Netgate, profile picture
Uploaded byNetgate
PDF, PPTX881 views

VPN Overview and IPsec Intro

This document provides an overview of VPN options including IPsec, OpenVPN, and PPTP. It recommends using IPsec or OpenVPN for site-to-site VPNs and mobile users, with OpenVPN being easier to configure for mobile users. The document dives deeper into IPsec, discussing its modes, usage with IPv6, an example site-to-site configuration, troubleshooting tips, and packet capture for tracing traffic. It announces an upcoming session on March 21st and invites questions and feedback.

Embed presentation

Download as PDF, PPTX
VPN Overview and dive into IPsec February 2014
Project News ● Development ○ 2.1.1 ○ 2.2 ● At SCALE this weekend ○ https://www.socallinuxexpo.org ● Next session - March 21 ● Questions at the end
VPN options ● IPsec ● OpenVPN ● PPTP
VPN Comparison - PPTP ● Insecure ● Likely to be NAT-broken ● Just don’t use it!
VPN Comparison - OpenVPN and IPsec IPsec OpenVPN NAT-friendly with NAT-T, Y Y Widely interoperable with other firewalls Y N Client for Windows Shrew Soft, others OpenVPN Client for Android Built into most Android 4.x versions Two options available in Google Play Client for iOS Built into iOS 3.x and newer Available in App Store Client for OS X Built-in Tunnelblick (free) and Viscosity (commercial) available
VPN Selection - Site to Site ● Interoperability with third party devices - IPsec ● One endpoint behind NAT - OpenVPN ● NAT within VPN, both, but OpenVPN most flexible
VPN Selection - Mobile Users ● OpenVPN usually easier to configure ● Depends on devices supported and personal preferences
IPsec Intro - Modes ● Tunnel ● Transport http://diecarvi.wordpress.com/2013/07/04/ipsec-tunnel-and-transport-modes-why-doesnt-transport-mode-work-between-routers/
IPsec and IPv6 ● IPv6 inside IPv6 tunnels ● IPv4 inside IPv4 tunnels ● Mobile clients IPv4-only
IPsec Example Site to Site VPN
IPsec Troubleshooting ● Check Status>IPsec ● Check firewall states ● Deciphering IPsec logs ● Enabling debug logging ● MSS clamping requirements ○ Hanging TCP connections
IPsec Troubleshooting - Packet Capture Six points for tracing traffic
Thanks for attending! Questions? Next session - March 21 Comments, suggestions, feedback welcome to gold@pfsense.org

More Related Content

PDF
CNIT 152: 9 Network Evidence
bySam Bowne
 
PDF
QNX Software Systems
byRobert-Emmanuel Mayssat
 
PDF
Understanding Open vSwitch
byYongKi Kim
 
PDF
分散システム読書会 06章-同期(前編)
byIchiro TAKAHASHI
 
PDF
Build a High Available NFS Cluster Based on CephFS - Shangzhong Zhu
byCeph Community
 
PDF
KVM環境におけるネットワーク速度ベンチマーク
byVirtualTech Japan Inc.
 
PDF
NVIDIA GPUで作るHeadless X11 Linux
byTomoki SHISHIKURA
 
PDF
RISC-V の現況と Esperanto Technologies のアプローチ
byYutaka Yasuda
 
CNIT 152: 9 Network Evidence
bySam Bowne
 
QNX Software Systems
byRobert-Emmanuel Mayssat
 
Understanding Open vSwitch
byYongKi Kim
 
分散システム読書会 06章-同期(前編)
byIchiro TAKAHASHI
 
Build a High Available NFS Cluster Based on CephFS - Shangzhong Zhu
byCeph Community
 
KVM環境におけるネットワーク速度ベンチマーク
byVirtualTech Japan Inc.
 
NVIDIA GPUで作るHeadless X11 Linux
byTomoki SHISHIKURA
 
RISC-V の現況と Esperanto Technologies のアプローチ
byYutaka Yasuda
 

What's hot

PPTX
GitLab から GitLab に移行したときの思い出
by富士通クラウドテクノロジーズ株式会社
 
PDF
Large scale overlay networks with ovn: problems and solutions
byHan Zhou
 
PDF
Mise en place d'un vpn site à site avec pfsense
byPape Moussa SONKO
 
PDF
Site-to-Site VPNs - pfSense Hangout November 2015
byNetgate
 
PDF
RISC-V : Berkeley Boot Loader & Proxy Kernelのソースコード解析
byMr. Vengineer
 
PPTX
Mise en place d'un wifi securise
byJUNIOR SORO
 
PDF
About GStreamer 1.0 application development for beginners
byShota TAMURA
 
PDF
ネットワークでなぜ遅延が生じるのか
byJun Kato
 
PDF
Paxos
byPreferred Networks
 
PDF
「とても小さいVim」vim tiny
bygu4
 
PPTX
いまどきの組込みOSの​ ZephyrRTOSと​ OpenThreadを​ Arduino環境で遊んでみる
by裕士 常田
 
PPTX
Control plane
byManish Srivastava
 
PPTX
Building an Ethereum Wallet using Hashicorp Vault
byJeff Ploughman
 
PDF
EBPF and Linux Networking
byPLUMgrid
 
PPTX
RustによるGPUプログラミング環境
byKiyotomoHiroyasu
 
PDF
Guide pfsense
byr_sadoun
 
PDF
Consulを頑張って理解する
byMasakazu Watanabe
 
PPTX
NGINX, Istio, and the Move to Microservices and Service Mesh
byNGINX, Inc.
 
