All you need to know about VPN tunnel
VPN technology is derived from the principle of tunneling. A valid network connection can be established and maintained with the help of VPN tunneling. This connection constructs packets using a particular protocol of VPN. Then the packets are encapsulated within a carrier protocol. Then they are transmitted between the client and the server. At the receiving end the packets are de-encapsulated. In case of internet-based VPNs, Internet Protocol packets are used for encapsulation of packets (which follow any one of VPN protocols). For keeping the tunnels safe and secured VPN protocols support encryption and authentication.
VPN Tunneling Types
Two kinds of tunneling technology commonly used by VPN are voluntary tunneling and compulsory tunneling.
The connection setup is managed by the VPN client in voluntary tunneling. At first, a connection is made by the client with Carrier network provider. For Internet VPNs, the client connects with an ISP. Then, the tunnel to VPN server is created by the client application over the live connection.
The connection setup is managed by carrier network provider in compulsory tunneling. When a connection is made with the carrier for the first time by the client, the carrier arranges a VPN connection among VPN server and the client. Compulsory tunneling associates the clients with specific servers using logic that exists within the arranging device. The network device is known as Network Access Server or NAS and also Front End Processor or FEP. The details about server connectivity are hidden from the clients by compulsory tunneling. The management control is transferred from the clients to ISP by compulsory tunneling mechanism. The installation and maintenance of FEP devices are done by the service providers.
VPN Tunneling Protocols
Various types of network protocols are put into operation for using them with VPN tunnels. Common VPN tunneling protocols are listed below:
Point-to-Point Tunneling Protocol or PPTP: Multiprotocol traffic is encapsulated in IP header after being encrypted and then send across IP network by using PPTP. Site-to-site VPN connections and remote access are achieved by using PPTP. PPP frames, found in IP datagrams, are encapsulated by PPTP for sending them over the network. For tunnel management and encapsulation of PPP frames, a TCP connection and a customized Generic Routing Encapsulation are used by PPTP. Payloads of PPP frames (which are encapsulated) can be compressed or encrypted.
Layer2 Tunneling Protocol or L2TP: L2TP enables encryption and then transfer of multiprotocol traffic via any network which can support PPTP. A combination L2F (Layer 2 Forwarding) and PPTP is L2TP. The best characteristics of both are incorporated into L2TP. The name L2TP is derived from the fact that it situated at Layer 2 (data link layer) in OSI model.
SecureSocket Tunneling Protocol or SSTP: This is a new protocol which uses HTTPS protocol at TCP port 443. This protocol can pass traffic through Web proxies and firewalls that block L2TP/IPSec and PPTP traffic. Transport level security is provided by Secure Sockets Layer with the help of advanced integrity checking, encryption a nd key negotiations.