CN109218157B - Data processing method, device and system of virtual private network system - Google Patents
Data processing method, device and system of virtual private network system Download PDFInfo
- Publication number
- CN109218157B CN109218157B CN201710538831.8A CN201710538831A CN109218157B CN 109218157 B CN109218157 B CN 109218157B CN 201710538831 A CN201710538831 A CN 201710538831A CN 109218157 B CN109218157 B CN 109218157B
- Authority
- CN
- China
- Prior art keywords
- vpn
- address
- epc
- data
- vpn server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
Abstract
The embodiment of the invention provides a data processing method of a virtual private network system, which comprises the following steps: the VPN client receives a first IP address distributed by the EPC; the VPN client establishes connection with the VPN server by adopting the first IP address; after the VPN client establishes connection with the VPN server, the VPN client receives a second IP address distributed by the VPN server; and the VPN client exchanges data with the VPN server by adopting the second IP address. Establishing connection between a VPN client and a VPN server on the basis of an LTE network, so that a two-layer Ethernet transmission network is established between the UE and a single board of an EPC; the LTE equipment only embodies one IP address outwards through the VPN protocol, the internal IP address is shielded, and two-layer dynamic networking is achieved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a data processing method of a virtual private network system, a data processing apparatus of a virtual private network system, and a virtual private network system.
Background
In an LTE (Long Term Evolution) communication network, a three-layer networking transmission mode of a UE (User Equipment), an ENB (Evolved Node B), and an EPC (Evolved Packet Core) is adopted to implement communication between the UE and the UE, and communication between the UE and an external network; referring to fig. 1, a networking scheme in the prior art is shown, but when the mode is adopted, an IP (internet protocol) address of an S1-U interface and an IP address of an SGI interface need to be configured on an EPC side, an IP address of a UE needs to be re-planned, and routing information between multiple EPCs needs to be configured at the same time, so as to ensure that UEs accessing different core networks can communicate with each other, and thus, the IP address that needs to be configured on the EPC side increases as the number of EPCs increases; the work of planning the IP address of the UE side, the IP address of the EPC side, and configuring the routing information on a PGW (PDN (Public Data Network) GateWay) is extremely complicated, which results in extremely heavy workload for environment provisioning, debugging, and problem troubleshooting and positioning.
Before networking, planning of an IP address and planning of route configuration are required, on one hand, if the planning of the IP address and the route configuration is added, the labor intensity of maintenance personnel is increased; on the other hand, manual configuration is easy to cause errors, so that equipment cannot be communicated, and great difficulty is brought to problem positioning and troubleshooting; in addition, in some networking schemes, the ENB and the EPC may be increased or decreased as an entire device, and in this case, IP address configuration and route configuration may be involved, a networking scheme needs to be re-planned, and then complex manual configuration is performed, so that the difficulty and complexity of networking are continuously increased.
Disclosure of Invention
Embodiments of the present invention provide a data processing method of a virtual private network system, a data processing apparatus of a virtual private network system, and a virtual private network system, so as to solve the above-mentioned problems that IP address configuration and route configuration become complicated and networking difficulty is increased in a case where a plan of IP address and route configuration needs to be changed before networking or ENB and EPC need to be newly added during networking.
In order to solve the above problems, the embodiment of the present invention discloses a data processing method for a virtual private network system, where the virtual private network system includes a virtual private network client VPN client, a virtual private network server VPN server, a user equipment UE, and a core network EPC; wherein the VPN client runs on the UE and the VPNserver runs on the EPC, the method comprises:
the VPN client receives a first IP address distributed by the EPC;
the VPN client establishes connection with the VPN server by adopting the first IP address;
after the VPN client establishes connection with the VPN server, the VPN client receives a second IP address distributed by the VPNserver;
and the VPN client exchanges data with the VPN server by adopting the second IP address.
Preferably, the virtual private network system includes a base station, and the step of the VPN client performing data exchange with the VPN server by using the second IP address includes:
the VPN client sends a data message to the base station by adopting the second IP address;
the base station sends the data message to the EPC; wherein the EPC includes a first virtual interface;
and the EPC sends the data message to the VPN server through the first virtual interface.
