I agree that reading too much about VPN Protocols might be boring at times but sometimes you got to plunge into the boring details of a technology in order to understand that technology better. I promise to stay away from such boring topics once I am done with this series on VPN Protocols, but for now please bear with me. I am trying to fill up the archives of How to Hide IP with some really good information. Learn about VPN protocols IPSec.
Till now, we have covered the below VPN Protocols (the list is being updated as and when new content is written):
- Point-to-Point Tunneling Protocol
- Layer 2 Tunneling Protocol
- IPSec (this article itself)
What is IPSec?
When I say IPSec then I guess the Windows-based users should feel an adrenaline rush. After all, IPSec is their protocol which is used in partnership with the likes of Layer 2 Tunneling Protocol. IPSec can be used as a tunneling protocol on its own.
It has been tagged by many critics as the standard VPN solution due to its balanced nature and list of amazing features. One such important feature that helps IPSec achieve the status of standard VPN solution is its improved connectivity in case of gateway-to-gateway VPNs. IPSec operates at a higher position in our network OSI model which we call as network layer (whose commercial name is Layer 3.)
IPSec on hardware VPN machines
IPSec is also famous for its implementation by most of the hardware VPN machines. To take an example, Cisco’s VPN and the PIX firewalls use IPsec. Others using IPSec are SonicWall, NetScreen, and WatchGuard machines. Some of the enterprise level software firewalls that support IPSec are CheckPoint, ISA Server, and Symantec Enterprise Firewall. Please understand that this was just a list of hardware and software that support IPSec. You will find a lot more once you start Googling.
While in tunnel mode, IPSec smartly secures packets that are being moved from one gateway to other or from a client computer to a gateway. VPN protocols IPSec works with IP based applications and networks. Wasn’t that pretty obvious due to its name? Just like L2TP and PPTP, even IPSec looks for a client installed on the local machine for it to work properly.
When it comes to authentication, IPSec uses Internet Key Exchange (IKE) protocol with digital certificates (the more secure method) accompanied. In some cases, preshared key is used in place of digital certificates. Due to these features, IPSec is smart enough to protect VPN services from famous hack attacks like – man-in-the-middle attack, Replay, and Denial-of-Service (DoS) attack.
VPN Protocols IPSec support
IPSec is supported by Windows XP/2000/2003 only. The older version of the Windows Operating System does not support IPSec. Third-party VPN vendors, like Cisco and CheckPoint, will provide client-based custom software when they offer VPN services. Please understand that these might cost you some money.
How to set up an IPSec VPN connection
The IPSec protocol suite is used to secure IP packets during a communication session. The end-to-end security that is implemented on IPSec allows for this to be implemented either in a host-to-host flow, network-to-network or in a network-to-host data flows. When implementing an IPSec VPN connection when located behind a router or when using a private IP address, a download update is required from Microsoft to successfully connect to an IPSec VPN connection.
How to setup IPSec VPN
Create a new network connection from the “My Network Places” on any Windows operating system.
Use the “Virtual Private Network Connection” for this connection. Some of this option is not available. To re-enable it, go to your processes and enable the Remote Access Connection Manager.
Type a connection name under the “VPN Server Selection” window in the format shown below:
Ipsec.newyork.edu
Do not use a smart card when prompted to use one.
When configured properly, the VPN connection should open automatically allowing you to configure the already set up connection.
Right-click the new VPN connection icon and select “Properties”.
Set the type of VPN to “L2TP IPSec VPN”.
Check the items below under the field “This connection uses the following items”:
- Internet Protocol (TCP/IP)
- File and Printer Sharing for Microsoft Networks
- Client for Microsoft Networks
- QoS Packet Scheduler
Set the connection to get an automatic IP and DNS address.
When establishing an IPSec VPN connection, it may take some time before the connection and settings are picked, so be patient and give it a little time before making changes to the connection or using new configurations.
Troubleshooting IPSec VPN connections
When troubleshooting IPSec VPN connections, the first place you want to look at is the IPSEC System Log. The log will provide fine details on what is keeping the connection from establishing and can help you to determine what is going on.
The L2TP tunneling protocol is implemented with IPSec because it lacks confidentiality. L2TP packets are hidden within IPSec packets securely hiding any information about the internal private network. In an L2TP/IPSec implementation, the IPSec thus provides the secure channel while the L2TP provides the tunnel or channel for packet transmission.
IPSec VPN Providers
If you do not have your own VPN server to connect to you may get access to VPN services (ibVPN, NordVPN, PureVPN, HideMyAss) that provide access to servers located all over the World. Most of the providers allow IPSec/L2TP connections and also detailed tutorials to setup IPSec VPN.