Data Integrity and VPN Guide
Data Integrity protects data from interception and modification. So integrity ensures data has not been altered when in transmit. In the case with VPN's, data has not been intercepted and changed when traveling from one VPN gateway to another VPN gateway. We use a hash mechanism to accomplish the integrity of data. If one bit has been modified, the hash will not match. Data integrity guarantees integrity of a message. A one way hash of the data has to match exactly. If one bit is different then the message has been changed. Two algorithms a VPN gateway uses for verifying integrity of data are Hash algorithms hmac-md5 and hmac-sha1, Hmac-sha1 being the strongest.
A one way hash simply takes a variable length string and data, and produces a fixed length hash value. The hash along with its data is then sent to the receiver. The receiver will compute the same hash function on the data to compare this to the sending hash result, and if they are the same, then the message will be accepted. We can say that the message has not been modified in transit.
Common hashing algorithms developed to ensure integrity of data are the SHA family of algorithms, the MD family of algorithms, Haval and Tiger.
Further Reading
Wikipedia's guide to Data Integrity