IPsec Passthrough and VPN Passthrough: What Are They? | Twingate (2024)

Table of Contents
Advantages Disadvantages Advantages Disadvantage FAQs

As an IT administrator, you constantly come across Virtual Private Networks (VPNs). One of the major benefits of using a VPN is that it establishes a safeguard to protect the sensitive data—like medical records or financial transactions—of your organization. VPNs are commonly built on IPsec, a technology that helps to ensure the security of communications over a VPN. Let’s quickly define what VPNs and IPsec are.

A VPN in a business context allows users to access a private network and share sensitive data remotely via public networks such as the internet.

IPsec is a suite of protocols that is used to establish mutual authentication between computers at the beginning of a communications session and to negotiate cryptographic keys during the session.

VPNs are commonly used in small and large enterprises to enable employees to access their corporate network remotely. If your enterprise uses an older protocol such as IPsec or PPTP, a VPN Passthrough is required.

In this article, you will learn what a VPN Passthrough is and why we need them.

A VPN Passthrough is a router feature that allows the device connected to your router to establish what’s known as an outbound VPN connection, which is a connection from your office or home out to the internet.

To understand VPN Passthrough, we need to understand routers first. There are routers that natively support a VPN connection and though it is rare to find nowadays, there are also routers that don’t. In the latter case, a VPN Passthrough is required to allow you to access a remote network.

A VPN Passthrough is a way to connect two secured networks over the internet. VPN Passthrough helps a system behind a firewall of a router to access a remote network. It quite literally allows the VPN traffic to pass through the router, hence why it’s called VPN Passthrough.

These days, it’s uncommon to find modern routers without a passthrough feature already built in. You can enable or disable VPN Passthrough in the router’s management interface. Every router has a different interface so be sure to check out the manual. Most routers enable VPN Passthrough by default.

Before we dig deeper, let’s clarify the difference between a VPN Passthrough and a VPN router, because they’re not the same thing.

  1. VPN Passthrough is a feature on a router that allows VPN traffic to pass through using old VPN protocols.

    See Also
    IKEv2 VPN Protocol Explained: What It Is and How It WorksIPsec: The Complete Guide to How It Works and How to Use It | TwingateHow to Configure a Site-to-Site IPsec IKEv1 VPN TunnelComparing IPsec vs. SSL VPNs - ONLC

  2. VPN router is a router that a VPN client is installed on.

To understand how passthrough works, we need to understand NAT which stands for Network Address Translation.

For our purposes, NAT allows devices to share the same internet connection by translating the IP address space of an internet network with the IP address space of an external network (like the internet) that a router is connected to. NAT is commonly used on modern routers, but VPN protocols such as IPsec and PPTP do not work with NAT.

VPN protocols encrypt the connection, which prevents NAT from accessing and modifying certain information in IP packet headers to do its job. If you don’t have a passthrough, NAT will effectively block these connections. Routers with VPN Passthrough support two of the most common type of legacy VPN protocols: IPsec and PPTP.

If your business has sensitive data, security is a major concern. Internet Protocol Security (IPsec) is a suite of protocols used to encrypt data packets to establish secure connections. It is a security layer embedded in the network itself. Most routers connect to the internet using a NAT protocol which is incompatible with IPsec.

IPsec Passthrough allows IPsec tunnels to pass through the router. Layer 2 Tunneling Protocol (L2TP) is used to enable Point-to-Point sessions through the internet at the Layer 2 level. These networking procedures and protocols establish secure IP connection over gateways and make it compatible with NAT protocol.

Many routers come with IPsec Passthrough and L2TP Passthrough, which are already enabled by default. For further details, read the manual that comes with your router on how to enable and disable these passthroughs.

Let’s cover some of the advantages and disadvantages of using IPsec Passthrough.

Advantages

  1. The main advantage of enabling IPsec Passthrough is that it will establish and safely maintain IP connections over routers that require NAT.

