A Survey of VPN Performance Evaluation

Virtual Private Network (VPN) is commonly used in business situations to provide secure communication channels over public infrastructure such as Internet. A VPN operates by passing data over the Internet or corporate intranet through ?tunnels? which are secure, encrypted virtual connections that use the Internet as the connection medium[13].The VPN establishes tunnels between servers in a site-to-site VPN, clients and servers in a client-to site VPN[13]. VPN is a technology that does provide security strong enough for business use. However, performance of these networks is also important in that lowering network and server resources can lower costs and improve user satisfaction.VPN have many protocols PPTP, L2TP, IPSec for the performance and security. In this research we evaluate performance of VPN using IPSec (Internet Protocol Security). IPSec is a framework for a set of protocols and algorithms for security at the network layer by authenticating and encrypting each packet between two IPSec gateways (GWs).So IPSec protocol is better than the other protocol it give better performance than the other protocol

PERANCANGAN, IMPLEMENTASI, DAN ANALISA PERBANDINGAN L2TP/IPSEC VPN DENGAN OPENVPN PADA MIKROTIK ROUTER

ABSTRAKSI: Semakin berkembangnya proses bisnis dan kebutuhan yang meningkat cepat menyebabkan diperlukan metoda pertukaran informasi yang mudah, cepat dan aman. Metoda komunikasi data pada internet tidak menjamin privasi, karena jaringan internet menghubungkan seluruh penggunanya. Oleh karena itu dibuat VPN, yakni metoda untuk menghubungkan 2 atau lebih site yang berbeda sehingga dapat berhubungan secara pribadi melalui jaringan internet.L2TP/IPsec VPN dan OpenVPN merupakan contoh VPN yang telah berkembang saat ini. L2TP/IPsec VPN menggunakan protokol tunneling L2TP yang merupakan pengembangan dari PPTP dari Microsoft dan L2F dari Cisco, untuk keamanan L2TP menggunakan protokol sekuriti IPsec. OpenVPN merupakan open source software yang mengimplementasikan VPN, OpenVPN menggunakan SSL/TLS untuk mekanisme keamanannya.Pada umumnya perusahaan menggunakan router sebagai gateway untuk menghubungkan jaringan lokal dengan jaringan internet, hal ini dikarenakan router juga dapat melakukan pengaturan jaringan hingga tingkat IP. Mikrotik router merupakan salah satu router yang mendukung L2TP, IPsec dan OpenVPN.Dengan menggunakan L2TP/IPSec VPN atau OpenVPN pada Mikrotik router, dapat dilakukan komunikasi suara dan data antara 2 LAN yang berbeda jaringan. Pada L2TP/IPSec VPN dan OpenVPN komunikasi suara tidak dapat dilakukan pengupingan. Untuk komunikasi VoIP L2TP/IPSec VPN memiliki nilai jitter dan delay yang lebih baik, sedangkan OpenVPN memiliki nilai packet loss dan throughput yang lebih baik. Untuk komunikasi FTP OpenVPN memiliki nilai throughput, RTT, dan TCP retransmission yang lebih baik.Kata Kunci : VPN, L2TP/IPsec, PPTP, L2F, OpenVPN, SSL/TLS, gateway, IP, LAN, RTT, TCP retransmissionABSTRACT: The continued development of business processes and needs are increasing rapidly that cause a method of exchanging information in easy, fast and secure. Data communication on the internet does not guarantee the privacy, since internet networks connects all users. Therefore created a VPN, which is a method for connecting two or more different sites so that they can exchanging information through internet privately.L2TP/IPSec VPN and OpenVPN are examples of VPN that has been developed at this time. L2TP/IPSec VPN using L2TP tunneling protocol which is the development of PPTP from Microsoft and L2F from Cisco, for security L2TP uses IPSec for security protocol. OpenVPN is an open source software that implements the VPN, OpenVPN uses SSL/TLS for security mechanisms. In general, companies use router as a gateway to connect local network to the internet network, this is because the router can performs setting up to level of IP. Mikrotik router is one of the router that supports L2TP, IPSec, and OpenVPN.By using Mikrotik router that implements L2TP/IPSec VPN or OpenVPN, 2 different LANs can be connected in order to carry voice or data communications. Eavesdropping in L2TP/IPSec VPN and OpenVPN are imposible. In VoIP L2TP/IPSec is better than OpenVPN in terms of jitter and delay, while OpenVPN is better than L2TP/IPSec in terms of throughput and packet loss. In FTP OpenVPN is better than L2TP/IPSec in terms of throughput,RTT, and TCP retransmission.Keyword: VPN, L2TP/IPsec, PPTP, L2F, OpenVPN, SSL/TLS, gateway, IP, LAN, RTT, TCP retransmissio