The embodiment of the invention also discloses a data processing method of the virtual private network system, wherein the virtual private network system comprises a VPN client, a VPN server, UE, an EPC and a packet data network; the VPN client runs on the UE, the VPN server runs on the EPC, and the method comprises the following steps:
after the VPN client adopts a first IP address to establish connection with the VPN server, the VPNserver allocates a second IP address to the VPN client;
and the VPN server adopts the second IP address to respectively exchange data with the VPN client and the packet data network.
Preferably, the EPC includes a second virtual interface; the step that the VPN server adopts the second IP address to exchange data with the VPN client and the packet data network comprises the following steps:
and the VPN server exchanges data with the packet data network through the second virtual interface.
Preferably, the step of exchanging data with the packet data network through the second virtual interface by the VPN server includes:
and when the VPN server receives the data message of the VPN client, the data message is sent to the packet data network through the second virtual interface.
The embodiment of the invention also discloses a data processing device of the virtual private network system, wherein the virtual private network system comprises a VPN client, a VPN server, UE and an EPC; wherein the VPN client runs on the UE, the VPN server runs on the EPC, and the device comprises:
a first receiving module, configured to receive, by the VPN client, a first IP address allocated by the EPC;
the connection establishing module is used for establishing connection between the VPN client and the VPN server by adopting the first IP address;
a second receiving module, configured to receive, by the VPNclient, a second IP address allocated by the VPN server after the VPN client establishes a connection with the VPN server;
and the first data exchange module is used for the VPN client to exchange data with the VPN server by adopting the second IP address.
Preferably, the first data exchange module comprises:
the first data message sending submodule is used for the VPN client to send a data message to the base station by adopting the second IP address;
a second data message sending submodule, configured to send, by the base station, the data message to the EPC; wherein the EPC includes a first virtual interface;
and the third data message sending submodule is used for sending the data message to the VPN server through the first virtual interface by the EPC.
The embodiment of the invention also discloses a data processing device of the virtual private network system, wherein the virtual private network system comprises a VPN client, a VPN server, UE, an EPC and a packet data network; wherein the VPN client runs on the UE, the VPN server runs on the EPC, and the device comprises:
the distribution module is used for distributing a second IP address to the VPN client by the VPN server after the VPN client adopts the first IP address to establish connection with the VPN server;
and the second data exchange module is used for the VPN server to respectively exchange data with the VPNClient and the packet data network by adopting the second IP address.
Preferably, the EPC includes a second virtual interface; the second data exchange module comprises:
and the second data exchange submodule is used for the VPN server to exchange data with the packet data network through the second virtual interface.
Preferably, the second data exchange submodule includes:
and the data exchange unit is used for sending the data message to the packet data network through the second virtual interface when the VPN server receives the data message of the VPN client.
The embodiment of the invention also discloses a virtual private network system, which comprises: VPN client, VPNserver, UE, base station, EPC and packet data network; the VPN client runs on the UE, and the VPNserver runs on the EPC;
the VPN client is used for exchanging data with the VPN server by adopting the second IP address;
and the VPN server is used for exchanging data with the VPN client and the packet data network by adopting a second IP address.
