Configure traffic flow confidentiality

If your data policy is configured for tunnel mode you can use traffic flow confidentiality (TFC) to conceal the actual length of the data packets transferred over a VPN connection.

TFC adds extra padding to the packets being sent and sends dummy packets with different lengths at random intervals to conceal the actual length of the packets. Use TFC for extra security against attackers who might guess the type of data being sent from the length of the packet. When you enable TFC you gain more security, but at the cost of system performance. Therefore, you should test your systems performance before and after you enable TFC on a VPN connection. TFC is not negotiated by IKE, and user should only enable TFC when both systems support it.

To enable TFC on a VPN connection follow these steps:

  1. Start of changeIn IBM® Navigator for i, expand Network > IP Policies > Virtual Private Networking.End of change
  2. Start of changeClick Secure Connections, right-click All Connections, and select Open.End of change
  3. Right-click the connection you want to enable TFC and select Properties.
  4. On the General tab select Use Traffic Flow Confidentiality (TFC) when in Tunnel Mode.