CN104935490A - Mobile internet terminal accessing apparatus based on cloud virtual machine - Google Patents
Mobile internet terminal accessing apparatus based on cloud virtual machine Download PDFInfo
- Publication number
- CN104935490A CN104935490A CN201510415415.XA CN201510415415A CN104935490A CN 104935490 A CN104935490 A CN 104935490A CN 201510415415 A CN201510415415 A CN 201510415415A CN 104935490 A CN104935490 A CN 104935490A
- Authority
- CN
- China
- Prior art keywords
- network
- virtual machine
- mobile internet
- vpn server
- communication network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention relates to a mobile internet terminal accessing apparatus based on a cloud virtual machine, comprising a mobile terminal, a virtual private dial-up network, a VPN server and an external communication network, wherein the mobile terminal is connected with the VPN server through the virtual private dial-up network, and the VPN server is connected with the external communication network. Compared with the prior art, the mobile internet terminal accessing apparatus of the present invention has the advantages of low cost, high efficiency, large-scale VPN channels, etc.
Description
Technical field
The present invention relates to a kind of mobile Internet terminal access device, especially relate to a kind of mobile Internet terminal access device based on cloud virtual machine.
Background technology
PPTP uses TCP to connect and safeguards tunnel, uses generic route encapsulation (GRE) technology to become PPP information hardwood by tunnel transmission data encapsulation, can be encrypted or compress the load data in encapsulation PPP hardwood.
Wherein encapsulation process is as follows:
1. data encapsulation is in IP (or IPX and NetBEUI) package;
2. this IP (or IPX and NetBEUI) package is encapsulated in PPP frame;
3. this PPP frame is encapsulated in (and encryption) in GRE frame;
4. this GRE frame is encapsulated in IP package.
Wherein deblocking process is as follows:
1. remove IP packet header;
2. remove GRE packet header (decrypting process).It is a PPP frame in GRE load;
3. remove PPP packet header;
4. this IP (or IPX and NetBEUI) package is routed to it final destination;
Encryption key by being generated by MS-CHAP, MS-CHAP v2 or EAP-TLS authentication process itself is encrypted PPP frame by MPPE.For being encrypted the valid data comprised in PPP frame, VPN (virtual private network) client must use MS-CHAP, MS-CHAP v2 or eap-tls authentication protocol.PPTP will utilize bottom PPP encryption function and the direct PPP frame to originally passing through encryption encapsulated.
PPTP agreement by control bag separate with packet, control bag adopt TCP control, client's side link to vpn server TCP1723 port, for the function of control and management vpn tunneling.Data packet portions is first encapsulated in ppp protocol, is then encapsulated in GRE V2 agreement, is finally encapsulated in IP agreement and transmits.
Conventional deployment pattern is all adopt the router supporting VPN function, fire compartment wall, and VPN trunking realizes, and through practical application, finds that there is following weak point:
1, purchase special vpn equipment, high cost, as one is supported the cisco3925-sec router of maximum 19 PPTP passages, its procurement price will more than more than 40,000 yuan;
2, in traditional deployment way, large-scale user cannot be adapted at all and dial in into
3, adopt vpn router or fire compartment wall mode, often go offline;
4,1 user disposes a set of VPN device, and 100 users just need deployment 100 vpn equipment, and high cost, is unfavorable for environmental protection and low-carbon energy-saving.
Summary of the invention
Object of the present invention is exactly the mobile Internet terminal access device based on cloud virtual machine providing a kind of with low cost, high efficiency, extensive VPN passage in order to overcome defect that above-mentioned prior art exists.
Object of the present invention can be achieved through the following technical solutions:
A kind of mobile Internet terminal access device based on cloud virtual machine, it is characterized in that, comprise mobile terminal, Virtual Private Dialup Network, vpn server and external communication network, described mobile terminal is connected with vpn server by Virtual Private Dialup Network, and described vpn server is connected with external communication network.
Described mobile terminal comprises notebook, panel computer or smart mobile phone.
Described mobile terminal adopts the terminal of windows system, iOS system or andriod system.
Described vpn server is PPTP vpn server.
Described external communication network comprises DMT tri-net, international fine work net or CN2 network.
Described DMT tri-net comprises communication network, Netcom's network, UNICOM's network, telecommunications egress router, Netcom's egress router, UNICOM's egress router, first core switch, second core switch, first interface router, second interface router, described communication network is connected with telecommunications egress router, described Netcom's network is connected with Netcom egress router, described UNICOM's network is connected with UNICOM egress router, described telecommunications egress router, Netcom's egress router, UNICOM's egress router respectively with the first core switch, second core switch connects, the first described core switch, second core switch respectively with first interface router, second interface router connects.
Described vpn server is connected with external communication network by hardware firewall.
Described vpn server is connected with external communication network by network address translater NAT.
Compared with prior art, the present invention has the following advantages:
1, realize cost low, set up PPTP VPN integrated technology by open source system beyond the clouds, reduce system cost;
2, favorable expandability, it is many that VPN dials in number of channels, restricted hardly, is applicable to dial in access on a large scale and uses;
3, applied widely, be applicable to mobile terminal system main on the market at present, as Andriod, iOS, windows system, access is convenient, as long as there is the place of movable signal, just can access.
4, to take resource few, reliable and stable for system.
Accompanying drawing explanation
Fig. 1 is structural representation of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
Embodiment
As shown in Figure 1, a kind of mobile Internet terminal access device based on cloud virtual machine, comprise mobile terminal 1, Virtual Private Dialup Network 2, vpn server 3 and external communication network, described mobile terminal is connected with vpn server by Virtual Private Dialup Network, and described vpn server is connected with external communication network.
Described mobile terminal 1 comprises windows terminal 13, iOS terminal 12 or andriod terminal 11.Described vpn server 2 is PPTP vpn server.Described external communication network comprises DMT tri-net 4, international fine work net 6 or CN2 network 5.Described DMT tri-net comprises communication network, Netcom's network, UNICOM's network, telecommunications egress router, Netcom's egress router, UNICOM's egress router, first core switch, second core switch, first interface router, second interface router, described communication network is connected with telecommunications egress router, described Netcom's network is connected with Netcom egress router, described UNICOM's network is connected with UNICOM egress router, described telecommunications egress router, Netcom's egress router, UNICOM's egress router respectively with the first core switch, second core switch connects, the first described core switch, second core switch respectively with first interface router, second interface router connects.Described vpn server is connected with external communication network by hardware firewall.Described vpn server is connected with external communication network by network address translater NAT.User can pass through PC notebook, panel computer at any time, and the terminal dialings such as smart mobile phone, on vpn server, after NAT conversion, convert new ip to and access DMT tri-net, international fine work net and CN2.
Detailed process of the present invention is as follows:
1, the empty machine of VM is set up in high in the clouds, based on linux system, adopts the PPTPD software and DKMS encrypted packets software of increasing income, PPP dialer software;
2, configuration/etc/pptpd.conf, partial code is as follows
[rootpptp hym]#cat/etc/pptpd.conf|grep-v^#
ppp/usr/sbin/pppd
#
option/etc/ppp/options.pptpd
debug
#
logwtmp
The ip that localip 112.74.128.59//Terminal Server Client is dialled in
The ip address of remoteip 192.168.98.10-200//distribute to vpn client;
3, configuration/etc/ppp/options.pptpd, partial code is as follows
[rootpptp hym]#cat/etc/ppp/options.pptpd|grep-v^#
name pptpd
#
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
#
ms-dns 202.96.209.5
ms-dns 202.136.220.2
Proxyarp//enable arp agency
debug
#
Logfile/var/log/pptpd.log//pptpd log daily record outputs in catalogue
4, configure vpn and dial in account, for remote mobile terminal, user dials in
5, configure iptables fire compartment wall and nat table, transmit, code is as follows
[rootpptp hym]#cat/etc/sysconfig/iptables
#Completed on Fri Feb 27 14:12:39 2015
#Generated by iptables-save v1.4.7 on Fri Feb 27 14:12:392015
*filter
:INPUT ACCEPT[560:43482]
:FORWARD ACCEPT[4806:1654971]
:OUTPUT ACCEPT[517:74661]
-A INPUT-p tcp-m tcp--dport 1723-j ACCEPT
-A INPUT-p tcp-m tcp--dport 47-j ACCEPT
-A INPUT-p tcp-m tcp--dport 51-j ACCEPT
-A INPUT-p tcp-m tcp--dport 50-j ACCEPT
-A INPUT-p gre-j ACCEPT
-A OUTPUT-p gre-j ACCEPT
-A OUTPUT-p tcp-m tcp--dport 50-j ACCEPT
-A OUTPUT-p tcp-m tcp--dport 51-j ACCEPT
-A OUTPUT-p tcp-m tcp--dport 47-j ACCEPT
-A OUTPUT-p tcp-m tcp--dport 1723-j ACCEPT
COMMIT
#Completed on Fri Feb 27 14:12:39 2015
#Generated by iptables-save v1.4.7 on Fri Feb 27 14:12:39 2015
*nat
:PREROUTING ACCEPT[396:23833]
:POSTROUTING ACCEPT[15:811]
:OUTPUT ACCEPT[3:237]
-A POSTROUTING-s 192.168.98.0/24-j SNAT--to-source 58.32.204.47
COMMIT
#Completed on Fri Feb 27 14:12:39 2015
6, mobile terminal adopts windows system, and iOS system, andriod system can be dialled in, and adopts PPTP dialing can be connected to high in the clouds vpn server, thus enjoys high speed Internet passage.
Claims (8)
1. the mobile Internet terminal access device based on cloud virtual machine, it is characterized in that, comprise mobile terminal, Virtual Private Dialup Network, vpn server and external communication network, described mobile terminal is connected with vpn server by Virtual Private Dialup Network, and described vpn server is connected with external communication network.
2. a kind of mobile Internet terminal access device based on cloud virtual machine according to claim 1, it is characterized in that, described mobile terminal comprises notebook, panel computer or smart mobile phone.
3. a kind of mobile Internet terminal access device based on cloud virtual machine according to claim 1, is characterized in that, described mobile terminal adopts the terminal of windows system, iOS system or andriod system.
4. a kind of mobile Internet terminal access device based on cloud virtual machine according to claim 1, it is characterized in that, described vpn server is PPTP vpn server.
5. a kind of mobile Internet terminal access device based on cloud virtual machine according to claim 1, is characterized in that, described external communication network comprises DMT tri-net, international fine work net or CN2 network.
6. a kind of mobile Internet terminal access device based on cloud virtual machine according to claim 5, it is characterized in that, described DMT tri-net comprises communication network, Netcom's network, UNICOM's network, telecommunications egress router, Netcom's egress router, UNICOM's egress router, first core switch, second core switch, first interface router, second interface router, described communication network is connected with telecommunications egress router, described Netcom's network is connected with Netcom egress router, described UNICOM's network is connected with UNICOM egress router, described telecommunications egress router, Netcom's egress router, UNICOM's egress router respectively with the first core switch, second core switch connects, the first described core switch, second core switch respectively with first interface router, second interface router connects.
7. a kind of mobile Internet terminal access device based on cloud virtual machine according to claim 1, it is characterized in that, described vpn server is connected with external communication network by hardware firewall.
8. a kind of mobile Internet terminal access device based on cloud virtual machine according to claim 1, is characterized in that, described vpn server is connected with external communication network by network address translater NAT.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510415415.XA CN104935490A (en) | 2015-07-15 | 2015-07-15 | Mobile internet terminal accessing apparatus based on cloud virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510415415.XA CN104935490A (en) | 2015-07-15 | 2015-07-15 | Mobile internet terminal accessing apparatus based on cloud virtual machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104935490A true CN104935490A (en) | 2015-09-23 |
Family
ID=54122465
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510415415.XA Pending CN104935490A (en) | 2015-07-15 | 2015-07-15 | Mobile internet terminal accessing apparatus based on cloud virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104935490A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106375128A (en) * | 2016-09-14 | 2017-02-01 | 网宿科技股份有限公司 | Acceleration access method, device and equipment based on PPTP VPN (point to point tunneling protocol virtual private network) |
| CN106533880A (en) * | 2016-11-02 | 2017-03-22 | 天脉聚源(北京)传媒科技有限公司 | Method and apparatus for erecting VPN service on cloud server |
| CN107968726A (en) * | 2017-11-29 | 2018-04-27 | 重庆小目科技有限责任公司 | A kind of device network management method for electric system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101699790A (en) * | 2008-04-23 | 2010-04-28 | 北京恒泰实达科技发展有限公司 | Broadband network access device and using method thereof |
| CN102118397A (en) * | 2011-03-21 | 2011-07-06 | 北京洋浦伟业科技发展有限公司 | Teleconference communication method and system based on mobile phones |
| CN102201078A (en) * | 2010-03-24 | 2011-09-28 | 梁剑豪 | Labor wage information monitoring and informing interactive method and system of full-coverage network in low-carbon mode |
| WO2012100531A1 (en) * | 2011-01-26 | 2012-08-02 | 华为技术有限公司 | Method, apparatus and system for forwarding packet |
-
2015
- 2015-07-15 CN CN201510415415.XA patent/CN104935490A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101699790A (en) * | 2008-04-23 | 2010-04-28 | 北京恒泰实达科技发展有限公司 | Broadband network access device and using method thereof |
| CN102201078A (en) * | 2010-03-24 | 2011-09-28 | 梁剑豪 | Labor wage information monitoring and informing interactive method and system of full-coverage network in low-carbon mode |
| WO2012100531A1 (en) * | 2011-01-26 | 2012-08-02 | 华为技术有限公司 | Method, apparatus and system for forwarding packet |
| CN102118397A (en) * | 2011-03-21 | 2011-07-06 | 北京洋浦伟业科技发展有限公司 | Teleconference communication method and system based on mobile phones |
Non-Patent Citations (2)
| Title |
|---|
| KEVINOJT: "如何在AWS(基于Amazon Linux)上搭建PPTP VPN", 《CSDN博客》 * |
| XCROW: "通过Amazon EC2建立自己的PPTP VPN服务器", 《CSDN博客》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106375128A (en) * | 2016-09-14 | 2017-02-01 | 网宿科技股份有限公司 | Acceleration access method, device and equipment based on PPTP VPN (point to point tunneling protocol virtual private network) |
| WO2018049725A1 (en) * | 2016-09-14 | 2018-03-22 | 网宿科技股份有限公司 | Pptp vpn-based accelerated access method, apparatus and device |
| CN106375128B (en) * | 2016-09-14 | 2019-07-02 | 网宿科技股份有限公司 | Acceleration access method, device and equipment based on PPTP VPN |
| US10680851B2 (en) | 2016-09-14 | 2020-06-09 | Wangsu Science & Technology Co., Ltd. | Method, apparatus, and device for PPTP VPN based access acceleration |
| CN106533880A (en) * | 2016-11-02 | 2017-03-22 | 天脉聚源(北京)传媒科技有限公司 | Method and apparatus for erecting VPN service on cloud server |
| CN107968726A (en) * | 2017-11-29 | 2018-04-27 | 重庆小目科技有限责任公司 | A kind of device network management method for electric system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104580192B (en) | The treating method and apparatus of the network access request of application program | |
| US9225685B2 (en) | Forcing all mobile network traffic over a secure tunnel connection | |
| US10454880B2 (en) | IP packet processing method and apparatus, and network system | |
| US20140150083A1 (en) | Virtual private network socket | |
| CN105025044A (en) | Device control method and device control system | |
| CN204350029U (en) | Data interaction system | |
| US11962495B2 (en) | Data transmission method and system | |
| CN104935490A (en) | Mobile internet terminal accessing apparatus based on cloud virtual machine | |
| CN113329454B (en) | Method, network element, system and equipment for releasing route | |
| CN102202334B (en) | Method and system for testing 3G (3rd Generation) wireless router with encryption card | |
| CN109587028B (en) | Method and device for controlling flow of client | |
| CN202957840U (en) | Cross-network acceleration system | |
| CN116647425B (en) | IPSec-VPN implementation method and device of OVN architecture, electronic equipment and storage medium | |
| CN103001966A (en) | Processing and identifying method and device for private network IP | |
| CN204887029U (en) | Novel configuration system of router is connected to WIFI chip | |
| CN110351394B (en) | Network data processing method and device, computer device and readable storage medium | |
| CN109660459B (en) | Physical gateway and method for multiplexing IP address | |
| CN204928868U (en) | Mobile internet terminal access device based on high in clouds virtual machine | |
| CN112839355B (en) | IPSEC testing system and method in network of 5G network | |
| Cisco | Bisync-to-IP Conversion for Automated Teller Machines | |
| Esaki et al. | Overlaying and slicing for IoT era based on internet's end-to-end discipline | |
| CN204928867U (en) | Virtual leased line controlling means between city based on encapsulation of GRE route | |
| CN205945811U (en) | Internet terminal access device based on cloud platform virtual machine | |
| CN211478932U (en) | 4G VPN industrial control network platform | |
| CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150923 |