Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




19.1. Modes of using encryption and authentication

Two modes of encryption and authentication of a connection are possible:

19.1.1. Transport mode

Transport mode is a real end-to-end connection mode. Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their particular header, while the IP header is not encrypted (but usually included in authentication).

Using AES-128 for encryption and SHA1 for authentication, this mode decreases the MTU by 42 octets.

19.1.2. Tunnel mode

Tunnel mode can be used either for end-to-end or for gateway-to-gateway connection modes. Here, the complete IP packet is being encrypted and gets a new IP header prepended, all together constituing a new IP packet (this mechanism is also known as "encapsulation")

This mode usually decreases the MTU by 40 octets from the MTU of transport mode. I.e. using AES-128 for encryption and SHA1 for authentication 82 octets less than the normal MTU.

  Published under the terms of the GNU General Public License Design by Interspire