IPsec - Internet Protocol Security =================================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is IPsec (Inside VPN)?** IPsec (Internet Protocol Security) is a suite of protocols that provides encryption, authentication, and integrity for IP traffic. When used inside a VPN, IPsec works with tunneling protocols (like L2TP or IKEv2) to create secure, encrypted tunnels over public networks. Think of it as a secure tunnel that wraps and protects all your data as it travels across the internet. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is IPsec important inside VPN?** * **Data Confidentiality** – Encrypts entire IP packets to prevent unauthorized access. * **Data Integrity** – Ensures that tunneled data hasn’t been altered during transit. * **Authentication** – Verifies the identity of both VPN endpoints. * **Tunnel Protection** – Secures the entire communication path between networks or users. * **Mobility & NAT Support** – Works well with mobile users and NAT traversal. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How IPsec works inside VPN (in simple steps):** * **Tunnel Setup** – A VPN tunnel is established using a tunneling protocol (e.g., L2TP or IKEv2). * **Negotiation** – IPsec negotiates encryption/authentication parameters using IKE. * **Authentication** – Endpoints authenticate using pre-shared keys or certificates. * **Encryption & Integrity** – The entire IP packet is encrypted and signed. * **Transmission & Decryption** – Encrypted packets are sent through the tunnel and decrypted at the other end. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is IPsec used?** * **Site-to-Site VPNs** – Securely connects branch offices over the internet. * **Remote Access VPNs** – Allows users to securely access internal networks from anywhere. * **Cloud Connectivity** – Secures traffic between on-prem and cloud environments. * **Geo-Restriction Bypass** – Enables access to region-restricted content securely. * **BYOD Security** – Protects enterprise data on employee-owned devices. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI Layer does this protocol belong to?** * IPsec secures entire IP packets, regardless of the application or transport protocol. * It operates below the transport layer (TCP/UDP) and above the data link layer, making it part of the **Network Layer (Layer 3)**. * This allows IPsec to secure all traffic within the VPN tunnel, not just specific applications. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`IPsec Version&RFC Details ` * :ref:`IPsec Basic Setup on Ubuntu using IPv4 ` * :ref:`IPsec Basic Setup on Ubuntu using IPv6 ` * :ref:`IPsec Protocol Packet Details ` * :ref:`IPsec Usecases ` * :ref:`IPsec Basic Features ` * :ref:`IPsec Feature : Encryption ` * :ref:`IPsec Feature : Authentication ` * :ref:`IPsec Feature : Integrity Checking ` * :ref:`IPsec Feature : Tunneling and Transport Modes ` * :ref:`IPsec Feature : Key Exchange (IKE/IKEv2) ` * :ref:`IPsec Feature : Security Associations (SAs) ` * :ref:`IPsec Feature : Protocol Support (ESP & AH) ` * :ref:`IPsec Feature : NAT Traversal ` * :ref:`IPsec Feature : Replay Protection ` * :ref:`IPsec Feature : Flexible Algorithm Support ` * :ref:`Reference links ` .. _IPsec_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _IPsec_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _IPsec_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _IPsec_step5: .. tab-set:: .. tab-item:: IPsec Version&RFC Details .. csv-table:: :file: ./IPsec/IPsec_Version&RFC_Details.csv :widths: 10,10,10,30 :header-rows: 1 .. _IPsec_step20: .. tab-set:: .. tab-item:: IPsec Basic Setup on Ubuntu using IPv4 **Setup** .. _IPsec_step21: .. tab-set:: .. tab-item:: IPsec Basic Setup on Ubuntu using IPv6 **Setup** .. _IPsec_step6: .. tab-set:: .. tab-item:: IPsec Protocol Packet Details **Tunnel Mode with AH** .. csv-table:: :file: ./IPsec/IPsec_packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **Tunnel Mode with ESP** .. csv-table:: :file: ./IPsec/IPsec_packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 .. _IPsec_step7: .. tab-set:: .. tab-item:: IPsec Usecases .. csv-table:: :file: ./IPsec/IPsec_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _IPsec_step8: .. tab-set:: .. tab-item:: IPsec Basic Features .. csv-table:: :file: ./IPsec/IPsec_Basic_Features.csv :widths: 10,10,30 :header-rows: 1 .. _IPsec_step9: .. tab-set:: .. tab-item:: IPsec Feature : Encryption **Encryption - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature1_Encryption_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step10: .. tab-set:: .. tab-item:: IPsec Feature : Authentication **Authentication - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature2_Authentication_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step11: .. tab-set:: .. tab-item:: IPsec Feature : Integrity Checking **Integrity Checking - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature3_Integrity_Checking_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step12: .. tab-set:: .. tab-item:: IPsec Feature : Tunneling and Transport Modes **Tunneling and Transport Modes - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature4_Tunneling_and_Transport_Modes_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step13: .. tab-set:: .. tab-item:: IPsec Feature : Key Exchange (IKE/IKEv2) **Key Exchange (IKE/IKEv2) - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature5_Key_Exchange(IKE_IKEv2)_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step14: .. tab-set:: .. tab-item:: IPsec Feature : Security Associations (SAs) **Security Associations (SAs) - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature6_Security_Associations(SAs)_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step15: .. tab-set:: .. tab-item:: IPsec Feature : Protocol Support (ESP & AH) **Protocol Support (ESP & AH) - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature7_Protocol_Support(ESP&AH)_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step16: .. tab-set:: .. tab-item:: IPsec Feature : NAT Traversal **NAT Traversal - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature8_NAT_Traversal_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step17: .. tab-set:: .. tab-item:: IPsec Feature : Replay Protection **Replay Protection - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature9_Replay_Protection_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step18: .. tab-set:: .. tab-item:: IPsec Feature : Flexible Algorithm Support **Flexible Algorithm Support - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature10_Flexible_Algorithm_Support_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step19: .. tab-set:: .. tab-item:: Reference links * Reference links