CN109067933B - Tunnel-based IPv4 and IPv6 network communication system and method - Google Patents
Tunnel-based IPv4 and IPv6 network communication system and method Download PDFInfo
- Publication number
- CN109067933B CN109067933B CN201810825604.8A CN201810825604A CN109067933B CN 109067933 B CN109067933 B CN 109067933B CN 201810825604 A CN201810825604 A CN 201810825604A CN 109067933 B CN109067933 B CN 109067933B
- Authority
- CN
- China
- Prior art keywords
- ipv4
- bit
- user
- tunnel
- openvpn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/251—Translation of Internet protocol [IP] addresses between different IP versions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/668—Internet protocol [IP] address subnets
Abstract
At least one Ipv4 user sends a request for establishing a tunnel, wherein the request comprises an account and a password of the Ipv4 user; one or more OpenVPN servers receive a request of an Ipv4 user with which to communicate; the MySQL database stores preset account numbers and passwords; the Radius server receives the request forwarded by the OpenVPN server, compares the account and the password in the request with the preset account and password, and returns the comparison result to the OpenVPN server, if the comparison result is the same, the tunnel is successfully established, and the OpenVPN server allocates an Ipv6 address to the Ipv4 user; if the comparison result is different, the tunnel establishment fails, and the OpenVPN server returns the information of the tunnel establishment failure to the Ipv4 user.
Description
Technical Field
The invention relates to the field of IPv4/IPv6 transition and IPv6 network real identity verification management, in particular to a tunnel-based IPv4 and IPv6 network communication system and method.
Background
With the rapid increase of Internet application in recent years, IPv4 has revealed many disadvantages, such as lack of IP addresses, non-embedded security, and complex network management, and the original IPv4 has failed to meet the requirement of rapid development of the existing network. In order to solve the problems, a new generation of network protocol IPv6 is designed in ietf (internet engineering task force), and when the IPv6 is designed, not only the address space of IPv4 is expanded, but also all aspects of the original IPv4 protocol are reconsidered, and a great deal of improvement is made. In addition to the enormous number of addresses proposed, much work is being done in IPv6 in order to achieve higher security, better manageability, and better support for QoS and multicast technologies than in IPv 4.
At the transition period from the IPv4 network to the IPv6 network, the intercommunication between isolated IPv6 sites is an urgent problem in the early stage of the transition. Currently, there are mainly 3 basic technologies for solving the transition problem: dual protocol stacks, tunneling, protocol conversion.
1. Dual stack protocol
The dual protocol stack is that two sets of protocol stacks are operated simultaneously, the node simultaneously supports communication with the IPv4 node and the IPv6 node, the IPv4 protocol stack is required to be adopted when the node communicates with the IPv4 node, and the IPv6 protocol stack is required to be adopted when the node communicates with the IPv6 node. And when the dual-stack node accesses the service, the dual-stack node supports selecting a communication protocol stack through a DNS analysis result. I.e., when the domain name resolution result returns an IPv4 or IPv6 address, the node may communicate with it using the corresponding protocol stack.
The dual-protocol stack is the simplest and most effective transition mode, is easy to understand, does not damage the original network structure, but can fully play the role only after all node equipment on data packet paths of two communication sides support the dual-stack technology, so the investment of the transition mode is large.
2. Tunnel technique
Tunneling is to encapsulate a protocol message into another protocol message, so that one protocol can transparently penetrate another protocol to achieve the purpose of communication. The tunnel technology in the IPv6 transition technology is mainly to encapsulate IPv6 data packets in IPv4 packets, which requires that nodes at both ends of the tunnel must support dual protocol stacks, so that the IPv6 network can communicate through the IPv4 network, and the IPv6 island can communicate through the IPv4 network.
The tunnel technology requires that nodes at two ends of the tunnel support IPv4/IPv6, and no requirements are made on networks and equipment between tunnels, so that the implementation of the tunnel technology to realize IPv6 island interconnection can save a lot of investment compared with the dual-protocol stack technology, and for IPv6 which is not deployed in a large scale, the tunnel technology is an ideal solution at the early stage of network transition.
3. NAT-PT address/protocol conversion technology
The NAT-PT address/protocol translation technology is a typical implementation mechanism for translating IPv6 and IPv4 into each other. When the IPv6 node and the IPv4 node communicate with each other, the NAT-PT gateway realizes translation and mapping of two protocols, the NAT-PT maintains an IPv4 address pool, maintains address mapping relation, completes conversion of IPv6 and IPv4 protocols, and can realize mutual access of IPv6 and IPv4 nodes through NAT-PT technology to achieve the purpose of resource sharing, so that most application layer protocols can realize intercommunication without modification.
But for applications that require IP layer information to be transported in the control plane of the application layer protocol, interworking through the basic NAT-PT device is not possible. The translation of these application layer protocols must be implemented in conjunction with a corresponding Application Layer Gateway (ALG).
The technical advantage is that the direct intercommunication between IPv6 and IPv4 networks can be realized, and the existing IPv4 user can realize the communication with the IPv6 user without any upgrade. The disadvantages are that the two nodes are converted through the gateway, the IPv4 address resource is in short supply, and one-to-one mapping with the IPv6 address can not be carried out, so that the end-to-end characteristic of the network is damaged.
However, no technology for realizing IPv4/IPv6 transition and IPv6 network true identity authentication management based on the above three technologies exists at present.
Disclosure of Invention
Technical problem to be solved
The present invention is directed to a network communication system and method based on tunnel IPv4 and IPv6, so as to solve at least one of the above technical problems.
(II) technical scheme
In one aspect of the embodiments of the present invention, a network communication system based on tunnel IPv4 and IPv6 is provided, including:
each Ipv4 user is used for sending a request for applying for establishing a tunnel, wherein the request comprises an account and a password of the Ipv4 user;
one or more OpenVPN servers, each OpenVPN server configured to receive a request from an Ipv4 user in communication therewith;
the MySQL database is used for storing preset account numbers and passwords;
the Radius server is used for receiving the request forwarded by the OpenVPN server, comparing the account and the password in the request with the preset account and password, and returning the comparison result to the OpenVPN server, wherein if the comparison result is the same, the establishment of the tunnel is successful, and the OpenVPN server allocates an IPv6 address to the IPv4 user; if the comparison result is different, the tunnel establishment fails, and the OpenVPN server returns the information of the tunnel establishment failure to the Ipv4 user.
In some embodiments of the invention, the network communication system further comprises an Ipv6 network for establishing a tunnel with the Ipv4 user through an Ipv6 address assigned by an OpenVPN server, thereby enabling access thereto by Ipv4 users.
In some embodiments of the present invention, the MySQL database is further configured to store bandwidth limits of Ipv4 users, and the OpenVPN server is further configured to set its own bandwidth limit according to the bandwidth limits stored in the MySQL database; and/or
The MySQL database is also used for adding or deleting preset account numbers and passwords.
In some embodiments of the invention, the OpenVPN server is further configured to determine a last 20-bit random binary of a first 64-bits of the Ipv6 address and a last 64-bits of the Ipv6 address; and generating a first 40-bit binary system of the last 64 bits of the IPv6 address according to the account and the timestamp information, wherein the first 40-bit binary system of the last 64 bits of the IPv6 address refers to a Network Identity (NID), and the NID comprises a 4-bit binary interface bit, an organization bit and a user bit.
In some embodiments of the present invention, the number of Ipv4 users is u, and 2(n-1)≤u<2nWherein n is more than or equal to 1, when n is an odd number, the length of the user bit is n +1, the numerical value of the boundary bit is (33-n)/2, and the length of the organization bit is 35-n; when n is an even number, the user bit length is n, the value of the boundary bit is (34-n)/2, and the organization bit length is 36-n bits.
In another aspect of the embodiments of the present invention, a network communication method between IPv4 and IPv6 based on a tunnel is further provided, where the method includes:
at least one Ipv4 user is used for sending a request for establishing a tunnel, wherein the request comprises an account number and a password of the Ipv4 user;
one or more OpenVPN servers receive a request of an Ipv4 user with which to communicate;
the Radius server receives the request forwarded by the OpenVPN server, compares the account and the password in the request with the account and the password preset in the MySQL database, returns the comparison result to the OpenVPN server, and if the comparison result is the same, the tunnel is successfully established, and the OpenVPN server allocates an IPv6 address to the IPv4 user; if the comparison result is different, the tunnel establishment fails, and the OpenVPN server returns the information of the tunnel establishment failure to the Ipv4 user.
In some embodiments of the present invention, the Ipv4 user establishes a tunnel with the Ipv6 network through an Ipv6 address assigned by the OpenVPN server, thereby enabling the Ipv4 user to access the Ipv6 network.
In some embodiments of the present invention, the MySQL database further stores bandwidth limits of Ipv4 users, and the OpenVPN server further sets its own bandwidth limit according to the bandwidth limits stored in the MySQL database; and/or
And the MySQL database also adds or deletes preset account numbers and passwords.
In some embodiments of the invention, the OpenVPN server is further configured to determine a last 20-bit random binary of a first 64-bits of the Ipv6 address and a last 64-bits of the Ipv6 address; and generating a first 40-bit binary system of the last 64 bits of the Ipv6 address according to the account and the timestamp information, wherein preferably, the first 40-bit binary system of the last 64 bits of the Ipv6 address refers to a network identity NID, and the NID comprises a 4-bit binary interface bit, an organization bit and a user bit.
In some embodiments of the present invention, the number of Ipv4 users is u, and 2(n-1)≤u<2nWherein n is more than or equal to 1, when n is an odd number, the length of the user bit is n +1, the numerical value of the boundary bit is (33-n)/2, and the length of the organization bit is 35-n; when n is an even number, the user bit length is n, the value of the boundary bit is (34-n)/2, and the organization bit length is 36-n bits.
(III) advantageous effects
Compared with the prior art, the network communication system and method based on the IPv4 and IPv6 of the tunnel at least have the following advantages:
1. through comparison of the request of the Ipv4 user and the account and the password stored in the MySQL database, when the conditions are met, an IPv6over IPv4 tunnel is realized, so that an IPv4 terminal user without an Ipv6 port can access an IPv6 network after obtaining an IPv6 address distributed by an OpenVPN server, and transition from IPv4 to IPv6 is realized.
2. Due to the fact that OpenVPN is flexible in configuration, supports HTTP proxy, supports NAT and supports various operating systems, the adoption of OpenVPN to realize the IPv6over IPv4 tunnel technology can adapt to the IPv6 access problem under various network environments more flexibly, meanwhile, guarantee of QoS service quality of multiple operators is supported, and the multi-line scheduling capability is achieved.
3. The IPv6 address is embedded with the account number and the timestamp information of the user, so that the real identity can be marked and verified, the address can be traced, and the address forgery can be prevented.
Drawings
Fig. 1 is a schematic structural diagram of a network communication system based on tunnel IPv4 and IPv6 according to an embodiment of the present invention;
FIG. 2 is a block diagram illustrating a NID address according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a process of embedding an account into an NID according to an embodiment of the present invention;
fig. 4 is a schematic step diagram of a network communication method of IPv4 and IPv6 based on a tunnel according to an embodiment of the present invention.
Detailed Description
At present, no technology for realizing IPv4/IPv6 transition and IPv6 network real identity verification management based on the three technologies exists, in view of the above, the invention provides a network communication system based on IPv4 and IPv6 of a tunnel, a Radius server compares whether an account and a password of an IPv4 user applying for establishing the tunnel exist in MySQL database storage, if yes, an OpenVPN server distributes an IPv6 address to the IPv4 user, namely the tunnel establishment is completed; if not, the OpenVPN server returns an error message to the Ipv4 user, i.e. the tunnel establishment fails. Therefore, the invention can support the QoS service quality guarantee of multiple operators, has the multi-line scheduling capability and provides a window for accessing the IPv6 network for IPv4 users without IPv6 outlets. After obtaining the IPv6 address, the IPv4 user can access the IPv6 network, thereby realizing the transition from IPv4 to IPv 6.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
In one aspect of the present invention, a network communication system based on tunnel IPv4 and IPv6 is provided, fig. 1 is a schematic structural diagram of a network communication system based on tunnel IPv4 and IPv6 according to an embodiment of the present invention, and as shown in fig. 1, the system includes: at least one Ipv4 user, one or more OpenVPN servers, MySQL database and Radius server.
In N (N is more than or equal to 1) Ipv4 users (OpenVPN client end, namely OpenVPN user end), each Ipv4 user is used for sending a request for establishing a tunnel, and the request comprises an account and a password of the Ipv4 user.
Among M (M ≧ 1) Ipv4 users, each OpenVPN server (OpenVPN server) is used to receive a request from an Ipv4 user with whom to communicate. The OpenVPN interpreter is an open virtual private channel, which is a tunnel that provides secure data transfer between enterprises or between individuals and companies. In the invention, tunnel service is established between the OpenVPN server and the OpenVPN client, so that IPv6 data packets can be transmitted through an IPv4 network. Three OpenVPN server servers are deployed in the invention: three servers realize load balance and avoid single point of failure.
And the MySQL database is used for storing preset account numbers and passwords. MySQL is a relational database management system, one of the most popular. In terms of WEB applications, MySQL is the best RDBMS (Relational Database Management System) application software.
The Radius server is used for receiving the request forwarded by the OpenVPN server, comparing the account and the password in the request with the preset account and password, and returning the comparison result to the OpenVPN server, wherein if the comparison result is the same, the establishment of the tunnel is successful, and the OpenVPN server allocates an IPv6 address to the IPv4 user; if the comparison result is different, the tunnel establishment fails, and the OpenVPN server returns an error message to the Ipv4 user.
A Radius Authentication server (Remote Authentication digital In User Service) is currently the most widely used AAA protocol (AAA, Authentication, Authorization, Accounting, i.e., Authentication, Authorization, and Accounting). The FreeRADIUS comprises a RADIUS server and a RADIUS-client module, and can authenticate, authorize and charge network equipment supporting the RADIUS protocol.
The Radius plug is a Radius-client module provided by the official, and the module is installed on an OpenVPN server and can send a charging message to a FreeRADIUS server, so that the charging function is realized.
The following is the deployment flow of the system of the present invention:
the first stage is as follows: installing OpenVPN and generating certificates
And installing an OpenVPN program and a required dependency package, generating keys and various certificates, and starting the IPv4 and IPv6 forwarding functions of the system.
And a second stage: installing Radius, MySQL, configuring MySQL verification
And installing Radius and MySQL programs and configuring MySQL verification for the Radius.
Edit Radius configuration file to use MySQL authentication, remove # number before index sql
vim/etc/raddb/sql.conf
| server=″localhost″ |
| port=3306 |
| login=″radius″ |
| password=″hehe123″ |
| radius_db=″radius″ |
| readclients=yes |
Starting Radius server, service Radius start
Testing Radius Server execution, radtest angel 123456 localhost 1812 testing123
If the above information is seen, it means that the Radius server can be verified with MySQL.
And a third stage: installing Radius plug-in
Radius plugin is a plug-in to Radius, which allows OpenVPN to use Radius server for authentication.
vim/etc/openvpn/radiusplugin.cnf
A fourth stage: configuring OpenVPN
Configuring OpenVPN server
Starting OpenVPN server end service, service OpenVPN start
Configuration OpenVPN client terminal
| client |
| dev tun |
| tun-ipv6 |
| proto udp |
| remote-random |
| remote vpn1.n.edu.cn 55168 |
| remote vpn2.n.edu.cn 55168 |
| remote vpn3.n.edu.cn 55168 |
| resolv-retry infinite |
| nobind |
| persist-key |
| persist-tun |
| ca ca.crt |
| tls- |
| auth-user-pass |
| remote-cert-tls server |
| comp-lzo |
| verb 3 |
In some embodiments of the present invention, the network communication system may further include an Ipv6 network (e.g., Youtube, Google, or other website) for establishing an Ipv6over Ipv4 tunnel with the Ipv4 user through an Ipv6 address allocated by the OpenVPN server, thereby enabling the Ipv4 user to access the Ipv6 tunnel.
According to some embodiments of the present invention, since the OpenVPN server cannot directly obtain the bandwidth limitation of the Ipv4 user from the Ipv4 user, the MySQL database may further be configured to store the bandwidth limitation of each Ipv4 user, and the OpenVPN server is further configured to set its own bandwidth limitation according to the bandwidth limitation stored by the MySQL database.
Because the MySQL database stores preset accounts and passwords, the accounts and passwords stored in the MySQL database can be increased or deleted along with the change of the requirements of the user, so that the user of the Ipv4 required by the user can access the Ipv6 network.
The composition of the generated Ipv6 address will be described in detail below. The Ipv6 address of the embodiment of the present invention embeds the account and the timestamp information (related to the time of sending the request) of the user, and can perform real identity marking and verification.
The OpenVPN server is further configured to determine the first 64 bits of the Ipv6 address (e.g., 2001: da 8: 243: ff0 b::/64) and the last 20 bits of the last 64 bits of the Ipv6 address; and generating a first 40-bit binary system of the last 64 bits of the IPv6 address according to the account and the timestamp information, wherein the first 40-bit binary system of the last 64 bits of the IPv6 address refers to a Network Identity (NID), and the NID comprises a 4-bit binary interface bit, an organization bit and a user bit. Referring to FIGS. 2 and 3, the NID is divided into 4 segments, each segment being 10-bit binary, and each segment beginning with a boundary bit, which may have a value of 0 to 15.
The number of Ipv4 users is u, and 2(n-1)≤u<2nWherein n is more than or equal to 1, when n is an odd number, the length of the user bit is n +1, the numerical value of the boundary bit is (33-n)/2, and the length of the organization bit is 35-n; when n is an even number, the user bit length is n, the value of the boundary bit is (34-n)/2, and the organization bit length is 36-n bits.
Generally, different organization bits represent different organizations, such as a school, a unit, and different user bits represent a user under each organization.
In another aspect of the embodiment of the present invention, a network communication method based on tunnel IPv4 and IPv6 is further provided, and fig. 4 is a schematic step diagram of the network communication method based on tunnel IPv4 and IPv6 in the embodiment of the present invention, where the method includes the following steps:
s1, at least one Ipv4 user is used for sending a request for establishing a tunnel, and the request comprises an account number and a password of the Ipv4 user;
s2, the one or more OpenVPN servers receiving a request of an Ipv4 user in communication therewith;
s3, the Radius server receives the request forwarded by the OpenVPN server, compares the account and the password in the request with the account and the password preset by the MySQL database, and returns the comparison result to the OpenVPN server, if the comparison result is the same, the tunnel is successfully established, and the OpenVPN server allocates an Ipv6 address to the Ipv4 user; if the comparison result is different, the tunnel establishment fails, and the OpenVPN server returns the information of the tunnel establishment failure to the Ipv4 user.
In some embodiments of the present invention, the Ipv4 user may establish a tunnel with the Ipv6 network through an Ipv6 address assigned by the OpenVPN server, thereby enabling the Ipv4 user to access the Ipv6 network.
In addition, the MySQL database may further store bandwidth limits of Ipv4 users, and the OpenVPN server may further set its own bandwidth limit according to the bandwidth limits stored in the MySQL database.
The MySQL database also adds or deletes preset account numbers and passwords, so that an Ipv4 user required by the user can access the Ipv6 network.
The OpenVPN server is further to determine a last 20-bit random binary of a first 64-bits of the Ipv6 address and a last 64-bits of the Ipv6 address; and generating a first 40-bit binary system of the last 64 bits of the Ipv6 address according to the account and the timestamp information, wherein preferably, the first 40-bit binary system of the last 64 bits of the Ipv6 address refers to a network identity NID, and the NID comprises a 4-bit binary interface bit, an organization bit and a user bit.
As shown in FIGS. 2 and 3, the NID is divided into 4 segments, each segment being a 10-bit binary and each segment beginning with a boundary bit, which may have a value of 0 to 15.
The number of Ipv4 users is u, and 2(n-1)≤u<2nWherein n is more than or equal to 1, when n is an odd number, the length of the user bit is n +1, the numerical value of the boundary bit is (33-n)/2, and the length of the organization bit is 35-n; when n is an even number, the user bit length is n, the value of the boundary bit is (34-n)/2, and the organization bit length is 36-n bits.
Different organization bits represent different organizations, such as a certain school, a certain unit, and different user bits represent a certain user under each organization.
In summary, by comparing the request of the Ipv4 user with the account and the password stored in the MySQL database, when the conditions are met, the Ipv6over Ipv4 tunnel is realized, so that an Ipv4 terminal user without an Ipv6 port can access the Ipv6 network after obtaining the Ipv6 address allocated by the OpenVPN server, and transition from Ipv4 to Ipv6 is realized. The OpenVPN is flexible in configuration, supports HTTP proxy, NAT and various operating systems, and can be more flexibly adapted to the IPv6 access problem under various network environments.
Unless otherwise indicated, the numerical parameters set forth in the specification and attached claims are approximations that can vary depending upon the desired properties sought to be obtained by the present invention. In particular, all numbers expressing quantities of ingredients, reaction conditions, and so forth used in the specification and claims are to be understood as being modified in all instances by the term "about". Generally, the expression is meant to encompass variations of ± 10% in some embodiments, 5% in some embodiments, 1% in some embodiments, 0.5% in some embodiments by the specified amount.
Furthermore, "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A network communication system of IPv4 and IPv6 based on a tunnel, comprising:
each Ipv4 user is used for sending a request for applying for establishing a tunnel, wherein the request comprises an account and a password of the Ipv4 user;
one or more OpenVPN servers, each OpenVPN server configured to receive a request from an Ipv4 user in communication therewith;
the MySQL database is used for storing preset account numbers and passwords;
the Radius server is used for receiving the request forwarded by the OpenVPN server, comparing the account and the password in the request with the preset account and password, and returning the comparison result to the OpenVPN server, wherein if the comparison result is the same, the establishment of the tunnel is successful, and the OpenVPN server allocates an IPv6 address to the IPv4 user; if the comparison result is different, the tunnel establishment fails, and the OpenVPN server returns the information of the tunnel establishment failure to the Ipv4 user;
wherein the OpenVPN server is further to determine a last 20-bit random binary of a first 64-bits of the Ipv6 address and a last 64-bits of the Ipv6 address; and generating a first 40-bit binary system of the last 64 bits of the IPv6 address according to the account and the timestamp information, wherein the first 40-bit binary system of the last 64 bits of the IPv6 address refers to a Network Identity (NID), and the NID comprises a 4-bit binary interface bit, an organization bit and a user bit.
2. The system of claim 1, wherein the network communication system further comprises an Ipv6 network for tunneling with the Ipv4 user through an Ipv6 address assigned by an OpenVPN server to enable access thereto by an Ipv4 user.
3. The system of claim 1, wherein the MySQL database is further configured to store bandwidth limits for each Ipv4 user, and the OpenVPN server is further configured to set its own bandwidth limit according to the bandwidth limits stored by the MySQL database; and/or
The MySQL database is also used for adding or deleting preset account numbers and passwords.
4. The system of claim 1, wherein the number of Ipv4 users is u, and 2 (n-1)≤u<2nWherein n is more than or equal to 1, when n is an odd number, the length of the user bit is n +1, the numerical value of the boundary bit is (33-n)/2, and the length of the organization bit is 35-n; when n is an even number, the user bit length is n, the value of the boundary bit is (34-n)/2, and the organization bit length is 36-n bits.
5. A network communication method based on IPv4 and IPv6 of a tunnel comprises the following steps:
at least one Ipv4 user is used for sending a request for establishing a tunnel, wherein the request comprises an account number and a password of the Ipv4 user;
one or more OpenVPN servers receive a request of an Ipv4 user with which to communicate;
the Radius server receives the request forwarded by the OpenVPN server, compares the account and the password in the request with the account and the password preset in the MySQL database, returns the comparison result to the OpenVPN server, and if the comparison result is the same, the tunnel is successfully established, and the OpenVPN server allocates an IPv6 address to the IPv4 user; if the comparison result is different, the tunnel establishment fails, and the OpenVPN server returns the information of the tunnel establishment failure to the Ipv4 user;
wherein the OpenVPN server is further to determine a last 20-bit random binary of a first 64-bits of the Ipv6 address and a last 64-bits of the Ipv6 address; and generating a first 40-bit binary system of the last 64 bits of the Ipv6 address according to the account and the timestamp information, wherein the first 40-bit binary system of the last 64 bits of the Ipv6 address refers to a Network Identity (NID), and the NID comprises a 4-bit binary interface bit, an organization bit and a user bit.
6. The method of claim 5, wherein:
the Ipv4 user establishes a tunnel with the Ipv6 network through the Ipv6 address distributed by the OpenVPN server, so that the Ipv4 user can access the Ipv6 network.
7. The method of claim 5, wherein: the MySQL database also stores the bandwidth limit of each Ipv4 user, and the OpenVPN server also sets the bandwidth limit of the OpenVPN server according to the bandwidth limit stored in the MySQL database; and/or
And the MySQL database also adds or deletes preset account numbers and passwords.
8. The method of claim 5, wherein the number of Ipv4 users is u, and 2 (n-1)≤u<2nWherein n is more than or equal to 1, when n is an odd number, the length of the user bit is n +1, the numerical value of the boundary bit is (33-n)/2, and the length of the organization bit is 35-n; when n is an even number, the user bit length is n, the value of the boundary bit is (34-n)/2, and the organization bit length is 36-n bits.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810825604.8A CN109067933B (en) | 2018-07-25 | 2018-07-25 | Tunnel-based IPv4 and IPv6 network communication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810825604.8A CN109067933B (en) | 2018-07-25 | 2018-07-25 | Tunnel-based IPv4 and IPv6 network communication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067933A CN109067933A (en) | 2018-12-21 |
| CN109067933B true CN109067933B (en) | 2021-12-24 |
Family
ID=64835461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810825604.8A Active CN109067933B (en) | 2018-07-25 | 2018-07-25 | Tunnel-based IPv4 and IPv6 network communication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067933B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043411A (en) * | 2006-03-24 | 2007-09-26 | 华为技术有限公司 | Method and system for realizing mobile VPN service in hybrid network |
| CN103001930A (en) * | 2011-09-08 | 2013-03-27 | 北京智慧风云科技有限公司 | Remote data communication system |
| CN107005565A (en) * | 2014-12-11 | 2017-08-01 | 比特梵德知识产权管理有限公司 | System and method for automatics detection, device management and remote assistance |
| CN107210956A (en) * | 2015-02-05 | 2017-09-26 | 科里普特佐内北美股份有限公司 | Multiple tunnel Objunctive network adaptor |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100379219C (en) * | 2003-07-23 | 2008-04-02 | 中国科学院计算技术研究所 | Method for realizing IP network terminal communication by NAT-PT and customer/servo mode |
| US20050265308A1 (en) * | 2004-05-07 | 2005-12-01 | Abdulkadev Barbir | Selection techniques for logical grouping of VPN tunnels |
-
2018
- 2018-07-25 CN CN201810825604.8A patent/CN109067933B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043411A (en) * | 2006-03-24 | 2007-09-26 | 华为技术有限公司 | Method and system for realizing mobile VPN service in hybrid network |
| CN103001930A (en) * | 2011-09-08 | 2013-03-27 | 北京智慧风云科技有限公司 | Remote data communication system |
| CN107005565A (en) * | 2014-12-11 | 2017-08-01 | 比特梵德知识产权管理有限公司 | System and method for automatics detection, device management and remote assistance |
| CN107210956A (en) * | 2015-02-05 | 2017-09-26 | 科里普特佐内北美股份有限公司 | Multiple tunnel Objunctive network adaptor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067933A (en) | 2018-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10305856B2 (en) | System and method for logging communications | |
| CN101141420B (en) | Method and system for performing data communication between private network and public network | |
| CN110191031B (en) | Network resource access method and device and electronic equipment | |
| US6801528B2 (en) | System and method for dynamic simultaneous connection to multiple service providers | |
| RU2533063C2 (en) | Method to establish connection (versions), method to transfer data packet and system of remote access | |
| CN101964799B (en) | Solution method of address conflict in point-to-network tunnel mode | |
| US11546444B2 (en) | Traffic forwarding and disambiguation by using local proxies and addresses | |
| CN111147526B (en) | Security authentication method for realizing multi-cloud control across public network | |
| US20130067550A1 (en) | Private cloud server and client architecture without utilizing a routing server | |
| CN101350759B (en) | Method for processing packet, service plate, interface plate and network communication equipment | |
| CN101136929B (en) | Internet small computer system interface data transmission method and apparatus | |
| CN101515896B (en) | Safe socket character layer protocol message forwarding method, device, system and exchange | |
| CN113595847B (en) | Remote access method, system, device and medium | |
| CN109067933B (en) | Tunnel-based IPv4 and IPv6 network communication system and method | |
| CA2884382A1 (en) | Method and system for tcp turn operation behind a restrictive firewall | |
| GB2496380A (en) | Private cloud server and client architecture using e-mail/SMS to establish communication | |
| CN111107126B (en) | Method and apparatus for encrypted volume replication | |
| CN108243261A (en) | A kind of connection control method and access device of double stack terminals | |
| CN111182071A (en) | Method for intranet penetration and service release | |
| JP4878043B2 (en) | Access control system, connection control device, and connection control method | |
| CN104243150A (en) | IPSec public key interaction method, nodes and DNS servers | |
| WO2023066022A1 (en) | Communication method and apparatus | |
| CN114374582B (en) | Communication method and device | |
| EP4064745A1 (en) | Network device management method and apparatus, network management device, and medium | |
| KR101807695B1 (en) | Mobile communication router apparatus and ip sharing system comprising the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |