IP Security (IPSec) is a group of protocols that authenticate and encrypt every IP packet of a data stream. IPSec operates at the network layer of the OSI model (layer 3), so it can protect both TCP and UDP traffic. IPSec is also part of IPv6.
IPSec uses the Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols to secure data packets, and the Internet Key Exchange (IKE) protocol to exchange cryptographic keys. IPSec has the following two modes:
Transport mode: Used to create peer-to-peer VPNs. Only the data part of the IP packet is encrypted, the header is not modified.
Tunnel mode: Builds a complete IP tunnel to create Network-to-Network VPNs.
The IPSec implementation used by PNS has two main components. Pluto is a userspace application responsible for the key exchange when building VPN connections. KLIPS is a kernel module that handles the encryption and transmission of the tunneled traffic after the VPN connection has been established.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
