Tunnelling allows one network to send its data through another networks connections; for example the internet. Tunnels are used to create a safe and secure network connection between a private network and a remote host. This enables a remote user to gain access to resources on their private network.
It does this by using tunnelling protocols; this is where a packet based on one protocol is encapsulated in a second packet based on whatever protocol is required to allow it to propagate through the intermediary network. In effect the, the second wrapper 'insulates' the original packet and gives the illusion of a tunnel. Tunnelling technology can be implemented using a Layer 2 or Layer 3 tunnelling protocol.
In real life term, tunnelling is compared to 'encapsulating' a present (original packet) in a box (second wrapper) for delivery through the postal service.
Reasons for Tunneling
Get your grade
or your money back
using our Essay Writing Service!
There are many reasons why an organization may choose to implement a network tunnel. A few examples are listed below.
Lower communications cost: as it eradicates the need for expensive leased lines because tunnels can operate on Public switched telephone network (PSTN) lines .It will significantly reduce the number of national and international calls.
Lower administration: network administrators need only manage and secure their remote access servers. They only have to manage only user accounts and don't need to worry about supporting complex hardware configurations
Improves organization efficiency: many employees are field based or work from home. Having the ability to access the company's server for resources is a great convenience and productivity improvement.
Improves Security: The use of authentication and encryption protocols helps to protect the data that is transmitted through the tunnel.
Point To Point Tunneling Protocol
The Point to Point Tunneling Protocol (PPTP) is a protocol that is used to tunnel Point to Point Protocol (PPP) connections through an IP network, creating a Virtual Private Network (VPN)
PPTP was developed by PPTP Forum, This was a group of companies that included Microsoft; Ascend, US Robotics and. 3Com.PPTP is one of the most commonly implemented tunnelling protocols. This is mainly due to the fact that it's supported by windows clients and it's fairly simple to configure and maintain. PPTP has the capacity to provide on demand, multi protocol for VPNs utilizing public networks for instance, the Internet.
PPTP is an expansion of the Point-to-Point protocol (PPP) RFC 1661. PPTP works at the datalink layer of the OSI model. The authentication process used by PPTP is identical to PPP. PPP has four main authentication protocols which are:
Password Authentication Protocol (PAP) RFC1334 this allows for clear text authentication of a username and password. It is not a secure protocol due to the fact that if PAP packets are captured by a between server and remote clients, it would be possible to figure out remote user's password. It also vulnerable to reply attacks.
Challenge Handshake Authentication Protocol (CHAP) RFC1994 is a more secure authentication protocol than PAP. It works by ensuring that both the server and user know the plain text of the secret, even though it's never sent over the link. The process is carried out when the initial link is created and at regular intervals during the connection to verify the identity of the remote user. It's also known as a three way handshake.
Microsoft Challenge Handshake Authentication Protocol (MS CHAP) RFC 2433. This is a Microsoft extension of CHAP. It follows the three way handshake method like CHAP.MS CHAP works by ensuring that the server stores a digital signature of the user instead of their password. This allows for greater level of security.
MS-CHAPv2. v2 RFC 2759 Microsoft developed an enhanced version of MS-CHAP. The encryption authentication process was revised, where each network device has to authenticate to each other. This method creates two unidirectional data pipes. Through these pipes a different encryption key is used for each connection between the devices.
(Kory Hamzeh,Gurdeep Singh Pall,William Verthein,Jeff Taarud,W. Andrew Little,Glen Zorn, 1999-07) (Gurdeep Singh Pall and Glen Zorn, 2001-03)
Always on Time
Marked to Standard
There is no encryption with PPTP as it only establishes the tunnel. The encryption technology used by PPTP is Microsoft Point to Point Encryption (MPPE) protocol RFC 3078.MPPE uses the RSA RC4 algorithm and at the present time supports 40-bit, 56-bit and 128-bit session keys.
Structure of a PPTP Packet Containing an IP Datagram
Structure of PPTP Packet Containing IP Datagram
The PPTP consist of 3 main parts:
Control Connection that runs over the TCP (port 1723)
The main data packets which are encapsulated using GRE and routed through the IP tunnel
The main IP tunnel used for routing the packets which are encapsulated by GRE
Layer 2 Tunnelling Protocol
Layer 2 Tunneling Protocol (L2TP) RFC 2661 is a protocol used to tunnel data traffic between two points using the Internet. L2TP was developed by Microsoft and Cisco to combine features of PPTP with that of Cisco's Layer 2 Forwarding (L2F) protocol RFC2341.L2TP is capable of supporting non-TCP/IP clients and protocols for example Frame Relay and Asynchronous Transfer Mode (ATM). L2TP is similar to PPTP which encapsulates the data into PPP frames and transmits these across the connection.L2TP uses UDP as an encapsulation method for both tunnel maintenance and user data.
To maintain the tunnel and user data L2TP uses UDP for encapsulationL2TP is often used in conjunction with IPSec. The use of certificates or a shared key is required when L2TP/IPSec is implemented, unlike PPTP.
L2TP also works at the datalink layer of the OSI model.L2TP does not provide any encryption or confidentiality by itself. It relies on an encryption protocol that it passes within the tunnel to provide security. L2TP has can use the same authentication protocols as