PDF
1º Meetup Zabbix Meetup do Recife: Hernandes Martins - Gerando relatórios via...
byZabbix BR
 
PDF
Linux Linux Traffic Control
bySUSE Labs Taipei
 
GitLab から GitLab に移行したときの思い出
by富士通クラウドテクノロジーズ株式会社
 
Large scale overlay networks with ovn: problems and solutions
byHan Zhou
 
Mise en place d'un vpn site à site avec pfsense
byPape Moussa SONKO
 
Site-to-Site VPNs - pfSense Hangout November 2015
byNetgate
 
RISC-V : Berkeley Boot Loader & Proxy Kernelのソースコード解析
byMr. Vengineer
 
Mise en place d'un wifi securise
byJUNIOR SORO
 
About GStreamer 1.0 application development for beginners
byShota TAMURA
 
ネットワークでなぜ遅延が生じるのか
byJun Kato
 
Paxos
byPreferred Networks
 
「とても小さいVim」vim tiny
bygu4
 
いまどきの組込みOSの​ ZephyrRTOSと​ OpenThreadを​ Arduino環境で遊んでみる
by裕士 常田
 
Control plane
byManish Srivastava
 
Building an Ethereum Wallet using Hashicorp Vault
byJeff Ploughman
 
EBPF and Linux Networking
byPLUMgrid
 
RustによるGPUプログラミング環境
byKiyotomoHiroyasu
 
Guide pfsense
byr_sadoun
 
Consulを頑張って理解する
byMasakazu Watanabe
 
NGINX, Istio, and the Move to Microservices and Service Mesh
byNGINX, Inc.
 
1º Meetup Zabbix Meetup do Recife: Hernandes Martins - Gerando relatórios via...
byZabbix BR
 
Linux Linux Traffic Control
bySUSE Labs Taipei
 

Similar to VPN Overview and IPsec Intro

PDF
Remote Access VPNs - pfSense Hangout September 2015
byNetgate
 
PDF
Remote Access VPNs Part 2 - pfSense Hangout October 2015
byNetgate
 
PDF
Open vpn feature_on_yealink_ip_phones_v80_60(1)
bymaunicmer
 
PDF
OpenVPN as a WAN - pfSense Hangout October 2016
byNetgate
 
PPT
Phifer 3 30_04
byAyano Midakso
 
PDF
FreeBSD, ipfw and OpenVPN 2.1 server
byTomaz Muraus
 
PDF
VPN Theory
byLJ PROJECTS
 
PDF
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
byNetgate
 
PDF
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
byNetgate
 
PDF
Cohesive Networks Support Docs: VNS3 Setup for Sonicwall
byCohesive Networks
 
DOCX
ITERA Paper - IPSec L2TP Vulnerability
byKunal Sharma
 
PDF
RIPE 78: IPv6 reliability measurements
byAPNIC
 
PPT
V P N
bybhathiji
 
PDF
Site to-multi site open vpn solution with mysql db
byChanaka Lasantha
 
PDF
IP security and VPN presentation
byKishoreTs3
 
PPTX
The vpn
byAbhinav Dwivedi
 
PDF
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
byCohesive Networks
 
PPTX
ENSA_Module_8.pptx
bySkyBlue659156
 
PDF
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
byKdpKumar
 
PPTX
VPN, Its Types,VPN Protocols,Configuration and Benefits
byqaisar17
 
Remote Access VPNs - pfSense Hangout September 2015
byNetgate
 
Remote Access VPNs Part 2 - pfSense Hangout October 2015
byNetgate
 
Open vpn feature_on_yealink_ip_phones_v80_60(1)
bymaunicmer
 
OpenVPN as a WAN - pfSense Hangout October 2016
byNetgate
 
Phifer 3 30_04
byAyano Midakso
 
FreeBSD, ipfw and OpenVPN 2.1 server
byTomaz Muraus
 
VPN Theory
byLJ PROJECTS
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
byNetgate
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
byNetgate
 
