CA2353180C - Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) - Google Patents
Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) Download PDFInfo
- Publication number
- CA2353180C CA2353180C CA2353180A CA2353180A CA2353180C CA 2353180 C CA2353180 C CA 2353180C CA 2353180 A CA2353180 A CA 2353180A CA 2353180 A CA2353180 A CA 2353180A CA 2353180 C CA2353180 C CA 2353180C
- Authority
- CA
- Canada
- Prior art keywords
- vpn
- client
- dns
- modifying
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host.
Description
yIETHOD AND APPARATUS FOR RESOLVING
A WEB SITE ADDRESS WHEN CONNECTED
WITH A VIRTUAL PRIVATE NETWORK (VPN) Field of the Invention The present invention relates, in general, to virtual private nerivorks and, more specifically, to a method and apparatus for resolving a web site address when connected with a virtual private network (VPN).
':o Background of the Invention In the high tech world of data communication and the Internet, having the capability to access both private and public web sites at the same time is becoming increasingly important. While, accessing public web sites over the Internet is quite simple, accessing private web sites over the Internet is more difficult unless one is logged on to a private network t5 associated with the private sites. Generally, private web sites are located in a private network while the public sites are located in a public network.
When a public host is connected to a virtual private network (VPN), i.e.
connected to a private network using a public network such as the Internet, the host should be able to receive domain names for web sites that are associated with the VPN, otherwise, the public host is required to use raw IP addresses to communicate with the web sites associated with the VPN. Commonly, network interfaces located on the public hosts assist in this communication with other public sites, on the Internet. Each network interface has specific parameters, such as local IP address default route address, network mask, DNS
server address etc..., that are pre-assigned. Therefore, when a public host is connected to the Internet, generally ~5 through an Internet service provider (ISP), the public host expects resolved domain name to be returned from the ISP domain name server (DNS). Any other communication between the network interface and other domain name servers may not be possible.
>=iowever, if the public host is connected to the VPN, it is required to receive domain name responses from the VPN DNS since, unlike the ISP DNS, the VPN DNS
_'.o stores the web site address locations of the private web sites associated with the VPN.
Therefore, in order for the public host to connect to a private web site, a modification of the network parameters on the public host, to allow communication between the network interface of the public host is unattainable.
Moreover, there are instances whereby when one is connected to a virtual private network, access to public sites may be restricted. Since the public host is generally connected to the VPN via a VPN tunnel, communication between the public host and the ISP
DNS does not exist. Therefore, unless the VPN DNS is capable of resolving public web site addresses, access to public web sites may not be possible when connected to a VPN.
Accordingly, there is a need for a method and apparatus for resolving a web site address when connected with a virtual private network (VPN). It is a further object of the 1 o present invention to provide a method and apparatus that obviates or mitigates the above disadvantages.
Summary of the Invention The present invention is directed at a method and apparatus for resolving an 05 address location for a site associated with a virtual private network and forwarding the address location to a requesting entity.
In accordance with an aspect of the present invention, there is provided:
A method for resolving a web site address when connected with a virtual private network (VPN) comprising the steps of:
2o receiving a domain name request from a public host;
resolving said domain name request at a domain name server (DNS) associated with said VPN; and returning an address location corresponding to said domain name request to said public host.
25 In accordance with another embodiment, there is provided a method for resolving a web site address when connected with a virtual private network (VPN) comprising the steps of:
intercepting a domain name request from a public host addressed to a pre determined domain name server (DNS);
forwarding said domain name request to a DNS associated with said VPN;
3o receiving a domain name response including an address location corresponding to said domain name request; and forwarding said domain name response to said public host.
In yet another embodiment, there is provided apparatus for resolving a web site address for a public host when connected with a virtual private network (VPN) comprising:
a VPN domain name server (DNS) for resolving domain name requests; and a software module for forwarding a domain name request to said VPN DNS and for receiving a domain name response from said VPN DNS and for forwarding said response to said public host.
Brief Description of the Detailed Drawings to An embodiment of the present invention will be described by way of example only with reference to the accompanying drawings in which Figure 1 is a schematic diagram of a network including a public network and a virtual private network (VPN); and Figure 2 is a flowchart outlining a method of communicating with the network of 15 Figure 1.
Detailed Description of the Preferred Embodiment The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the 2o public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host. It will be understood that the 25 software module is preferably a driver.
