Encryption, Tunnel lifetimes – equinux VPN Tracker 5.4.4 User Manual

RADIUS or LDAP server. This allows the user to use the same
login information for the VPN connection and other services
(like email or file services).

The different authentication passwords tend to create some
confusion. There are usually three passwords involved in using
VPN Tracker:
‣ The password for the local user account on your Mac. If your

account is an admin account, you can also use this password
to install VPN Tracker. If not, you will need a local admin
password for installing VPN Tracker

‣ The connection password (pre-shared key) which is usually

unique for each connection, but shared by all users of a
connection

‣ The XAUTH password and username are used to identify

your VPN connection among all users connecting with the
same pre-shared key

Encryption

An encryption algorithm is a method of converting a plaintext
message into an alternate ciphertext message using a known
key. The ciphertext message contains all the information of the
plaintext message, but is not in a format readable by a human
or computer. The ciphertext message can be decrypted to the
original plaintext message using the same key used for
encryption. For IPsec connections, both participants of the
connection compute a secret key during connection

establishment which is later used to encrypt and decrypt the
packets.

There are several algorithms available for encryption purposes.
The older ones (like

DES) are considered to be breakable in

principle, so it is recommended to use either

3DES or AES.

AES (Advanced Encryption Standard) is a symmetric block
cipher algorithm approved by the Federal Information
Processing Standard (FIPS) for use by U.S. Government
organizations (and others) to protect sensitive information. It
was originally developed under the name "Rijndael" as a
candidate algorithm for a worldwide competition to develop a
new encryption technique that can be used to protect
sensitive information in federal computer systems. The
competition was organized by the U.S. National Institute of
Standards and Technology (NIST) and the U.S. Commerce
Department's Technology Administration. VPN Tracker
implements the AES algorithm with key lengths of 128, 192 and
256 bits for encrypting ISAKMP and IPsec packets.

Tunnel Lifetimes

An interesting aspect of Phase 1 and Phase 2 tunnels are their
respective lifetimes. Each SA has an explicit lifetime, after which
it expires. This means that a long-lived Phase 1 tunnel can be
used to establish multiple short-lived Phase 2 tunnels. The only
requirement is that both peers use the same lifetime for a
certain SA.

44