Secure communication using dynamic VPN provisioning in an Inter-Cloud environment

Most of the current cloud computing platforms offer Infrastructure as a Service (IaaS) model, which aims to provision basic virtualised computing resources as on-demand and dynamic services. Nevertheless, a single cloud does not have limitless resources to offer to its users, hence the notion of an Inter-Cloud enviroment where a cloud can use the infrastructure resources of other clouds. However, there is no common framework in existence that allows the srevice owners to seamlessly provision even some basic services across multiple cloud service providers, albeit not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud platforms are built. In this paper we present a novel solution which aims to cover a gap in a subsection of this problem domain. Our solution offer a security architecture that enables service owners to provision a dynamic and service-oriented secure virtual private network on top of multiple cloud IaaS providers. It does this by leveraging the scalability, robustness and flexibility of peer- to-peer overlay techniques to eliminate the manual configuration, key management and peer churn problems encountered in setting up the secure communication channels dynamically, between different components of a typical service that is deployed on multiple clouds. We present the implementation details of our solution as well as experimental results carried out on two commercial clouds

Quantum Cryptography in Practice

BBN, Harvard, and Boston University are building the DARPA Quantum Network, the world's first network that delivers end-to-end network security via high-speed Quantum Key Distribution, and testing that Network against sophisticated eavesdropping attacks. The first network link has been up and steadily operational in our laboratory since December 2002. It provides a Virtual Private Network between private enclaves, with user traffic protected by a weak-coherent implementation of quantum cryptography. This prototype is suitable for deployment in metro-size areas via standard telecom (dark) fiber. In this paper, we introduce quantum cryptography, discuss its relation to modern secure networks, and describe its unusual physical layer, its specialized quantum cryptographic protocol suite (quite interesting in its own right), and our extensions to IPsec to integrate it with quantum cryptography.Comment: Preprint of SIGCOMM 2003 pape

Quality of Service in IPsec VPN Networks

Tato diplomová práce popisuje problematiku zavádění nástrojů kvality služeb v IPsec VPN sítích. V teoretické rovině nejprve popíše základní charakteristiku problematiky kvality služeb. V tomto segmentu diplomové práce budou popsány i konkrétní mechanismy, které bývají v rámci nástrojů kvality služby implementovány. Dále teoretická část této diplomové práce popisuje vlastnosti IPsec VPN technologie. Jsou zde vysvětleny principy na jejichž základě tato technologie funguje. V praktické části jsou rozebrány konkrétní problémy, které při součinnosti nástrojů kvality služeb a IPsec VPN technologie vznikají. Na IPsec VPN topologii s využitím zařízení výrobců Cisco a Huawei jsou postupně aplikovány nástroje kvality služby na klasifikaci, značkování, tvarování, omezování a prioritizaci provozu. Implementační část rovněž popisuje chybné značkování provozu na zařízeních Cisco s IOS verzí 12.4 a navrhuje alternativní postup zavedení IPsec VPN, který chybné značkování provozu řeší.This thesis describes the implementation of quality-of-service tools in IPsec VPN networks. On the theoretical level, it first describes the basic characteristics of the quality-of-service. This segment of the thesis will also describe the specific mechanisms which tend to be implemented within the quality-of-service tools. Next, the theoretical part of this thesis describes the characteristics of IPsec VPN technology. The principles on the basis of which this technology works are explained. The practical part discusses the specific problems which arise when quality-of-service tools and IPsec VPN technology interact. Quality-of-service tools for classification, marking, shaping, policing and prioritization are sequentially applied to an IPsec VPN topology using the equipment from Cisco and Huawei. The implementation section also describes the mismarking of the packets on Cisco devices running on IOS version 12.4 and proposes an alternative IPsec VPN implementation procedure which can be able to solve the mismarking of the packets.440 - Katedra telekomunikační technikyvýborn

