VPN concentrator and a VPN server

A VPN usually consists of two components: a VPN concentrator and a VPN server. The VPN concentrator generally receives packets on the  OSI Layer 2, 3 or 4, encapsulates and encrypts the packets into network frames, and then sends the network frames to the VPN server via public networks. The VPN server receives the network frames, decrypts and decapsulates the network frames into the original packets, and then sends the original packets to the destination computer. Similar things happen to the returning traffic. People on public networks may capture the packets, but they cannot decrypt the network frames. The network traffic is protected by this process. Internet Protocol Security (IPsec) is one of the VPN technologies and is a suite of protocols. It receives packets on the OSI Layer 3 (IP Layer) and secures the packets inside the IP layer. IPsec uses Internet Key Exchange (IKE) protocol to generate security keys and to handle security key exchange between the VPN server and the VPN concentrator, and uses Authentication Header (AH) or Encapsulating Security Payload (ESP) to encrypt and to protect IP packets. IPsec has strong security and it has already been integrated into the next generation network (IPv6). Layer 2 Tunneling Protocol (L2TP) is one of VPN protocols. It receives packets on the OSI Layer 2 (Data Link Layer) and secures the packets inside the OSI Layer 5 (Session Layer). It does not provide strong authentication method by itself and often the L2TP packets are sent inside IPsec for a better security. Compared with current VPN technologies, a VPN that transfers Layer 2 packets has a better range of applications as it can transfer almost all kinds of Internet packets: IP packets, non-IP packets (such as IPX packets) and Layer 2 packets (such as PPP packets [39]). This thesis focuses on VPN technologies that transfer Layer 2 packets.