Is VPN a layer 3 concept?Cisco ASA site-to-site VPN failoverWhat are the reasons for choosing separate or combined VPN and Internet routers?Placement of firewall for VPN RA and L2L tunnelsHow to failover static ipsec vpn tunnels?Routing from IPSec VPN1 to IPSec VPN2 through HQIPsec tunnel configuration questionVPN connecting offices vs hiding only VPNs (privacy) and their settingsHow to configure a distributed network for the replication?Packets are not being de-capsulated on the ASA end of a VPNWhich VPN Types/Protocols inherently support Multicast Traffic?

Exit shell with shortcut (not typing exit) that closes session properly

Do native speakers use "ultima" and "proxima" frequently in spoken English?

Splitting fasta file into smaller files based on header pattern

Homology of the fiber

Is xar preinstalled on macOS?

10 year ban after applying for a UK student visa

Why is this tree refusing to shed its dead leaves?

Would this string work as string?

Determine voltage drop over 10G resistors with cheap multimeter

CLI: Get information Ubuntu releases

Should a narrator ever describe things based on a characters view instead of fact?

How much propellant is used up until liftoff?

What is the difference between something being completely legal and being completely decriminalized?

Why do I have a large white artefact on the rendered image?

Align centered, ragged right and ragged left in align environment

Would it be believable to defy demographics in a story?

Why doesn't the fusion process of the sun speed up?

Print a physical multiplication table

Inhabiting Mars versus going straight for a Dyson swarm

Have any astronauts/cosmonauts died in space?

What is it called when someone votes for an option that's not their first choice?

Asserting that Atheism and Theism are both faith based positions

When should a starting writer get his own webpage?

Knife as defense against stray dogs



Is VPN a layer 3 concept?


Cisco ASA site-to-site VPN failoverWhat are the reasons for choosing separate or combined VPN and Internet routers?Placement of firewall for VPN RA and L2L tunnelsHow to failover static ipsec vpn tunnels?Routing from IPSec VPN1 to IPSec VPN2 through HQIPsec tunnel configuration questionVPN connecting offices vs hiding only VPNs (privacy) and their settingsHow to configure a distributed network for the replication?Packets are not being de-capsulated on the ASA end of a VPNWhich VPN Types/Protocols inherently support Multicast Traffic?













1















From Tanenbaum's Computer Network




This demand soon led to the invention of VPNs (Virtual Private Networks),
which are overlay networks on top of public networks but with most of the properties of private networks.



One popular approach is to build VPNs directly over the Internet. A
common design is to equip each office with a firewall and create
tunnels through the Internet between all pairs of offices. ... When
the system is brought up, each pair of firewalls has to negotiate the
parameters of its SA, including the services, modes, algorithms, and
keys. If IPsec is used for the tunneling, it is possible to aggregate
all traffic between any two pairs of offices onto a single
authenticated, encrypted SA, thus providing in- tegrity control,
secrecy, and even considerable immunity to traffic analysis. Many
firewalls have VPN capabilities built in. Some ordinary routers can do
this as well, but since firewalls are primarily in the security
business, it is natural to have the tunnels begin and end at the
firewalls, providing a clear separation between the company and the
Internet. Thus, firewalls, VPNs, and IPsec with ESP in tunnel mode are
a natural combination and widely used in practice.
Once the SAs have
been established, traffic can begin flowing. To a router within the
Internet, a packet traveling along a VPN tunnel is just an ordinary
packet.
The only thing unusual about it is the presence of the IPsec
header after the IP header, but since these extra headers have no
effect on the forwarding process, the routers do not care about this
extra header.



Another approach that is gaining popularity is to have the ISP set up
the VPN. Using MPLS (as discussed in Chap. 5), paths for the VPN
traffic can be set up across the ISP network between the company
offices. These paths keep the VPN traffic separate from other Internet
traffic and can be guaranteed a certain amount of bandwidth or other
quality of service.




  1. Is VPN a layer 3 or 5 concept? (seems to me yes?)


  2. Do both approaches in the quote to build VPNs are layer 3
    approaches? (Seems to me yes, because the technologies involved to built VPNs seem to be layer 3)


  3. Does openvpn use the server-client model and therefore a layer
    5 approach to build VPNs? How do a openvpn server and client work
    together to build a VPN? I can't figure it out based on the two
    approaches in the book.


