IT KI DUNIYAA | Reading for information | Needs of All Students And learners
Source:- Google.com.pk
ITKiDuniyaa Define VPN L2TP/IPSec Connection?
In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.
History
Published in 1999 as proposed standard RFC 2661, L2TP has its origins primarily in two older tunneling protocols for Point-to-Point communication: Cisco's Layer 2 Forwarding Protocol (L2F) and USRobotics Point-to-Point Tunneling Protocol (PPTP). A new version of this protocol, L2TPv3, was published as proposed standard RFC 3931 in 2005. L2TPv3 provides additional security features, improved encapsulation, and the ability to carry data links other than simply PPP (PPP) over an IP network (e.g., Frame Relay, Ethernet, ATM, etc.).
Description
The entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol (UDP) datagram. It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec (discussed below).
The two endpoints of an L2TP tunnel are called the LAC (L2TP Access Concentrator) and the LNS (L2TP Network Server). The LAC is the initiator of the tunnel while the LNS is the server, which waits for new tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional. To be useful for networking, higher-level protocols are then run through the L2TP tunnel. To facilitate this, an L2TP session (or 'call') is established within the tunnel for each higher-level protocol such as PPP. Either the LAC or LNS may initiate sessions. The traffic for each session is isolated by L2TP, so it is possible to set up multiple virtual networks across a single tunnel. MTU should be considered when implementing L2TP.
The packets exchanged within an L2TP tunnel are categorized as either control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel.
L2TP allows the creation of a virtual private dialup network (VPDN) to connect a remote client to its corporate network by using a shared infrastructure, which could be the Internet or a service provider's network.
Tunneling models
An L2TP tunnel can extend across an entire PPP session or only across one segment of a two-segment session. This can be represented by four different tunneling models, namely:
voluntary tunnel
compulsory tunnel — incoming call
compulsory tunnel — remote dial
L2TP multihop connection
L2TP packet structure
An L2TP packet consists of :
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
Field meanings:
Flags and version
control flags indicating data/control packet and presence of length, sequence, and offset fields.
Length (optional)
Total length of the message in bytes, present only when length flag is set.
Tunnel ID
Indicates the identifier for the control connection.
Session ID
Indicates the identifier for a session within a tunnel.
Ns (optional)
sequence number for this data or control message, beginning at zero and incrementing by one (modulo 216) for each message sent. Present only when sequence flag set.
Nr (optional)
sequence number for expected message to be received. Nr is set to the Ns of the last in-order message received plus one (modulo 216). In data messages, Nr is reserved and, if present (as indicated by the S bit), MUST be ignored upon receipt..
Offset Size (optional)
Specifies where payload data is located past the L2TP header. If the offset field is present, the L2TP header ends after the last byte of the offset padding. This field exists if the offset flag is set.
Offset Pad (optional)
Variable length, as specified by the offset size. Contents of this field are undefined.
Payload data
Variable length (Max payload size = Max size of UDP packet - size of L2TP header)
L2TP packet exchange
At the time of setup of L2TP connection, many control packets are exchanged between server and client to establish tunnel and session for each direction. One peer requests the other peer to assign a specific tunnel and session id through these control packets. Then using this tunnel and session id, data packets are exchanged with the compressed PPP frames as payload.
The list of L2TP Control messages exchanged between LAC and LNS, for handshaking before establishing a tunnel and session in voluntary tunneling method are
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
L2TP/IPsec
Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:
Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called "pre-shared keys"), public keys, or X.509 certificates on both ends, although other keying methods exist.
Establishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP's 6 and UDP's 17). At this point, a secure channel has been established, but no tunneling is taking place.
Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA's secure channel, within the IPsec encryption. L2TP uses UDP port 1701.
When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be garnered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.
A potential point of confusion in L2TP/IPsec is the use of the terms tunnel and secure channel. The term tunnel refers to a channel which allows untouched packets of one network to be transported over another network. In the case of L2TP/PPP, it allows L2TP/PPP packets to be transported over IP. A secure channel refers to a connection within which the confidentiality of all data is guaranteed. In L2TP/IPsec, first IPsec provides a secure channel, then L2TP provides a tunnel.
Windows implementation
Windows Vista provides two new configuration utilities that attempt to make using L2TP without IPsec easier, both described in sections that follow below:
an MMC snap-in called "Windows Firewall with Advanced Security" (WFwAS), located in Control Panel ? Administrative Tools
the "netsh advfirewall" command-line tool
Both these configuration utilities are not without their difficulties, and unfortunately, there is very little documentation about both "netsh advfirewall" and the IPsec client in WFwAS. One of the aforementioned difficulties is that it is not compatible with NAT. Another problem is that servers must be specified only by IP address in the new Vista configuration utilities; the hostname of the server cannot be used, so if the IP address of the IPsec server changes, all clients will have to be informed of this new IP address (which also rules out servers that addressed by utilities such as DynDNS).
L2TP in ISPs' networks
L2TP is often used by ISPs when internet service over for example ADSL or cable is being resold. From the end user, packets travel over a wholesale network service provider's network to a server called a Broadband Remote Access Server (BRAS), a protocol converter and router combined. On legacy networks the path from end user customer premises' equipment to the BRAS may be over an ATM network. From there on, over an IP network, an L2TP tunnel runs from the BRAS (acting as LAC) to an LNS which is an edge router at the boundary of the ultimate destination ISP's IP network. See example of reseller ISPs using L2TP.
ITKiDuniyaa Explains VPN L2TP/IPSec Connection In Simple Words
Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet. L2TP merges the best features of two other tunneling protocols: PPTP from Microsoft and L2F from Cisco Systems. The two main components that make up L2TP are the L2TP Access Concentrator (LAC), which is the device that physically terminates a call and the L2TP Network Server (LNS), which is the device that terminates and possibly authenticates the PPP stream.
PPP defines a means of encapsulation to transmit multiprotocol packets over layer two (L2) point-to-point links. Generally, a user connects to a network access server (NAS) through ISDN, ADSL, dialup POTS or other service and runs PPP over that connection. In this configuration, the L2 and PPP session endpoints are both on the same NAS.
L2TP uses packet-switched network connections to make it possible for the endpoints to be located on different machines. The user has an L2 connection to an access concentrator, which then tunnels individual PPP frames to the NAS, so that the packets can be processed separately from the location of the circuit termination. This means that the connection can terminate at a local circuit concentrator, eliminating possible long-distance charges, among other benefits. From the user's point of view, there is no difference in the operation.
ITKiDuniyaa Explains VPN L2TP/IPSec Connection In Short Words
Short for Layer Two (2) Tunneling Protocol, an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges the best features of two other tunneling protocols: PPTP from Microsoft and L2F from Cisco Systems. Like PPTP, L2TP requires that the ISP's routers support the protocol.
Making an VPN L2TP/IPSec Connection Connection From Windows XP [Tutorial Provided By ITKiDuniyaa]
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 1
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 2
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 3
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 4
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 5
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 6
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 7
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 8
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 9
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 10
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 11
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 12
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 13
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 14
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 15
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
ITKiDuniyaa Creat New VPN L2TP/IPSec Connection In Windows XP Step 16
For More Latest Tech Updates, Stay With Us On itkiduniyaa.blogspot.com
IT KI DUNIYAA | Reading for information | Needs of All Students And learners
0 comments:
Post a Comment