CN104426735A - Method and device for establishing VPN (Virtual Private Network) connection - Google Patents
Method and device for establishing VPN (Virtual Private Network) connection Download PDFInfo
- Publication number
- CN104426735A CN104426735A CN201310386311.1A CN201310386311A CN104426735A CN 104426735 A CN104426735 A CN 104426735A CN 201310386311 A CN201310386311 A CN 201310386311A CN 104426735 A CN104426735 A CN 104426735A
- Authority
- CN
- China
- Prior art keywords
- network
- module
- vpn
- address
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for establishing VPN (Virtual Private Network) connection. A VPN connection module is arranged at a terminal. The method comprises the following steps: obtaining the address of a VPN after the VPN connection is established, then reporting to a safety domain module of the terminal, and accessing the resources of the VPN based on the private address of the VPN by the safety domain module; reporting the address of a public network for establishing the VPN to a personal domain module of the terminal, and accessing non-VPN website resources in the public network based on the address of the public network by the personal domain module. Therefore, according to the method and the device provided by the invention, the VPN is privately accessed after the VPN connection is established, so that the security is improved.
Description
Technical field
The present invention relates to network field, particularly one sets up the method and device that VPN (virtual private network) (VPN, VirtualPrivatie Network) connects.
Background technology
VPN is the dedicated network set up in the common network of such as internet (Internet), and VPN uses the common link in common network, therefore can only be called Virtual Private Network.VPN utilizes tunneling technique in common network, encapsulate out a tunnel, for transmitting the data in VPN.Work as terminal, after particularly intelligent terminal and a certain specific VPN connect, use the user of this terminal no matter to be go on business in other places or handle official business at home, as long as the data that common network just can be linked into this VPN of access in this VPN can be gone up.Owing to having above-mentioned characteristic, VPN application is more and more wider.
When terminal sets up VPN connection, use tunneling technique.Tunneling technique is exactly the virtual link set up between terminal and VPN, realizes the connection between terminal and VPN.If when common network is internet, tunneling technique is exactly Internet protocol (IP) tunneling technique, and IP tunnel can be based upon data link layer or the network layer of internet.Such as, be based upon mainly point to point connect (PPP) tunnel, second layer tunnel of data link layer, such as PPTP (PPTP) connects or Level 2 Tunnel Protocol (L2TP) connects, and is characterized in that agreement is simple and is easy to encryption, is applicable to long-rangely connecting with VPN.The third layer tunnel being based upon network layer is IPinIP, and such as internet protocol security (IPsec) connects or secure socket layer protocol (SSL VPN) connects, and its reliability and autgmentability are better than second layer tunnel, but to connect more complicated with VPN.
The tunnel protocol that IP tunnel adopts, tunnel is exactly the technology utilizing the another kind of agreement of a kind of protocol transmission, namely utilizes the connection between tunnel protocol realization with VPN.In order to create network side in terminal and VPN, the connection such as between server, uses same tunnel protocol between terminal and the server of VPN.Particularly, tunnel protocol is PPTP, L2TP, IPsec or SSL VPN.
PPTP is a kind of for allowing terminal remote be dial-up connection to local ISP (ISP), by internet safety remote access on specific vpn server, accesses the data in this VPN.PPP frame can be packaged into IP packet by it, can transmit on internet, realizes the transfer of data between terminal and VPN.The establishment that PPTP uses transmission control protocol (TCP) to connect, maintenance and termination tunnel, and use generic route encapsulation (GRE) that PPP frame is packaged into IP packet, the data of the PPP frame after packed can be encrypted or/and compression.
L2TP is a kind of complex art of PPTP and Level 2 Forwarding (L2F).
IPSec is a kind of third layer security protocol of standard, and it encapsulates outside IP tunnel again, ensure that the safety of IP tunnel in transmitting procedure.The principal character of IPSec is that it can be encrypted and certification the communication of all IP levels, guarantees that terminal can long-rangely be linked in VPN, and carries out the fail safe of Telnet, Email, transfer of data and world wide web access between VPN.
SSL VPN is the agreement providing escape way between two machines based on web app that Netscape proposes.It has the function of recognition machine when protecting transmission data.SSL VPN mainly adopts RSA arithmetic and X509 digital certificate technique on internet, to provide server authentication and authenticated client, the confidentiality of the data on SSL link and safety.
At present, the process that terminal is setting up VPN connection is: first, terminal accesses the common networks such as such as internet network, obtain the IP address distributed, then, based on distributed IP address, set up VPN to connect, finally, terminal is connected by VPN and obtains the resource of VPN, and terminal adopts the IP address obtained to access other websites in the internet of non-VPN.
Can find out, when setting up VPN and connecting, need the network address that acquisition common network is distributed, carry out VPN connection again, at this moment, the network address that terminal can be distributed based on common network, accesses other any websites in the common network of non-VPN, can not private access VPN, cause fail safe to reduce.
Summary of the invention
In view of this, the invention provides a kind of method set up VPN and connect, the method can make after setting up VPN connection, and private access VPN, improves fail safe.
The present invention also provides a kind of device set up VPN and connect, and after this device can be used in and set up VPN connection, private access VPN, improves fail safe.
For achieving the above object, technical scheme of the invention process is specifically achieved in that
Set up the method that VPN (virtual private network) connects, between terminal bottom hardware module and terminal upper-layer software module, arrange network connection management module, the method also comprises:
After the hardware module of described network connection management module control terminal is linked into common network, obtain public network address;
Described network connection management module, based on obtained public network address, adopts tunnel style to set up VPN (virtual private network) and connects, obtain VPN (virtual private network) address;
Obtained public network address is reported the individual territory module in terminal upper-layer software module by described network connection management module, carry out common network mutual, obtained VPN (virtual private network) address is reported the security domain module in terminal upper-layer software module, it is mutual to carry out Virtual Private Network.
The hardware module of described terminal is network access module, and described network access module is that WiFi communication module, mobile Internet communication module are or/and local area network communications module.
Described tunnel style is set up at the link layer of common network or network layer, and wherein, the tunnel style of link layer is based on PPTP or L2TP, and the tunnel style of network layer is based on IPSec or SSL VPN.
Described network connection management module comprises virtual patent network connecting module and common network link block, the described common network that is linked into is undertaken by common network link block, the public network address got is sent to described virtual patent network connecting module and individual territory module, described VPN (virtual private network) of setting up connects and is carried out based on public network address by virtual patent network connecting module, and accessed virtual private network address is sent to described security domain module.
Set up the device that VPN (virtual private network) connects, this device comprises: network access module, network connection management module, security domain module and individual territory module, wherein,
Network access module, for being linked into common network under the control of network connection management module, after getting public network address, sends to network connection management module; Under the control of network connection management module, adopt tunnel style to set up VPN based on public network address connect, after getting VPN address, send to network connection management module;
Network connection management module, for net control access module access common network, and sets up VPN connection; VPN address is sent to security domain module, public network address is sent to individual territory module;
Security domain module, for based on VPN address, by network access module and VPN mutual;
Individual's territory module, for based on public network address, by network access module and common network mutual.
Described network connection management module comprises common network link block and VPN (virtual private network) link block, wherein,
Common network link block, for net control access module access common network, sends to VPN (virtual private network) link block and individual territory module by the public network address obtained;
VPN (virtual private network) link block, connects for setting up VPN based on public network address net control access module, the VPN address of reception is sent to security domain module.
Described network access module is that WiFi communication module, mobile Internet communication module are or/and local area network communications module.
Described network access module, be also set up at the link layer of common network or network layer for described tunnel style, wherein, the tunnel style of link layer is based on PPTP or L2TP, and the tunnel style of network layer is based on IPSec or SSL VPN.
As can be seen from the above scheme, the present invention arranges VPN (virtual private network) link block in terminal, after setting up VPN connection, obtains VPN address, then reports the security domain module of terminal, access VPN resource by security domain module based on VPN specific address; The public network address being used for setting up VPN is reported the individual territory module of terminal, accessed the site resource of the non-VPN in common network by individual territory module based on public network address.Like this, because the Internet resources of the non-VPN in access VPN resource and access common network independently separate by the present invention, before the individual territory module of terminal gets public network address, set up VPN by VPN (virtual private network) link block to connect, be assigned with VPN address when setting up VPN and connecting and report the security domain module giving terminal, make the private access when accessing VPN resource, not by the impact of the site resource based on the non-VPN in public network address access common network.Therefore, method provided by the invention and device make after setting up VPN connection, and private access VPN, improves fail safe.
Accompanying drawing explanation
A kind of method flow diagram set up VPN and connect that Fig. 1 provides for the embodiment of the present invention;
A kind of apparatus structure schematic diagram set up VPN and connect that Fig. 2 provides for the embodiment of the present invention.
Embodiment
For making object of the present invention, technical scheme and advantage clearly understand, to develop simultaneously embodiment referring to accompanying drawing, the present invention is described in further detail.
As can be seen from background technology, terminal is after setting up VPN, when accessing VPN resource, other site resources in the common network of non-VPN can also be accessed based on public network address, access VPN resource and other site resources of accessing in the common network of non-VPN independently can not be separated, the fail safe causing terminal access VPN resource reduces.Therefore, the present invention arranges VPN (virtual private network) link block in terminal, after setting up VPN connection, obtains VPN address, then reports the security domain module of terminal, access VPN resource by security domain module based on VPN specific address; The public network address being used for setting up VPN is reported the individual territory module of terminal, accessed the site resource of the non-VPN in common network by individual territory module based on public network address.
Like this, because the Internet resources of the non-VPN in access VPN resource and access common network independently separate by the present invention, before the individual territory module of terminal gets public network address, set up VPN by VPN (virtual private network) link block to connect, be assigned with VPN address when setting up VPN and connecting and report the security domain module giving terminal, make the private access when accessing VPN resource, not by the impact of the site resource based on the non-VPN in public network address access common network.Therefore, method provided by the invention and device make after setting up VPN connection, and private access VPN, improves fail safe.
A kind of method flow diagram set up VPN and connect that Fig. 1 provides for the embodiment of the present invention, terminal arranges VPN (virtual private network) link block between upper-layer software module and bottom hardware module, and its concrete steps are:
Step 101, terminal resets start, to the external equipment initialization of terminal;
The network access module of step 102, terminal initialization self;
In this step, the network access module of terminal can be WiFi communication module, mobile Internet communication module or/and local area network communications module etc., do not limit here;
In this step, network access module is exactly the hardware module of terminal bottom;
Wherein, the protocol stack independent operating of mobile Internet communication module, directly can obtain public network address by accessing Internet; WiFi communication module runs the protocol stack depending on self, and be not connected too much between the upper layer module of terminal, only have relation with IP address version, directly can obtain public network address by accessing Internet network, the WiFi communication module of main flow supports IPv4 and IPv6 simultaneously; Local area network communications module provides local area network communication interface, obtains public network address and has been coordinated by LAN driver and network protocol stack;
The common network link block of step 103, terminal, the network access module of control terminal is linked in common network;
In this step, common network link block is arranged in network connection management module, and network connection management module arranges between the hardware module of upper-layer software module and bottom, and it also comprises VPN (virtual private network) link block;
In this step, the common network link block of terminal, the network access module of control terminal initiates the connection request of common network, after the response of common network network side, set up the connection between the common network link block of terminal, for terminal distribution public network address, send to common network link block by the network access module of terminal;
After the public network link block acquisition public network address of step 104, terminal, send to the VPN (virtual private network) link block of terminal;
The VPN (virtual private network) link block of step 105, terminal, based on public network address, adopts tunnel style, after setting up VPN connection, is connected distribution VPN address by setting up VPN by the network access module of terminal;
In this step, tunnel style is set up at the link layer of common network or network layer, and wherein, the tunnel style of link layer is based on PPTP or L2TP, and the tunnel style of network layer is based on IPSec or SSL VPN;
The public network address of acquisition is reported the individual territory module of terminal by the public network link block of step 106, terminal, started by the individual territory module of terminal, based on this public network address, by the network access module of terminal and common network mutual, access common network resource;
In this step, the individual territory module of terminal is the upper-layer software module of terminal;
The VPN address got is reported the security domain module of terminal by the VPN (virtual private network) link block of step 107, terminal, is started by the security domain module of terminal, based on this VPN address, by the network access module of terminal and VPN mutual, access VPN resource;
In this step, the security domain module of terminal is the upper-layer software module of terminal.
Can find out, in the present invention, the security domain module of terminal can not get public network address, makes the security domain module of terminal to be linked into common network, the resource of access common network.
The apparatus structure schematic diagram setting up VPN connection that Fig. 2 provides for the embodiment of the present invention, in fact this device is exactly terminal, comprising: network access module, network connection management module, security domain module and individual territory module, wherein,
Network access module, for being linked into common network under the control of network connection management module, after getting public network address, sends to network connection management module; Under the control of network connection management module, adopt tunnel style to set up VPN based on public network address connect, after getting VPN address, send to network connection management module;
Network connection management module, for net control access module access common network, and sets up VPN connection; VPN address is sent to security domain module, public network address is sent to individual territory module;
Security domain module, for based on VPN address, by network access module and VPN mutual, access VPN resource;
Individual's territory module, for based on public network address, mutual by network access module and common network, access common network resource.
In the structure shown here, network connection management module comprises common network link block and VPN (virtual private network) link block, wherein,
Common network link block, for net control access module access common network, sends to VPN (virtual private network) link block and individual territory module by the public network address obtained;
VPN (virtual private network) link block, connects for setting up VPN based on public network address net control access module, the VPN address of reception is sent to security domain module.
In the structure shown here, network access module can be WiFi communication module, mobile Internet communication module or/and local area network communications module etc., do not limit here.
In the structure shown here, network access module, be also set up at the link layer of common network or network layer for described tunnel style, wherein, the tunnel style of link layer is based on PPTP or L2TP, and the tunnel style of network layer is based on IPSec or SSL VPN.
In the structure shown here, in fact network access module is exactly the hardware module of terminal, is terminal upper layer software (applications), the hardware environment that such as operating system relies on.
In the structure shown here, network tube connector module is the module of the responsible network connection establishment operated on hardware module, is connected for setting up network before security domain module with the startup of individual territory module, and the module of supervising the network.
Can find out, method provided by the invention and device are provided with network connection management module between the hardware module of terminal and the software module on upper strata, initiatively complete VPN and connect and management; The network connection management module of terminal is responsible for the acquisition of VPN address and the acquisition of public network address, and independently reports corresponding upper-layer software module; Security domain module in terminal upper-layer software module only can pass through VPN address and VPN is mutual, and access VPN resource, independent of the process mutual with common network.
More than lift preferred embodiment; the object, technical solutions and advantages of the present invention are further described; be understood that; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention; within the spirit and principles in the present invention all, any amendment done, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. set up the method that VPN (virtual private network) connects, it is characterized in that, between terminal bottom hardware module and terminal upper-layer software module, arrange network connection management module, the method also comprises:
After the hardware module of described network connection management module control terminal is linked into common network, obtain public network address;
Described network connection management module, based on obtained public network address, adopts tunnel style to set up VPN (virtual private network) and connects, obtain VPN (virtual private network) address;
Obtained public network address is reported the individual territory module in terminal upper-layer software module by described network connection management module, carry out common network mutual, obtained VPN (virtual private network) address is reported the security domain module in terminal upper-layer software module, it is mutual to carry out Virtual Private Network.
2. the method for claim 1, is characterized in that, the hardware module of described terminal is network access module, and described network access module is that WiFi communication module, mobile Internet communication module are or/and local area network communications module.
3. the method for claim 1, is characterized in that, described tunnel style is set up at the link layer of common network or network layer, and wherein, the tunnel style of link layer is based on PPTP or L2TP, and the tunnel style of network layer is based on IPSec or SSL VPN.
4. the method for claim 1, it is characterized in that, described network connection management module comprises virtual patent network connecting module and common network link block, the described common network that is linked into is undertaken by common network link block, the public network address got is sent to described virtual patent network connecting module and individual territory module, described VPN (virtual private network) of setting up connects and is carried out based on public network address by virtual patent network connecting module, and accessed virtual private network address is sent to described security domain module.
5. set up the device that VPN (virtual private network) connects, it is characterized in that, this device comprises: network access module, network connection management module, security domain module and individual territory module, wherein,
Network access module, for being linked into common network under the control of network connection management module, after getting public network address, sends to network connection management module; Under the control of network connection management module, adopt tunnel style to set up VPN based on public network address connect, after getting VPN address, send to network connection management module;
Network connection management module, for net control access module access common network, and sets up VPN connection; VPN address is sent to security domain module, public network address is sent to individual territory module;
Security domain module, for based on VPN address, by network access module and VPN mutual;
Individual's territory module, for based on public network address, by network access module and common network mutual.
6. device as claimed in claim 5, it is characterized in that, described network connection management module comprises common network link block and VPN (virtual private network) link block, wherein,
Common network link block, for net control access module access common network, sends to VPN (virtual private network) link block and individual territory module by the public network address obtained;
VPN (virtual private network) link block, connects for setting up VPN based on public network address net control access module, the VPN address of reception is sent to security domain module.
7. device as claimed in claim 5, it is characterized in that, described network access module is that WiFi communication module, mobile Internet communication module are or/and local area network communications module.
8. device as claimed in claim 5, is characterized in that, described network access module, be also set up at the link layer of common network or network layer for described tunnel style, wherein, the tunnel style of link layer is based on PPTP or L2TP, and the tunnel style of network layer is based on IPSec or SSL VPN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310386311.1A CN104426735B (en) | 2013-08-30 | 2013-08-30 | A kind of method and device for establishing Virtual Private Network connection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310386311.1A CN104426735B (en) | 2013-08-30 | 2013-08-30 | A kind of method and device for establishing Virtual Private Network connection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104426735A true CN104426735A (en) | 2015-03-18 |
| CN104426735B CN104426735B (en) | 2018-06-26 |
Family
ID=52974741
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310386311.1A Active CN104426735B (en) | 2013-08-30 | 2013-08-30 | A kind of method and device for establishing Virtual Private Network connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104426735B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105630584A (en) * | 2015-06-16 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Operation control method and system of application program and terminal |
| CN105939308A (en) * | 2015-07-27 | 2016-09-14 | 杭州迪普科技有限公司 | Message processing method and device |
| CN107231372A (en) * | 2017-06-28 | 2017-10-03 | 深圳市欧乐在线技术发展有限公司 | A kind of Dynamic VPN network method for building up and device |
| CN111083091A (en) * | 2018-10-19 | 2020-04-28 | 中兴通讯股份有限公司 | Tunnel creation method, device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030140131A1 (en) * | 2002-01-22 | 2003-07-24 | Lucent Technologies Inc. | Dynamic virtual private network system and methods |
| CN101252509A (en) * | 2007-02-21 | 2008-08-27 | 华耀环宇科技有限公司 | Dynamic system and method for virtual private network (VPN) information packet level routing using dual-NAT method |
| CN101304388A (en) * | 2008-06-20 | 2008-11-12 | 华为技术有限公司 | Method, apparatus and system for settling IP address conflict |
| CN102088438A (en) * | 2009-12-03 | 2011-06-08 | 中兴通讯股份有限公司 | Method for solving address conflict of Internet protocol security (IPSec) Client and IPSec Client |
-
2013
- 2013-08-30 CN CN201310386311.1A patent/CN104426735B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030140131A1 (en) * | 2002-01-22 | 2003-07-24 | Lucent Technologies Inc. | Dynamic virtual private network system and methods |
| CN101252509A (en) * | 2007-02-21 | 2008-08-27 | 华耀环宇科技有限公司 | Dynamic system and method for virtual private network (VPN) information packet level routing using dual-NAT method |
| CN101304388A (en) * | 2008-06-20 | 2008-11-12 | 华为技术有限公司 | Method, apparatus and system for settling IP address conflict |
| CN102088438A (en) * | 2009-12-03 | 2011-06-08 | 中兴通讯股份有限公司 | Method for solving address conflict of Internet protocol security (IPSec) Client and IPSec Client |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105630584A (en) * | 2015-06-16 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Operation control method and system of application program and terminal |
| CN105939308A (en) * | 2015-07-27 | 2016-09-14 | 杭州迪普科技有限公司 | Message processing method and device |
| CN105939308B (en) * | 2015-07-27 | 2018-11-27 | 杭州迪普科技股份有限公司 | The treating method and apparatus of message |
| CN107231372A (en) * | 2017-06-28 | 2017-10-03 | 深圳市欧乐在线技术发展有限公司 | A kind of Dynamic VPN network method for building up and device |
| CN111083091A (en) * | 2018-10-19 | 2020-04-28 | 中兴通讯股份有限公司 | Tunnel creation method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104426735B (en) | 2018-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9231918B2 (en) | Use of virtual network interfaces and a websocket based transport mechanism to realize secure node-to-site and site-to-site virtual private network solutions | |
| CN103379009B (en) | SSL VPN communication method based on data link layers | |
| EP2590368B1 (en) | Method, equipment and network system for terminal communicating with ip multimedia subsystem(ims) core network server by traversing private network | |
| CN104506670B (en) | Establish method, equipment and the system of network game connection | |
| US9015855B2 (en) | Secure tunneling platform system and method | |
| CN105471596B (en) | The method and apparatus of network management | |
| US9225685B2 (en) | Forcing all mobile network traffic over a secure tunnel connection | |
| JP2018537912A5 (en) | ||
| CN106992917A (en) | Message forwarding method and device | |
| US20150288651A1 (en) | Ip packet processing method and apparatus, and network system | |
| US20090059837A1 (en) | System and method for management and administration of repeaters and antenna systems | |
| CN102664896A (en) | Safety network transmission system and method based on hardware encryption | |
| CN103391234A (en) | Method for realizing multi-user fixed port mapping and PPTP VPN server side | |
| CN104426735A (en) | Method and device for establishing VPN (Virtual Private Network) connection | |
| CN109906625A (en) | The method of the online safety chain layer connection of wireless local area | |
| CN107453861B (en) | A kind of collecting method based on SSH2 agreement | |
| CN102984025B (en) | The method of testing of gateway device virtual tunnel performance, Apparatus and system | |
| CN103841587B (en) | A kind of implementation method, the apparatus and system of Internet of Things Convergence gateway | |
| CN104954339B (en) | A kind of power emergency repair remote communication method and system | |
| Fei et al. | The research and implementation of the VPN gateway based on SSL | |
| CN102932359B (en) | Streaming media service requesting method, device and system | |
| CN105635076B (en) | A kind of media transmission method and equipment | |
| CN106027508A (en) | Authentication encrypted data transmission method and device | |
| EP3220584A1 (en) | Wifi sharing method and system, home gateway and wireless local area network gateway | |
| CN115664738A (en) | Communication method, communication device, electronic device, and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |