CN111901315B - VPN user access method and system - Google Patents
VPN user access method and system Download PDFInfo
- Publication number
- CN111901315B CN111901315B CN202010669422.3A CN202010669422A CN111901315B CN 111901315 B CN111901315 B CN 111901315B CN 202010669422 A CN202010669422 A CN 202010669422A CN 111901315 B CN111901315 B CN 111901315B
- Authority
- CN
- China
- Prior art keywords
- user
- user equipment
- vpn server
- server
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a VPN user access method and a system, comprising the following steps: wherein each user has a user account and a corresponding VPN server, the method comprising: distributing an access password of the corresponding VPN server based on the equipment information of the user equipment to be accessed; and accessing the user equipment to the corresponding VPN server at least based on the equipment information of the user equipment and the access password, and allocating a virtual IP address of the user equipment. The embodiment of the invention realizes VPN access of user granularity, performs data isolation on different enterprise users, and ensures both data security and enterprise information access security.
Description
Technical Field
The invention relates to the technical field of industrial control networks and communication, in particular to a VPN user access method and system.
Background
The statements in this section merely provide background information related to the present disclosure and may not constitute prior art for the purposes of describing the present disclosure.
In the current industrial control network, programmable Logic Controllers (PLC) are widely used in modern industrial devices such as intelligent instruments, meters, actuators, and the like. Since different industrial devices of the same enterprise may be located in different countries or cities, remote configuration, data monitoring, status inquiry, and device maintenance of remotely located devices is often required by workers. The industrial environment generally requires to support stable, reliable and low-delay real-time communication, so that a certain limitation is imposed on the communication distance, and most of the current industrial control networks are limited in a local area network. With the rapid development of the 5G technology, the high transmission and low time delay of the 5G network enable the possibility of remotely controlling the industrial equipment through the PLC, the influence of the severe environment of an industrial field can be avoided through a remote control mode, the safety of related workers is ensured, the industrial field networks distributed in different areas can be flexibly and conveniently managed and maintained in a unified mode, and therefore the management cost is greatly saved. However, as industrial networks expand from local area networks to wide area networks, many challenges are presented at the technical level.
For example, such industrial data within an enterprise is typically highly private and not suitable for remote communication over public networks. As a common remote secure communication technology, a Virtual Private Network (VPN) can establish a Private tunnel on a public Network through key exchange, encapsulation, authentication, and encryption to realize secure transmission of data between a remote client and an enterprise server. However, the conventional VPN communication needs a fixed public IP address to implement network interworking, and at present, the industrial network is usually based on a local area network and does not implement interconnection. In addition, networks of different factories of the same enterprise generally use the same private address, and have no fixed public network address, so that remote communication cannot be realized by accessing VPN through, for example, IPSec protocol.
The OpenVPN is free open source software for creating a VPN encryption channel, a virtual IP address is dynamically distributed to each client side which successfully establishes SSL connection, a star-shaped structure local area network on a virtual network is constructed between the client sides in a physical network and an OpenVPN server, so that the client sides do not need to have public network addresses and can be based on VPN communication, and the defect of traditional VPN communication is overcome. Because OpenVPN has convenient use and excellent operation performance, supports various operating systems, adopts high-strength data encryption and has the characteristic of free open source, openVPN becomes a preferred VPN product for small and medium-sized enterprises and individuals. However, different clients in a virtual local area network established by OpenVPN can access each other, and it is difficult to achieve true data isolation, thereby causing data security risks between different users.
Therefore, a secure and convenient VPN user access method and system are needed.
Disclosure of Invention
Therefore, an object of the present invention is to overcome the above-mentioned drawbacks of the prior art, and to provide a VPN user access method, wherein each user has a user account and a corresponding VPN server, the method comprising: distributing an access password of the corresponding VPN server based on the equipment information of the user equipment to be accessed; and accessing the user equipment to the corresponding VPN server at least based on the equipment information of the user equipment and the access password, and allocating a virtual IP address of the user equipment.
Optionally, wherein the corresponding VPN server includes: an OpenVPN server.
Optionally, the allocating an access password of the corresponding VPN server based on the device information of the user equipment to be accessed includes: determining a user account and a VPN server corresponding to the user equipment to be accessed based on the equipment information of the user equipment to be accessed; and distributing the access password of the corresponding VPN server for the user equipment to be accessed.
Optionally, the access password of the corresponding VPN server is randomly generated by the system.
Optionally, the accessing the user equipment to the corresponding VPN server based on at least the equipment information of the user equipment and the access password includes: verifying the device information of the user equipment and the access password; and accessing the user equipment to the corresponding VPN server.
Optionally, the method further includes: generating an identity certificate for each user account; issuing an identity certificate of the user account corresponding to the user equipment; and accessing the user equipment to the corresponding VPN server based on the equipment information of the user equipment, the access password and the identity certificate.
Optionally, the accessing, by the user equipment, the corresponding VPN server based on the device information and the access password of the user equipment and the identity certificate includes: verifying the identity certificate; verifying the device information of the user equipment and the access password; and accessing the user equipment to the corresponding VPN server.
Another aspect of the present invention relates to a VPN user access system, comprising: a VPN server unit including one or more VPN servers; the user equipment unit comprises one or more user equipments, wherein each user equipment corresponds to one user account and one VPN server respectively; and a network management unit for implementing the method of any one of the preceding claims.
Optionally, the user equipment includes a gateway device, and the gateway device is connected to one or more PLC devices.
Another aspect of the invention relates to a storage medium in which a computer program is stored which, when being executed by a processor, is operative to carry out the method of any one of the above.
Compared with the prior art, the invention has the advantages that: according to the invention, different users are distinguished, accounts and corresponding virtual VPN servers are respectively created for different users, VPN communication of user granularity is realized, data isolation among users is ensured, data isolation is carried out among different enterprises in VPN, and mutual access is carried out among different PLC devices in the same enterprise, so that privacy and safety of data transmission are ensured. On the other hand, because a separate identity certificate is generated for the same user and different access passwords are distributed to different user equipment of the same user, when the equipment is accessed to the VPN server, the identity certificate and account/password dual authentication is required, and the enterprise information access safety is ensured.
Drawings
Embodiments of the invention are further described below with reference to the accompanying drawings, in which:
fig. 1 is a schematic diagram of a VPN user access method according to an embodiment of the present invention;
fig. 2 is a flowchart of a VPN user access method according to an embodiment of the present invention;
fig. 3 is a flowchart of a VPN user access method according to another embodiment of the present invention;
fig. 4 is a schematic diagram of a VPN user access system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. Examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
It will be appreciated by those skilled in the art that although the industrial terminal devices in the industrial control network, such as frequency converters, intelligent instruments or meters, actuators, etc. located at the industrial site, have been illustrated in the above background, the embodiments of the present invention are not limited to the above industrial terminal devices. For example, "client," "terminal device," as used herein, may include devices having wireless signal receivers, devices having only wireless signal receivers without transmit capability, and devices having receive and transmit hardware, devices having receive and transmit hardware capable of two-way communication over a two-way communication link. Such a device may include: cellular or other communication devices such as personal computers, tablets, etc. having single or multi-line displays or cellular or other communication devices without multi-line displays; PCS (Personal Communications Service), which may combine voice, data processing, facsimile and/or data communication capabilities; a PDA (Personal Digital Assistant), which may include a radio frequency receiver, a pager, internet/intranet access, a web browser, a notepad, a calendar and/or a GPS (Global Positioning System) receiver; a conventional laptop and/or palmtop computer or other device having and/or including a radio frequency receiver. As used herein, a "client," "terminal device" can be portable, transportable, installed in a vehicle (aeronautical, maritime, and/or land-based), or situated and/or configured to operate locally and/or in a distributed fashion at any other location(s) on earth and/or in space. The "client", "terminal Device" used herein may also be a communication terminal, a web terminal, a music/video playing terminal, such as a PDA, an MID (Mobile Internet Device) and/or a Mobile phone with music/video playing function, and may also be a smart tv, a set-top box, and the like.
