Security tunnel in VPN

VPN full name of the virtual private network, the realization of the use of encryption to achieve a secure tunnel, the information from the inside through to achieve security or across the public network to access the private network effect
Encryption, tunneling protocol generally PPTP, IKEv2, L2TP, IPSec, SSL and so on. Here's a brief talk about the characteristics of these types of protocols and how to choose.


PPTP is a point-to-point tunneling protocol developed by the PPTP Forum, which includes companies such as Microsoft and 3Com. The dial-up PPP protocol uses encryption algorithms such as PAP or CHAP, or uses Microsoft's point-to-point encryption algorithm MPPE. By creating VPNs across TCP / IP-based data networks, it enables secure data transfer from remote clients to dedicated enterprise servers.


The IKEv2 protocol uses a "MOBIKE" -Mobility and Multihoming technology to maintain encrypted communications. This enables IKEv2 connections to maintain encrypted connections without frequent flash-offs and disconnections even as users' own network conditions change frequently Reconnection and the like, can greatly improve the stability of the network connection.


L2TP is a successor to PPTP developed by IETF based on L2F (Cisco's Layer 2 Forwarding Protocol). Both L2TP and PPTP encapsulate the data using the PPP protocol and then add an additional header for data transfer over the Internet. PPTP can only establish a single tunnel between two endpoints. L2TP supports the use of multiple tunnels between two endpoints. With L2TP, users can create different tunnels for different quality of service


IPSec consists of a number of underlying protocols that together provide the overall operation of parameter negotiation, connection establishment, tunnel maintenance, data transfer, and connection tear down.

  • IPSec uses IKEv1 or IKEv2 to exchange parameters for key negotiation, as well as exchange derived authentication / encryption keys and security associations (SA).
  • ESP (Encapsulated Security Load) provides a framework for IPSec VPN for data integrity, encryption, authentication, and anti-replay capabilities.
    Authentication Header (AH) provides a framework for features such as data integrity, authentication, and anti-replay (AH does not provide encryption).


SSL provides data privacy, endpoint authentication, information integrity and other features. SSL consists of many subprotocols, two of which are handshaking protocols and recording protocols. The handshake protocol allows the server and client to "confirm each other before negotiating the first data byte for the application protocol to negotiate an encryption algorithm and cryptographic key." During data transmission, the recording protocol encrypts and decrypts the data that is later exchanged using the key generated by the handshake protocol

How to choose the right agreement

In most networks, all three protocols work fine.IKEv2 is the most advanced protocol currently. It is the default preferred VPN protocol for Windows, macOS, and iOS. It is recommended that IKEv2 be the preferred Windows, macOS, iOS, Android user.

Show Comments