VPN-UPLINK provides a maximum of security to your company
VPN-UPLINK uses an industrial-strength security model designed to protect against both passive and active attacks. VPN-UPLINK's security model is based on using SSL/TLS for session authentication. VPN-UPLINK supports the X.509 PKI (public key infrastructure) for session authentication, the TLS protocol for key exchange, the OpenSSL cipher-independent EVP interface for encrypting tunnel data, and the HMAC-SHA1 algorithm for authenticating tunnel data.
VPN-UPLINK has been rigorously designed and tested to operate robustly on unreliable networks. A major design goal of VPN-UPLINK is that it should be as responsive, in terms of both normal operations and error recovery, as the underlying IP layer that it is tunneling over. That means that if the IP layer goes down for 5 minutes, when it comes back up, tunnel traffic will immediately resume even if the outage interfered with a dynamic key exchange which was scheduled during that time.
All of the crypto is handled by the OpenSSL library!
We use ciphers such as AES-256 (Advanced Encryption Standard with 256 bit key).
An SSL session is established with bidirectional authentication (i.e. each side of the connection must present its own certificate). If the SSL/TLS authentication succeeds, encryption/decryption and HMAC key source material is then randomly generated by OpenSSL's RAND_bytes function and exchanged over the SSL/TLS connection. Both sides of the connection contribute random source material. This mode never uses any key bidirectionally, so each peer has a distinct send HMAC, receive HMAC, packet encrypt, and packet decrypt key.
During SSL/TLS rekeying, there is a transition-window parameter that permits overlap between old and new key usage, so there is no time pressure or latency bottleneck during SSL/TLS renegotiations.
Because SSL/TLS is designed to operate over a reliable transport, VPN-UPLINKprovides a reliable transport layer on top of UDP.