The disadvantage of the Internet is that the infrastructure is not known in detail and the path between two communication partners is not comprehensible, predictable and controllable. Thus, a data package can be saved, modified or deleted at each node. The data is therefore transmitted unsecured via the Internet.
To ensure secure data transmission over the insecure Internet, an encrypted connection, the VPN tunnel, is established using a tunneling protocol. The tunnel is a logical connection between any endpoints. Most of these are VPN clients, VPN servers and VPN gateways. These virtual connections are called tunnels because the actual content of the data packets is not visible to others.
Tunneling is the basis of every VPN. Tunneling allows packets of one network protocol to be encapsulated in packets of another network protocol.
The technical principle of a VPN connection is usually always the same. No matter what protocol. The packages are encapsulated at the starting point of the tunnel. At the end point, the packages are decapsulated again. Each data packet is encrypted. Others cannot see the contents of the original package.
Another useful application is hiding private network addresses by tunneling IP packets into IP packets. In this way, networks are connected to each other via the Internet. The IP packets with private addresses are packed in IP packets with the public address.
Tunneling In The OSI Layer Model
There are two approaches to tunneling. In the first approach, tunneling is built on layer 3 of the OSI layer model. The Internet Protocol (IP) is used to address the layer or data packets. This is known as IP-in-IP tunneling. Normally IPsec is used for this solution.
Another approach intervenes directly on layer 2 of the OSI layer model. Here the data packet of layer 3 is encrypted and then addressed with the physical address. Usually PPTP or L2TP are used for this solution.
Standardized Tunneling Protocols
- PPTP – Point-to-Point Tunneling Protocol (obsolete)
- L2F – Layer 2 Forwarding (Cisco)
PPTP and L2F are not real standards. They only have an informal status.
- L2TP – Layer 2 Tunneling Protocol (Microsoft environments)
- IPsec (in tunnel mode)
- MPLS – Multi-Protocol Label Switching
MPLS is not really a tunneling protocol. However, you can use it to build layer 2 VPNs. However, only network operators.
To call IPsec a tunneling protocol is wrong. In a general sense, it is a safety protocol that is also capable of tunneling and is usually used for this purpose.
Proprietary Tunneling Protocols
- Altavista Tunnel
- Bay Dail VPN Service (Bay-DVS)
- Ascend Tunnel Management Protocol (ATMP)
L2F – Layer 2 Forwarding
L2F is related to L2TP and was developed by Cisco as a software module for RAC (Remote Access Concentrator) and routers. This is not a client implementation, such as PPTP or L2TP. The user does not come into contact with L2F.
L2F does not provide encryption or strong authentication. L2F can only tunnel different network protocols. Two L2TP servers serve as the endpoint for an L2F tunnel.