Preferably, the base station is configured to send a data packet to the EPC; the EPC is used for sending the data message to the VPN server through the first virtual interface.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, the virtual private network system comprises a VPN client, a VPN server, UE and an EPC, wherein the VPN client runs on the UE, the VPN server runs on the EPC, and the VPN client receives a first IP address distributed by the EPC; the method comprises the following steps that a VPN client establishes connection with a VPN server by adopting a first IP address, receives a second IP address distributed by the VPN server after the VPN client establishes connection with the VPN server, and exchanges data with the VPN server by adopting the second IP address; in the embodiment of the invention, VPNClient and VPN server are respectively deployed on single boards of UE and EPC; establishing connection between a VPN client and a VPN server on the basis of an LTE network, so that a two-layer Ethernet transmission network is established between the UE and a single board of an EPC; the LTE equipment only embodies one IP address outwards through the VPN protocol, the internal IP address is shielded, and two-layer dynamic networking is achieved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts
FIG. 1 is a prior art networking scheme;
fig. 2 is a flowchart illustrating a first step of a data processing method of a virtual private network system according to a first embodiment of the present invention;
FIG. 3 is a networking scheme of an embodiment of the invention;
fig. 4 is a single board deployment diagram of an EPC according to an embodiment of the present invention;
fig. 5 is a flowchart of steps of a second embodiment of a data processing method of a virtual private network system according to the present invention;
fig. 6 is a schematic diagram of a VPN application layer and an LTE device layer according to an embodiment of the present invention;
fig. 7 is a block diagram of a third embodiment of a data processing apparatus of a virtual private network system according to the present invention;
fig. 8 is a block diagram of a fourth embodiment of a data processing apparatus in a virtual private network system according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects solved by the embodiments of the present invention more clearly apparent, the embodiments of the present invention are described in further detail below with reference to the accompanying drawings and the embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 2, a flowchart illustrating a first step of a data processing method of a Virtual private network system according to an embodiment of the present invention is shown, where the Virtual private network system includes a Virtual private network client VPN (Virtual private network) client, a Virtual private network server VPN server, a user equipment UE, and a core network EPC; the VPN client runs on the UE, and the VPN server runs on the EPC, which may specifically include the following steps:
in a specific implementation, an embodiment of the present invention provides a virtual private network system, including: VPNClient, VPN server, UE, base station, EPC and packet data network; the VPN client runs on the UE, and the VPNserver runs on the EPC.
In addition, the VPN client is used for exchanging data with the VPN server by adopting the second IP address.
Further, the VPN server is configured to perform data exchange with the VPN client and the packet data network by using a second IP address.
Preferably, the base station is configured to send a data packet to the EPC; the EPC is used for sending the data message to the VPN server through the first virtual interface.
In the embodiment of the invention, the connection between the VPN client and the VPN server is based on a communication link between the UE and the EPC, the UE and the EPC can be connected through the base station, specifically, after the UE is powered on, a random access process is initiated to be connected with the base station, and after the default bearer and the patent bearer are activated, the UE can transmit data packets with the base station and the EPC through the bearers.
In the embodiment of the invention, the EPC allocates the first IP address to the UE, because the VPN client runs on the UE in the form of an application program, the UE can configure the first IP address to the VPN client, and the VPN client can establish connection with the VPN server by adopting the first IP address.
102, the VPN client establishes connection with the VPN server by adopting the first IP address;
specifically, in the embodiment of the present invention, after receiving the first IP address allocated by the EPC, the VPN client further establishes a connection with the VPN server by using the first IP address, it should be noted that the first IP address may be an IP address of an original LTE network, and the VPN client establishes a connection with the VPN server by using the first IP address, that is, the VPN client may establish a connection with the VPN server through a communication link between the UE, the base station, and the EPC.
103, after the connection between the VPN client and the VPN server is established, the VPN client receives a second IP address distributed by the VPN server;
further, after the connection between the VPN client and the VPN server is established, the VPN client receives a second IP address allocated by the VPN server, where the second IP address may be an IP address of a VPN application layer, and the second IP address is distributed to each VPN client by the VPN server, and specifically, may be distributed through a communication link between the UE, the base station, and the EPC.
And 104, the VPN client exchanges data with the VPN server by adopting the second IP address.
In practical application to the embodiment of the present invention, after receiving the second IP address allocated by the VPN server, the VPN client may use the second IP address to perform data exchange with the VPN server.
Specifically, the virtual private network system includes a base station, and the step of the VPN client performing data exchange with the VPN server by using the second IP address includes the following substeps:
the substep S1041, the VPN client adopts the second IP address to send a data message to a base station;
substep S1042, the base station sends the data message to the EPC; wherein the EPC includes a first virtual interface;
and in substep S1043, the EPC sends the data packet to the VPNserver through the first virtual interface.
In the embodiment of the invention, a communication link used for exchanging data between the VPN client and the VPN server can be an original communication link among the UE, the base station and the EPC, the VPN client sends a data message to the base station by adopting a second IP address, the base station sends the data message to the EPC, the EPC sends the data message to the VPNserver through a first virtual interface arranged on the EPC, the VPN server sends the data message to a packet data network through a (TUN port) physical network port, and the packet data network comprises an external network and an enterprise network.