The "server" referred to in the present invention may include a hardware device having performance capabilities such as a personal computer, for example, a hardware device having necessary components disclosed in the von neumann principle such as a central processing unit (including an arithmetic unit and a controller), a memory, an input device, and an output device, or may include a software program running on a computing device, for example, a cloud server, a VPN server, and the like.
The OpenVPN is implemented by an application layer VPN based on an OpenSSL library, and a virtual network card (also called a virtual network adapter) is installed on both an OpenVPN server and a client, and a corresponding virtual IP address is allocated to each client, so that the OpenVPN server and multiple clients can access each other through the virtual network card and the virtual IP addresses, wherein the OpenVPN server is equivalent to a virtual router and is used for routing and controlling.
An OpenVPN server typically needs to configure a pool of virtual IP addresses and a self-used static virtual IP address (the static address and the pool of addresses must be in the same subnet). The OpenVPN server and the client in the physical network are connected into a star-structured local area network on a virtual network by dynamically allocating an unallocated address in a virtual IP address pool to each client which successfully establishes an SSL connection. Meanwhile, the OpenVPN server also provides routing management for the virtual network card of the client. When the client accesses an application server at the back end of the OpenVPN server, the data packet flows through the virtual network card through the route, the OpenVPN program intercepts and captures data IP messages on the virtual network card, then the IP messages are packaged by using an SSL protocol, and the IP messages are sent out through the physical network card. The SSL protocol is the most common means of data encryption in OpenVPN. The transmission using the SSL protocol usually requires a corresponding certificate and key, and therefore, before using the OpenVPN, the corresponding certificate and key also need to be generated at the server side.
By establishing a virtual local area network between an OpenVPN server and a client and encrypting by using an SSL protocol, the OpenVPN establishes a special network channel between different network access places, so that the privacy and the effectiveness of data transmission in the system are realized. However, since each client in the virtual lan constructed by the same OpenVPN can realize mutual access through the OpenVPN server, when the clients belong to different users, the security of data transmission is difficult to guarantee.
Therefore, the invention provides a VPN user access method, which is characterized in that accounts and corresponding virtual OpenVPN servers are respectively created for different users by distinguishing different users, different access passwords and virtual IP addresses are distributed for different user equipment (such as gateway equipment) of the same user, so that data isolation is realized among different enterprises in OpenVPN, and mutual access is realized among different PLC (programmable logic controller) equipment in the same enterprise, and the privacy and the safety of data transmission are ensured. In embodiments of the present invention, the virtual OpenVPN server may run on a computing device or a cluster of computing devices, which may be located in an intranet, deployed in the cloud, located in a third party hosting center or room, or any computing device accessible over a wide area network.
Fig. 1 shows a schematic diagram of a VPN user access method according to an embodiment of the present invention. As shown in fig. 1, the user a has two factories (i.e., a factory a and a factory b), and the PLC devices of each factory are respectively connected to respective gateway devices (i.e., a gateway a and a gateway b), for example, the gateway a is connected to the PLC devices a1, a2, a3 of the factory a, and the gateway b is connected to the PLC devices b1, b2, b3 of the factory b; the user B has two factories (i.e., a factory c and a factory d), and the PLC devices of each factory are respectively connected to respective gateway devices (i.e., a gateway c and a gateway d), for example, the gateway c is connected to the PLC devices c1, c2, c3 of the factory c, and the gateway d is connected to the PLC devices d1, d2, d3 of the factory d. One user account a and a corresponding OpenVPN server a may be created for user a, where account a is shared by factory a and factory b of user a, and PLC devices a1, a2, a3 of factory a can be connected to OpenVPN server a via gateway a, and PLC devices b1, b2, b3 of factory b can also be connected to OpenVPN server a via gateway b. Likewise, one user account B and a corresponding OpenVPN server B may be created for user B, where account B is shared by factory c and factory d of user B, and PLC devices c1, c2, c3 of factory c can be connected to OpenVPN server B via gateway c, and PLC devices d1, d2, d3 of factory d can also be connected to OpenVPN server B via gateway d. Thus, the devices of user a and B plants correspond to different user accounts and can be connected to different OpenVPN servers.
Fig. 2 shows a flowchart of a VPN user access method according to an embodiment of the present invention. As shown in fig. 2, the method comprises the steps of:
s210, separately creating a user account and a corresponding OpenVPN server for each user.
The user accounts correspond to the user identities one by one, one user account and a corresponding virtual OpenVPN server can be independently created for each user according to a user request, the user accounts of different users are different, different user devices (such as gateway devices) of the same user can share the same user account, and the user accounts and the virtual OpenVPN server can be connected to the OpenVPN server corresponding to the account. The user device may be connected with other client devices (e.g., PLC devices) of the user.
And S220, determining a user account and an OpenVPN server corresponding to the user equipment to be accessed based on the equipment information of the user equipment to be accessed, and distributing an access password of the corresponding OpenVPN server to the user equipment.
A user device of a user is associated with a user account of the user and can be connected to an OpenVPN server created for the user. In one embodiment, a user device white list may be created for the user and associated with the user account of the user based on the user request. The user device white list of the user contains device information (e.g., serial number of the gateway device) of all user devices under the user account of the user. All user devices contained within the same user device whitelist may share the same user account and connect to the same OpenVPN server. Comparing the device information of the user device with the user device white lists of all users, determining a user account to which the device belongs and a corresponding OpenVPN server, and then allocating an access password of the corresponding OpenVPN server to the device.
The access password of the OpenVPN server is used for verifying whether the device belongs to the user account and corresponds to the OpenVPN server when the user device accesses the OpenVPN server. The access password may be randomly generated by the system. For example, if it is queried that the gateway x is included in the user device white list of the user account a based on the device information of the gateway x, it may be determined that the gateway x corresponds to the OpenVPN server a, and an access password of the OpenVPN server a is allocated to the gateway x. Similarly, if the gateway y is queried to be included in the user device white list of the user account B based on the device information of the gateway y, it may be determined that the gateway y should correspond to the OpenVPN server B, and an access password of the OpenVPN server B is allocated to the gateway y.
In some embodiments, the user device needs to be activated prior to connecting the user device to the server. The user device may be activated based on an account number, a password, and device information of the user device entered by the user.
And S230, accessing the user equipment to a corresponding OpenVPN server based on the equipment information and the access password of the user equipment to be accessed, and allocating a virtual IP address to the user equipment.
Each OpenVPN server is configured with a virtual IP address pool and a self-used static virtual IP address, and is used for respectively allocating a virtual IP address to different user equipment of the user. After the device information and the access password of the user device pass the verification, the user device can be accessed to the corresponding OpenVPN server, and a virtual IP address is allocated to the user device.
After the VPN device joins a virtual star-structured local area network composed of the OpenVPN server and other devices connected thereto, the server and other user devices in the local area network can communicate with the user device through the virtual IP address. For example, after the gateway x is successfully connected to the OpenVPN server a through the device information and the access password obtained through allocation, the OpenVPN server a allocates a virtual IP address x to the gateway x, and then other user devices (for example, the gateway a and the gateway b) of the user a connected to the OpenVPN server a and the PLC device connected to the user device may communicate with the gateway x and the PLC device connected to the gateway x through the virtual IP address x. Similarly, after the gateway y is successfully connected to the OpenVPN server B through the device information and the access password obtained through allocation, the OpenVPN server B allocates a virtual IP address y to the gateway y, and then the other user devices (e.g., the gateway c and the gateway d) of the user B connected to the OpenVPN server B and the PLC device connected to the user device can communicate with the gateway y and the PLC device connected to the gateway y through the virtual IP address y. However, since the gateway x and the gateway y correspond to different users and are connected to different OpenVPN servers, the gateway x and the gateway y belong to different virtual lans, and the gateway x cannot communicate with the gateway y through the virtual IP address y of the gateway y, and vice versa.
Through the embodiment, the user can realize the remote intercommunication among the devices of different networks in different areas without setting a fixed public network IP address, and the cost for opening the encrypted public network IP address is saved for enterprises. In addition, because users of different enterprises share one virtual VPN server and have independent IP resources, VPN communication of user granularity is realized, data isolation among users is guaranteed, and information safety is guaranteed.
In an embodiment, an identity certificate may also be generated for a user, when a user device of a certain user requests to access a corresponding OpenVPN server, authentication of the identity certificate is required in addition to device information/access password authentication, and only when both the device information/access password authentication and the identity certificate authentication pass, the corresponding OpenVPN server may be accessed.
Fig. 3 shows a flowchart of a VPN user access method according to another embodiment of the present invention. As shown in fig. 3, the method comprises the steps of:
s310, a user account and a corresponding OpenVPN server are created for each user.
And S320, generating an identity certificate for each user account.
The identity certificate may be used to verify identity information of the device when the device accesses the OpenVPN server, i.e. whether the device belongs to the user account and corresponds to the OpenVPN server. In one embodiment, a CA certificate may be generated for each user, which contains the public key and is associated with the user's account information. The manner of issuing and verifying the CA certificate is well known in the art and will not be described further herein.
S330, determining a user account and an OpenVPN server corresponding to the user equipment to be accessed based on the equipment information of the user equipment to be accessed.
And S340, distributing an access password of the corresponding OpenVPN server for the user equipment to be accessed, and issuing an identity certificate of the corresponding user account.
And S350, accessing the user equipment to the corresponding OpenVPN server based on the equipment information, the access password and the identity certificate of the user equipment to be accessed, and allocating a virtual IP address to the user equipment.
In the above embodiment, when the device accesses the VPN server, the identity certificate and the account/password dual authentication need to be performed, so that the access security of the enterprise information is ensured.
The invention also provides a VPN user access system, which comprises a VPN server unit, a user equipment unit and a network management unit, wherein the VPN server unit comprises one or more VPN servers respectively established for one or more users; the user equipment unit comprises one or more user equipments to be accessed to the VPN server, wherein each user equipment corresponds to one user account and one VPN server respectively, the user equipment can be gateway equipment for example, and the gateway equipment can be connected with different PLC equipment; the network management unit is respectively connected with the VPN server unit and the user equipment unit and is used for implementing the VPN user access method, namely, a user account and a corresponding VPN server are created, an access password of the corresponding VPN server is distributed based on the equipment information of the user equipment to be accessed, the user equipment is accessed into the corresponding VPN server at least based on the equipment information of the user equipment to be accessed and the access password, and a virtual IP address of the user equipment is distributed.
Fig. 4 shows a schematic diagram of a VPN user access system according to an embodiment of the present invention. As shown in fig. 4, the system includes an OpenVPN server unit 410, a user equipment unit 420, and a network management unit 430, where the OpenVPN server unit 410 includes OpenVPN servers created separately for different users; the user equipment unit 420 includes one or more user equipments to be accessed corresponding to the user account and the VPN server; the network management unit 430 is connected to the VPN server unit 410 and the user device unit 420, and is configured to create a user account and a corresponding OpenVPN server, allocate an access password of the corresponding OpenVPN server based on device information of the user device, and access the user device to the corresponding OpenVPN server and allocate a virtual IP address of the user device based on at least the device information of the user device and the access password.
In one embodiment of the invention, the invention may be implemented in the form of a computer program. The computer program may be stored in various storage media (e.g., hard disk, optical disk, flash memory, etc.), which when executed by a processor, can be used to implement the methods of the present invention.
In another embodiment of the invention, the invention may be implemented in the form of an electronic device. The electronic device comprises a processor and a memory in which a computer program is stored which, when being executed by the processor, can be used for carrying out the method of the invention.
References herein to "various embodiments," "some embodiments," "one embodiment," or "an embodiment," etc., indicate that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases "in various embodiments," "in some embodiments," "in one embodiment," or "in an embodiment," or the like, in various places throughout this document are not necessarily referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. Thus, a particular feature, structure, or characteristic illustrated or described in connection with one embodiment may be combined, in whole or in part, with a feature, structure, or characteristic of one or more other embodiments without limitation, as long as the combination is not logically inconsistent or workable. Expressions appearing herein similar to "according to a", "based on a", "by a" or "using a" mean non-exclusive, i.e. "according to a" may cover "according to a only", and also "according to a and B", unless it is specifically stated that the meaning is "according to a only". In the present application, for clarity of explanation, some illustrative operational steps are described in a certain order, but one skilled in the art will appreciate that each of these operational steps is not essential and some of them may be omitted or replaced by others. It is also not necessary that these operations be performed sequentially in the manner shown, but rather that some of these operations be performed in a different order, or in parallel, as desired, provided that the new implementation is not logically or operationally unfeasible. For example, in some embodiments, the distance or depth of the virtual object relative to the electronic device may be set prior to determining the orientation of the virtual object relative to the electronic device.
Having thus described several aspects of at least one embodiment of this invention, it is to be appreciated various alterations, modifications, and improvements will readily occur to those skilled in the art. Such alterations, modifications, and improvements are intended to be within the spirit and scope of the invention. Although the present invention has been described in connection with the preferred embodiments, it is not intended to be limited to the embodiments described herein, and various changes and modifications may be made without departing from the scope of the invention.
Claims (9)
1. A VPN user access method, wherein different user accounts and corresponding VPN servers are respectively created for different users, different user devices belonging to the same user share the same user account and the corresponding VPN server, each VPN server has a static virtual IP address and a virtual IP address pool, wherein the static virtual IP address and the virtual IP address pool are in the same subnet, the method comprises:
determining a user account and a VPN server corresponding to the user equipment to be accessed based on the equipment information of the user equipment to be accessed;
distributing the access password of the corresponding VPN server to the user equipment to be accessed; and
and accessing the user equipment to the corresponding VPN server at least based on the equipment information of the user equipment and the access password, and selecting a virtual IP address from a virtual IP address pool of the corresponding VPN server to distribute to the user equipment.
2. The method of claim 1, wherein said corresponding VPN server comprises: an OpenVPN server.
3. The method of claim 1, wherein the access password of the corresponding VPN server is randomly generated by the system.
4. The method of claim 1, wherein said accessing the user device to the corresponding VPN server based on at least the device information of the user device and the access password comprises:
verifying the device information of the user equipment and the access password;
and accessing the user equipment to the corresponding VPN server.
5. The method of claim 1, further comprising:
generating an identity certificate for each user account;
issuing an identity certificate of the user account corresponding to the user equipment; and
and accessing the user equipment to the corresponding VPN server based on the equipment information of the user equipment, the access password and the identity certificate.
6. The method of claim 5, wherein said accessing the user device to the corresponding VPN server based on the device information and the access password of the user device and the identity credential comprises:
verifying the identity certificate;
verifying the device information of the user equipment and the access password; and
and accessing the user equipment to the corresponding VPN server.
7. A VPN user access system comprising:
a VPN server unit including one or more VPN servers;
the user equipment unit comprises one or more user equipments, wherein each user equipment corresponds to one user account and one VPN server respectively; and
a network management unit for implementing the method of any one of claims 1-6.
