‘VPN’ has become a catch-all term nowadays.
What does VPN mean ?
→ A software used to insure privacy on the internet ?
→ A way to connect 2 distant private networks together ?
→ An encryption mechanism ?
→ A tunneling protocol ?
→ A type of router / firewall ?
→ A layer 2 / 3 / 4 protocol ?
I’ll try to shed light on everything above.
Plan
- Network tunnels (types, layers)
- Basic tunneling protocols (IP-in-IP, GRE)
- Improved tunneling protocols (PPTP, L2TP)
- Security (IPSec, TLS)
- VPN Timeline
Network tunnels
In computer networks, a tunneling protocol is a communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network (such as the Internet) through a process called encapsulation.Because tunneling involves repackaging the traffic data into a different form, perhaps with encryption as standard, it can hide the nature of the traffic that is run through a tunnel. (Wikipedia)
Tunnel types
Tunneling layers
Tunneling layers can be quite confusing since it modifies our OSI model conception.
I think the two interesting questions to ask for each tunnel technology are:
At which OSI layer is the tunnel established ?
→ Can be layer 3 or above
What is the OSI layer of the content transported through the tunnel ?
→ Could be layer 2 or above
Layer 2 content transported
Layer 2 data is encapsulated, sent through the tunnel and unencapsulated at the other side of the network.
Depending on the tunnel protocol, different layer 2 formats are available such as:
- PPP (Point to Point Protocol)
- Ethernet
- …
One advantage of transporting layer 2 content is that computers on both sides could use layer 2 features (such as MAC addresses, DHCP requests with ethernet).
Layer 3 content transported
Layer 3 data is encapsulated, sent through the tunnel and unencapsulated at the other side of the network, on the VPN router. The VPN router can then redirect the packets to the correct local host.
IP assignments
When a tunnel is created, a virtual interface is created on the client connecting to the remote site.
This virtual interface (also called tunnel interface) needs a private IP address.
If the tunnel transports layer 2 content, the client should be able to get an IP address (inside LAN block) from the DHCP server of the remote LAN as a DHCP request is layer 2 protocol.
If the tunnel transports layer 3 content, the client is unable to use DHCP. Thus it will be the remote ‘Tunnel server’ which will assign a private IP from its pre configured Virtual IP Address Pool (VIPAP). This VIPAP should not of course enter in conflict with the local IP addresses of the LAN.
Advantages / disadvantages
Basic tunneling protocols
Let’s start studying basic tunneling protocols.
Keep in mind that there is no security mechanism for the moment (encryption, integrity, …).
IP-in-IP tunnel
IP-in-IP is a layer 3 tunneling protocol transporting layer 3 data.
This tunnel technology is not too hard to understand: an IP packet is encapsulated as the payload of another IP packet which will transport it.
Outer IP header has a protocol field of 4 (indicating its payload is another IP datagram).
Quick note here: as the IP protocol number is known (n° 4), any intermediate router could detect and block this kind of traffic.
IP-in-IP Example
In figure 5, there are 2 LANs (10.0.1.0/25 and 10.0.1.128/25) geographically distant which are connected together thanks to an IP tunnel.
H1 and H2 have an entry in their routing table which states that every packet with destination
10.0.1.128/25 should be sent to the GW1 router.
When GW1 receives LAN traffic that tries to reach 10.0.1.128/25, It is configured to encapsulate the whole packet in a newly created packet which has the public IP of the GW2 router as destination.
GW2 will ‘de-encapsulate’ the data received from GW1 and send it to the right host in the LAN.
Some edge cases can cause errors in this tunneling technology:
- If the DF (Don’t Fragment) bit is set to 1 in the inner IP packet but then the outer IP header is added, it could create issues with MTU …
- ICMP protocol can encounter issues (such as traceroute) because of the encapsulation.
Generic Routing Encapsulation (GRE)
GRE is a layer 3 tunneling protocol transporting any layer (mostly layer 3 content) depending on its implementation.
GRE has its own IP protocol number which is 47 and doesn’t encrypt anything on its own.
In contrast to IP-in-IP, GRE tunnels have the following advantages:
- Encapsulate any layer three protocol (versus just IP)
- Add an additional checksum (which isn't useful for TCP/IPv4)
- Specify a tunnel key
- Enforce packet sequencing
Source: https://packetlife.net/blog/2012/feb/27/gre-vs-ipip-tunneling/
Improved tunneling protocols
We’ve seen two basic tunneling protocols (IP-in-IP and GRE).
Let’s see two tunneling protocols that are a bit more complex now: PPTP and L2TP.
These protocols have two distinct channels, one to control the creation and life cycle of the tunnel (and some configurations) while the other channel is dedicated to data traffic.
PPTP (Point to Point Tunneling Protocol)
PPTP is a Microsoft tunneling protocol which is based on GRE (GRE embeds layer 2 PPP frames instead of IP packets in this implementation).
This protocol is considered obsolete nowadays but it is still in use in some networks.
PPTP opens two communication channels:
- control channel in order to control the link state (TCP port 1723 of the remote server). This channel is established first.
- data channel where data are exchanged. It uses the IP protocol number 47 (GRE).
As you can understand it is hard to speak of a distinct OSI layer for this tunneling protocol because:
→ It transports layer 2 content (PPP frames)
→ It is established both on layer 3 (data channel) and layer 4 (TCP control channel)
L2TP (Layer 2 Tunneling Protocol)
L2TP creates an IP tunnel for PPP frames between a “client” and a remote network.
The “client” is called a LAC (L2TP Access Concentrator) and the remote network is called a LNS (L2TP Network Server).
L2TP uses UDP for encapsulation:
The client (LAC) creates a virtual network interface (also called tunnel interface).
Connections using this interface send their usual internet traffic (TCP/UDP socket).
PS: In Figure 12, I am not sure whether the UDP header is created by the Virtual NIC (tunnel interface) or by the physical NIC.
2 types of message can be sent in a L2TP tunnel:
- control message (to create, delete, configure the tunnel)
- data messages (encapsulated frame)
Both messages use the L2TP Common header:
Creation of the L2TP tunnel
Using the L2TP header, a handshake is made (like TCP).
Tunnel ID is set during handshake in order to manage multiple tunnels.
Tunnel control messages are “reliable” thanks to acknowledgment and seq numbers used inside the L2TP header.
.
Security
Security is one important feature of VPNs.
In fact a VPN is no more than security added to a tunnel technology.
Some VPNs have the tunnel and security technologies tightly coupled, some others not …
Let’s see security / cryptographic tools that tunnels can use such as IPSec and TLS.
IPSec
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. (Wikipedia)
IPSec is divided into two steps:
- Key exchange using IKE to authenticate and get ready to establish an IPSec connection.
- IPSec connection configuration (selecting either AH or ESP protocol).
The purpose of these steps is to ensure confidentiality, integrity, and authentication.
Let’s understand them a bit more.
Internet Key Exchange — IKE
IKE is the protocol (UDP port 500) used to set up a security association (SA) in the IPsec protocol.
Its purpose is to securely agree on a shared secret (session key) between two hosts.
IKE is divided in two steps:
1) Authentication of the “client”
2) Perform a Diffie-Hellman key exchange.
1) Authentication
During this phase, the initiator authenticates and agrees on some parameters such as session duration, hash algorithm to use, …
Authentication is done by using either PSK or PKI.
- PSK — Pre Shared key
The tunnel server has some information configured on it such as a ‘username+password’ combination (for client-to-site) or ‘public IP+password’ (for site-to-site).
The client which wants to establish a connection hashes its combination and send it to the tunnel server. The tunnel server will then be able to calculate and compare the hash to authenticate the client. - PKI — Public Key infrastructure
The tunnel server has multiple CA public keys. Whenever a client wants to establish a communication, it will send its certificate. The tunnel server will then be able to verify the certificate thanks to one of his CA public keys (the certificate could also be self signed).
2) Diffie-Hellman key exchange
Once authenticated, the initiator and tunnel server agree on a DH shared secret key.
At the end of this first step, a secure “ISAKMP tunnel” which is going to be used for the IPSec negotiation is established.
IPSec connection configuration
Now that an ISAKMP tunnel has been created thanks to IKE, IPSec uses that link to create its tunnel on top of it.
IPSec connection configuration is the negotiation of parameters for the IPSec tunnel that will be built on top:
→ IPsec Protocol: do we use AH or ESP?
→ Encapsulation Mode: transport or tunnel mode?
→ Encryption: what encryption algorithm do we use? DES, 3DES or AES?
→ Authentication: what authentication algorithm do we use? MD5 or SHA?
→ Lifetime: how long is the IKE phase 2 tunnel valid? When the tunnel is about to expire, we will refresh the keying material.
→ (Optional) DH exchange: used for PFS (Perfect Forward Secrecy).
Source: https://networklessons.com/cisco/ccie-routing-switching/ipsec-internet-protocol-security
IPSec protocols and modes
An IPSec connection uses either AH or ESP protocol (it can be both but we won’t consider that case for clearness). Each protocol can be used in transport or tunnel mode.
AH — Authentication header
AH doesn’t provide confidentiality (encryption) but integrity and authentication.
It does it by adding an AH header to the IP packet. This is called transport mode.
The most important field of this AH header is “Integrity Check Value (ICV)”.
Integrity Check Value (ICV) is a hash (HMAC-MD5 or HMAC-SHA) of most fields of the IP header (except some which could change such as TTL) and a secret AH shared key.
The receiver can check if the hash is correct which guarantees the fields didn’t change between the source and the destination.
AH header can be used for tunnel mode (which is needed for VPNs):
In this case, an outer IP header is added.
The inner IP packet is fully added to the hashed content ensuring a complete authentication of the inner IP packet.
AH tunnel mode has 2 downsides for VPN:
→ No encryption
→ NAT / PAT not working since IP address and port number are part of the hash (hence, cannot change).
ESP solves those two “issues”.
ESP — Encapsulating security payload
→ ESP encrypts the data (transport mode in Figure 17).
→ ESP doesn’t authenticate the full outer IP header. Thus NAT and PAT are supported.
ESP has the IP protocol number 50.
The ESP Auth contains the hash to check the integrity.
L2TP tunnels use an IPSec implementation to secure the tunnel. ESP is mostly used in tunnel mode for VPN.
TLS
TLS is a layer 4 protocol (TCP port 443) used by some VPNs to establish a secured tunnel.
TLS VPNs differ from web browsers since what is exchanged through the link is not HTTP content but IP packets (or even layer 2 frames).
TLS has an advantage compared to layer 3 and layer 2 VPNs as it is harder to detect / block it.
Indeed, outer IP packets of TLS VPN won’t have a specific ICMP code.
However, TLS VPNs have a big downside: the TCP meltdown problem.
TCP meltdown refers to speed issues due to the fact that if a TCP segment is encapsulated inside another TCP segment, it can cause a lot of retransmissions.
That’s why it is recommended to use UDP instead of TCP if possible with these kinds of tunnels.
TLS handshake
TLS handshake occurs just after TCP handshake.
Thanks to the server public certificate, the client can use the server public key and establish a shared session key for further conversation.
More details on the TLS handshake here:
https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
Example of VPN technologies using TLS
- OpenVPN
- SSTP
VPN Timeline
To end this blog post I created a timeline of the different VPN technologies (I included ToR at the end but it is not a VPN).
I based the dates on the RFC but don’t be fooled, a lot of other RFCs have been added later for most items such as L2TPv3 in 2005 or TLS 1.3 in 2018.
Conclusion
It took me some time to write this blog post and I had to make multiple modifications before publishing it.
→ It is hard to be brief without being simplistic on a topic as broad as the VPNs / tunnels.
→ Having never really studied VPNs before, this blog post gave me the opportunity to improve my knowledge on this topic.
As a consequence I do not guarantee this blog post to be error free …
Thus, if you detect any error, don’t hesitate to let me know, it would be greatly appreciated.
You can also follow me on twitter and check out the references below if you want to dive deeper into the subject.
References
Books
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Websites
https://en.wikipedia.org/wiki/Tunneling_protocol
https://www.youtube.com/watch?v=lPkARHDJBac
https://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/23980-l2tp-23980.html
https://www.frameip.com/l2tp-pppoe-ppp-ethernet/#53-8211-les-concentrateurs-drsquoacces-8211-lac
https://cybersecurity.att.com/blogs/security-essentials/the-ultimate-guide-to-vpn-encryption-protocols-and-ciphers
https://networkengineering.stackexchange.com/questions/46877/how-are-vpn-clients-given-ip-addresses-when-they-connect-to-vpn-routers-such-as
https://en.wikipedia.org/wiki/IPsec
https://cromwell-intl.com/networking/what-is-ipsec.html
https://networklessons.com/cisco/ccie-routing-switching/ipsec-internet-protocol-security#IKE_Phase_1
https://wikipedia.org
Images
Figure 3
https://ipwithease.com/layer-2-vs-layer-3-vpn/
Figure 4
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Figure 5
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Figure 6
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Figure 7
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Figure 8
https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation
Figure 9
https://www.researchgate.net/figure/PPTP-Tunnel-Data-Frame-Format_fig3_287458379
Figure 10
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Figure 11
https://www.speaknetworks.com/configuring-l2tp-ipsec-vpn-cisco-asa/
Figure 13
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Figure 14
VPNs Illustrated: Tunnels, VPNs, and IPsec — Jon C. Snader
Figure 15
https://networklessons.com/cisco/ccie-routing-switching/ipsec-internet-protocol-security
Figure 16
https://networklessons.com/cisco/ccie-routing-switching/ipsec-internet-protocol-security
Figure 17
https://networklessons.com/cisco/ccie-routing-switching/ipsec-internet-protocol-security
Figure 18
https://networklessons.com/cisco/ccie-routing-switching/ipsec-internet-protocol-security
Figure 19
https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