Referring to fig. 3, a networking scheme of an embodiment of the invention is shown; under the condition of operating the VPN client and the VPN server, the UE, the base station, and the core network may be an integrated two-layer device, the plurality of core networks and the base station and the UE connected thereto are a plurality of two-layer devices, and the two-layer devices exchange data with the packet data network through the two-layer switching device.
Referring to fig. 4, a single board deployment diagram of an EPC according to an embodiment of the present invention is shown; in a specific implementation manner of the embodiment of the present invention, the VPN server is run on the EPC, that is, the VPN OPEN-source program is run on a single board of the EPC, and an OPEN-VPN may be selected as the VPN OPEN-source program, which is not limited in the embodiment of the present invention.
As shown in the figure, in order to shield an interface between an EPC and a VPN open source program, a Linux protocol stack is used as a transfer mode, an EPC process directly sends a data message of the VPN open source program to the Linux protocol stack, but the Linux protocol stack cannot turn to the VPN process any more, in the embodiment of the present invention, a first virtual interface (TUN port) is created in the EPC, and the data message is read and written by using string driving; the VPN process can monitor the IP address of the TUN port and receive a data message of the EPC process through a Linux protocol stack;
in addition, the EPC process is also required to determine whether the IP address of the data packet is an IP address (second IP address) allocated by the VPN server, if so, the method is converted into a character string writing method, and data is written into the TUN port, and if not, the data is forwarded to a socket (socket connection) for transmission; in addition, in the embodiment of the present invention, a second virtual interface (TAP port) is also created on the single board of the EPC, so that the VPN server can control the VPN process to perform data exchange with the packet data network through the TAP port in a manner of bridging the TAP port to the physical network port.
In the embodiment of the invention, the virtual private network system comprises a VPN client, a virtual private network server, UE and an EPC, wherein the VPN client runs on the UE, the VPN server runs on the EPC, and the VPN client receives a first IP address distributed by the EPC; the method comprises the following steps that a VPN client establishes connection with a VPN server by adopting a first IP address, receives a second IP address distributed by the VPN server after the VPN client establishes connection with the VPN server, and exchanges data with the VPN server by adopting the second IP address; in the embodiment of the invention, a VPN client and a VPN server are respectively deployed on single boards of UE and EPC; establishing connection between a VPN client and a VPNserver on the basis of an LTE network, so that a two-layer Ethernet transmission network is established between a UE and a single board of an EPC; the LTE equipment only embodies one IP address externally, the internal IP address is shielded, and two-layer dynamic networking is realized.
Referring to fig. 5, a flowchart illustrating a second step of a data processing method of a virtual private network system according to an embodiment of the present invention is shown, where the virtual private network system includes a VPN client, a VPN server, a UE, an EPC, and a packet data network; the VPN client runs on the UE, and the VPN server runs on the EPC, which may specifically include the following steps:
in the embodiment of the invention, after the VPN client adopts the first IP address to establish connection with the VPN server, the VPN server allocates the second IP address to the VPN client, namely, the second IP address is distributed to the VPN client through the communication link among the original UE, the base station and the EPC.
And step 202, the VPN server performs data exchange with the VPN client and the packet data network respectively by using the second IP address.
Specifically, the VPN server performs data exchange with the VPN client by using the second IP address, and further, the VPN server may perform data exchange with the packet data network by using the second IP address.
Fig. 6 is a schematic diagram illustrating a VPN application layer and an LTE device layer according to an embodiment of the present invention; as shown in the figure, the EPC interacts with the UE through a first IP address of the original LTE device, and the VPN server interacts with the VPN server through a second IP address allocated by the VPNserver.
In particular, in embodiments of the present invention, the EPC includes a second virtual interface (TAP port); the step that the VPN server exchanges data with the VPN client and the packet data network by adopting the second IP address comprises the following steps: the VPN server exchanges data with the packet data network through the second virtual interface (TAP port), and the TAP port is bridged with the physical network port, so that the VPNserver can exchange data with the packet data network through the TAP port.
In a preferred embodiment of the present invention, the step of the VPN server exchanging data with the packet data network through the second virtual interface includes: and when the VPN server receives the data message of the VPN client, the data message is sent to the packet data network through the second virtual interface.
In the embodiment of the invention, after the VPN client adopts the first IP address to establish connection with the VPN server, the VPNserver allocates the second IP address to the VPN client, the VPN server adopts the second IP address to respectively exchange data with the VPN client and a packet data network, and the VPN client and the VPN server are respectively deployed on single boards of UE and EPC; establishing connection between a VPN client and a VPN server on the basis of an LTE network, so that a two-layer Ethernet transmission network is established between the UE and a single board of an EPC; the LTE equipment only embodies one IP address outwards through the VPN protocol, the internal IP address is shielded, the VPN protocol is merged into an LTE network architecture, and two-layer dynamic networking is completed.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 7, a block diagram of a third embodiment of a data processing apparatus of a virtual private network system according to the present invention is shown, where the virtual private network system includes a VPN client, a VPN server, a UE, and an EPC; the VPN client runs on the UE, and the VPN server runs on the EPC, which may specifically include the following modules:
a first receiving module 301, configured to receive, by the VPN client, a first IP address allocated by the EPC;
a connection establishing module 302, configured to establish a connection between the VPN client and the VPN server by using the first IP address;
a second receiving module 303, configured to receive, by the VPN client, a second IP address allocated by the VPN server after the VPN client establishes a connection with the VPN server;
and a first data exchange module 304, configured to perform data exchange between the VPN client and the VPNserver by using the second IP address.
Preferably, the first data exchange module comprises:
the first data message sending submodule is used for the VPN client to send a data message to the base station by adopting the second IP address;
a second data message sending submodule, configured to send, by the base station, the data message to the EPC; wherein the EPC includes a first virtual interface;
and the third data message sending submodule is used for sending the data message to the VPN server through the first virtual interface by the EPC.
Referring to fig. 8, a block diagram of a fourth embodiment of a data processing apparatus of a virtual private network system according to the present invention is shown, where the virtual private network system includes a VPN client, a VPN server, a UE, an EPC, and a packet data network; the VPN client runs on the UE, and the VPN server runs on the EPC, which may specifically include the following modules:
the allocating module 401 is configured to, after the VPN client establishes a connection with the VPN server by using a first IP address, the VPN server allocates a second IP address to the VPN client;
a second data exchange module 402, configured to perform data exchange between the VPN server and the VPNclient and between the VPN server and the packet data network respectively by using the second IP address.
Preferably, the EPC includes a second virtual interface; the second data exchange module comprises:
and the second data exchange submodule is used for the VPN server to exchange data with the packet data network through the second virtual interface.
Preferably, the second data exchange submodule includes:
and the data exchange unit is used for sending the data message to the packet data network through the second virtual interface when the VPN server receives the data message of the VPN client.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method and the apparatus provided by the present invention are described in detail, and the principle and the embodiment of the present invention are explained by applying specific examples, and the description of the above examples is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (12)
1. A data processing method of a virtual private network system is characterized in that the virtual private network system comprises a virtual private network client VPN client, a virtual private network server VPN server, user equipment UE and a core network EPC; the VPN client runs on the UE, the VPN server runs on the EPC, and the method comprises the following steps:
the VPN client receives a first IP address distributed by the EPC;
the VPN client establishes connection with the VPN server by adopting the first IP address;
after the VPN client establishes connection with the VPN server, the VPN client receives a second IP address distributed by the VPNserver;
the VPN client exchanges data with the VPN server by adopting the second IP address;
the first IP address comprises an IP address of an original LTE network; the second IP address comprises an IP address of a VPN application layer; the virtual private network system includes a base station;
and the VPN client establishes connection with the VPN server through a communication link among the UE, the base station and the EPC.
2. The method of claim 1, wherein the virtual private network system comprises a base station, and wherein the step of the VPNclient exchanging data with the VPN server using the second IP address comprises:
the VPN client sends a data message to the base station by adopting the second IP address;
the base station sends the data message to the EPC; wherein the EPC includes a first virtual interface;
and the EPC sends the data message to the VPN server through the first virtual interface.
3. A data processing method of a virtual private network system is characterized in that the virtual private network system comprises a VPN client, a VPN server, UE, an EPC and a packet data network; the VPN client runs on the UE, the VPN server runs on the EPC, and the method comprises the following steps:
after the VPN client adopts a first IP address to establish connection with the VPN server, the VPN server allocates a second IP address to the VPN client;
and the VPN server adopts the IP address in the same network segment as the second IP address to respectively exchange data with the VPN client and the packet data network.
