Get best of the week

Entendemos os protocolos VPN

Nos Ășltimos meses, o exĂ©rcito de usuĂĄrios de VPN cresceu significativamente. E nĂŁo se trata de amantes que ignoram os bloqueios e visitam sites proibidos, mas daqueles que usam uma VPN para operação segura (sim, trabalho remoto). É uma ocasiĂŁo para olhar novamente o arsenal de protocolos disponĂ­veis e comparĂĄ-los do ponto de vista da segurança.


oh admirĂĄvel mundo novo


Para iniciantes, alguns pontos gerais sobre a VPN. Os cenĂĄrios de uso da VPN podem ser diferentes, os mais populares sĂŁo:


  • (, );
  • ( );
  • VPN Providers ( , ).

VPN — , . "" . — OpenVPN IPSec, WireGuard, . , , .


VPN :


— .


— , . , VPN Providers, , .


— , . — .


— , , -.


, , .


PPTP


Point-to-Point Tunneling Protocol (PPTP) — VPN , , Microsoft.


PPTP — , . TCP, 1723. GRE, ( TCP/UDP). , NAT, , - . , GRE, PPTP ( enhanced GRE), Call ID, , , GRE , . NAT point-to-point GRE. VPN PassTrough. .


PPTP Windows . , PPTP : , , , OpenVPN.


PPTP Microsoft VPN . PPTP, .


, VPN , PPTP , , : , .


SSTP


Secure Socket Tunneling Protocol (SSTP) — Microsoft. PPTP, SSTP VPN, , PPTP, .


SSTP SSL TCP- 443. , , VPN . , SSTP Linux, RouterOS SEIL, Windows-.


SSTP , . , VPN SSTP.


SSTP , VPN , - OpenVPN ( ).


IPsec


Internet Protocol Security (IPsec) — , IP-. SSL, , IPsec , ( OpenVPN).


IPsec L2TP IKEv2, .


IPsec IP-, :


  • Authentication Header (AH), ;
  • Encapsulating Security Protocol (ESP), , .

IPsec , IPsec (L2TP IKE). , , . IPsec , .


, IPsec L2TP IKEv2.


L2TP/IPsec


Layer 2 Tunneling Protocol (L2TP) 1999 L2F (Cisco) PPTP (Microsoft). L2TP , IPsec. L2TP IPsec , RFC 3193.


L2TP/IPsec ( , PPTP). L2TP/IPsec 3DES AES, , , 3DES , .


L2TP - UDP- 500, , , .


L2TP/IPsec , . L2TP/IPsec , , VPN-.


IKEv2/IPsec


Internet Key Exchange version 2 (IKEv2) IPsec, , Security Associations (SA), RFC 7296. IPsec, L2TP, . IKEv2 Microsoft Cisco, (, OpenIKEv2, Openswan strongSwan).


Mobility and Multi-homing Protocol (MOBIKE) IKEv2 . IKEv2 , Wi-Fi .


IKEv2/IPsec , AES, Blowfish Camellia, 256- .


IKEv2 Perfect Forward Secrecy.


IKEv2 OpenVPN, . IKEv2 , . IKEv2 Windows 7+, Mac OS 10.11+, iOS, Android-.


OpenVPN


OpenVPN — VPN , OpenVPN Technologies. , , VPN. , .


, VPN, OpenVPN. . OpenVPN TCP UDP IPsec , VPN.


OpenVPN , , . VPN- OpenVPN, . TCP UPD : Windows, Mac OS, Linux, Apple iOS, Android.


, .


WireGuard


VPN — WireGuard. IPsec OpenVPN , , .



IP-, WireGuard , UDP . WireGuard :


  • Curve25519 ,
  • ChaCha20 ,
  • Poly1305 ,
  • SipHash -,
  • BLAKE2 .

WireGuard , OpenVPN, (4 ). , .


( , ). , WireGuard Linux , .. .


WireGuard 1.0.0, WireGuard Linux 5.6. Linux , , - . , WireGuard IPsec OpenVPN .


VPN , , . , , , .


PPTPSSTPL2TP/IPsecIKEv2/IPsecOpenVPNWireGuard
-MicrosoftMicrosoftL2TP — Cisco Microsoft, IPsec — The Internet Engineering Task ForceIKEv2 — Cisco Microsoft, IPsec — The Internet Engineering Task ForceOpenVPN TechnologiesJason A. Donenfeld
ProprietaryProprietaryProprietaryProprietary,GNU GPLGNU GPL
Windows, macOS, iOS, GNU/Linux. “ ”,Windows. “ ”,Windows,Mac OS X, Linux, iOS, Android. ( Windows 2000/XP +, Mac OS 10.3+) ,Windows 7+, macOS 10.11+Windows, Mac OS, GNU/Linux, Apple iOS, Android . ,Windows, Mac OS, GNU/Linux, Apple iOS, Android. WireGuard,
Microsoft Point-to-Point Encryption (MPPE), RSA RC4 128-SSL ( , TCP- SSL-)3DES AES, AES, Blowfish, CamelliaOpenSSL ( )1-RTT, Curve25519 ECDH, RFC7539 ChaCha20 Poly1305 , BLAKE2s
TCP- 1723TCP- 443UDP- 500 . UDP- 1701 L2TP, UDP- 5500 NATUDP- 500 , UDP- 4500 — NATUDP- TCP-UDP-
. MSCHAP-v2 , RC4 Bit-flipping3DES Meet-in-the-middle Sweet32, AES . , IPsec, IPsec

veneramuholovka

More articles:


All Articles