Alternative VPN Implementations

by Krelle Xijao.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on protocols  

You are here: Categories » Electronics and communication » Protocols

In addition to standard VPN protocols, customized VPN solutions also exist. We will briefly guide you through some of the well-known open source solutions, such as cIPe, OpenVPN, and VTun.

cIPe

Claiming to provide nearly the same level of security as IPSec, cIPe works on the IP level and allows tunneling of the higher layer protocols (e.g., ICMP, TCP, UDP). The operation mechanism is pretty similar to the PPP, but cIPe does encapsulate transmitted IP packets within UDP datagrams. The development of cIPe was focused on provision of a lightweight protocol that uses reasonably secure Blowfish and IDEA cryptographic algorithms for data encryption, but at the same time is easy to set up and manage and offers a slightly better performance than IPSec. The use of a single UDP port for tunnel encapsulation allows cIPe an easy traverse through NAT and stateful firewalls, making it an ideal solution for less experienced VPN users who need a great level of interoperability. Both UNIX and Windows cIPe clients are available for free. Unfortunately, numerous flaws in the design of cIPE surfaced in 2003 and are likely to stay unfixed until the new version of the cIPE protocol is released.

OpenVPN

OpenVPN is another open source solution similar in functionality to cIPe. The package is easy to install and configure and is known to work on most UNIX-like systems that support TUN/TAP virtual network drivers. Because it runs in user space, kernel-level modifications are not required. OpenVPN has been built with a strongly modular design, where all cryptographic functions are handled through the OpenSSL library, including support for the latest ciphers, such as 256-bit AES. Thus, it fully supports the OpenSSL PKI for session authentication, the TLS protocol for key exchange, the cipher independent EVP interface for data encryption, and HMACs for data authentication. Similarly to cIPe, the use of a single UDP port for tunnel encapsulation allows an easy traverse through NAT and stateful firewalls. At the time of writing, the package has not been ported to Windows.

VTun

VTun is another package that uses the TUN/TAP virtual network driver for IP tunneling. It supports all common Layer 3 protocols, including IPX and AppleTalk, protocols that run over serial lines such as PPP and SLIP, and all programs that support UNIX pipes. The built-in traffic shaper allows limiting inbound and outbound speed of the tunnels and makes this solution different from the rest. In terms of data confidentiality, VTun does not claim to be the most secure; instead it focuses on speed, stability, and usability. At the same time, it supports 128-bit Blowfish for data encryption and MD5 for 128-bit hash generation. There is no Windows version available, so you are generally limited to the UNIX-like platforms that support the TUN/TAP driver.

Share
Leave a comment or ask a question
Total comments: 0

Protocols Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
IPv6 Routing Protocols - An IPv6 network consists of multiple IPv6 subnets interconnected by IPv6 routers. To provide reachability to any arbitrary location on the IPv6 network, routes must exist on sending hosts and r (more...)
History of the Internet - During the 1960s, the U.S. Department of Defense’s Advanced Research Projects Agency (ARPA, later called DARPA) began an experimental wide area network (WAN) that spanned the United States (more...)
Internet Protocol - The Internet Protocol (IP) part of the TCP/IP suite is a four-layer model. IP is designed to interconnect networks to form an Internet to pass data back and forth. IP contains addressing and contro (more...)
Transmission Control Protocol - IP has many weaknesses, one of which is unreliable packet delivery—packets may be dropped due to transmission errors, bad routes, and/or throughput degradation. The Transmission Control Proto (more...)
Internet Control Message Protocol ICMP - The Internet Control Message Protocol (ICMP) delivers message packets, reporting errors and other pertinent information to the sending station or source. Hosts and infrastructure equipment use this (more...)
THE WEB APPLICATION ARCHITECTURE - Web application architectures most closely approximate the centralized model of computing, with many distributed “thin” clients that typically perform little more than data presentati (more...)
DNS risks and security - DNS is the Domain Name System. It's a UDP- and TCP-based protocol that listens on port 53. TCP connections are commonly used for zone transfers. The DNS matches IP addresses to hostname (more...)
FTP with IPv6 - FTP has been designed to work over IPv4 supporting 32-bit addresses. With RFC 2428, "FTP Extensions for IPv6 and NATs," a specification was made that allows FTP to work over IPv4 and IPv6. Duri (more...)
DNS in the IPv6 world - DNS is used in the IPv4 world to do name-to-address mappings and vice versa. This is not changing in the IPv6 world. The need for DNS is actually much greater because of the length of IPv6 addr (more...)
RADIUS Vulnerabilities - RADIUS is known to have a set of weaknesses that are either presented in the protocol itself or caused by poor client implementation. The stateless UDP protocol itself allows easier packet forg (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.