8. The system of claim 7, wherein the user device comprises a gateway device connected with one or more PLC devices.
9. A storage medium in which a computer program is stored which, when being executed by a processor, is operative to carry out the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010669422.3A CN111901315B (en) | 2020-07-13 | 2020-07-13 | VPN user access method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010669422.3A CN111901315B (en) | 2020-07-13 | 2020-07-13 | VPN user access method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111901315A CN111901315A (en) | 2020-11-06 |
| CN111901315B true CN111901315B (en) | 2022-10-14 |
Family
ID=73192472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010669422.3A Active CN111901315B (en) | 2020-07-13 | 2020-07-13 | VPN user access method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111901315B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113286010B (en) * | 2021-03-29 | 2022-12-02 | 深圳艾灵网络有限公司 | PLC communication method, device and storage medium based on local area network |
| CN113595847B (en) * | 2021-07-21 | 2023-04-07 | 上海淇玥信息技术有限公司 | Remote access method, system, device and medium |
| CN114401120A (en) * | 2021-12-27 | 2022-04-26 | 中国电信股份有限公司 | Object tracing method and related device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110535979A (en) * | 2019-07-23 | 2019-12-03 | 深圳震有科技股份有限公司 | A kind of VPN private net address distribution method, intelligent terminal and storage medium |
| CN111245699A (en) * | 2020-01-15 | 2020-06-05 | 广州华多网络科技有限公司 | Remote communication service control method, server and client |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080077791A1 (en) * | 2006-09-27 | 2008-03-27 | Craig Lund | System and method for secured network access |
-
2020
- 2020-07-13 CN CN202010669422.3A patent/CN111901315B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110535979A (en) * | 2019-07-23 | 2019-12-03 | 深圳震有科技股份有限公司 | A kind of VPN private net address distribution method, intelligent terminal and storage medium |
| CN111245699A (en) * | 2020-01-15 | 2020-06-05 | 广州华多网络科技有限公司 | Remote communication service control method, server and client |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111901315A (en) | 2020-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111901315B (en) | VPN user access method and system | |
| CN110191031B (en) | Network resource access method and device and electronic equipment | |
| US10560431B1 (en) | Virtual private gateway for encrypted communication over dedicated physical link | |
| US10326762B2 (en) | Providing devices as a service | |
| US9794215B2 (en) | Private tunnel network | |
| US9654340B2 (en) | Providing private access to network-accessible services | |
| CN103001999B (en) | For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network | |
| US8549613B2 (en) | Reverse VPN over SSH | |
| US11943297B2 (en) | Distributed network security system providing isolation of customer data | |
| CN101515896B (en) | Safe socket character layer protocol message forwarding method, device, system and exchange | |
| TWI632465B (en) | Method for use with a public cloud network, private cloud routing server and smart device client | |
| KR20200019998A (en) | Data communication system and method | |
| CN113472668A (en) | Routing method and system in multi-party security computing | |
| JP2009089062A (en) | Virtual network system and virtual network connection device | |
| US10701144B2 (en) | Decentralized discovery across different networks | |
| Palmo et al. | A consideration of scalability for software defined perimeter based on the zero-trust model | |
| CN110972093B (en) | Mobile office implementation method and system | |
| US11405361B1 (en) | Securing connections with edge devices that are incapable of encrypted transport layer connections | |
| JP2023551837A (en) | Authenticity evaluation of request source based on communication request | |
| CN111107126B (en) | Method and apparatus for encrypted volume replication | |
| JP2021533599A (en) | A secure way to replicate on-premises secrets in a computing environment | |
| CN114510742B (en) | Mixed cloud data migration method and system based on privacy security | |
| CN114640512B (en) | Security service system, access control method, and computer-readable storage medium | |
| US11929980B1 (en) | Sharing domain name service resources in a mesh network | |
| Dauda et al. | IoT: A Universal Dynamic Gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |