Encrypted peer-to-peer tunnelling
When packets are forwarded between nodes (users, Agents or Gateways) in the BlastShield™ network, the node encrypts the packet using an AES-256-GCM stream cipher and then encapsulates it in a UDP tunnel header before they are sent out to the peer. When it receives the packet, the peer will remove the tunnel encapsulation and decrypt the inner packet. Tunnels are created on-demand and do not require configuration. All tunnelled traffic is peer-to-peer and does not require forwarding via any intermediate device, nor to a proxy of any kind.