42. Chapter - IPSec Basics

42.1. IPSec

IPSec is a standard for securely connecting local networks over the Internet. IPSec creates virtual private networks (VPN) for this purpose.

IPSec works on the IP level. This means that no changes (such as encryption modules) are required in the programs used. That is why it is also compatible with all TCP/IP based network programs.

IPSec can connect local networks or individual clients with private network addresses over the Internet. For this purpose, the original IP packets are encrypted and packed into new packets. The packets are unpacked, decrypted, checked and forwarded to the recipient.

However, before an encrypted connection can be established, the two connection partners must be sure that the other party is the same person they claim to be (authentication). There are two procedures for this. One is called Pre-Shared Key (PSK) or Shared Secret. Both sides know a common password. The other method uses public-key cryptography.