This network is said to be virtual because it links two "physical" networks (local area networks) using an unreliable connection (the Internet), and private because only computers which belong to a local area network on one end of the VPN or the other can "see" the data.
Operation of a VPN
- PPTP (Point-to-Point Tunneling Protocol) is a layer 2 protocol developed by Microsoft, 3Com, Ascend, US Robotics and ECI Telematics.
- L2F (Layer Two Forwarding) is a layer 2 protocol developed by Cisco, Northern Telecom and Shiva. It is now nearly obsolete.
- L2TP (Layer Two Tunneling Protocol), the outcome of work by the IETF (RFC 2661), brings together the features of PPTP and L2F. It is a layer 2 protocol based on PPP.
- IPSec is a layer 3 protocol created by the IETF that can send encrypted data for IP networks.
- IP Authentication Header (AH), which involves integrity, authentication and protection from replay attacks on packets.
- Encapsulating Security Payload (ESP), which defines packet encryption. ESP provides privacy, integrity, authentication and protection against replay attacks.
- Security Association (SA) which defines key exchange and security settings. SAs include all information on how to process IP packets (the AH and/or ESP protocols, tunnel or transportation mode, the security algorithms used by the protocols, the keys used, etc.) The key exchange is done either manually or with the exchange protocol IKE (most of the time), which enables both parties to hear one another.