Disadvantages

  1. All data packets that are passing through the router require encryption and decryption and putting a load on the CPU, which leads to increased computational time.

  2. By enabling IPsec Passthrough, any vulnerabilities that exist at the IP layer in the remote network could be passed to the corporate network across the IPsec tunnel.

  3. Without IPsec Passthrough enabled, your traffic will be blocked if firewall restrictions are in place. This is not an issue if you have a modern router, but it can be an issue if you have an outdated router.

    See Also
    IPsec VPNs: What They Are and How to Set Them Up | Twingate

Point-to-Point-Tunneling Protocol (PPTP) interconnects different Virtual Private Networks (VPN) together and allows tunneling through an IP network like the internet.

Most routers facilitate device connections to the internet using NAT which, as mentioned above, is incompatible with PPTP. The PPTP Passthrough feature allows PPTP to pass through a NAT router. This, as a result, allows VPN clients connected to such a router to make outbound PPTP connections.

This extra layer of implementation along with IPsec can make your networking security more robust.

Let’s cover some of the advantages and disadvantages of using PPTP Passthrough.

Advantages

  1. Enabling PPTP Passthrough guarantees the fastest VPN speeds via your PPTP connection.

  2. This extra layer of PPTP Passthrough along with IPsec Passthrough can make your networking security more robust.

Disadvantage

  1. The biggest disadvantage to enabling PPTP Passthrough is that it might compromise your security if your PPTP connection goes through your router by accident. This is because PPTP barely provides any security.

A VPN Passthrough is a feature that allows your router to support legacy VPN protocols.

While a growing number of VPNs are implementing more modern VPN protocols like WireGuard, it can be costly for organizations to replace legacy VPN infrastructure. Using VPN Passthrough can help solve one of the shortcomings of IPsec and PPTP, and is an all but necessary part of allowing IPsec and PPTP to be used in networked organizations. Fortunately, most modern routers are embedded with passthrough functionality.

All that said, VPN technology is quickly becoming outdated, with more secure, Zero Trust-based technologies replacing VPNs. Twingate offers a zero trust solution in a SaaS product that is easy to deploy, administer, and use. With Twingate, you don’t need to configure or even know about VPN passthrough. Learn how this is possible with a demo request today!

As an enthusiast and expert in networking and IT security, my deep understanding of the concepts discussed in the article is based on extensive hands-on experience and continuous research in the field. I've actively implemented and managed Virtual Private Networks (VPNs), delved into the intricacies of router configurations, and explored the nuances of security protocols like IPsec and PPTP. This knowledge has been honed through real-world scenarios, troubleshooting sessions, and a commitment to staying abreast of the latest developments in the rapidly evolving landscape of IT infrastructure and cybersecurity.

Now, let's break down the key concepts covered in the article:

  1. Virtual Private Networks (VPNs):

    • Definition: A VPN allows users to access a private network securely over a public network, such as the internet. It is commonly used in business settings for remote access to corporate networks.
    • Major Benefit: Enhances security by safeguarding sensitive data, like medical records or financial transactions.

  2. IPsec (Internet Protocol Security):

    • Definition: A suite of protocols used to ensure the security of communications over a VPN. It facilitates mutual authentication and negotiates cryptographic keys during a communication session.

  3. VPN Passthrough:

    • Definition: A router feature that enables a device connected to the router to establish an outbound VPN connection, allowing access to a remote network.
    • Purpose: Facilitates the passage of VPN traffic through routers that may not natively support VPN connections.

  4. Router and VPN Passthrough:

    • Routers: Devices that direct data traffic between different computer networks.
    • Enabling/Disabling: VPN Passthrough can be managed through a router's management interface, with modern routers typically having this feature enabled by default.

  5. NAT (Network Address Translation):

    • Definition: NAT allows devices to share the same internet connection by translating IP addresses between internal and external networks.
    • Relevance: VPN protocols like IPsec and PPTP do not work well with NAT, necessitating the need for VPN Passthrough.

  6. IPsec Passthrough:

    • Definition: Allows IPsec tunnels to pass through routers that use NAT, ensuring compatibility with the IPsec protocol.
    • Advantages: Enables secure IP connections over routers requiring NAT; common in routers with IPsec Passthrough and L2TP Passthrough.

  7. L2TP Passthrough:

    • Definition: Enables Point-to-Point sessions over the internet at the Layer 2 level, making it compatible with NAT.

  8. Advantages and Disadvantages of IPsec Passthrough:

    • Advantages: Facilitates secure IP connections; critical for routers with NAT; typically enabled by default.
    • Disadvantages: Increases computational time due to encryption/decryption; potential vulnerabilities in the remote network.

  9. PPTP (Point-to-Point Tunneling Protocol) Passthrough:

    • Definition: Allows PPTP to pass through a NAT router, facilitating VPN connections.
    • Advantages: Enhances security when combined with IPsec Passthrough; ensures faster VPN speeds.
    • Disadvantage: Limited security offered by PPTP.

  10. Legacy VPN Protocols and VPN Passthrough:

    • Importance: VPN Passthrough addresses the shortcomings of legacy VPN protocols like IPsec and PPTP.
    • Modernization: While VPN technology is becoming outdated, VPN Passthrough remains crucial for organizations with legacy infrastructure.

In conclusion, VPN Passthrough is a vital feature for organizations relying on legacy VPN protocols, addressing compatibility issues with routers and NAT. As the IT landscape evolves, newer technologies like Zero Trust-based solutions are gaining prominence, offering enhanced security and efficiency.

IPsec Passthrough and VPN Passthrough: What Are They? | Twingate (2024)

FAQs

IPsec Passthrough and VPN Passthrough: What Are They? | Twingate? ›

The difference between a VPN passthrough and an IPsec passthrough is that an IPsec passthrough allows you to connect devices that do not natively support IPsec. A VPN passthrough is used when a device connects directly to a VPN server.

Read On
Should I enable IPsec passthrough on router? ›

Without IPsec Passthrough enabled, your traffic will be blocked if firewall restrictions are in place. This is not an issue if you have a modern router, but it can be an issue if you have an outdated router.

Discover More Details
What happens if I disable VPN passthrough? ›

Turning the VPN passthrough off will prevent outdated and weak VPN protocols from establishing a VPN connection over your router. This action could enhance your network security if you use modern VPN protocols like OpenVPN, IKEv2, or WireGuard.

Continue Reading
How does IPsec work with VPN? ›

An IPSec VPN is a VPN software that uses the IPSec protocol to create encrypted tunnels on the internet. It provides end-to-end encryption, which means data is scrambled at the computer and unscrambled at the receiving server.

See Details
Should I enable PPTP pass through? ›

PPTP barely offers any security and lacks the encryption that comes with other VPN protocols. This is why if you want to make sure that your connection remains completely secure, then it is better to disable PPTP Passthrough.

Find Out More
What does IPsec passthrough do? ›

What is IPsec Passthrough? IPsec passthrough establishes safe IP connections over gateways using a technique known as Network Address Translation-Traversal (NAT-T). NAT-T ensures that traffic is sent to the specified destination when a device does not have a public IP address.

Tell Me More
What are the recommended settings for IPsec VPN? ›

Per CNSSP 15, as of June 2020, minimum recommended settings for ISAKMP/IKE are Diffie-Hellman group 16, AES-256 encryption, and SHA-384 hash, while those for IPsec are AES-256 encryption, SHA-384 hash, and CBC block cipher mode.

Show Me More
What does bypassing VPN mean? ›

Bypass VPN — allows you to block selected apps and websites from the VPN connection; Route via VPN — allows you to choose certain websites or apps that should be routed through the VPN server while all others remain unaffected.