4. The method of claim 3, wherein the EPC comprises a second virtual interface; the step that the VPNserver exchanges data with the VPN client and the packet data network by adopting the IP address in the same network segment with the second IP address comprises the following steps:
and the VPN server exchanges data with the packet data network through the second virtual interface.
5. The method of claim 4, wherein the step of the VPN server exchanging data with the packet data network via the second virtual interface comprises:
and when the VPN server receives the data message of the VPN client, the data message is sent to the packet data network through the second virtual interface.
6. A data processing device of a virtual private network system is characterized in that the virtual private network system comprises a VPN client, a VPN server, a UE and an EPC; wherein the VPN client runs on the UE and the VPNserver runs on the EPC, and the device comprises:
a first receiving module, configured to receive, by the VPN client, a first IP address allocated by the EPC;
the connection establishing module is used for establishing connection between the VPN client and the VPN server by adopting the first IP address;
a second receiving module, configured to receive, by the VPNclient, a second IP address allocated by the VPN server after the VPN client establishes a connection with the VPN server;
the first data exchange module is used for the VPN client to exchange data with the VPN server by adopting the second IP address;
the first IP address comprises an IP address of an original LTE network; the second IP address comprises an IP address of a VPN application layer; the virtual private network system includes a base station;
and the VPN client establishes connection with the VPN server through a communication link among the UE, the base station and the EPC.
7. The apparatus of claim 6, wherein the first data exchange module comprises:
the first data message sending submodule is used for the VPN client to send a data message to the base station by adopting the second IP address;
a second data message sending submodule, configured to send, by the base station, the data message to the EPC; wherein the EPC includes a first virtual interface;
and the third data message sending submodule is used for sending the data message to the VPN server through the first virtual interface by the EPC.
8. A data processing device of a virtual private network system is characterized in that the virtual private network system comprises a VPN client, a VPN server, UE, an EPC and a packet data network; wherein the VPN client runs on the UE, the VPN server runs on the EPC, and the device comprises:
the distribution module is used for distributing a second IP address to the VPN client by the VPN server after the VPN client adopts the first IP address to establish connection with the VPN server;
and the second data exchange module is used for the VPN server to respectively exchange data with the VPN client and the packet data network by adopting an IP address in the same network segment as the second IP address.
9. The apparatus of claim 8, wherein the EPC includes a second virtual interface; the second data exchange module comprises:
and the second data exchange submodule is used for the VPN server to exchange data with the packet data network through the second virtual interface.
10. The apparatus of claim 9, wherein the second data exchange submodule comprises:
and the data exchange unit is used for sending the data message to the packet data network through the second virtual interface when the VPN server receives the data message of the VPN client.
11. A virtual private network system, the system comprising: VPN client, VPN server, UE, base station, EPC and packet data network; the VPN client runs on the UE, and the VPN server runs on the EPC;
the VPN client is used for exchanging data with the VPN server by adopting a second IP address;
the VPN server is used for exchanging data with the VPN client and the packet data network by adopting an IP address in the same network segment with the second IP address;
the second IP address is used for receiving the first IP address distributed by the EPC by the VPN client; the VPN client establishes connection with the VPN server by adopting the first IP address; and after the VPN client establishes connection with the VPN server, the VPN client receives and acquires a second IP address distributed by the VPN server.
