VPN Gateway encrypts data in transit over IPsec-VPN and SSL-VPN connections to protect data integrity and confidentiality.
IPsec-VPN connections
All traffic between your data center and Alibaba Cloud is encrypted over IPsec-VPN connections.
Each data packet is encrypted by the IPsec protocol suite before it enters the tunnel. IPsec authenticates and encrypts data packets to ensure data integrity and confidentiality.
Data packets are encrypted by using ciphers such as Advanced Encryption Standard (AES) and Data Encryption Standard (EDS), and authenticated by using hash functions such as Secure Hash Algorithm (SHA) and Message Digest Method 5 (MD5). Keys are exchanged by using Diffie-Hellman (DH) groups. You can specify a cipher, an authentication algorithm, and a DH group when you create an IPsec-VPN connection. For more information, see Create and manage IPsec-VPN connections in single-tunnel mode.
SSL-VPN connections
All traffic between a data center and Alibaba Cloud is encrypted over SSL-VPN connections.
After an SSL certificate is installed on a client, the client can establish an SSL-VPN connection to a VPN gateway. Data packets transmitted over this connection are encrypted by using SSL to ensure data integrity and confidentiality.
SSL-VPN supports the following ciphers: AES-128-CBC, AES-192-CBC, and AES-256-CBC. The default cipher is AES-128-CBC.