The CEQURUX VPN Gateway is normally integrated with the CEQURUX Firewall, but may operate independently of the firewall if required. The administrator configures each VPN Gateway with the destination addresses of the peer gateways at the remote locations, the cipher to be used, the network addresses to be routed over the tunnel, and then imports the public key of the peer.

Traffic destined for the remote network is automatically routed, the payload is compressed and encrypted and then sent to the destination VPN Gateway. The remote VPN Gateway decrypts the packet, uncompresses the payload and forwards the packet to the destination host. Ciphers can be selected and compression can be enabled or disabled on a per-tunnel basis.