  4. Similar questions for SSH VPN to those for openvpn.


Thanks.










share|improve this question


























    1















    From Tanenbaum's Computer Network




    This demand soon led to the invention of VPNs (Virtual Private Networks),
    which are overlay networks on top of public networks but with most of the properties of private networks.



    One popular approach is to build VPNs directly over the Internet. A
    common design is to equip each office with a firewall and create
    tunnels through the Internet between all pairs of offices. ... When
    the system is brought up, each pair of firewalls has to negotiate the
    parameters of its SA, including the services, modes, algorithms, and
    keys. If IPsec is used for the tunneling, it is possible to aggregate
    all traffic between any two pairs of offices onto a single
    authenticated, encrypted SA, thus providing in- tegrity control,
    secrecy, and even considerable immunity to traffic analysis. Many
    firewalls have VPN capabilities built in. Some ordinary routers can do
    this as well, but since firewalls are primarily in the security
    business, it is natural to have the tunnels begin and end at the
    firewalls, providing a clear separation between the company and the
    Internet. Thus, firewalls, VPNs, and IPsec with ESP in tunnel mode are
    a natural combination and widely used in practice.
    Once the SAs have
    been established, traffic can begin flowing. To a router within the
    Internet, a packet traveling along a VPN tunnel is just an ordinary
    packet.
    The only thing unusual about it is the presence of the IPsec
    header after the IP header, but since these extra headers have no
    effect on the forwarding process, the routers do not care about this
    extra header.



    Another approach that is gaining popularity is to have the ISP set up
    the VPN. Using MPLS (as discussed in Chap. 5), paths for the VPN
    traffic can be set up across the ISP network between the company
    offices. These paths keep the VPN traffic separate from other Internet
    traffic and can be guaranteed a certain amount of bandwidth or other
    quality of service.




    1. Is VPN a layer 3 or 5 concept? (seems to me yes?)


    2. Do both approaches in the quote to build VPNs are layer 3
      approaches? (Seems to me yes, because the technologies involved to built VPNs seem to be layer 3)


    3. Does openvpn use the server-client model and therefore a layer
      5 approach to build VPNs? How do a openvpn server and client work
      together to build a VPN? I can't figure it out based on the two
      approaches in the book.


    4. Similar questions for SSH VPN to those for openvpn.


    Thanks.










    share|improve this question
























      1












      1








      1


      1






      From Tanenbaum's Computer Network




      This demand soon led to the invention of VPNs (Virtual Private Networks),
      which are overlay networks on top of public networks but with most of the properties of private networks.



      One popular approach is to build VPNs directly over the Internet. A
      common design is to equip each office with a firewall and create
      tunnels through the Internet between all pairs of offices. ... When
      the system is brought up, each pair of firewalls has to negotiate the
      parameters of its SA, including the services, modes, algorithms, and
      keys. If IPsec is used for the tunneling, it is possible to aggregate
      all traffic between any two pairs of offices onto a single
      authenticated, encrypted SA, thus providing in- tegrity control,
      secrecy, and even considerable immunity to traffic analysis. Many
      firewalls have VPN capabilities built in. Some ordinary routers can do
      this as well, but since firewalls are primarily in the security
      business, it is natural to have the tunnels begin and end at the
      firewalls, providing a clear separation between the company and the
      Internet. Thus, firewalls, VPNs, and IPsec with ESP in tunnel mode are
      a natural combination and widely used in practice.
      Once the SAs have
      been established, traffic can begin flowing. To a router within the
      Internet, a packet traveling along a VPN tunnel is just an ordinary
      packet.
      The only thing unusual about it is the presence of the IPsec
      header after the IP header, but since these extra headers have no
      effect on the forwarding process, the routers do not care about this
      extra header.



      Another approach that is gaining popularity is to have the ISP set up
      the VPN. Using MPLS (as discussed in Chap. 5), paths for the VPN
      traffic can be set up across the ISP network between the company
      offices. These paths keep the VPN traffic separate from other Internet
      traffic and can be guaranteed a certain amount of bandwidth or other
      quality of service.




      1. Is VPN a layer 3 or 5 concept? (seems to me yes?)


      2. Do both approaches in the quote to build VPNs are layer 3
        approaches? (Seems to me yes, because the technologies involved to built VPNs seem to be layer 3)


      3. Does openvpn use the server-client model and therefore a layer
        5 approach to build VPNs? How do a openvpn server and client work
        together to build a VPN? I can't figure it out based on the two
        approaches in the book.


      4. Similar questions for SSH VPN to those for openvpn.


      Thanks.










      share|improve this question














      From Tanenbaum's Computer Network




      This demand soon led to the invention of VPNs (Virtual Private Networks),
      which are overlay networks on top of public networks but with most of the properties of private networks.



      One popular approach is to build VPNs directly over the Internet. A
      common design is to equip each office with a firewall and create
      tunnels through the Internet between all pairs of offices. ... When
      the system is brought up, each pair of firewalls has to negotiate the
      parameters of its SA, including the services, modes, algorithms, and
      keys. If IPsec is used for the tunneling, it is possible to aggregate
      all traffic between any two pairs of offices onto a single
      authenticated, encrypted SA, thus providing in- tegrity control,
      secrecy, and even considerable immunity to traffic analysis. Many
      firewalls have VPN capabilities built in. Some ordinary routers can do
      this as well, but since firewalls are primarily in the security
      business, it is natural to have the tunnels begin and end at the
      firewalls, providing a clear separation between the company and the
      Internet. Thus, firewalls, VPNs, and IPsec with ESP in tunnel mode are
      a natural combination and widely used in practice.
      Once the SAs have
      been established, traffic can begin flowing. To a router within the
      Internet, a packet traveling along a VPN tunnel is just an ordinary
      packet.
      The only thing unusual about it is the presence of the IPsec
      header after the IP header, but since these extra headers have no
      effect on the forwarding process, the routers do not care about this
      extra header.



      Another approach that is gaining popularity is to have the ISP set up
      the VPN. Using MPLS (as discussed in Chap. 5), paths for the VPN
      traffic can be set up across the ISP network between the company
      offices. These paths keep the VPN traffic separate from other Internet
      traffic and can be guaranteed a certain amount of bandwidth or other
      quality of service.




      1. Is VPN a layer 3 or 5 concept? (seems to me yes?)


      2. Do both approaches in the quote to build VPNs are layer 3
        approaches? (Seems to me yes, because the technologies involved to built VPNs seem to be layer 3)


      3. Does openvpn use the server-client model and therefore a layer
        5 approach to build VPNs? How do a openvpn server and client work
        together to build a VPN? I can't figure it out based on the two
        approaches in the book.


      4. Similar questions for SSH VPN to those for openvpn.


      Thanks.







      vpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 4 hours ago









      TimTim

      423416




      423416




















          2 Answers
          2






          active

          oldest

          votes


















          4














          There are layer-2 and layer-3 VPNs. "VPN" is a term used for a tunnel combined with encryption.



          A tunneling interface encapsulates an inner packet (or frame) in an outer packet. This inner packet is then transported to the far tunnel end, according to the outer packet, and decapsulated again. For the inner packet the tunnel looks like a direct connection, regardless of the path of the outer packet.



          Tunneling somewhat defies the strict OSI layering. Usually, layer-3 packets are tunneled over layer 3 (IPsec) or layer 4 (TCP or UDP). An L3 tunnel routes between two networks.



          When layer-2 frames are tunneled, the networks are bridged together.



          OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption. SSH has an inherent tunneling mechanism for arbitrary connections including port forwarding.






          share|improve this answer

























          • Thanks. "OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption". Do you mean the protocols from top to bottom are: VPN, SSL, UDP/TCP?

            – Tim
            1 hour ago











          • VPN is not a protocol. OpenVPN uses UDP or TCP with SSL and tunnels IP within.

            – Zac67
            52 mins ago











          • Thanks. Are protocols from top to bottom (one encapsulate the one below) are: IP, SSL, UDP/TCP?

            – Tim
            47 mins ago












          • If you insist: IP encapsulated in UDP/SSL over IP is the most common variant (OpenVPN also supports L2 VPN, SSL is more or less a TCP or UDP option).

            – Zac67
            11 mins ago


















          1















          Is VPN a layer 3 or 5 concept? (seems to me yes?)




          It's both. And it's others. The VPN software is layers 5-7, whilst commonly L3 routing is used to direct packets trough the VPN. Note that layers generally break down above layer 3; there's fuzzy boundaries.




          Does openvpn use the server-client model and therefore a layer 5 approach to build VPNs?




          Yes, but the result is a layer 3 tunnel. You have to differentiate between the tunnel and the software that builds it, and how traffic trough the tunnel is handled.



          Note that OpenVPN may run in L2 mode as well, commonly known as tap device.






          share|improve this answer








          New contributor




          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.




















          • Thanks. WHat is the tunnelling protocol provided by openvpn?

            – Tim
            1 hour ago











          • Many. As L2 tunnel? Whatever you care to throw at it.

            – vidarlo
            1 hour ago










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "496"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f57734%2fis-vpn-a-layer-3-concept%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          4














          There are layer-2 and layer-3 VPNs. "VPN" is a term used for a tunnel combined with encryption.



          A tunneling interface encapsulates an inner packet (or frame) in an outer packet. This inner packet is then transported to the far tunnel end, according to the outer packet, and decapsulated again. For the inner packet the tunnel looks like a direct connection, regardless of the path of the outer packet.



          Tunneling somewhat defies the strict OSI layering. Usually, layer-3 packets are tunneled over layer 3 (IPsec) or layer 4 (TCP or UDP). An L3 tunnel routes between two networks.



          When layer-2 frames are tunneled, the networks are bridged together.



          OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption. SSH has an inherent tunneling mechanism for arbitrary connections including port forwarding.






          share|improve this answer

























          • Thanks. "OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption". Do you mean the protocols from top to bottom are: VPN, SSL, UDP/TCP?

            – Tim
            1 hour ago











          • VPN is not a protocol. OpenVPN uses UDP or TCP with SSL and tunnels IP within.

            – Zac67
            52 mins ago











          • Thanks. Are protocols from top to bottom (one encapsulate the one below) are: IP, SSL, UDP/TCP?

            – Tim
            47 mins ago












          • If you insist: IP encapsulated in UDP/SSL over IP is the most common variant (OpenVPN also supports L2 VPN, SSL is more or less a TCP or UDP option).

            – Zac67
            11 mins ago















          4














          There are layer-2 and layer-3 VPNs. "VPN" is a term used for a tunnel combined with encryption.



          A tunneling interface encapsulates an inner packet (or frame) in an outer packet. This inner packet is then transported to the far tunnel end, according to the outer packet, and decapsulated again. For the inner packet the tunnel looks like a direct connection, regardless of the path of the outer packet.



          Tunneling somewhat defies the strict OSI layering. Usually, layer-3 packets are tunneled over layer 3 (IPsec) or layer 4 (TCP or UDP). An L3 tunnel routes between two networks.



          When layer-2 frames are tunneled, the networks are bridged together.



          OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption. SSH has an inherent tunneling mechanism for arbitrary connections including port forwarding.






          share|improve this answer

























          • Thanks. "OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption". Do you mean the protocols from top to bottom are: VPN, SSL, UDP/TCP?

            – Tim
            1 hour ago











          • VPN is not a protocol. OpenVPN uses UDP or TCP with SSL and tunnels IP within.

            – Zac67
            52 mins ago











          • Thanks. Are protocols from top to bottom (one encapsulate the one below) are: IP, SSL, UDP/TCP?

            – Tim
            47 mins ago












          • If you insist: IP encapsulated in UDP/SSL over IP is the most common variant (OpenVPN also supports L2 VPN, SSL is more or less a TCP or UDP option).

            – Zac67
            11 mins ago













          4












          4








          4







          There are layer-2 and layer-3 VPNs. "VPN" is a term used for a tunnel combined with encryption.



          A tunneling interface encapsulates an inner packet (or frame) in an outer packet. This inner packet is then transported to the far tunnel end, according to the outer packet, and decapsulated again. For the inner packet the tunnel looks like a direct connection, regardless of the path of the outer packet.



          Tunneling somewhat defies the strict OSI layering. Usually, layer-3 packets are tunneled over layer 3 (IPsec) or layer 4 (TCP or UDP). An L3 tunnel routes between two networks.



          When layer-2 frames are tunneled, the networks are bridged together.



          OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption. SSH has an inherent tunneling mechanism for arbitrary connections including port forwarding.






          share|improve this answer















          There are layer-2 and layer-3 VPNs. "VPN" is a term used for a tunnel combined with encryption.



          A tunneling interface encapsulates an inner packet (or frame) in an outer packet. This inner packet is then transported to the far tunnel end, according to the outer packet, and decapsulated again. For the inner packet the tunnel looks like a direct connection, regardless of the path of the outer packet.



          Tunneling somewhat defies the strict OSI layering. Usually, layer-3 packets are tunneled over layer 3 (IPsec) or layer 4 (TCP or UDP). An L3 tunnel routes between two networks.



          When layer-2 frames are tunneled, the networks are bridged together.



          OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption. SSH has an inherent tunneling mechanism for arbitrary connections including port forwarding.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 2 hours ago

























          answered 3 hours ago









          Zac67Zac67

          31.2k21961




          31.2k21961












          • Thanks. "OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption". Do you mean the protocols from top to bottom are: VPN, SSL, UDP/TCP?

            – Tim
            1 hour ago











          • VPN is not a protocol. OpenVPN uses UDP or TCP with SSL and tunnels IP within.

            – Zac67
            52 mins ago











          • Thanks. Are protocols from top to bottom (one encapsulate the one below) are: IP, SSL, UDP/TCP?

            – Tim
            47 mins ago












          • If you insist: IP encapsulated in UDP/SSL over IP is the most common variant (OpenVPN also supports L2 VPN, SSL is more or less a TCP or UDP option).

            – Zac67
            11 mins ago

















          • Thanks. "OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption". Do you mean the protocols from top to bottom are: VPN, SSL, UDP/TCP?

            – Tim
            1 hour ago











          • VPN is not a protocol. OpenVPN uses UDP or TCP with SSL and tunnels IP within.

            – Zac67
            52 mins ago











          • Thanks. Are protocols from top to bottom (one encapsulate the one below) are: IP, SSL, UDP/TCP?

            – Tim
            47 mins ago












          • If you insist: IP encapsulated in UDP/SSL over IP is the most common variant (OpenVPN also supports L2 VPN, SSL is more or less a TCP or UDP option).

            – Zac67
            11 mins ago
















          Thanks. "OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption". Do you mean the protocols from top to bottom are: VPN, SSL, UDP/TCP?

          – Tim
          1 hour ago





          Thanks. "OpenVPN uses SSL VPN over UDP or TCP (layer 4) with SSL encryption". Do you mean the protocols from top to bottom are: VPN, SSL, UDP/TCP?

          – Tim
          1 hour ago













          VPN is not a protocol. OpenVPN uses UDP or TCP with SSL and tunnels IP within.

          – Zac67
          52 mins ago





          VPN is not a protocol. OpenVPN uses UDP or TCP with SSL and tunnels IP within.

          – Zac67
          52 mins ago













          Thanks. Are protocols from top to bottom (one encapsulate the one below) are: IP, SSL, UDP/TCP?

          – Tim
          47 mins ago






          Thanks. Are protocols from top to bottom (one encapsulate the one below) are: IP, SSL, UDP/TCP?

          – Tim
          47 mins ago














          If you insist: IP encapsulated in UDP/SSL over IP is the most common variant (OpenVPN also supports L2 VPN, SSL is more or less a TCP or UDP option).

          – Zac67
          11 mins ago





          If you insist: IP encapsulated in UDP/SSL over IP is the most common variant (OpenVPN also supports L2 VPN, SSL is more or less a TCP or UDP option).

          – Zac67
          11 mins ago











          1















          Is VPN a layer 3 or 5 concept? (seems to me yes?)




          It's both. And it's others. The VPN software is layers 5-7, whilst commonly L3 routing is used to direct packets trough the VPN. Note that layers generally break down above layer 3; there's fuzzy boundaries.




          Does openvpn use the server-client model and therefore a layer 5 approach to build VPNs?




          Yes, but the result is a layer 3 tunnel. You have to differentiate between the tunnel and the software that builds it, and how traffic trough the tunnel is handled.



          Note that OpenVPN may run in L2 mode as well, commonly known as tap device.






          share|improve this answer








          New contributor




          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.




















          • Thanks. WHat is the tunnelling protocol provided by openvpn?

            – Tim
            1 hour ago











          • Many. As L2 tunnel? Whatever you care to throw at it.

            – vidarlo
            1 hour ago















          1















          Is VPN a layer 3 or 5 concept? (seems to me yes?)




          It's both. And it's others. The VPN software is layers 5-7, whilst commonly L3 routing is used to direct packets trough the VPN. Note that layers generally break down above layer 3; there's fuzzy boundaries.




          Does openvpn use the server-client model and therefore a layer 5 approach to build VPNs?




          Yes, but the result is a layer 3 tunnel. You have to differentiate between the tunnel and the software that builds it, and how traffic trough the tunnel is handled.



          Note that OpenVPN may run in L2 mode as well, commonly known as tap device.






          share|improve this answer








          New contributor




          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.




















          • Thanks. WHat is the tunnelling protocol provided by openvpn?

            – Tim
            1 hour ago











          • Many. As L2 tunnel? Whatever you care to throw at it.

            – vidarlo
            1 hour ago













          1












          1








          1








          Is VPN a layer 3 or 5 concept? (seems to me yes?)




          It's both. And it's others. The VPN software is layers 5-7, whilst commonly L3 routing is used to direct packets trough the VPN. Note that layers generally break down above layer 3; there's fuzzy boundaries.




          Does openvpn use the server-client model and therefore a layer 5 approach to build VPNs?




          Yes, but the result is a layer 3 tunnel. You have to differentiate between the tunnel and the software that builds it, and how traffic trough the tunnel is handled.



          Note that OpenVPN may run in L2 mode as well, commonly known as tap device.






          share|improve this answer








          New contributor




          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.











          Is VPN a layer 3 or 5 concept? (seems to me yes?)




          It's both. And it's others. The VPN software is layers 5-7, whilst commonly L3 routing is used to direct packets trough the VPN. Note that layers generally break down above layer 3; there's fuzzy boundaries.




          Does openvpn use the server-client model and therefore a layer 5 approach to build VPNs?




          Yes, but the result is a layer 3 tunnel. You have to differentiate between the tunnel and the software that builds it, and how traffic trough the tunnel is handled.



          Note that OpenVPN may run in L2 mode as well, commonly known as tap device.







          share|improve this answer








          New contributor




          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          share|improve this answer



          share|improve this answer






          New contributor




          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          answered 2 hours ago









          vidarlovidarlo

          1416




          1416




          New contributor




          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





          New contributor





          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






          vidarlo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.












          • Thanks. WHat is the tunnelling protocol provided by openvpn?

            – Tim
            1 hour ago











          • Many. As L2 tunnel? Whatever you care to throw at it.

            – vidarlo
            1 hour ago

















          • Thanks. WHat is the tunnelling protocol provided by openvpn?

            – Tim
            1 hour ago











          • Many. As L2 tunnel? Whatever you care to throw at it.

            – vidarlo
            1 hour ago
















          Thanks. WHat is the tunnelling protocol provided by openvpn?

          – Tim
          1 hour ago





          Thanks. WHat is the tunnelling protocol provided by openvpn?

          – Tim
          1 hour ago













          Many. As L2 tunnel? Whatever you care to throw at it.

          – vidarlo
          1 hour ago





          Many. As L2 tunnel? Whatever you care to throw at it.