Turning to Figure 1, a schematic diagram of a network is shown. The network 10 includes both a public network 12 and a virtual private network (VPN) 14. The public network 12 includes an Internet service provider (ISP) 16 along with an ISP domain name server (DNS) 18. A public host 20 may be connected to the Internet 22 via the ISP 16. The public host 20 3o may also be connected to the VPN 14 via a VPN tunnel 22 or via the public network 12. In both cases, the public host 20 is connected to a security gateway 24 associated with the VPN 14 which requires the public host to log on to the VPN. After the log on has been verified, the public host is connected to the VPN 14. The VPN 14 includes a VPN DNS 26 as well as address locations (private hosts) 28 which are not accessible via the public network 12(without logging in).
In public operation, in order to access the Internet, the public host accesses the Internet service provider (ISP). As will be understood by one skilled in the art, the connection between the public host and the ISP is via a dial - up connection or a direct Ethernet connection. In most cases, the public host has an agreement with the ISP to provide access to the Internet. The ISP generally includes at least one domain name server (DNS) which assists in providing web site address locations for domain name requests from the public host. In the ao preferred example, when the public host requests to be connected to www.certicom.com, in the preferred embodiment, the ISP DNS operates to return the actual numerical IP
address for the www.certicom.com site to the public host which then establishes a connection between the public host and the requested address location.
However, if the public host requests a connection with a private web site ~5 associated with the VPN, the ISP DNS is unable to establish a connection since the address location of the private site is not stored in the ISP DNS. In order to access the private site, the public host is required to log in to the virtual private network.
Unfortunately, the public host may still not be able to a establish a connection between the public host and the private site due to the fact that the parameters of the public host may not be alterable and are designated to be zo associated with the ISP DNS only. This is in part due to the fact that the public host may be set to only receive address locations from the ISP DNS and hence, access to private sites is not possible since they are not stored within the ISP DNS. Therefore, there is required a method and apparatus to resolve domain names when connected to the VPN.
As mentioned above, the parameters of some public hosts are not alterable, yet 25 without the alteration, access to the virtual private network, and hence, the private sites, may not be possible. Therefore, when the public host is connected to the virtual private network, the domain name request is modified to suit the public host without requiring the parameters to be altered.
In the preferred embodiment, it will be assumed that the public host is 3o already connected to the ISP and the ISP DNS and that the parameters of the public host are established and unalterable.
If the public host wishes to be connected to a private site located within the virtual private network, the domain name of the private network login is requested.
The ISP DNS
resolves the address location of the security gateway associated with the VPN
and the public host is connected to a private network login site. Upon a verified login, the public host is connected to the VPN and has access to the private sites associated on the private network. In order to have the domain names of the private site resolved, the VPN DNS is provided to assist in this matter.
It will be understood that the public host may still connect with various public sites by having the domain name requests resolved by the VPN DNS. This is assuming that the VPN
DNS stores the address locations of the private sites associated with the VPN along with public sites. This is r0 made with the assumption that the VPN DNS stores all address locations (public and private). It will be understood that without a connection with the VPN DNS, the public host is unable to establish a connection with the private sites. However, in order to allow the public host to connect with the private sites, the public host must be capable to receiving address locations from the VPN DNS.
Therefore, in a preferred embodiment of the present invention, after being connected to the VPN, a software module located within the public host, monitors the communications packets being transmitted and received for any domain name requests or responses. In order to notify the software module that the public host is connected to the VPN, a VPN client sends a message to the software module upon creation of the VPN
tunnel alerting the 2o software module that all future domain name requests are to be re-routed to the VPN DNS until the tunnel is closed. It will be understood that the software module is pre-stored on the public host and is part of the operating system of the public host. The software module is programmed to view all information packets, including domain name requests, which are being processed by the public host.
Once a domain name request directed at the ISP DNS is sensed (step 30), the domain name request is then modified (step 32). Firstly, the address of the ISP DNS is replaced with the VPN DNS address and then the check sum of the domain name request is adj usted.
Although many methods to modify the check sum are available, in the preferred 3o embodiment, the check sum modification outlined in Method For Computing the Internet Checksum, filed on even date, and assigned to the assignee of the present invention, hereby incorporated by reference, is used. For example, to modify a 16-bit checksum (HC) to a new checksum (HC'), initially, a value in the original message is modified from m to m'. The checksum HC is XORed with the 16-but hexadecimal value OxFFFF to obtain a one's complement of HC. A difference value is the then computed from the new message m' and the old message m by standard two's complement subtraction which sets a first carry flag if the result is negative. The difference value is then decremented by one if the first carry flag is set.
An intermediate checksum HCZ is them computed as HCZ = HC + the difference value. A
second carry flag is then set is the sum overflows 16 bits. The intermediate checksum HCZ is then incremented if the second carry flag is set. The new checksum HC' is the computed by y0 XORing HC with OxFFFF to obtain it's one's complement. The request is then modified to replace the HC with HC'.
The modified domain name request is then transmitted to the VPN DNS (step 34) via the VPN tunnel. It will be understood that this tunnel is preferably an IPSEC tunnel. After receiving the domain name request, the VPN DNS then resolves the domain name and returns the address location to the driver in the form of a domain name response (step 36). The driver then re-modifies the check sum of the domain name response (step 38) to counter-act the original check sum modification and then transmits the modified domain name response to the public host (step 40). The original ISP DNS address is then recovered. As described above, since the public host may only accept address location responses from the ISP DNS, the modifications of 2o the VPN DNS domain name response is required to fool the public host. The software module has to modify the address location response to show that it is being delivered by the ISP DNS
and then the check sums are adjusted. After receiving the address location from the software module, the public host connects to the returned address location and operation continues until another domain name request is sensed by the driver. It will be understood that this address location may either be a part of the public network or the VPN.
It will be understood that when the VPN tunnel is closed off, the driver stops monitoring the domain name requests. All domain name requests are then sent to the ISP DNS.
In most cases, the parameters, such as address of the DNS and the servers from which to accept information, are pre-programmed into the public host and are difficult to alter.
Although the public host 20 is shown as a personal digital assistant in Figure 1, it will be understood that the public host may also be a desktop computer or a laptop computer with data communication capabilities.
Although the invention has been described with reference to certain specific embodiments, various modifications thereof will be apparent to whose skilled in the art without departing, various modifications thereof will be apparent to those skilled in he art without departing from the spirit and scope of the invention as outlined in the claims appended hereto.
A WEB SITE ADDRESS WHEN CONNECTED
WITH A VIRTUAL PRIVATE NETWORK (VPN) Field of the Invention The present invention relates, in general, to virtual private nerivorks and, more specifically, to a method and apparatus for resolving a web site address when connected with a virtual private network (VPN).
':o Background of the Invention In the high tech world of data communication and the Internet, having the capability to access both private and public web sites at the same time is becoming increasingly important. While, accessing public web sites over the Internet is quite simple, accessing private web sites over the Internet is more difficult unless one is logged on to a private network t5 associated with the private sites. Generally, private web sites are located in a private network while the public sites are located in a public network.
When a public host is connected to a virtual private network (VPN), i.e.
connected to a private network using a public network such as the Internet, the host should be able to receive domain names for web sites that are associated with the VPN, otherwise, the public host is required to use raw IP addresses to communicate with the web sites associated with the VPN. Commonly, network interfaces located on the public hosts assist in this communication with other public sites, on the Internet. Each network interface has specific parameters, such as local IP address default route address, network mask, DNS
server address etc..., that are pre-assigned. Therefore, when a public host is connected to the Internet, generally ~5 through an Internet service provider (ISP), the public host expects resolved domain name to be returned from the ISP domain name server (DNS). Any other communication between the network interface and other domain name servers may not be possible.
>=iowever, if the public host is connected to the VPN, it is required to receive domain name responses from the VPN DNS since, unlike the ISP DNS, the VPN DNS
_'.o stores the web site address locations of the private web sites associated with the VPN.
Therefore, in order for the public host to connect to a private web site, a modification of the network parameters on the public host, to allow communication between the network interface of the public host is unattainable.
Moreover, there are instances whereby when one is connected to a virtual private network, access to public sites may be restricted. Since the public host is generally connected to the VPN via a VPN tunnel, communication between the public host and the ISP
DNS does not exist. Therefore, unless the VPN DNS is capable of resolving public web site addresses, access to public web sites may not be possible when connected to a VPN.
Accordingly, there is a need for a method and apparatus for resolving a web site address when connected with a virtual private network (VPN). It is a further object of the 1 o present invention to provide a method and apparatus that obviates or mitigates the above disadvantages.
Summary of the Invention The present invention is directed at a method and apparatus for resolving an 05 address location for a site associated with a virtual private network and forwarding the address location to a requesting entity.
In accordance with an aspect of the present invention, there is provided:
A method for resolving a web site address when connected with a virtual private network (VPN) comprising the steps of:
2o receiving a domain name request from a public host;
resolving said domain name request at a domain name server (DNS) associated with said VPN; and returning an address location corresponding to said domain name request to said public host.
25 In accordance with another embodiment, there is provided a method for resolving a web site address when connected with a virtual private network (VPN) comprising the steps of:
intercepting a domain name request from a public host addressed to a pre determined domain name server (DNS);
forwarding said domain name request to a DNS associated with said VPN;
3o receiving a domain name response including an address location corresponding to said domain name request; and forwarding said domain name response to said public host.
In yet another embodiment, there is provided apparatus for resolving a web site address for a public host when connected with a virtual private network (VPN) comprising:
a VPN domain name server (DNS) for resolving domain name requests; and a software module for forwarding a domain name request to said VPN DNS and for receiving a domain name response from said VPN DNS and for forwarding said response to said public host.
Brief Description of the Detailed Drawings to An embodiment of the present invention will be described by way of example only with reference to the accompanying drawings in which Figure 1 is a schematic diagram of a network including a public network and a virtual private network (VPN); and Figure 2 is a flowchart outlining a method of communicating with the network of 15 Figure 1.
Detailed Description of the Preferred Embodiment The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the 2o public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host. It will be understood that the 25 software module is preferably a driver.
Turning to Figure 1, a schematic diagram of a network is shown. The network 10 includes both a public network 12 and a virtual private network (VPN) 14. The public network 12 includes an Internet service provider (ISP) 16 along with an ISP domain name server (DNS) 18. A public host 20 may be connected to the Internet 22 via the ISP 16. The public host 20 3o may also be connected to the VPN 14 via a VPN tunnel 22 or via the public network 12. In both cases, the public host 20 is connected to a security gateway 24 associated with the VPN 14 which requires the public host to log on to the VPN. After the log on has been verified, the public host is connected to the VPN 14. The VPN 14 includes a VPN DNS 26 as well as address locations (private hosts) 28 which are not accessible via the public network 12(without logging in).
In public operation, in order to access the Internet, the public host accesses the Internet service provider (ISP). As will be understood by one skilled in the art, the connection between the public host and the ISP is via a dial - up connection or a direct Ethernet connection. In most cases, the public host has an agreement with the ISP to provide access to the Internet. The ISP generally includes at least one domain name server (DNS) which assists in providing web site address locations for domain name requests from the public host. In the ao preferred example, when the public host requests to be connected to www.certicom.com, in the preferred embodiment, the ISP DNS operates to return the actual numerical IP
address for the www.certicom.com site to the public host which then establishes a connection between the public host and the requested address location.
However, if the public host requests a connection with a private web site ~5 associated with the VPN, the ISP DNS is unable to establish a connection since the address location of the private site is not stored in the ISP DNS. In order to access the private site, the public host is required to log in to the virtual private network.
Unfortunately, the public host may still not be able to a establish a connection between the public host and the private site due to the fact that the parameters of the public host may not be alterable and are designated to be zo associated with the ISP DNS only. This is in part due to the fact that the public host may be set to only receive address locations from the ISP DNS and hence, access to private sites is not possible since they are not stored within the ISP DNS. Therefore, there is required a method and apparatus to resolve domain names when connected to the VPN.
As mentioned above, the parameters of some public hosts are not alterable, yet 25 without the alteration, access to the virtual private network, and hence, the private sites, may not be possible. Therefore, when the public host is connected to the virtual private network, the domain name request is modified to suit the public host without requiring the parameters to be altered.
In the preferred embodiment, it will be assumed that the public host is 3o already connected to the ISP and the ISP DNS and that the parameters of the public host are established and unalterable.
If the public host wishes to be connected to a private site located within the virtual private network, the domain name of the private network login is requested.
The ISP DNS
resolves the address location of the security gateway associated with the VPN
and the public host is connected to a private network login site. Upon a verified login, the public host is connected to the VPN and has access to the private sites associated on the private network. In order to have the domain names of the private site resolved, the VPN DNS is provided to assist in this matter.
It will be understood that the public host may still connect with various public sites by having the domain name requests resolved by the VPN DNS. This is assuming that the VPN
DNS stores the address locations of the private sites associated with the VPN along with public sites. This is r0 made with the assumption that the VPN DNS stores all address locations (public and private). It will be understood that without a connection with the VPN DNS, the public host is unable to establish a connection with the private sites. However, in order to allow the public host to connect with the private sites, the public host must be capable to receiving address locations from the VPN DNS.
Therefore, in a preferred embodiment of the present invention, after being connected to the VPN, a software module located within the public host, monitors the communications packets being transmitted and received for any domain name requests or responses. In order to notify the software module that the public host is connected to the VPN, a VPN client sends a message to the software module upon creation of the VPN
tunnel alerting the 2o software module that all future domain name requests are to be re-routed to the VPN DNS until the tunnel is closed. It will be understood that the software module is pre-stored on the public host and is part of the operating system of the public host. The software module is programmed to view all information packets, including domain name requests, which are being processed by the public host.
Once a domain name request directed at the ISP DNS is sensed (step 30), the domain name request is then modified (step 32). Firstly, the address of the ISP DNS is replaced with the VPN DNS address and then the check sum of the domain name request is adj usted.
Although many methods to modify the check sum are available, in the preferred 3o embodiment, the check sum modification outlined in Method For Computing the Internet Checksum, filed on even date, and assigned to the assignee of the present invention, hereby incorporated by reference, is used. For example, to modify a 16-bit checksum (HC) to a new checksum (HC'), initially, a value in the original message is modified from m to m'. The checksum HC is XORed with the 16-but hexadecimal value OxFFFF to obtain a one's complement of HC. A difference value is the then computed from the new message m' and the old message m by standard two's complement subtraction which sets a first carry flag if the result is negative. The difference value is then decremented by one if the first carry flag is set.
An intermediate checksum HCZ is them computed as HCZ = HC + the difference value. A
second carry flag is then set is the sum overflows 16 bits. The intermediate checksum HCZ is then incremented if the second carry flag is set. The new checksum HC' is the computed by y0 XORing HC with OxFFFF to obtain it's one's complement. The request is then modified to replace the HC with HC'.
The modified domain name request is then transmitted to the VPN DNS (step 34) via the VPN tunnel. It will be understood that this tunnel is preferably an IPSEC tunnel. After receiving the domain name request, the VPN DNS then resolves the domain name and returns the address location to the driver in the form of a domain name response (step 36). The driver then re-modifies the check sum of the domain name response (step 38) to counter-act the original check sum modification and then transmits the modified domain name response to the public host (step 40). The original ISP DNS address is then recovered. As described above, since the public host may only accept address location responses from the ISP DNS, the modifications of 2o the VPN DNS domain name response is required to fool the public host. The software module has to modify the address location response to show that it is being delivered by the ISP DNS
and then the check sums are adjusted. After receiving the address location from the software module, the public host connects to the returned address location and operation continues until another domain name request is sensed by the driver. It will be understood that this address location may either be a part of the public network or the VPN.
It will be understood that when the VPN tunnel is closed off, the driver stops monitoring the domain name requests. All domain name requests are then sent to the ISP DNS.
In most cases, the parameters, such as address of the DNS and the servers from which to accept information, are pre-programmed into the public host and are difficult to alter.
Although the public host 20 is shown as a personal digital assistant in Figure 1, it will be understood that the public host may also be a desktop computer or a laptop computer with data communication capabilities.
Although the invention has been described with reference to certain specific embodiments, various modifications thereof will be apparent to whose skilled in the art without departing, various modifications thereof will be apparent to those skilled in he art without departing from the spirit and scope of the invention as outlined in the claims appended hereto.
Claims (35)
PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A method for transparently resolving a web site address for a client in a public network when said client is connected to a virtual private network (VPN) using said public network, said method comprising the steps of:
a) connecting said client with said virtual private network (VPN) through said public network, said client storing a software module on a computer readable medium for routing domain name requests to a domain name server (DNS) of said VPN while a connection is active, said software module comprising computer executable instructions that, when executed, operate transparently at said client by performing the following steps:
b) said software module monitoring communication packets transmitted from said client for presence of domain name requests outbound from said client;
c) said software module transparently intercepting said requests;
d) said software module modifying said requests by replacing an address of a DNS of an internet service provider (ISP) of said client with an address of said DNS of said VPN and routing said requests to said DNS of said VPN;
e) said software module receiving an address location as a domain name response from said DNS of said VPN resolving said requests routed thereto by said software module;
f) said software module modifying said response by re-modifying said address of said DNS of said ISP to counter-act the modifying performed in step d); and g) said software module providing said address location to said client;
wherein said address location appears to said client as being provided by said DNS of said ISP.
a) connecting said client with said virtual private network (VPN) through said public network, said client storing a software module on a computer readable medium for routing domain name requests to a domain name server (DNS) of said VPN while a connection is active, said software module comprising computer executable instructions that, when executed, operate transparently at said client by performing the following steps:
b) said software module monitoring communication packets transmitted from said client for presence of domain name requests outbound from said client;
c) said software module transparently intercepting said requests;
d) said software module modifying said requests by replacing an address of a DNS of an internet service provider (ISP) of said client with an address of said DNS of said VPN and routing said requests to said DNS of said VPN;
e) said software module receiving an address location as a domain name response from said DNS of said VPN resolving said requests routed thereto by said software module;
f) said software module modifying said response by re-modifying said address of said DNS of said ISP to counter-act the modifying performed in step d); and g) said software module providing said address location to said client;
wherein said address location appears to said client as being provided by said DNS of said ISP.
2. The method of claim 1 further including the step of connecting said client to said address location.
3. The method of claim 1 or claim 2, wherein step d) further comprises said software module modifying a check sum of said domain name requests; and step f) further comprises said software module re-modifying said check sum to counter-act the modifying performed in step d).
4. The method of claim 3 wherein said modifying performed in step d) includes computing a new check sum by XORing said check sum with a hexadecimal value to obtain a one's complement, and replacing said check sum with said new check sum.
5. The method of any one of claims 1 to 4, wherein said connection between said client and said VPN comprises a VPN tunnel.
6. The method of claim 5 wherein said VPN tunnel comprises a Secure Internet Protocol (IPSec) tunnel.
7. The method of any one of claims 1 to 6, wherein said client is one of a personal digital assistant (PDA), a desktop personal computer, or a laptop personal computer;
wherein said client has data communication capabilities.
wherein said client has data communication capabilities.
8. A client device configured for using a public network and for transparently resolving a web site address when said client device is connected to a virtual private (VPN), said client device comprising a communication link with a domain name server (DNS) of said VPN for connecting said client device with said VPN through said public network and storing a software module configured to operate transparently in said client device, said software module configured for, when executed, performing the steps of:
a) monitoring communication packets outbound of said client device for presence of said domain name requests;
b) transparently intercepting said requests;
c) modifying said requests by replacing an address of a DNS of an internet service provider (ISP) of said client device with an address of said DNS of said VPN, said DNS
of said VPN configured for resolving domain name requests from said client and for returning an address location as a domain name response;
d) routing said requests to said DNS of said VPN;
e) receiving and modifying said response from said DNS of said VPN by re-modifying said address of said ISP to counter-act the modifying performed on said requests;
and f) providing said address location to said client device, wherein said address location appears to said client device as being provided by said DNS of said ISP.
a) monitoring communication packets outbound of said client device for presence of said domain name requests;
b) transparently intercepting said requests;
c) modifying said requests by replacing an address of a DNS of an internet service provider (ISP) of said client device with an address of said DNS of said VPN, said DNS
of said VPN configured for resolving domain name requests from said client and for returning an address location as a domain name response;
d) routing said requests to said DNS of said VPN;
e) receiving and modifying said response from said DNS of said VPN by re-modifying said address of said ISP to counter-act the modifying performed on said requests;
and f) providing said address location to said client device, wherein said address location appears to said client device as being provided by said DNS of said ISP.
9. The client device of claim 8, wherein said software module comprises a driver.
10. The client device of claim 8 or claim 9, wherein said client device is one of a personal digital assistant (PDA), a desktop personal computer, or a laptop personal computer; wherein said client device has data communication capabilities compatible with said communication link.
11. A computer readable medium storing a software module for transparently resolving a web site address for a client in a public network when said client is connected to a virtual private network (VPN) using said public network, said software module comprising computer executable instructions that, when executed, operate transparently at said client by performing the steps of:
a) connecting said client with said virtual private network (VPN) through said public network; routing domain name requests to a domain name server (DNS) of said VPN
while a connection is active;
b) operating transparently in said client;
c) monitoring communication packets transmitted from said client for presence of domain name requests outbound from said client;
d) transparently intercepting said requests;
e) modifying said requests by replacing an address of a DNS of an internet service provider (ISP) of said client with an address of said DNS of said VPN and routing said requests to said DNS of said VPN;
f) receiving an address location as a domain name response from said DNS of said VPN
resolving said requests routed thereto;
g) modifying said response by re-modifying said address of said ISP to counter-act said modifying performed on said requests; and h) providing said address location to said client; wherein said address location appears to said client as being provided by said DNS of said ISP.
a) connecting said client with said virtual private network (VPN) through said public network; routing domain name requests to a domain name server (DNS) of said VPN
while a connection is active;
b) operating transparently in said client;
c) monitoring communication packets transmitted from said client for presence of domain name requests outbound from said client;
d) transparently intercepting said requests;
e) modifying said requests by replacing an address of a DNS of an internet service provider (ISP) of said client with an address of said DNS of said VPN and routing said requests to said DNS of said VPN;
f) receiving an address location as a domain name response from said DNS of said VPN
resolving said requests routed thereto;
g) modifying said response by re-modifying said address of said ISP to counter-act said modifying performed on said requests; and h) providing said address location to said client; wherein said address location appears to said client as being provided by said DNS of said ISP.
12. The computer readable medium of claim 11 comprising instructions for connecting said client to said address location.
13. The computer readable medium of claim 11 or claim 12 comprising instructions for modifying a check sum of said domain name requests; and for re-modifying said check sum to counter-act the modifying of the check sum.
14. The computer readable medium of claim 13, wherein said modification of said check sum includes computing a new check sum by XORing said check sum with a hexadecimal value to obtain a one's complement, and replacing said check sum with said new check sum.
15. The computer readable medium of any one of claims 11 to 14 wherein said connection between said client and said VPN comprises a VPN tunnel.
16 The computer readable medium of claim 15, wherein said VPN tunnel comprises a Secure Internet Protocol (IPSec) tunnel.
17. The computer readable medium of any one of claims 11 to 16, wherein said client is one of a personal digital assistant (PDA), a desktop personal computer, or a laptop personal computer; wherein said client has data communication capabilities.
18. A method for resolving web site addresses for a client in a public network, wherein said client is capable of connecting to a virtual private network (VPN) using said public network, and wherein parameters of said client for accepting domain name requests from a domain name server (DNS) of an internet service provider (ISP) are established and unalterable, said method comprising the steps of:
- transparently intercepting all domain name requests outbound from said client;
- examining said domain name requests to determine if a requested web site is a public site or a private site;
- if said requested web site is a public web site: routing said request directly to said DNS of said ISP; receiving an address location as a domain name response; and providing an address location to said client without altering said parameters; and - if said requested web site is a private web site: modifying said request;
routing a modified request to a DNS of said VPN; and re-modifying a response from said DNS of said VPN, said modifying and re-modifying being done to appear to said client as if said request and said response are being sent and received from said DNS of said ISP.
- transparently intercepting all domain name requests outbound from said client;
- examining said domain name requests to determine if a requested web site is a public site or a private site;
- if said requested web site is a public web site: routing said request directly to said DNS of said ISP; receiving an address location as a domain name response; and providing an address location to said client without altering said parameters; and - if said requested web site is a private web site: modifying said request;
routing a modified request to a DNS of said VPN; and re-modifying a response from said DNS of said VPN, said modifying and re-modifying being done to appear to said client as if said request and said response are being sent and received from said DNS of said ISP.
19. The method according to claim 18, wherein communication with said DNS of said VPN is over a VPN tunnel, said method further comprising the step of: upon determining that said VPN
tunnel is closed off, no longer performing the step of examining said domain name requests and instead sending all domain name requests directly to said DNS of said ISP.
tunnel is closed off, no longer performing the step of examining said domain name requests and instead sending all domain name requests directly to said DNS of said ISP.
20. The method according to claim 18 or claim 19, wherein said step of transparently intercepting is performed by executing a software module stored on a computer readable medium at said client.
21. The method according to claim 20, wherein said software module comprises a driver.
22. The method according to claim 20 or claim 21, further comprising the step of notifying said software module upon connecting said client to a VPN tunnel between said client and said DNS of said VPN.
23. The method according to any one of claims 18 to 22, wherein said modifying said request comprises modifying a check sum of said outbound domain name requests and re-modifying said check sum on inbound responses from said DNS of said VPN to counter-act the modifying of the check sum.
24. The method according to claim 23, wherein said modifying of said check sum includes computing a new check sum by XORing said check sum with a hexadecimal value to obtain a one's complement, and replacing said check sum with said new check sum.
25. The method according to any one of claims 18 to 24, wherein said client is connected to said DNS of said VPN over a VPN tunnel.
26. The method according to claim 25, wherein said VPN tunnel comprises a Secure Internet Protocol (IPSec) tunnel.
27. A computer readable medium comprising computer executable instructions for resolving web site addresses for a client in a public network, wherein said client is capable of connecting to a virtual private network (VPN) using said public network, and wherein parameters of said client for accepting domain name requests from a domain name server (DNS) of an internet service provider (ISP) are established and unalterable, said instructions, when executed, perform the steps of:
- transparently intercepting all domain name requests outbound from said client;
- examining said domain name requests to determine if a requested web site is a public site or a private site;
- if said requested web site is a public web site: routing said request directly to said DNS
of said ISP; receiving an address location as a domain name response; and providing an address location to said client without altering said parameters; and - if said requested web site is a private web site: modifying said request;
routing a modified request to a DNS of said VPN; and re-modifying a response from said DNS of said VPN, said modifying and re-modifying being done to appear to said client as if said request and said response are being sent and received from said DNS of said ISP.
- transparently intercepting all domain name requests outbound from said client;
- examining said domain name requests to determine if a requested web site is a public site or a private site;
- if said requested web site is a public web site: routing said request directly to said DNS
of said ISP; receiving an address location as a domain name response; and providing an address location to said client without altering said parameters; and - if said requested web site is a private web site: modifying said request;
routing a modified request to a DNS of said VPN; and re-modifying a response from said DNS of said VPN, said modifying and re-modifying being done to appear to said client as if said request and said response are being sent and received from said DNS of said ISP.
28. The computer readable medium according to claim 27, wherein communication with said DNS of said VPN is over a VPN tunnel, said computer readable medium further comprising instructions for: upon determining that said VPN tunnel is closed off, no longer performing the step of examining said domain name requests and instead sending all domain name requests directly to said DNS of said ISP.
29. The computer readable medium according to claim 27 or claim 28, wherein said instruction for transparently intercepting is performed by executing a software module stored on a computer readable medium at said client.
30. The computer readable medium according to claim 29, wherein said software module comprises a driver.
31. The computer readable medium according to claim 29 or claim 30, further comprising instructions for: notifying said software module upon connecting said client to a VPN tunnel between said client and said DNS of said VPN.
32. The computer readable medium according to any one of claims 27 to 31, wherein said modifying said request comprises modifying a check sum of said outbound domain name requests and re-modifying said check sum on inbound responses from said DNS of said VPN to counter-act the modifying of the check sum.
33. The computer readable medium according to claim 32, wherein said modifying of said check sum includes computing a new check sum by XORing said check sum with a hexadecimal value to obtain a one's complement, and replacing said check sum with said new check sum.
34. The computer readable medium according to any one of claims 27 to 33, wherein said client is connected to said DNS of said VPN over a VPN tunnel.
35. The computer readable medium according to claim 34, wherein said VPN
tunnel comprises a Secure Internet Protocol (IPSec) tunnel.
tunnel comprises a Secure Internet Protocol (IPSec) tunnel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2353180A CA2353180C (en) | 2001-07-13 | 2001-07-13 | Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2353180A CA2353180C (en) | 2001-07-13 | 2001-07-13 | Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2353180A1 CA2353180A1 (en) | 2003-01-13 |
| CA2353180C true CA2353180C (en) | 2011-04-12 |
Family
ID=4169493
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2353180A Expired - Lifetime CA2353180C (en) | 2001-07-13 | 2001-07-13 | Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2353180C (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113938293A (en) * | 2021-09-23 | 2022-01-14 | 深圳市柔宇科技股份有限公司 | VPN network sharing method, storage medium and terminal device |
-
2001
- 2001-07-13 CA CA2353180A patent/CA2353180C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CA2353180A1 (en) | 2003-01-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7734822B2 (en) | Method and apparatus for resolving a web site address when connected with a virtual private network (VPN) | |
| US6591306B1 (en) | IP network access for portable devices | |
| US7454489B2 (en) | System and method for accessing clusters of servers from the internet network | |
| JP4328753B2 (en) | Method, system and computer using network address translation (NAT) in all types of applications in IP networks | |
| KR100953805B1 (en) | Virtual private network structures reuse for mobile computing devices | |
| EP1710953B1 (en) | Encryption communication method | |
| US7376715B2 (en) | Asynchronous hypertext messaging system and method | |
| US8214537B2 (en) | Domain name system using dynamic DNS and global address management method for dynamic DNS server | |
| US7680954B2 (en) | Proxy DNS for web browser request redirection in public hotspot accesses | |
| US20170034174A1 (en) | Method for providing access to a web server | |
| US20020161904A1 (en) | External access to protected device on private network | |
| US20110238801A1 (en) | Dynamic session maintenance for mobile computing devices | |
| WO2002076065A2 (en) | Generic external proxy | |
| US10033830B2 (en) | Requesting web pages and content rating information | |
| US20100023620A1 (en) | Access controller | |
| CA2353180C (en) | Method and apparatus for resolving a web site address when connected with a virtual private network (vpn) | |
| US8166141B1 (en) | Method and apparatus for emulating web browser proxies | |
| US7715326B2 (en) | Webserver alternative for increased security | |
| KR20060113952A (en) | Internet listener/publisher | |
| JP2005197936A (en) | Communication system, registering device, and communication device | |
| Cisco | IP Routing | |
| JP3616571B2 (en) | Address resolution method for Internet relay connection | |
| JP3575369B2 (en) | Access routing method and access providing system | |
| JP2005130511A (en) | Computer network management method and system | |
| JP2002358254A (en) | Gateway www server system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20210713 |
|
| MKEX | Expiry |
Effective date: 20210713 |
|
| MKEX | Expiry |
Effective date: 20210713 |