security protocol (IPSec) or generic routing encapsulation (GRE). GRE provides the framework for how to package the passenger protocol for transport over the Internet protocol (IP). This framework includes information on what type of packet you’re encapsulating and the connection between sender and receiver.

IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server.

IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets. They are Encapsulated Security Payload (ESP) and Authentication Header (AH).

Encapsulated Security Payload (ESP) encrypts the data it’s transporting with a symmetric key.

Authentication Header (AH) uses a hashing operation on the packet header to help hide certain sensitive information like the sender’s identity until it gets to its destination. This makes the sender anonymous to a hacker.

Networked devices can use IPSec in one of two encryption modes. In transport mode, devices encrypt the data traveling between them. In tunnel mode, the devices build a virtual tunnel between two networks. VPNs use the later.

In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP) which is part of the native protocols used by the Internet. More accurately, though, remote-access VPNs use one of three protocols based on PPP:

L2F (Layer 2 Forwarding) — Developed by Cisco; uses any authentication scheme supported by PPP

PPTP (Point-to-point Tunneling Protocol) — Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP

L2TP (Layer 2 Tunneling Protocol) — Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs

VPNs do such a good job at to keep businesses connected around the world. That is why tunneling protocols, haven’t changed much in that time.

Encryption is the process of obscuring information to make it unreadable without special knowledge, key files, and/or Passwords. You could use encryption to secure files on your computer or the electronic messages you send to friends or colleagues. An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt it.

We have two most common forms of encryption, which are symmetric-key encryption or public-key encryption:

In symmetric-key encryption, all computers (or users) share the same key used to both encrypt and decrypt a message.

In public-key encryption, each computer (or user) has a public-private key pair. One computer uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.

In a VPN, the computers at each end of the tunnel encrypt the data entering the tunnel and decrypt it at the other end. However, a VPN needs more than just keys files to apply encryption. That’s where protocols come in. A site-to-site VPN could use either Internet protocol security protocol (IPSec) or generic routing encapsulation (GRE). GRE provides the framework for how to package the passenger protocol for transport over the Internet protocol (IP). This framework includes information on what type of packet you’re encapsulating and the connection between sender and receiver.

IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server.

IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets. They are Encapsulated Security Payload (ESP) and Authentication Header (AH).

Encapsulated Security Payload (ESP) encrypts the data it’s transporting with a symmetric key.

Authentication Header (AH) uses a hashing operation on the packet header to help hide certain sensitive information like the sender’s identity until it gets to its destination. This makes the sender anonymous to a hacker.

Networked devices can use IPSec in one of two encryption modes. In transport mode, devices encrypt the data traveling between them. In tunnel mode, the devices build a virtual tunnel between two networks. VPNs use the later.

In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP) which is part of the native protocols used by the Internet. More accurately, though, remote-access VPNs use one of three protocols based on PPP:

L2F (Layer 2 Forwarding) — Developed by Cisco; uses any authentication scheme supported by PPP

PPTP (Point-to-point Tunneling Protocol) — Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP

L2TP (Layer 2 Tunneling Protocol) — Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs

VPNs do such a good job at to keep businesses connected around the world. That is why tunneling protocols, haven’t changed much in that time.

 

Posted in UncategorizedComments (0)

How Open VPN Works


First of all, what is this OpenVPN that you might have seen its software before, and not installing it?

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS (Note: SSL makes a website secure by encrypting vital information) for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL). It may be important to note that GNU General Public License is a widely used free software license, which guarantees end users the freedom to run, study, share and modify the software.

OpenVPN allows peers (Interconnected nodes) to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. We can esily determine a site is secure when the URL starts with “https” and not just “http”.

OpenVPN has been ported and embedded to several systems. For example, DD-WRT has the OpenVPN server function. SoftEther VPN, a multi-protocol VPN server, has an implementation of OpenVPN protocol.

Private Tunnel VPN is a commercial spin-off of OpenVPN Technologies, a VPN service provider based in the US that, unusually, charges according to data transferred rather than per month.

Features of OpenVPN

Encryption

OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels. It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package. It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an “HMAC Firewall” by the creator). It can also use hardware acceleration to get better encryption performance. Support for mbed TLS is available starting from version 2.3.

Authentication

OpenVPN has several ways to authenticate peers with each other. OpenVPN offers pre-shared keys, certificate-based, and username/password-based authentication. Preshared secret key is the easiest; with certificate based being the most robust and feature-rich In version 2.0 username/password authentications can be enabled, either with or without certificates. However to make use of username/password authentications, OpenVPN depends on third-party modules.

Networking

SecurityOpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created SSL tunnels on a single TCP/UDP port (RFC 3948 for UDP). From 2.3.x series on, OpenVPN fully supports IPv6 as protocol of the virtual network inside a tunnel and the OpenVPN applications can also establish connections via IPv6. It has the ability to work through most proxy servers (including HTTP) and is good at working through Network Address Translation (NAT) and getting out through firewalls. The server configuration has the ability to “push” certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options.

OpenVPN offers several internal security features. It has up to 256-bit Encryption through OpenSSL library although some service providers may offer lower rates effectively making the connection faster. It runs In userspace, instead of requiring IP stack (and therefore kernel) operation. OpenVPN has the ability to drop root priveledges, use mlockall to prevent swapping sensitive data to disk, enter a chroot jail after initialization and apply a SELinux context after initialization.

OpenVPN runs a custom security protocol based on SSL and TLS rather than support IKE, IPsec, L2TP or PPTP. OpenVPN offers support of smart cards via PKC#11 based cryptographic tokens.

Extensibility

OpenVPN can be extended with third-party plug-ins or scripts which can be called at defined entry points. The purpose of this is often to extend OpenVPN with more advanced logging, enhanced authentication with username and passwords, dynamic firewall updates, RADIUS integration and so on. The plug-ins are dynamically loadable modules, usually written in C, while the scripts interface can execute any scripts or binaries available to OpenVPN. In the OpenVPN source code there are some examples of such plug-ins, including a PAM authentication plug-in. Several third party plug-ins also exist to authenticate against LDAP or SQL databases such as SQLite and MySQL.

Platforms

It is available on Solaris, Linus OpenBSD, FreeBSD, NetBSD QNX, Mac OS X, and Windows XP and Later. OpenVPN is available for mobile phone operating systems (OS) including Maemo, Windows Mobile 6.5 and below, IOS 3GS+ devices, jailbroken IOS 3.1.2+ devices, Android 4.0+ devices, and Android devices that have had the Cyanogenmod aftermarket firmware flashed or have the correct kernel module installed. It is not compatible with some mobile phone OSes, including Palm OS.

 

Posted in UncategorizedComments (3)


high-speed-premium-vpn-square-7ad344e44db7fad48c20584ad45b3dc1

Share this page

Related Sites