Virtual Private Networks are a popular mechanism for building complex network infrastructures. Such infrastructures are usually
accompanied by strict administrative restrictions on all VPN endpoints to protect the perimeter of the VPN. However, enforcement
of such restrictions becomes difficult if these endpoints are personal computers used for remote VPN access. Commonly employed
measures like anti-virus or software agents fail to defend against unanticipated attacks. The Trusted Computing Group invested
significant work into platforms that are capable of secure integrity reporting. However, trusted boot and remote attestation
also require a redesign of critical software components to achieve their full potential.
In this work, we design and implement a VPN architecture for trusted platforms. We solve the conflict between security and
flexibility by implementing a self-contained VPN service that resides in an isolated area, outside the operating system environment
visible to the user. We develop a hardened version of the IPsec architecture and protocols by addressing known security issues
and reducing the overall complexity of IPsec and IKEv2. The resulting prototype provides access control and secure channels
for arbitrary local compartments and is also compatible with typical IPsec configurations. We expect our focus on security
and reduced complexity to result in much more stable and thus also more trustworthy software.