VPN (Virual Private Network) virtual private network, divided into Client and Server, is divided into PPTP, L2TP, GRE, IPSEC, OPENVPN, SSTP, etc. VPN is mainly used in the industrial routers and industrial modems for the encrypted communication on the public network. Take USRIOT's industrial router USR-G800V2 as an example, the industrial cellular router USR-G800 V2 can establish a virtual private network on the public network for encrypted communication, this allows mobile employees, remote employees and branch office workers to connect to enterprise networks using locally available high-speed broadband networks, while VPNS provide a high level of security and protect data from prying eyes using advanced encryption and identity protocols. This article introduces the tunneling protocols and the principles of the VPN.
PPTP is a peer-to-peer tunneling protocol that uses a TCP (port 1723) connection to maintain tunnels, using generic routing encapsulation (GRE) technology to encapsulate data into PPP data frames for tunneling, in the load on encapsulated PPP frames. The data is encrypted or compressed. The MPPE will encrypt the PPP frame by the encryption key generated by the MS-CHAP, MS-CHAP V2 or EAP-TLS authentication process.
L2TP is a Layer 2 tunneling protocol similar to PPTP. Supports multiple authentication methods such as tunnel password authentication and CHAP; the encryption method supports MPPE encryption.
The IPSEC protocol is not a separate protocol. It provides a complete set of architectures for network data security at the application and IP layers, including network authentication protocols AH, ESP, IKE, and some algorithms for network authentication and encryption. The AH protocol and the ESP protocol are used to provide security services, and the IKE protocol is used for key exchange.
OPENVPN is an application layer VPN implementation based on the Openssl library. It supports certificate-based two-way authentication, which means that the client needs to authenticate the server, and the server also authenticates the client.
The GRE protocol encapsulates datagrams of certain network layer protocols (such as IP and IPX) so that these encapsulated datagrams can be transmitted in another network layer protocol (such as IP). GRE adopts the tunnel technology and is the third layer tunneling protocol of VPN (Virtual Private Network).
SSTP, also known as the Secure Socket Tunneling Protocol, is a protocol applied to the Internet that creates a VPN tunnel that is transmitted over https. SSTP is only suitable for remote access and cannot support VPN tunnels between sites and sites.
Note: These kinds of protocols can be used to build a VPN. Specifically, user can choose a suitable protocol to build according to your own needs.
Note: After the VPN is established, the two subnets need to communicate with each other.