Simultaneous Implementation Of Ssl And Ipsec Protocols For Remote Vpn Connection

A Virtual Private Network is a wide spread technology for connecting remote users and locations to the main core network. It has number of benefits such as cost-efficiency and security. SSL and IPSec are the most popular VPN protocols employed by large number of organizations. Each protocol has its benefits and disadvantages. Simultaneous SSL and IPSec implementation delivers efficient and flexible solution for companies’ with heterogeneous remote connection needs. On the other hand, employing two different VPN technologies opens questions about compatibility, performance, and drawbacks especially if they are utilized by one network device. The study examines the behavior of the two VPN protocols implemented in one edge network device, ASA 5510 security appliance. It follows the configuration process as well as the effect of the VPN protocols on the ASA performance including routing functions, firewall access lists, and network address translation abilities. The paper also presents the cost effect and the maintenance requirements for utilizing SSL and IPSec in one edge network security devic

An Analisys of Business VPN Case Studies

A VPN (Virtual Private Network) simulates a secure private network through a shared public insecure infrastructure like the Internet. The VPN protocol provides a secure and reliable access from home/office on any networking technology transporting IP packets. In this article we study the standards for VPN implementation and analyze two case studies regarding a VPN between two routers and two firewalls.VPN; Network; Protocol.

Analisis Performansi Remote Access VPN Berbasis IPSec dan Berbasis SSL pada Jaringan IPv6

ABSTRAKSI: Protokol keamanan Internet Protocol Security (IPSec) dan Secure Socket Layer (SSL) merupakan protokol keamanan yang paling banyak digunakan untuk meningkatkan keamanan VPN. Hal ini dikarenakan, kedua protokol mampu memenuhi kriteria dukungan keamanan dan mememiliki tingkat keamanan yang lebih baik dari protokol-protokol keamanan lainnya. Selain tingkat keamanan, performansi protokol keamanan juga bisa diuji dengan parameter seperti throughput dan delay. Parameter ini akan memberikan gambaran Quality of Service (QoS) protokol keamanan dari segi performansi jaringan. Skenario pengimplementasian VPN dengan IPSec dan VPN dengan SSL adalah VPN remote access. Jenis pengimplementasian remote access memungkinkan pengguna VPN yang mobile untuk terhubung ke private network. Pada private network akan menggunakan standar pengalamatan IPv6 karena sudah banyak Local Area Network (LAN) yang mampu menjalankan standar IPv6.KATA KUNCI: IPSec, SSL, IPv6, VPN, Remote AccessABSTRACT: Internet Protocol Security (IPSec) and Secure Socket Layer (SSL) are the most deployed security protocol to improve VPN security. This because both protocol fulfill security criteria and have securing capability more than any other security protocol. Beside securing capability, security protocol performance also can be tested with other parameters such as throughput and delay. This parameters will show security protocol’s Quality of Service (QoS) from network performance capability. The IPSec VPN and SSL VPN implementing scenario is remote access. Remote access VPN allow mobile VPN user to connect to private network. On private network will use IPv6 standard because most of Local Area Network already support IPv6 standard.KEYWORD: IPSec, SSL, IPv6, VPN, Remote Acces

A model for the analysis of security policies in service function chains

Two emerging architectural paradigms, i.e., Software Defined Networking (SDN) and Network Function Virtualization (NFV), enable the deployment and management of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract Service Functions (SFs), e.g., firewalls, VPN-gateways,traffic monitors, that packets have to traverse in the route from source to destination. While this appealing solution offers significant advantages in terms of flexibility, it also introduces new challenges such as the correct configuration and ordering of SFs in the chain to satisfy overall security requirements. This paper presents a formal model conceived to enable the verification of correct policy enforcements in SFCs. Software tools based on the model can then be designed to cope with unwanted network behaviors (e.g., security flaws) deriving from incorrect interactions of SFs in the same SFC