Security Labs in OPNET

IT Guru

Enginyeria i Arquitectura La Salle

Universitat Ramon Llull
Barcelona 2004

Security labs

Enginyeria i Arquitectura La Salle

Security Labs in OPNET IT Guru

Authors:
Cesc Canet
Juan Agustn Zaballos
Translation from Catalan:
Cesc Canet

-I-

Overview
This project consists in practical networking scenarios to be done with OPNET IT Guru
Academic Edition, with a particular interest in security issues.
The first two parts are a short installation manual and an introduction to OPNET. After
that there are 10 Labs that bring into practice different networking technologies. Every
Lab consists in a theoretical introduction, a step-by-step construction of the scenario
and finally Q&A referring to the issues exposed.
Lab 1: ICMP Ping, we study Ping traces and link failures.
Lab 2: Subnetting and OSI Model, we study tiers 1,2 and 3 of the OSI model, and
the Packet Analyzer tool to observe TCP connections.
Lab 3: Firewalls, we begin with proxies and firewalls. We will deny multimedia traffic
with a proxy, and study the link usage performance.
Lab 4: RIP explains the RIP routing protocol, and how to create timed link failures
and recoveries.
Lab 5: OSPF compares RIP. We study areas and Load Balancing.
Lab 6: VPN studies secure non-local connections. A Hacker will try to access into a
server that we will try to protect using virtual private networks.
Lab 7: VLAN creates user logical groups with Virtual LANs. Studies One-ArmedRouter interconnections.
Lab 8: Dual Homed Router/Host, Lab 9: Screened Host/Subnet. DMZ and Lab
10: Collapsed DMZ explains the static routing tables, ACLs, proxies and internal vs.
perimetric security. Lab 10 is 100% practical, we want you to create it on your own, a
piece of cake if you did the other Labs!

Security labs

Enginyeria i Arquitectura La Salle

Lab 6: VPN
Point-to-Point Tunneling Protocol (PPTP) is a set of communication rules that allow an
organization to extend its corporative network using private tunnels through a public
network as the Internet. As a result, users have the same impression as if they were
working with a WAN of their own, and they dont need to rent a private owned wide
area communication line. However, the security is granted in a non-secure
environment as the Internet is. This kind of connection is a Virtual Private Network
(VPN).
PPTP is an extension of the PPP protocol (Point-to-Point Protocol). Users can use an
ISP provider to connect to a server of its organization at the Internet.
VPNs use IP tunnels (tunneling), point-to-point virtual links between any two stations.
The virtual link is created at the input router when the destination IP address is given.
When the input router wants to transmit an IP packet using the virtual link, it
encapsulates the packet into an IP datagram. The source and destination addresses of
the IP datagram are those of the routers in between doing the encapsulation and
desencapsulation.
A PPP client user will establish a call with an ISP (Internet Service Provider), the Front
End Processor (FEP). The security of this connection is granted. The FEP and the PPP
Client will negotiate a VPN tunnel with a remote PPTP Server (Remote Access Server,
RAS). The two peers are the Tunnel Source and Tunnel Destination. The Tunnel
Destination is always a remote PPTP Server.
There are two modes of VPN networks:

With the Tunnel Source in the FEP

L6.1

-2-

Security labs

Enginyeria i Arquitectura La Salle

With the Tunnel Source in the PPP Client

L6.2
Anyhow, tunneled data has encapsulated inside the datagram to the destination. The
example in the picture shows the communication using the first scheme. We can see
how the client sends PPP messages to the FEP encapsulated when arriving to the FEP.
During the whole process, the client thinks is having a PPP connection with the PPTP
Server at the other side.
In the second scheme, the encapsulation is done in the PPTP Client.

Lab Description
A company with offices in some european cities is using VPNs to achieve
communication security when communicating with the central site, and to use the
Internet infrastructure as well, in order to have lower cost. This communication
scheme has the Tunnel Source at the FEP.

Creating the scenario

1. Open a Project in OPNET IT Guru Academic Edition (File


New Project) with
these parameters (use default values for the remainder):

Project Name: <your_name>_VPN

Scenario Name: NoVPN

Network Scale: Choose From Maps. Pick up the map of Europe.

Go forward the Startup Wizard with the Next button until the end. A net
Project Editor will pop up with a blank grid.

-3-

Security labs

Enginyeria i Arquitectura La Salle

Once at the Project Editor, use the Zoom +

button to have a

maximized window with the map as seen in this picture:

L6.3 The map

2. Deploying devices and controls in the scenario:
Place the components upon the grid as seen in the following table.

Qty
4

Component
ethernet4_slip8_gtwy

Palette
internet_toolbox

1
1
1
1
1
2
7
11
6
1

ethernet2_slip8_firewall
ip32_cloud
Application Config
Profile Config
IP Attribute Config
ethernet_server
100BaseT
PPP_DS1
ppp_wkstn
eth_coax

internet_toolbox
internet_toolbox
internet_toolbox
internet_toolbox
internet_toolbox
internet_toolbox
links
links
internet_toolbox
ethcoax

2
1
4
1
3
1
1

ethcoax_wkstn
ethcoax_server
eth_tap
ethcoax_slip8_gtwy_adv
Sm_Int_wkstn
3C_SSII_1100_3300_4s_ae52_e48_ge3
IP VPN Config

ethcoax
ethcoax
ethcoax
routers_advanced
Sm_Int_Model_List
3 Com
utilities

Label
Router 2...4.
Network Server
Firewall
Internet
Application Config
Profile Config
IP Attribute Config
Google, DB Server

Station 1..6
Coaxial
Wire
(buses)
Station 10 and 11
Multiservice Server
Router 1 (coax)
Station 7..9
Switch 1
IP VPN Config

L6.4 Components of the network

Picture L6.5 shows the network created with the components. Use the same
names (right button


Set Name), we will refer to the components by their
names hereinafter.

-4-

Security labs

Enginyeria i Arquitectura La Salle

L6.5 The scenario

3. Defining applications, profiles and traffic demands:

Right click on the Application Config control and click on Edit Attributes.
Select

Application

Definitions:Default.

This

will

create

new

applications using Heavy and Light modes. Click OK afterwards.

L6.6 Application Definitions: Default

Edit the Profile Config attributes, and select Sample Profiles in the Profile
Configuration field. This will create 5 example profiles. We want six, so
Profile Configuration


rows = 6. Unfold the net row, row 6, and call it
Profile

Name:

DB

Access

Profile.

Set

the

value

Profile

Configuration


row 5


Applications


rows :1 and select the Database

-5-

Security labs

Enginyeria i Arquitectura La Salle

Access application (Heavy) in the Name field of the new row. Click OK
after.

Create 6 pings as seen in the following table:

Source Node
Station 4
Station 1
Station 10
Station 4
Station 1
Station 10

Destination Node
Station 7
Station 7
Station 7
Google
Google
Google

L6.7 Application Definitions: Default

To create a Ping, open up the Object Palette and select the ip_ping_traffic
tool in palette internet_toolbox, and set the source and destination nodes
of the ping for each one.

Analyze the ping traces: Select all the ping demands (purple arrows), edit
the Attributes using Ping Pattern: Record Route. Mark Apply Changes
to Selected Objects to make changes on every selected component, and
press OK after.

Defining the services admitted by the servers: Right-click on the

Multiservice

Server

and

Edit

Attributes.

Click

on

Application:

Supported Services and select Edit. At the new dialog all the applications
beside database access will be supported using Rows: 10 and inserting a
different application for each row. We need to use all of them but
Database Access (Heavy) and Database Access (Light).

L6.8 Applications supported by Multiservice Server

Do the same process for DB Server but now we want to support the
remaining applications: Database Access (Light) and Database Access
(Heavy).

Defining the profiles of the Stations. Assign the following profiles to the
Servers:
-6-

Security labs

Enginyeria i Arquitectura La Salle

Nodes

Application: Supported Profiles

Station 2, Station 5 and Station 10

DB Access Profile

Remaining stations

Engineer

L6.9 Servers Profiles

Select all the stations to support a common profile. Right-click on one of

them, click Edit Attributes and double-click on Application: Supported
Profiles. Then, add the applications you want.

L6.10 Selecting the profiles for stations 2, 5 and 10

Program the Firewall Proxy to deny the Database application traffic. Edit
the

Attributes

of

the

Firewall,

unfold

the

Proxy

Server

Information


row 1 (for this application) and indicate Proxy Server
Deployed: No. The remaining applications can go across the device, so we
will write Proxy Server Deployed: Yes to the remainder. The only one
with default values to Proxy Server Deployed: No is Remote Login.
Change it and press OK after.

-7-

Security labs

Enginyeria i Arquitectura La Salle

L6.11 Setting up the Firewall proxy

4. Assigning IP addresses to all the interfaces:
From the Project Editor, Protocols


IP


Addressing


Auto-Assign IP
Addresses.
5. Assigning the default router to stations 7, 8, 9 and DB Server:
Select Stations 7,8 and 9 and DB Server. Edit the Attributes and change the
parameter IP Hosts Parameters


Default Route by checking the IP address
of the Firewall-to-Switch 1 interface. To find out the IP address of this
interface, first click on the Switch 1 Firewall link waiting for the yellow
message to pop up. Once we have this value we can find out the IP Address
editing the Attributes of the Firewall and reading the value for IP Routing
Parameters


Interface Information


row i (where i is the interface
number).
6. Configuring the simulation:
From the Project Editor click on configure/run simulation

, and use

Duration: 10 minute(s). After, click OK (dont start the simulation yet).

-8-

Security labs

Enginyeria i Arquitectura La Salle

Creating the second and third scenarios

1. Creating the VPN scenario using mode: Compulsory
Duplicate the scenario and define two VPNs creating the links Router 4
Firewall and Router 2 Network Server. The VPNs can be configured using
Mode: Compulsory. This will make all the traffic generated by the stations
will go past the VPN Server compulsory, even if it is not in the shortest path.
The two VPNs will use encryption algorithms between the two VLANs, so the
encryption and decryption times will be different.

Duplicate the scenario: from the Project Editor, Scenarios

Duplicate
Scenario...

Call the new scenario Scenario Name: WithVPNCompulsory.

Edit the Attributes of the IP VPN Config control. Create two new rows into
the VPN Configuration branch, once for each VPNS with these values:

L6.12 Configuring the VPNs on the control IP VPN Config

Notice that weve created two VPNs: Router 4 Firewall and Router 2
Network Server. We have set encrypting and decrypting times and assigned
client stations to both VPNs. The Operation Mode for the two cases is set to
Compulsory (default value).
-9-

Security labs

Enginyeria i Arquitectura La Salle

2. Creating the scenario with Virtual Private Networks (VPNs) using mode:
Voluntary

Starting from the scenario VPNCompulsoryb we can duplicate it from the

Project Editor doing Scenarios


Duplicate Scenario... We can call the
scenario Scenario Name: VPNVoluntary. Click OK after.

Edit the Attributes of the IP VPN control, and for each of the two rows
that define the VPNs, change the field of Operation Mode to Voluntary.

3. Run the simulation of the three scenarios at the same time:

From the Project Editor, Scenarios


Manage Scenarios Select <collect>
or <recollect> on the Results column for each scenario and press OK. When
the three simulations finish, click on Close.

Questions
Q1 Open the Simulation Log of the 3 scenarios, and using the error messages try to
find out in which cases we do have access to the database:

Scenario

DB query start station

Station 2

Station 5

Station 10

NoVPN
VPNCompulsory
VPNVoluntary

Q2 Compare the traces of all the pings for all the scenarios. For pings starting at
Station 1 and ending at Google, are the ICMP packets path equals for the three
scenarios? What would happen if the source had been Station 4? And if it had been
Station 10?
Q3 Besides security, which one of the modes is faster? Why?
Q4 Explain the influence of the presence of VPN in the ping delay. Write down the
Response Time for all the pings.

-10-

Security labs

Enginyeria i Arquitectura La Salle

Q5 Why is the Station 1 Station 7 trace at VPNCompulsory not indicating the packet
that has been crossing the router Firewall, when naturally it is the only possible way?

Answers
Q1 When we open the Simulation Log and see the error messages, we see that the
traffic for some stations has not reached the destination (Database service). With the
error messages of the 3 scenarios, we can create a table like this:

Scenario

Database query source station

Station 2

Station 5

Station 10

NoVPN
VPNCompulsory

VPNVoluntary

L6.13 Successful database queries

L6.14 Simulation Log for VPNVoluntary

-11-

Security labs

Enginyeria i Arquitectura La Salle

L6.14 Simulation Log for VPNCompulsory

L6.15 Simulation Log for NoVPN

It is clear that when having no VPNs, all the traffic is going through the Firewall
without any encapsulation and thus the Proxy does not allow the traffic of the
Application Database to pass by it. If there are VPNs in Operation Mode: Compulsory,
the only traffic that can pass by is for tunnel destinations after the router, otherwise
the Firewall would not allow it to pass. Thats why the DB queries at the scenario with
Tunnel Destination: Network Server go by it (as for Station 2). Is clear that the traffic
from Station 10 will always be banned

by the Firewall

(packets wont be

encapsulated). Even the traffic from Station 5 with Tunnel Destination set to the
Firewall cannot pass, because the traffic is encapsulated until the entry interface, and
desencapsulated inside.
When having Operation Mode: Voluntary, traffic is not encapsulated, just the same as
for NoVPNs.

-12-

Security labs

Enginyeria i Arquitectura La Salle

Q2 Traces for the 6 pings for the three scenarios are:

NoVPN
Source
Station
1

Station
4

Station
10

Destination: Google

Destination: Station 7

192.0.1.2

Network.Station 1

192.0.1.2

192.0.4.1

0,00366

Network.Router 2

192.0.4.1

0,00297

Network.Station 1
Network.Router 2

192.0.6.1

0,00319

Network.Internet

192.0.8.2

0,00319

Network.Internet

192.0.13.2

0,00307

Network.Router 3

192.0.12.2

0,00389

Network.Firewall

192.0.13.1

0,00261

Network.Google

192.0.12.3

0,00591

Network.Station 7

192.0.13.1

0,00001

Network.Google

192.0.12.3

0,00001

Network.Station 7

192.0.6.2

0,0026

Network.Router 3

192.0.8.1

0,0059

Network.Firewall

192.0.4.2

0,0026

Network.Internet

192.0.4.2

0,00343

Network.Internet

192.0.1.1

0,00317

Network.Router 2

192.0.1.1

0,00317

Network.Router 2

192.0.1.2

0,00298

Network.Station 1

192.0.1.2

0,00298

Network.Station 1

192.0.9.1

Network.Station 4

192.0.9.1

Network.Station 4

192.0.7.2

0,00306

Network.Router 4

192.0.7.2

0,00238

Network.Router 4

192.0.6.1

0,00358

Network.Internet

192.0.8.2

0,00358

Network.Internet

192.0.13.2

0,00258

Network.Router 3

192.0.12.2

0,00341

Network.Firewall

192.0.13.1

0,00261

Network.Google

192.0.12.3

0,00591

Network.Station 7

192.0.13.1

0,00001

Network.Google

192.0.12.3

0,00001

Network.Station 7

192.0.6.2

0,0026

Network.Router 3

192.0.8.1

0,0059

Network.Firewall

192.0.7.1

0,0026

Network.Internet

192.0.7.1

0,00343

Network.Internet

192.0.9.2

0,00356

Network.Router 4

192.0.9.2

0,00356

Network.Router 4

192.0.9.1

0,00239

Network.Station 4

192.0.9.1

0,00239

Network.Station 4

192.0.14.1

192.0.14.1

Network.Station 10

192.0.5.2

0,00071

Network.Router 1(coax)

192.0.8.2

0,00277

Network.Internet

192.0.12.2

0,00341

Network.Firewall

192.0.12.3

0,00591

Network.Station 7

192.0.12.3

0,00001

Network.Station 7

192.0.8.1

0,0059

Network.Firewall

192.0.5.2

0,00085

Network.Station 10
Network.Router
1(coax)

192.0.6.1

0,00332

Network.Internet 3

192.0.13.2

0,00258

Network.Router

192.0.13.1

0,00261

Network.Google

192.0.13.1

0,00001

Network.Google

192.0.6.2

0,0026

Network.Router 3

192.0.5.1

0,0026

192.0.14.3

0,00275

Network.Internet
Network.Router
1(coax)

192.0.14.1

0,00072

Network.Station 10

192.0.5.1

0,00343

Network.Internet

192.0.14.3

0,00275

Network.Router 1(coax)

192.0.14.1

0,00072

Network.Station 10

L6.16 Ping traces at NoVPN

VPNCompulsory
Origen

Destination: Google

Station
1

Station

Destination: Station 7

192.0.3.1

0,00366

192.0.12.1

0,01587

Network.Station 1
Network.Router
[label=0] [exp=0]
Network.Network
Server

192.0.12.1

0,01498

Network.Station 1
Network.Router
[label=0] [exp=0]
Network.Network
Server

192.0.8.1

0,00759

Network.Firewall

192.0.12.4

0,00693

Network.Station 7

192.0.6.1

0,00343

Network.Internet

192.0.12.4

0,00001

192.0.13.2

0,00258

Network.Router 3

192.0.13.1

0,00261

Network.Google

192.0.13.1

0,00001

Network.Google

192.0.12.1

0,00692

Network.Station 7
Network.Network
Server
[label=0]
[exp=0]

192.0.6.2

0,0026

Network.Router 3

192.0.1.2

0,0026

Network.Internet

192.0.12.2

0,00341

192.0.12.1

0,00759

Network.Firewall
Network.Network
Server
[label=0]
[exp=0]

0,01439

Network.Router 2

192.0.1.2

0,00298

Network.Station 1

192.0.9.1

Network.Station 4

192.0.10.2

0,00306

Network.Router

192.0.3.1

0,00297

192.0.8.2

192.0.1.1

192.0.1.2

-13-

192.0.1.1

0,01439

Network.Router 2

192.0.1.2

0,00298

Network.Station 1

192.0.9.1

Network.Station 4

192.0.10.2

0,00238

Network.Router

Security labs

Enginyeria i Arquitectura La Salle

Station
10

[label=0] [exp=0]

[label=0] [exp=0]
192.0.8.1

0,00809

Network.Firewall

192.0.12.2

0,0072

Network.Firewall

192.0.6.1

0,00343

Network.Internet

192.0.12.4

0,00591

Network.Station 7

192.0.13.2

0,00258

Network.Router 3

192.0.12.4

0,00001

192.0.13.1

0,00261

Network.Google

192.0.13.1

0,00001

Network.Google

192.0.12.2

0,0059

Network.Station 7
Network.Firewall
[label=0] [exp=0]

192.0.6.2

0,0026

Network.Router 3

192.0.8.2

0,0026

192.0.12.2

0,00341

Network.Internet
Network.Firewall
[label=0] [exp=0]

192.0.9.2

0,0072

Network.Router 4

192.0.9.1

0,00239

Network.Station 4

192.0.14.1

192.0.5.2

0,00085

Network.Station 10
Network.Router
(coax)

192.0.6.1

0,00332

Network.Internet

192.0.13.2

0,00258

Network.Router 3

192.0.13.1

0,00261

Network.Google

192.0.13.1

0,00001

Network.Google

192.0.6.2

0,0026

Network.Router 3

192.0.5.1

0,0026

192.0.14.3

0,00275

Network.Internet
Network.Router
1(coax)

192.0.14.1

0,00072

Network.Station 10

192.0.9.2

0,0072

Network.Router 4

192.0.9.1

0,00239

Network.Station 4

192.0.14.1

Network.Station 10

192.0.5.2

0,00071

Network.Router 1(coax)

192.0.8.2

0,00277

Network.Internet

192.0.12.2

0,00341

Network.Firewall

192.0.12.4

0,00591

Network.Station 7

192.0.12.4

0,00001

Network.Station 7

192.0.8.1

0,0059

Network.Firewall

192.0.5.1

0,00343

Network.Internet

192.0.14.3

0,00275

Network.Router 1(coax)

192.0.14.1

0,00072

Network.Station 10

L6.17 Ping traces at VPNCompulsory

VPNVoluntary
Origen
Station
1

Station
4

Station
10

Destination: Google

Destination: Station 7

192.0.1.2

Network.Station 1

192.0.1.2

192.0.4.1

0,00366

Network.Router 2

192.0.4.1

0,00297

Network.Station 1
Network.Router 2

192.0.6.1

0,00319

Network.Internet

192.0.8.2

0,00319

Network.Internet

192.0.13.2

0,00307

Network.Router 3

192.0.12.2

0,00389

Network.Firewall

192.0.13.1

0,00261

Network.Google

192.0.12.4

0,00591

Network.Station 7

192.0.13.1

0,00001

Network.Google

192.0.12.4

0,00001

Network.Station 7

192.0.6.2

0,0026

Network.Router 3

192.0.8.1

0,0059

Network.Firewall

192.0.4.2

0,0026

Network.Internet

192.0.4.2

0,00343

Network.Internet

192.0.1.1

0,00317

Network.Router 2

192.0.1.1

0,00317

Network.Router 2

192.0.1.2

0,00298

Network.Station 1

192.0.1.2

0,00298

Network.Station 1

192.0.9.1

Network.Station 4

192.0.9.1

Network.Station 4

192.0.7.2

0,00306

Network.Router 4

192.0.7.2

0,00238

Network.Router 4

192.0.6.1

0,00358

Network.Internet

192.0.8.2

0,00358

Network.Internet

192.0.13.2

0,00258

Network.Router 3

192.0.12.2

0,00341

Network.Firewall

192.0.13.1

0,00261

Network.Google

192.0.12.4

0,00591

Network.Station 7

192.0.13.1

0,00001

Network.Google

192.0.12.4

0,00001

Network.Station 7

192.0.6.2

0,0026

Network.Router 3

192.0.8.1

0,0059

Network.Firewall

192.0.7.1

0,0026

Network.Internet

192.0.7.1

0,00343

Network.Internet

192.0.9.2

0,00356

Network.Router 4

192.0.9.2

0,00356

Network.Router 4

192.0.9.1

0,00239

Network.Station 4

192.0.9.1

0,00239

Network.Station 4

192.0.14.1

Network.Station 10

192.0.14.1

Network.Station 10

192.0.5.2

0,00085

Network.Router 1 (coax)

192.0.5.2

0,00071

Network.Router 1(coax)

192.0.6.1

0,00332

Network.Internet

192.0.8.2

0,00277

Network.Internet

192.0.13.2

0,00258

Network.Router 3

192.0.12.2

0,00341

Network.Firewall

192.0.13.1

0,00261

Network.Google

192.0.12.4

0,00591

Network.Station 7

192.0.13.1

0,00001

Network.Google

192.0.12.4

0,00001

Network.Station 7

192.0.6.2

0,0026

Network.Router 3

192.0.8.1

0,0059

Network.Firewall

192.0.5.1

0,0026

Network.Internet

192.0.5.1

0,00343

Network.Internet

192.0.14.3

0,00275

Network.Router 1(coax)

192.0.14.3

0,00275

Network.Router 1(coax)

192.0.14.1

0,00072

Network.Station 10

192.0.14.1

0,00072

Network.Station 10

L6.18 Ping traces at VPNVoluntary

-14-

Security labs

Enginyeria i Arquitectura La Salle

When there are no VPNs, the path is very simple to find.

When we have VPNs in Mode: Compulsory then we always have to go across the VPN
even if the path is longer. For instance, when Station 1 pings Google, it goes across
Network Server. The VPN will be taken when the start point is a VPN client, so when
Station 4 pings against Google it will take the other VPN and pass by the Firewall. On
the other hand, when Station 10 pings Google it does not pass by any VPN because it
is not a client of any VPN and so the path is very simple once again.
When the Operation Mode is set to Voluntary, the paths to be used are the same as
when we do not have any VPNs. In fact, the traffic is not encapsulated.

Q3 If we dont care about security, the path with the less number of hops can never
be VPN Compulsory because it needs to go across a Tunnel Destination and then take
a longer way to come back. For this reason, the shortest and faster path will always
be without VPNs.

Q4 When using VPNs, a short delay appears due to the encryption and decryption
lags. This thing would never have happened without VPNs. As we can see, the
Response Time is not affected by the VPN mode (Compulsory/Voluntary)

Source
Station 1
Station 4
Station 10

Destination: Google
No VPN: 0,02390 seconds
Compulsory:: 0,06933 seconds
Voluntary: 0,02390 seconds
Sense VPN: 0,02301 seconds
Compulsory: 0,03798 seconds
Voluntary: 0,02301 seconds
Sense VPN: 0,01807 seconds
Compulsory: 0,01807 seconds
Voluntary: 0,01807 seconds

Destination: Station 7
No VPN: 0,03146 seconds
Compulsory:: 0,04919 seconds
Voluntary: 0,03146 seconds
Sense VPN: 0,03057 seconds
Compulsory: 0,03099 seconds
Voluntary: 0,03057 seconds
Sense VPN: 0,02562 seconds
Compulsory: 0,02562 seconds
Voluntary: 0,02562 seconds

L6.19 Ping response times

Q5 The ping packet does not go by the routers as is, but encrypted. VPN creates a
virtual link between the two end points, as a point-to-point link had been created
without any layer-3 intermediate devices.

-15-