IPsec VPN

Encryption

• AES (Advanced Encryption Standard): A powerful, fast, and widely used modern encryption algorithm; supports key lengths of 128, 192, and 256 bits.
• CAMELLIA: A symmetric encryption algorithm from Japan with security levels similar to AES; suitable for both software and hardware.
• NULL_ENC: A mode with no encryption; used only for authentication or testing purposes. It does not provide real data confidentiality.
• SERPENT: One of the finalists in the AES competition; highly secure but slightly slower than AES.
• TWOFISH: Another AES finalist; strong in both speed and flexibility, especially preferred in embedded systems.

Authentication

• MD5: Produces a 128-bit hash; fast but considered weak today and not recommended for security.
• SHA1: Produces a 160-bit hash; more secure than MD5 but can be broken by modern attacks.
• SHA256 / SHA384 / SHA512: Belong to the SHA-2 family; produce strong hashes of 256, 384, and 512 bits respectively, and are widely preferred today.
• AES: Primarily an encryption algorithm, but can also be used for authentication in modes like AES-XCBC in IPsec.

WildCard ID Support

Provides flexible definitions during authentication in IPsec VPN configurations. Instead of defining each client separately in scenarios with many clients, wildcard characters (*, ?) can be used to accept multiple clients under a single definition.

NAT Traversal Support

Prevents NAT devices from modifying IPsec packets, ensuring the proper functioning of VPN connections. IPsec packets are encapsulated in UDP and sent over port 4500, preventing issues caused by NAT devices.

PKI - Public Key Infrastructure Support

PKI Support provides secure authentication and encryption in IPsec VPN using digital certificates and keys. This enhances the security of the connection.

PSK - Pre-Shared Key Support

PSK Support provides secure connections in IPsec VPN by using a pre-defined shared key for authentication.