摘要： 隧道技术是构建VPN 的核心技术，但这些隧道协议的实现本身也不是非常安全的。一旦网络攻击者利用隧道协议的安全弱点攻击VPN 成功，所有互联网上利用VPN 技术提供的安全数据传输将不再安全。探讨了两种主要的隧道协议——PPTP 和IPSec 实现中的安全漏洞。通过分析，最后的结论是IPSec 协议是当前最好和最安全的IP 安全协议。随着IPv6 的使用，IPSec 必将得到更广泛的使用。

关键词: 虚拟专用网；安全协议；隧道协议；PPTP；IPSec

Abstract: Tunnel technology is the nuclear technology of constructing VPN, but tunnel technologies are not very safe. Once network attackers attack VPN successfully making use of security weakness of tunnel protocols, all safety data transmission making use of VPN technology in the Internet is no longer safe. Then the paper probes into security weakness of two principal tunnel protocols(PPTP and IPSec). By means of analysis the final conclusion is that IPSec protocol is the best and most safe protocol in the IP security protocols. IPSec must be used more extensively along with the use of IPv6.

Key words: Virtual private network(VPN); Security protocol; Tunnel protocol; PPTP; IPSec