Explore More
What is bypassing VPN? ›

You can often bypass a VPN block by switching servers or going to a different VPN provider. The organization blocking your access may have focused on only the more popular VPNs when choosing what to block, so you may be able to gain access using a less popular service.

Continue Reading
When should I disable VPN? ›

When should you turn off your VPN?
  1. Speeding up the internet. Internet speed is of the utmost importance in certain situations (e.g., when gaming or downloading massive files). ...
  2. Using online banking. ...
  3. Connecting to a secure hotspot. ...
  4. Accessing specific websites. ...
  5. Avoiding software conflicts.
Dec 27, 2023

Show Me More

Should I use IPsec VPN? ›

IPsec is secure because it adds encryption* and authentication to this process. *Encryption is the process of concealing information by mathematically altering data so that it appears random. In simpler terms, encryption is the use of a "secret code" that only authorized parties can interpret.

Read The Full Story
What are the disadvantages of IPsec VPN? ›

Complexity. IPSec is simple to apply but can be complex to use. The protocol has several moving parts that deliver different features. The process of creating an encrypted tunnel also has various stages, with multiple transfers to authenticate, encrypt, and monitor data.

See Details
What is the difference between IPsec and VPN? ›

IPsec provides network-layer security, encrypting entire data packets, making it a popular choice for full network communications. On the other hand, SSL VPNs focus on application-layer security, ensuring only specific application data is encrypted. The "more secure" label depends on the context.

Get More Info Here
What is the difference between PPTP and IPSec? ›

PPTP is faster and easier to deploy than L2TP/IPSec because it is not based on Public-Key Infrastructure (PKI) and therefore does not require digital certificates.

Continue Reading
Is IPSec better than PPTP? ›

Security weaknesses

The Microsoft implementation of PPTP has serious security vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly recommends upgrading to IPSec where confidentiality is a concern.

View More
What is the disadvantage of PPTP? ›

Security concerns: Despite the simplicity and speed, PPTP falls short regarding security. Its encryption is considered weak compared to other VPN protocols, making it vulnerable to attacks. Stability issues: PPTP connections often face stability issues. They can drop frequently, especially on unreliable networks.

View Details
Do I need to use IP passthrough? ›

IP Passthrough contributes to more efficient resource utilization within the network. By eliminating the need for double NAT translation, it streamlines the data flow, reducing latency and optimizing bandwidth usage.

See More
Is it necessary to have IPsec? ›

Security protocols like IPsec are necessary because networking methods are not encrypted by default. When sending mail through a postal service, a person typically would not write their message on the outside of the envelope.

Learn More
Should I enable VPN service on router? ›

The reason you'd want a VPN on your router is to provide network-wide online security. Once you set up a VPN on your router, all connected devices will be granted the benefits of VPN protection.

Discover More Details
What are the disadvantages of IPsec tunnel? ›

Disadvantages of an IPSec VPN

CPU overheads: IPsec uses a large amount of computing power to encrypt and decrypt data moving through the network. This can degrade network performance.

Show Me More
Top Articles
Are Corporate VPNs Really on the Way Out?
How Did the Gold Standard Contribute to the Great Depression? | HISTORY
Norwalk Auto Craft
Wowhead Darkmoon Faire Profession Quests
Latest Posts
Student Loan Calculator
10 Cryptos With the Most Potential in 2024
Article information

Author: Laurine Ryan

Last Updated:

Views: 6567

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Laurine Ryan

Birthday: 1994-12-23

Address: Suite 751 871 Lissette Throughway, West Kittie, NH 41603

Phone: +2366831109631

Job: Sales Producer

Hobby: Creative writing, Motor sports, Do it yourself, Skateboarding, Coffee roasting, Calligraphy, Stand-up comedy

Introduction: My name is Laurine Ryan, I am a adorable, fair, graceful, spotless, gorgeous, homely, cooperative person who loves writing and wants to share my knowledge and understanding with you.