RA VPN using L2TP/IPsec with X.509 certificates
The following figure shows a conceptual diagram of how digital signatures work.
- Peers A and B are communicating. A has a public key and a private key. A gives her public key to B.
- A “signs” (encrypts) a message using her private key and sends the signed (encrypted) message to B.
- B can “verify” the signature by decrypting it using A's public key and checking the result against the original message.
Therefore, B can authenticate A by asking A to sign a message and then verifying the signature using A's public key. Since A's private key is only known to A, only A can create a signature that can be verified using A's public key.
One problem with this authentication scheme is that B cannot know whether the public key he obtained is in fact A's public key. For example, in the following figure, a malicious attacker C pretends to be A and gives B a different public key.
In practice, this problem is solved by using a Public Key Infrastructure (PKI), which is based on a trusted third party, the Certificate Authority (CA). The CA can be either a commercial CA, such as Verisign, or a CA set up internal to the organization. The following figure illustrates conceptually how PKI works.
- Both A and B trust CA.
- A asks the CA to sign a message verifying A’s public key.
- The CA signs the message using its private key, resulting in a “certificate.”
- A gives the certificate to B.
- B can verify the certificate from A (and hence A’s public key) using the CA’s public key.
X.509 is a standard that defines public key certificate formats, revocation, and so on. Given the above scheme, L2TP/IPsec VPN with X.509 certificates works as follows.
- The network admin obtains a certificate signed by a CA for each remote user (A in the example) and distributes it, along with public/private keys for the user, to the user through a secure channel.
- The network admin configures the VPN server (B in the example) with the CA’s public key, among other things.
- When the remote client connects to the VPN server, it presents its certificate.
- The VPN server verifies the certificate using the CA’s public key. If the authentication is successful, the result tells the server the client’s public key.
- The server can then use the client’s public key for authentication as described previously.
- If authentication is successful, the IPsec tunnel is established between the client and server. Then the L2TP and PPP operations are identical to the PSK case described previously.