A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (such as the Internet), as opposed to running across a single private network. The virtual network may be said to be “tunneled” through the transport (open) network. One common application of a VPN is to secure communications through a public network.
One protocol that may be used to implement a VPN session is the Internet Protocol Security (IPsec) protocol suite. IPsec can be used to authenticate and encrypt Internet Protocol (IP) packets of a data stream. In an IPsec VPN tunnel, a sequence number may be associated with each packet as it goes into the secure tunnel. At the end of the tunnel, the sequence number may be checked to ensure the packets are received in the same sequence in which the packets were sent. Sequence numbers can be important for thwarting attacks, such a replay attack. A replay attack is a known network attack technique in which a valid data transmission is maliciously or fraudulently repeated or delayed.
In certain situations, a Quality of Service (QoS) device, such as a router, may be deployed as part of the network over which the VPN tunnel is transmitted. The QoS device may alter the sequences of packets in the VPN tunnel, which may cause problems at the end of the VPN tunnel, as the receiving VPN device may detect a replay attack when one is not actually occurring. It may be desirable to use such QoS devices to implement the VPN tunnel.