          – vidarlo
          1 hour ago

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Network Engineering Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f57734%2fis-vpn-a-layer-3-concept%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Are there any AGPL-style licences that require source code modifications to be public? Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Force derivative works to be publicAre there any GPL like licenses for Apple App Store?Do you violate the GPL if you provide source code that cannot be compiled?GPL - is it distribution to use libraries in an appliance loaned to customers?Distributing App for free which uses GPL'ed codeModifications of server software under GPL, with web/CLI interfaceDoes using an AGPLv3-licensed library prevent me from dual-licensing my own source code?Can I publish only select code under GPLv3 from a private project?Is there published precedent regarding the scope of covered work that uses AGPL software?If MIT licensed code links to GPL licensed code what should be the license of the resulting binary program?If I use a public API endpoint that has its source code licensed under AGPL in my app, do I need to disclose my source?

          2013 GY136 Descoberta | Órbita | Referências Menu de navegação«List Of Centaurs and Scattered-Disk Objects»«List of Known Trans-Neptunian Objects»

          Mortes em março de 2019 Referências Menu de navegação«Zhores Alferov, Nobel de Física bielorrusso, morre aos 88 anos - Ciência»«Fallece Rafael Torija, o bispo emérito de Ciudad Real»«Peter Hurford dies at 88»«Keith Flint, vocalista do The Prodigy, morre aos 49 anos»«Luke Perry, ator de 'Barrados no baile' e 'Riverdale', morre aos 52 anos»«Former Rangers and Scotland captain Eric Caldow dies, aged 84»«Morreu, aos 61 anos, a antiga lenda do wrestling King Kong Bundy»«Fallece el actor y director teatral Abraham Stavans»«In Memoriam Guillaume Faye»«Sidney Sheinberg, a Force Behind Universal and Spielberg, Is Dead at 84»«Carmine Persico, Colombo Crime Family Boss, Is Dead at 85»«Dirigent Michael Gielen gestorben»«Ciclista tricampeã mundial e prata na Rio 2016 é encontrada morta em casa aos 23 anos»«Pagan Community Notes: Raven Grimassi dies, Indianapolis pop-up event cancelled, Circle Sanctuary announces new podcast, and more!»«Hal Blaine, Wrecking Crew Drummer, Dies at 90»«Morre Coutinho, que editou dupla lendária com Pelé no Santos»«Cantor Demétrius, ídolo da Jovem Guarda, morre em SP»«Ex-presidente do Vasco, Eurico Miranda morre no Rio de Janeiro»«Bronze no Mundial de basquete de 1971, Laís Elena morre aos 76 anos»«Diretor de Corridas da F1, Charlie Whiting morre aos 66 anos às vésperas do GP da Austrália»«Morreu o cardeal Danneels, da Bélgica»«Morreu o cartoonista Augusto Cid»«Morreu a atriz Maria Isabel de Lizandra, de "Vale Tudo" e novelas da Tupi»«WS Merwin, prize-winning poet of nature, dies at 91»«Atriz Márcia Real morre em São Paulo aos 88 anos»«Mauritanie: décès de l'ancien président Mohamed Mahmoud ould Louly»«Morreu Dick Dale, o rei da surf guitar e de "Pulp Fiction"»«Falleció Víctor Genes»«João Carlos Marinho, autor de 'O Gênio do Crime', morre em SP»«Legendary Horror Director and SFX Artist John Carl Buechler Dies at 66»«Morre em Salvador a religiosa Makota Valdina»«مرگ بازیکن‌ سابق نساجی بر اثر سقوط سنگ در مازندران»«Domingos Oliveira morre no Rio»«Morre Airton Ravagniani, ex-São Paulo, Fla, Vasco, Grêmio e Sport - Notícias»«Morre o escritor Flavio Moreira da Costa»«Larry Cohen, Writer-Director of 'It's Alive' and 'Hell Up in Harlem,' Dies at 77»«Scott Walker, experimental singer-songwriter, dead at 76»«Joseph Pilato, Day of the Dead Star and Horror Favorite, Dies at 70»«Sheffield United set to pay tribute to legendary goalkeeper Ted Burgin who has died at 91»«Morre Rafael Henzel, sobrevivente de acidente aéreo da Chapecoense»«Morre Valery Bykovsky, um dos primeiros cosmonautas da União Soviética»«Agnès Varda, cineasta da Nouvelle Vague, morre aos 90 anos»«Agnès Varda, cineasta francesa, morre aos 90 anos»«Tania Mallet, James Bond Actress and Helen Mirren's Cousin, Dies at 77»e