Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures

This chapter discusses various tunnel approaches as building blocks of virtual private networks (VPNs) and special-purpose routing architectures. Some tunnel approaches result in dedicated virtual interfaces at the UNIX level; others that usually reside outside the kernel space do not. In addition, this chapter concisely reviews today's predominant tunnel approaches for gateways and PPP sessions and discusses factors to consider when choosing the appropriate technology to accomplish specific design goals.


Although IP Security (IPSec) is discussed thoroughly, neither this chapter nor the entire book elaborates on security aspects and issues per se. Security is too vast a field and justifies an entire publication. If I receive a lot of requests, a second volume (perhaps Integrated Cisco and UNIX Security Architectures) might follow. In addition, please understand that Microsoft PPTP/L2TP implementation issues go beyond both the scope and focus of this book.

This chapter concludes with examples that combine the dynamic routing approaches of the previous chapters with tunnel approaches to add a powerful feature to our toolbox. A significant resource quoted quite frequently in this chapter is the Virtual Private Network Consortium (VPNC, VPNC is an association of VPN product manufacturers. It is active in the area of interoperability and compliance testing with regard to VPN Standards established by the Internet Engineering Task Force (IETF,