Cohesive Networks Support Docs: VNS3 Setup for Sonicwall
byCohesive Networks
 
ITERA Paper - IPSec L2TP Vulnerability
byKunal Sharma
 
RIPE 78: IPv6 reliability measurements
byAPNIC
 
V P N
bybhathiji
 
Site to-multi site open vpn solution with mysql db
byChanaka Lasantha
 
IP security and VPN presentation
byKishoreTs3
 
The vpn
byAbhinav Dwivedi
 
Cohesive Networks Support Docs: VNS3 Setup for Cisco ASA
byCohesive Networks
 
ENSA_Module_8.pptx
bySkyBlue659156
 
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
byKdpKumar
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
byqaisar17
 

More from Netgate

PDF
Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...
byNetgate
 
PDF
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018
byNetgate
 
PDF
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
byNetgate
 
PDF
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
byNetgate
 
PDF
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
byNetgate
 
PDF
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018
byNetgate
 
PDF
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
byNetgate
 
PDF
Dynamic Routing with FRR - pfSense Hangout December 2017
byNetgate
 
PDF
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
byNetgate
 
PDF
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
byNetgate
 
PDF
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017
byNetgate
 
PDF
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
byNetgate
 
PDF
Advanced Captive Portal - pfSense Hangout June 2017
byNetgate
 
PDF
Let's Encrypt - pfSense Hangout April 2017
byNetgate
 
PDF
High Availability on pfSense 2.4 - pfSense Hangout March 2017
byNetgate
 
PDF
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
byNetgate
 
PDF
Console Menu - pfSense Hangout December 2016
byNetgate
 
PDF
DHCP Server - pfSense Hangout September 2016
byNetgate
 
PDF
Providing Local DNS with pfSense - pfSense Hangout August 2016
byNetgate
 
PDF
High Availability Part 2 - pfSense Hangout July 2016
byNetgate
 
Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...
byNetgate
 
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018
byNetgate
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
byNetgate
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
byNetgate
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
byNetgate
 
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018
byNetgate
 
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
byNetgate
 
Dynamic Routing with FRR - pfSense Hangout December 2017
byNetgate
 
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
byNetgate
 
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
byNetgate
 
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017
byNetgate
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
byNetgate
 
Advanced Captive Portal - pfSense Hangout June 2017
byNetgate
 
Let's Encrypt - pfSense Hangout April 2017
byNetgate
 
High Availability on pfSense 2.4 - pfSense Hangout March 2017
byNetgate
 
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
byNetgate
 
Console Menu - pfSense Hangout December 2016
byNetgate
 
DHCP Server - pfSense Hangout September 2016
byNetgate
 
Providing Local DNS with pfSense - pfSense Hangout August 2016
byNetgate
 
High Availability Part 2 - pfSense Hangout July 2016
byNetgate
 

Recently uploaded

PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
How to Prepare for the RWA Tokenization Trend
byrose mason
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
How to Prepare for the RWA Tokenization Trend
byrose mason
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
final.pdf
byomarbishtawi04
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 

VPN Overview and IPsec Intro

  • 1.
    VPN Overview anddive into IPsec February 2014
  • 2.
    Project News ● Development ○2.1.1 ○ 2.2 ● At SCALE this weekend ○ https://www.socallinuxexpo.org ● Next session - March 21 ● Questions at the end
  • 3.
    VPN options ● IPsec ●OpenVPN ● PPTP
  • 4.
    VPN Comparison -PPTP ● Insecure ● Likely to be NAT-broken ● Just don’t use it!
  • 5.
    VPN Comparison -OpenVPN and IPsec IPsec OpenVPN NAT-friendly with NAT-T, Y Y Widely interoperable with other firewalls Y N Client for Windows Shrew Soft, others OpenVPN Client for Android Built into most Android 4.x versions Two options available in Google Play Client for iOS Built into iOS 3.x and newer Available in App Store Client for OS X Built-in Tunnelblick (free) and Viscosity (commercial) available
  • 6.
    VPN Selection -Site to Site ● Interoperability with third party devices - IPsec ● One endpoint behind NAT - OpenVPN ● NAT within VPN, both, but OpenVPN most flexible
  • 7.
    VPN Selection -Mobile Users ● OpenVPN usually easier to configure ● Depends on devices supported and personal preferences
  • 8.
    IPsec Intro -Modes ● Tunnel ● Transport http://diecarvi.wordpress.com/2013/07/04/ipsec-tunnel-and-transport-modes-why-doesnt-transport-mode-work-between-routers/
  • 9.
    IPsec and IPv6 ●IPv6 inside IPv6 tunnels ● IPv4 inside IPv4 tunnels ● Mobile clients IPv4-only
  • 10.
    IPsec Example Siteto Site VPN
  • 11.
    IPsec Troubleshooting ● CheckStatus>IPsec ● Check firewall states ● Deciphering IPsec logs ● Enabling debug logging ● MSS clamping requirements ○ Hanging TCP connections
  • 12.
    IPsec Troubleshooting -Packet Capture Six points for tracing traffic
  • 13.
    Thanks for attending! Questions? Nextsession - March 21 Comments, suggestions, feedback welcome to gold@pfsense.org