VPN Gateway security
IPsec
VPN Gateway employs IPsec for secure data transmission.
IPsec (Internet Protocol Security) is a suite of protocols designed to secure network traffic by authenticating and encrypting each IP packet within a communication session. It operates at the network layer, securing data transfer over untrusted networks. IPsec provides essential security services including data confidentiality through encryption, data integrity through hashing, and authentication of data origin.
Authentication
Pre-shared keys (PSKs) are used to authenticate the VPN connections.
A PSK is a secret key that is automatically generated by the service, and configured and shared between the VPN Gateways at both ends of the connection. The PSK enables authenticating the VPN session and is a requirement to establish the VPN tunnel. Both endpoints use the shared key to authenticate one other, ensuring both are trusted parties.
Encryption and data integrity
Traffic in VPN tunnels is encrypted with AES128 or AES256. The following algorithms are available:
aes128aes256aes128gcm128aes256gcm128
The following integrity algorithms are supported:
sha256sha384sha512
The following Diffie-Hellman groups (DH groups) are supported:
MODP
- Diffie-Hellman Group 14 (2048-bit)
- Diffie-Hellman Group 16 (4096-bit)
- Diffie-Hellman Group 18 (8192-bit)
ECDSA
- Diffie-Hellman Group 19 (256-bit)
- Diffie-Hellman Group 20 (384-bit)
- Diffie-Hellman Group 21 (521-bit)
Internet Key Exchange
Only IKEv2 (Internet Key Exchange) is supported. IKEv1 is not supported.
Compatible endpoints
Most VPN endpoints are compatible with UpCloud VPN service. See a list of known compatible endpoints.