12. The system of claim 11, wherein the base station is configured to send data messages to the EPC; the EPC includes a first virtual interface; the EPC is used for sending the data message to the VPN server through the first virtual interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710538831.8A CN109218157B (en) | 2017-07-04 | 2017-07-04 | Data processing method, device and system of virtual private network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710538831.8A CN109218157B (en) | 2017-07-04 | 2017-07-04 | Data processing method, device and system of virtual private network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109218157A CN109218157A (en) | 2019-01-15 |
| CN109218157B true CN109218157B (en) | 2020-10-09 |
Family
ID=64993159
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710538831.8A Active CN109218157B (en) | 2017-07-04 | 2017-07-04 | Data processing method, device and system of virtual private network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109218157B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113507506B (en) * | 2021-06-23 | 2022-07-29 | 烽火通信科技股份有限公司 | Virtual private network system, construction method and device thereof, and readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101304388A (en) * | 2008-06-20 | 2008-11-12 | 华为技术有限公司 | Method, apparatus and system for settling IP address conflict |
| CN102742247A (en) * | 2011-09-19 | 2012-10-17 | 华为技术有限公司 | Data multiplexing transmission method, device and system |
| CN102904791A (en) * | 2011-07-28 | 2013-01-30 | 丛林网络公司 | Virtual private networking with mobile communication continuity |
| CN103477605A (en) * | 2011-02-15 | 2013-12-25 | 中兴通讯股份有限公司 | Internet protocol mapping resolution in fixed mobile convergence networks |
| CN103840995A (en) * | 2012-11-26 | 2014-06-04 | 华为技术有限公司 | IP message processing method, device and network system |
| CN105939239A (en) * | 2015-07-31 | 2016-09-14 | 杭州迪普科技有限公司 | Data transmission method and device of virtual network interface card |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130182651A1 (en) * | 2012-01-13 | 2013-07-18 | Amol Dhananjay Kelkar | Virtual Private Network Client Internet Protocol Conflict Detection |
-
2017
- 2017-07-04 CN CN201710538831.8A patent/CN109218157B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101304388A (en) * | 2008-06-20 | 2008-11-12 | 华为技术有限公司 | Method, apparatus and system for settling IP address conflict |
| CN103477605A (en) * | 2011-02-15 | 2013-12-25 | 中兴通讯股份有限公司 | Internet protocol mapping resolution in fixed mobile convergence networks |
| CN102904791A (en) * | 2011-07-28 | 2013-01-30 | 丛林网络公司 | Virtual private networking with mobile communication continuity |
| CN102742247A (en) * | 2011-09-19 | 2012-10-17 | 华为技术有限公司 | Data multiplexing transmission method, device and system |
| CN103840995A (en) * | 2012-11-26 | 2014-06-04 | 华为技术有限公司 | IP message processing method, device and network system |
| CN105939239A (en) * | 2015-07-31 | 2016-09-14 | 杭州迪普科技有限公司 | Data transmission method and device of virtual network interface card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109218157A (en) | 2019-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11588683B2 (en) | Stitching enterprise virtual private networks (VPNs) with cloud virtual private clouds (VPCs) | |
| US10122679B2 (en) | Method, relay agent, and system for acquiring internet protocol address in network | |
| EP3016316B1 (en) | Network control method and apparatus | |
| CN108768692B (en) | Network creation method, related equipment and system | |
| EP2999194A1 (en) | Method and apparatus for accessing network by device | |
| CN111698338B (en) | Data transmission method and computer system | |
| US10630508B2 (en) | Dynamic customer VLAN identifiers in a telecommunications network | |
| CN109981375B (en) | Method and apparatus for satellite communication simulation network construction | |
| CN104468368B (en) | Configure the method and device of bgp neighbor | |
| CN105337754B (en) | Data communication network opening method and system | |
| US10693753B2 (en) | Network device snapshots | |
| CN106357542B (en) | The method and software defined network controller of multicast service are provided | |
| CN103152444B (en) | The network address translation of trunking scheme and message transmitting method and device, system | |
| CN108259302B (en) | Method and device for realizing centralized gateway networking | |
| JP2019519146A (en) | Routing establishment, packet transmission | |
| CN103401954B (en) | The implementation method of virtual DHCP | |
| CN105827496B (en) | Manage the method and device of PE equipment | |
| JP6471066B2 (en) | Network management apparatus and address setting method | |
| CN106330511B (en) | Network element equipment and method for opening data communication network | |
| CN109218157B (en) | Data processing method, device and system of virtual private network system | |
| CN113300871B (en) | Networking method and device of simulation network | |
| CN113938353A (en) | Multi-PDN implementation method between indoor unit and outdoor unit and storage medium | |
| CN111464370A (en) | Network distribution device, Internet of things control system and network distribution method thereof | |
| CN110247778A (en) | Installation method of operating system, device, electronic equipment and storage medium | |
| CN107124307B (en) | Management VLAN (virtual local area network) switching method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |