IPsec VPN is one of the two most common types of virtual private networks that are in use today, with the other one being SSL VPNs. It’s a secure communications solution based on Internet Protocol Security – hence the name. A good rule of thumb for identifying IPSec (also called IPS) VPNs is that anything with a full-fledged client app installed on your computer, smartphone, or Tesla Dashboard is an IPSec-based solution.
In this day and age, end-to-end encryption also usually happens between your browser and the servers hosting whatever websites you’re visiting. But that cryptographic lock – happening in the so-called “Secure Sockets Layer” (SSL) – is entirely different. Most importantly, it doesn’t protect your privacy from your Internet provider, at least not completely. For that, you’ll need an IPsec VPN.
A game of IPsecond-guessing computer identities
IPsec is one of many internetworking technologies (or layers) that served as both precursors and building blocks to the World Wide Web we know today, not to mention countless intranets utilizing the same tech. And as is the case with most of those foundations, the standard was developed with Uncle Sam’s cash. Or better said: Uncle Sam’s Doc Brown-lookalike nerd of a son’s allowance.
You see, it was DARPA that sponsored the original research into the theory of what will later become known as IPsec. The effort started back in the early ‘70s with ARPANET encryption devices which eventually led to the Simple Internet Protocol Plus (SIPP) project some 20 years later. By 1995, the Internet Engineering Task Force — better known as those non-profit folks who decide what is and isn’t considered “the Internet” — managed to frame the undertaking as an open-source suite of security tools called IPsec. Of course, that’s a gross oversimplification of one of the biggest technological achievements since semiconductors became a thing, but it will do for understanding how modern IPsec VPNs operate, which is our main goal here.
How IPsec secures communications
IPSec essentially protects end-to-end communications on a fundamental level by making sure a given pair of hosts trying to talk to one another isn’t being listened to or having their messages intercepted. Sounds familiar? That’s because we’re describing a basic virtual private network – on a conceptual level, at least. In fact, the simplest form of peer-to-peer VPNs is based on IPsec to this day.
The protocols themselves are cryptography one-on-one, and by that, we mean “incredibly complicated to explain past the concept of a cipher and black magic. But let’s try: every host-client connection is assigned a key based on an enormous number of factors, with that code being unique and impossible to brute-force calculate in practice. The state of this lock-and-key info being agreed between servers is known as a Security Association (SA). This is the basis for all further P2P communications on the established connection. The actual mediation process leading to SA being achieved is handled by an IPsec protocol called Internet Key Exchange (IKE). Note that all of the above happens in milliseconds. Well, unless you have Mediacom broadband; then it’s closer to two earth rotations.
That’s the gist of it, though it doesn’t cover why IPsec can simultaneously be such a great idea for a P2P VPN and such a bad, fundamentally unimplementable solution in the broader context of network clusters known as the Internet. For that, you’ll need to understand what’s an SSL VPN, and how it differs from IPsec.