IoT Gateways
Netcom Products
IoT Modules
PCB Design —— ODM/EMS We provide one-stop turnkey design service to help customers with the delivery of an out-of-the-box hardware platform that is fully tested and ready to use upon delivery.
+ years of experience
11 high-speed SMT
10 million pcs daily
+ Private Cloud project
ISO9001 cert.
Intelligent MES
April 23, 2020 GRE and IPSEC for Industrial VPN Routing

Two protocols of GRE and IPSEC are common VPN encapsulation protocols in 3G routers.



GRE VPN, Generic Routing Encapsulation,  encapsulates datagram for certain network layer protocols (such as IP and IPX) so that these encapsulated datagram can be transmitted in another network layer protocol (such as IP).



GRE is the Layer 2 Tunneling Protocol of VPN (Virtual Private Network), which uses a technology called Tunnel between the protocol layers.



However, GRE is not a complete VPN protocol, because it can't complete data encryption, identity authentication, datagram integrity check, etc. In the common cases of 3G routers using GRE, it is often used in combination with IPSEC to make up for its security deficiencies.



IPSEC security protocol in industrial routers



(1) AH(Authentication Header) Protocol

It is used to provide data integrity and identity authentication to IP communications while providing anti-replay services.



After the AH protocol is adopted in IPv6, the illegal sneak phenomenon can be effectively prevented because a secret key based on algorithm independent exchange is set on the host. The secret key is set jointly by the client and the service provider. IPv6 authentication generates a check item based on this secret key and data packet when transmitting each packet. The check items are re-run at the data receiving end and compared to ensure the confirmation of the source of the data packets and the data packets are not illegally modified.


(2) ESP (Encapsulated Security Payload) Protocol


It provides IP layer encryption assurance and validation of data sources to deal with network monitoring. Although AH can protect the communication from being tampered, it does not transform the data, and the data is still clear to the hacker. In order to effectively guarantee the security of data transfer, there is another header ESP in IPv6, which further provides data confidentiality and prevents tampering.



(3) Security Association


SA (Security Association) records the policy and policy parameters of each IP security path. The Security Association is the basis of IPSEC. It is a protocol established between the two communication parties to determine the protocol, transcoding method, secret key, and secret key validity period used to protect the data packet. Both AH and ESP use security association. One of the main functions of IKE is to establish and maintain security association.



(4) Key Management Protocol



The Key Management Protocol ISAKMP, provides shared security information. The Internet Key Management Protocol is defined at the application layer. The IETF specifies the Internet security protocol and ISAKMP (Internet Security Association and Key Management Protocol) to implement IPSEC secret key management, key management, SA settings for identity authentication, and key exchange technology.

Industrial loT Gateways Ranked First in China by Online Sales for Seven Consecutive Years **Data from China's Industrial IoT Gateways Market Research in 2023 by Frost & Sullivan
Copyright © Jinan USR IOT Technology Limited All Rights Reserved. 鲁ICP备16015649号-5/ Sitemap / Privacy Policy
Copyright © Jinan USR IOT Technology Limited All Rights Reserved. Privacy Policy