The VPN is established as follows:
- Each VPN Gateway is assigned a 2048-bit RSA private key on installation using a cryptographically strong random number generator.
- A secure tunnel is established between two VPN Gateways with strong authentication provided by Diffie-Hellman key exchange mechanisms.
- Once a tunnel is established, all data traveling between the two VPN Gateways is compressed (optional) and encrypted using a predefined cipher, and sent across the Internet to the peer Gateway.
- Key changes can be forced at regular intervals.
The available ciphers are:
- IDEA
- Blowfish
- Twofish
- DES
- 3DES
- SAFER SK128
- GOST
- RC2, RC4 and RC5
The CEQURUX VPN Gateway supports a unique distributed DNS system whereby DNS requests are securely tunneled between geographically remote domain name servers servicing the same domain. This allows administrators to maintain separate tables of hosts in the same domain without duplication of host entries, but ensures integrity in terms of name to IP address mapping throughout the VPN.
The CEQURUX VPN Gateway may be administered remotely using the same Windows-based administration tool used for the CEQURUX Firewall. Using this friendly but sophisticated GUI, all VPN management may be transacted completely securely.
The CEQURUX VPN Gateway ships on a CDROM with postscript and HTML softcopy documentation. The software installs easily onto a PC with the following minimum configuration:
- Pentium processor (200Mhz or faster)
- 32MB RAM
- 2GB disk
- 2 Ethernet Network Interface Cards
The CEQURUX VPN Gateway is an integrated component of CEQURUX Firewall software but is also available as a separate product.
