CN109672602A

CN109672602A - A kind of method and apparatus remotely accessing VPN

Info

Publication number: CN109672602A
Application number: CN201910004783.3A
Authority: CN
Inventors: 赵大赓; 代裕
Original assignee: Qingdao Juhaolian Technology Co Ltd
Current assignee: Qingdao Juhaolian Technology Co Ltd
Priority date: 2019-01-03
Filing date: 2019-01-03
Publication date: 2019-04-23
Anticipated expiration: 2039-01-03
Also published as: CN109672602B

Abstract

The invention discloses a kind of methods and apparatus for remotely accessing VPN, it is related to field of communication technology, the VPN access protocol that operating system to solve current some terminals does not support switching equipment provider privately owned, the problem of VPN can not be accessed, the method of the present invention includes: to determine that user needs VPN access protocol to be used in assembly of protocols after terminal establishes the channel Virtual Private Network VPN with firewall；The VPN access protocol that terminal is selected according to user is remotely connect with server foundation, since terminal of the present invention is integrated with the privately owned VPN access protocol of Duo Jia switching equipment provider, after the success of VPN Path Setup, user selects a kind of VPN access protocol according to their own needs, the VPN access protocol that terminal is selected according to user is remotely connect with server foundation, the operating system of terminal is allowed to support a variety of VPN access protocols, so as to access the switching equipment for supporting different agreement.

Description

A kind of method and apparatus remotely accessing VPN

Technical field

The present invention relates to field of communication technology, in particular to a kind of method and apparatus for remotely accessing VPN.

Background technique

VPN (Virtual Private Network, Virtual Private Network) is that one kind establishes private network in common network Network carries out encryption communication.It is widely used in enterprise network.Vpn gateway passes through encryption to data packet and data packet destination Remote access is realized in the conversion of address.There are many mode classifications by VPN, mainly classify by agreement.VPN can pass through service The various ways such as device, hardware, software are realized.

VPN has feature at low cost, easy to use.

Present portable equipment telecommuting demand is increasingly vigorous, and especially operation maintenance personnel timely responds to realize, needs Portable equipment safely access system, and complete to operate server file etc..Therefore portable equipment is accessed by various protocols Remote operating system is particularly significant for system stability.

Android (Android) system only supports that (Internet Protocol Security, internet connect IPSec at present Connect agreement) etc. publicly-owned VPN agreement.For the privately owned VPN access protocol of Duo Jia switching equipment provider, many VPN accesses Agreement does not support Android operation system.

In conclusion the VPN access protocol that the operating system of some terminals does not support switching equipment provider privately owned at present, VPN can not be accessed.

Summary of the invention

The present invention provides a kind of method and apparatus for remotely accessing VPN, to solve existing in the prior art current one The VPN access protocol that the operating system of a little terminals does not support switching equipment provider privately owned, the problem of VPN can not be accessed.

In a first aspect, a kind of method for remotely accessing VPN provided in an embodiment of the present invention includes:

After terminal and firewall establish the channel Virtual Private Network VPN, determine that user needs VPN to be used in assembly of protocols Access protocol；

The VPN access protocol that the terminal is selected according to the user is remotely connect with server foundation.

The above method summarizes a variety of VPN access protocols in the assembly of protocols of terminal, after the success of VPN Path Setup, User selects a kind of VPN access protocol according to their own needs, and the VPN access protocol that terminal is selected according to user is built with server Vertical long-range connection, is integrated with the privately owned VPN access protocol of a variety of switching equipment providers in terminal, so that the operating system of terminal A variety of VPN access protocols can be supported, so as to access the switching equipment for supporting different agreement.

In one possible implementation, the terminal determines that user needs VPN access to be used association in assembly of protocols Before view, further includes:

The corresponding protocol parameter of VPN protocol type that the terminal requests the user to select to the firewall；

The VPN agreement corresponding with the VPN protocol type of user selection that the terminal is returned from the firewall is joined The VPN protocol parameter of user's selection is determined in number；

After the VPN protocol parameter that the terminal is selected according to the user determines authentication mode, by user input with institute The VPN protocol parameter for stating the corresponding log-on message of authentication mode and user selection is sent to the firewall, so that described Firewall authenticates the log-on message according to the authentication mode；

The terminal is assisted after the firewall passes through log-on message certification according to the VPN of user selection View parameter and the firewall establish the channel VPN.

The above method is also integrated with different types of VPN agreement in the assembly of protocols of terminal, establishes in terminal and firewall Before the channel VPN, user can select VPN protocol type according to their own needs, and the VPN of default type is supported with existing Agreement is compared, more diversification, and can choose different authentication modes etc. according to different protocol types, is provided abundant VPN login method.

In one possible implementation, the VPN agreement that the terminal requests the user to select to the firewall The corresponding protocol parameter of type, comprising:

The VPN protocol type that the terminal is selected according to the user establishes Microsoft Loopback Adapter, and passes through physical network card for institute The data packet for stating Microsoft Loopback Adapter is sent to the firewall.

The above method, in the data packet for the Microsoft Loopback Adapter that the VPN protocol type that terminal is selected according to user creates comprising with The data packet of Microsoft Loopback Adapter is transmitted to firewall by physical network card by the relevant data of VPN protocol type, terminal, can make to prevent Wall with flues returns to VPN protocol parameter to terminal according to VPN protocol type.

In one possible implementation, the VPN protocol parameter that the terminal is selected according to the user is prevented with described Wall with flues establishes the channel VPN, comprising:

The terminal receives the network determined according to the VPN protocol parameter of user selection that the firewall returns and believes Breath；

The terminal establishes the channel VPN according to the network information and the firewall.

The above method, after the VPN protocol parameter that terminal receives that firewall returns, what user selected from these parameters A kind of VPN protocol parameter, according to the VPN protocol parameter that user selects, after user inputs log-on message, firewall steps on user Record information is authenticated, and certification returns to the network that VPN protocol parameter selected by user determines to user by rear firewall and believes Breath, terminal establish the channel VPN according to the network information and the firewall, i.e., according to the VPN protocol type of user's selection and VPN protocol parameter establishes the channel VPN.

In one possible implementation, it after the terminal and firewall establish the channel VPN, determines in assembly of protocols and uses Family needs before VPN access protocol to be used, further includes:

The terminal is according to network delay and/or the determining channel VPN established with the firewall of data packet status transmission Stablize.

The above method can then be communicated using stable channel after determining that the channel VPN is stablized, convenient for terminal with Server establishes connection.

In one possible implementation, after the terminal and firewall establish the channel VPN, further includes:

If the terminal is established according to the network delay and/or data packet transmission situation determination with the firewall The channel VPN is unstable, then the user is prompted to switch the channel VPN.

The above method establishes the channel VPN in terminal and firewall and carries out a judgement to the stability in channel, if unstable It is fixed, then user can be prompted to switch a channel VPN, highly reliable low time delay may be implemented using the stable channel VPN Communication.

In one possible implementation, VPN access protocol and server that the terminal is selected according to the user It establishes after long-range connection, further includes:

After the terminal receives the input instruction of input equipment by bluetooth, if input instruction is that default input refers to It enables, is then converted input instruction according to the VPN access protocol of user selection, and the input after conversion is instructed It is sent to the server.

The above method, terminal can access some input equipments by bluetooth, and preset some quick behaviour to input equipment Make, configures default input instruction corresponding with these prompt operations in terminal, used fast in user by input equipment When operation, terminal will receive input instruction, and judge whether the input instruction is default input instruction, if it is, will It receives instruction to be converted and sent to server, to realize prompt operation, if it is not, then terminal is not necessarily to receiving Instruction converted, it is inconvenient to the input of the terminal of the small screen to solve the problems, such as.

Second aspect, a kind of equipment remotely accessing VPN provided in an embodiment of the present invention includes: at least one processing unit And at least one storage unit, wherein the storage unit is stored with program code, when said program code is by the processing When unit executes, so that the processing unit executes following process:

After establishing the channel Virtual Private Network VPN with firewall, determine that user needs VPN access to be used in assembly of protocols Agreement；

It is remotely connect according to the VPN access protocol of user selection with server foundation.

In one possible implementation, the processing unit is also used to:

The corresponding protocol parameter of VPN protocol type for requesting the user to select to the firewall；

It is determined in the VPN protocol parameter corresponding with the VPN protocol type of user selection returned from the firewall Determine that user needs VPN access protocol to be used in assembly of protocols after the VPN protocol parameter of user's selection；

According to the user select VPN protocol parameter determine authentication mode after, by user input with the authenticating party The corresponding log-on message of formula and the VPN protocol parameter of user selection are sent to the firewall, so that described fire prevention the foot of a wall The log-on message is authenticated according to the authentication mode；

The firewall to the log-on message certification pass through after, according to the user selection VPN protocol parameter with The firewall establishes the channel VPN.

In one possible implementation, the processing unit is specifically used for:

Microsoft Loopback Adapter is established according to the VPN protocol type that the user selects, and passes through physical network card for the virtual net The data packet of card is sent to the firewall.

In one possible implementation, the processing unit is specifically used for:

Receive the network information determined according to the VPN protocol parameter of user selection that the firewall returns；

The channel VPN is established according to the network information and the firewall.

In one possible implementation, the processing unit is also used to:

After establishing the channel VPN with firewall, according to network delay and/or the determination of data packet status transmission and the firewall Stablize in the channel VPN of foundation.

In one possible implementation, the processing unit is also used to:

After establishing the channel VPN with firewall, if according to the network delay and/or data packet transmission situation it is determining with it is described The channel VPN that firewall is established is unstable, then the user is prompted to switch the channel VPN.

In one possible implementation, the processing unit is also used to:

After establishing long-range connect with server according to the VPN access protocol of user selection, received by bluetooth After the input instruction of input equipment, if input instruction is default input instruction, accessed according to the VPN of user selection Agreement converts input instruction, and the input instruction after conversion is sent to the server.

The third aspect, the embodiment of the present invention also provide a kind of equipment for remotely accessing VPN, the equipment include determining module and AM access module:

Determining module determines user's needs in assembly of protocols after establishing the channel Virtual Private Network VPN with firewall The VPN access protocol used；

AM access module, the VPN access protocol for being selected according to the user are remotely connect with server foundation.

In one possible implementation, the determining module is also used to:

In one possible implementation, the determining module is specifically used for:

In one possible implementation, the AM access module is also used to:

Fourth aspect, the application also provide a kind of computer storage medium, are stored thereon with computer program, the program quilt The step of first aspect the method is realized when processing unit executes.

5th aspect, present invention also provides a kind of computing devices, including at least one processor；And with it is described at least The memory of one processor communication connection；Wherein, the memory be stored with can by least one described processor execute Instruction, described instruction are executed by least one described processor, so that at least one described processor is able to carry out the application reality Any method for remotely accessing VPN of example offer is provided.

In addition, third aspect technical effect brought by any implementation into the 5th aspect can be found in first aspect Technical effect brought by middle difference implementation, details are not described herein again.

Detailed description of the invention

To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this For the those of ordinary skill in field, without any creative labor, it can also be obtained according to these attached drawings His attached drawing.

Fig. 1 is a kind of Entity Architecture schematic diagram for remotely accessing VPN provided in an embodiment of the present invention；

Fig. 2 is a kind of integrated stand composition that VPN agreement is integrated by software program provided in an embodiment of the present invention；

Fig. 3 is a kind of method schematic diagram for remotely accessing VPN provided in an embodiment of the present invention；

Fig. 4 is a kind of Android system terminal provided in an embodiment of the present invention and server-side Principle of Communication figure；

Fig. 5 is a kind of login page schematic diagram for remotely accessing VPN provided in an embodiment of the present invention；

Fig. 6 A is a kind of schematic diagram for switching VPN port presentation provided in an embodiment of the present invention；

Fig. 6 B is the schematic diagram of another switching VPN port presentation provided in an embodiment of the present invention；

Fig. 6 C is the equipment schematic diagram that another kind provided in an embodiment of the present invention remotely accesses VPN；

Fig. 6 D is a kind of schematic diagram of VPN access protocol prompt provided in an embodiment of the present invention；

Fig. 7 is a kind of schematic diagram of user setting shortcut key provided in an embodiment of the present invention；

Fig. 8 is a kind of complete method flow chart for remotely accessing VPN provided in an embodiment of the present invention；

Fig. 9 is a kind of equipment schematic diagram for remotely accessing VPN provided in an embodiment of the present invention；

Figure 10 is the equipment schematic diagram that another kind provided in an embodiment of the present invention remotely accesses VPN；

Figure 11 is the equipment schematic diagram that another kind provided in an embodiment of the present invention remotely accesses VPN；

Figure 12 is the structural schematic diagram according to the computing device of the application embodiment.

Specific embodiment

To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into It is described in detail to one step, it is clear that the described embodiments are only some of the embodiments of the present invention, rather than whole implementation Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts All other embodiment, shall fall within the protection scope of the present invention.

The some words occurred in text are explained below:

1, term "and/or" in the embodiment of the present invention describes the incidence relation of affiliated partner, indicates that there may be three kinds of passes System, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Character "/" one As indicate forward-backward correlation object be a kind of "or" relationship.

2, in the embodiment of the present invention term " firewall (Firewall) " be a kind of internally positioned network and external network it Between network safety system, the guard system of an information security allows or the data of limitation transmission according to specific rule Pass through.

3, term " IPSec VPN (Internet Protocol Security Virtual in the embodiment of the present invention Private Network, internet connection protocol Virtual Private Network) " refer to and is realized and remotely access using ipsec protocol A kind of VPN technologies are defined by IETF (Internet Engineering Task Force, Internet Engineering Task group) Safety standard frame, to provide end to end security and the service for checking credentials of public and dedicated network.

4, term " SSL VPN (Secure Sockets Layer Virtual Private in the embodiment of the present invention Network, secure socket layer protocol Virtual Private Network) " it is to solve remote user access company sensitive data most simply most to pacify Full solution technology.Compared with complicated IPSec VPN, SSL realizes that information remote is connected to by method easy to use.It is any The machine for installing browser can use SSL VPN, this is because SSL is embedded in a browser, it is not needed as tradition IPSec VPN is equally necessary for each client computer installation client software.

5, term " DNS (Domain Name System, domain name system) " in the embodiment of the present invention is used as domain on internet The distributed data base that name and IP address mutually map, is able to use family and more easily accesses internet, without spending note The IP number string that can be firmly directly read by machine.By host name, finally obtain the process of the corresponding IP address of the host name Do domain name mapping (or hostname resolution).DNS Protocol operates in UDP (User Datagram Protocol, User Datagram Protocol View) on, use port numbers 53.

6, term " Open VPN " is that the application layer VPN based on the library OpenSSL is realized in the embodiment of the present invention.And biography System VPN is compared, and its advantages are easy to use.The single-point that OpenVPN allows to participate in establishing VPN uses shared golden key, electronics card Book or usemame/password carry out authentication.The technological core of Open VPN is Microsoft Loopback Adapter, and followed by ssl protocol is real It is existing.

The application scenarios of description of the embodiment of the present invention are the technical solutions in order to more clearly illustrate the embodiment of the present invention, The restriction for technical solution provided in an embodiment of the present invention is not constituted, those of ordinary skill in the art are it is found that with newly answering With the appearance of scene, technical solution provided in an embodiment of the present invention is equally applicable for similar technical problem.Wherein, at this In the description of invention, unless otherwise indicated, the meaning of " plurality " is two or more.

Why referred to as VPN refers to the technology that dedicated network is established in common network, virtual net, is primarily due to whole Connection between any two node of a VPN network is there is no physical link end to end needed for traditional private network, but frame Structure network platform provided by common network service provider, such as Internet (internet), ATM (Asynchronous Transfer Mode, asynchronous transfer mode), the logical network on Frame Relay (frame relay) etc., user data patrolling It collects and is transmitted in link.It covers the dedicated network that encapsulation, encryption and authentication across shared network or public network link Extension.VPN mainly uses tunneling technique, encryption and decryption technology, key management technology and user and equipment identities certification skill Art.

It can be divided into three categories by the application class of VPN:

(1) Access VPN (remotely accessing VPN): client-to-gateway, use public network as backbone network between devices Transmit VPN data flow；

(2) Intranet VPN (Intranet VPN): gateway to gateway, by the network architecture connection of company from public The resource of department；

(3) Extranet VPN (extranet VPN): with affiliate's enterprise network constitute Extranet, by a company with The resource of another company is attached.

Present invention is generally directed to be to remotely access VPN, Android (Android) system only supports IPSec etc. publicly-owned at present VPN agreement.For the privately owned VPN access protocol of Duo Jia switching equipment provider, many VPN access protocols do not support Android to grasp Make system, current operation maintenance personnel is difficult without computer maintenance work.

Therefore a kind of method and apparatus for remotely accessing VPN of the embodiment of the present invention, integrates more switching equipment by program The privately owned VPN access protocol of provider, and it is adapted to the inputs such as this program needs to cooperate bluetooth foldable keyboard and mouse is two-in-one Equipment carries out novel maintenance service to realize on a small screen.

For above-mentioned scene, the embodiment of the present invention is described in further detail with reference to the accompanying drawings of the specification.

As shown in Figure 1, being a kind of Entity Architecture figure for remotely accessing VPN provided in an embodiment of the present invention, including end End, firewall, interchanger and multiple servers.Since the present invention summarizes a variety of VPN accesses in the collection of programs of terminal Agreement may be implemented remotely to connect with the foundation of the server of different manufacturers by different VPN access protocols.

As shown in Fig. 2, being a kind of integrated stand composition for integrating VPN agreement by software program provided by the invention, wherein Software program is by SSL VPN, channel of the VPN such as the IPSec VPN protocol interface as external connection, by establishing the channel VPN, beating Access is by rear, by SSH (Secure Shell, safety shell protocol), RDP (Remote Desktop Protocol, long-range table Face agreement), VNC (Virtual Network Console, virtual network controls platform), FTP (File Transfer Protocol, File Transfer Protocol), the long-range connection type such as Telnet (remote terminal protocol) carries out to remote server backstage The connection of operating system；Bluetooth module therein connects the two-in-one external member of portable keyboard mouse, as necessary input equipment, with Prevent dummy keyboard from occupying too many mobile phone screen spacial flex.Automation timing component can be determined according to the strategy of design When task push, or automation troubleshooting.Terminal is connected to firewall box shown in FIG. 1 by VPN, then by not Same VPN access protocol is connected to back-end server and the network equipment after firewall.

Wherein, SSH is formulated by the network work group (Network Working Group) of IETF；SSH is to establish Security protocol on the basis of application layer and transport layer.SSH be at present it is relatively reliable, aim at telnet session and other network services The agreement of safety is provided.The information leakage problem in remote management procedures can be effectively prevented using SSH agreement, can pass through Command line mode logs in remote server.

Transmitted in both directions of the FTP for the control file on Internet.Meanwhile it is also an application program (Application).There is different FTP application programs based on different operating system, and all these application programs are in compliance with Same agreement is to transmit file.In the use of FTP, user frequently encounters two concepts: " downloading " (Download) and " upload " (Upload)." downloading " file is exactly the computer (terminal) from distance host (server) copied files to oneself On；" upload " file is exactly to be copied to file on distance host from the computer of oneself, i.e., user can pass through client computer journey Sequence on distance host transmitting file or from distance host download file.

RDP is the agreement of a multichannel (multi-channel), for allowing terminal (client or " local computing ") It connects and the computer (server end or " remote computer ") of Microsoft's terminating machine service is provided.

VNC is in the free open source software for being based on UNIX (You Nisi) and (SuSE) Linux OS, and remote control ability is strong Greatly, highly effective can be patterned behaviour by being remotely connected into the server of UNIX operating system or (SuSE) Linux OS Make.

Telnet agreement is that (Transmission Control Protocol/Internet Protocol is passed TCP/IP The agreement interconnected between transport control protocol view/network) a member in protocol suite is the standard agreement of Internet telnet service And major way.It provides the ability for completing distance host work on the local computer for user.In terminal user Telnet program is used on computer, is connected to server with it.Terminal user can input order in Telnet program, this A little orders can be run on the server, just as inputting directly on the console of server.It can just can control locally Server.Start a telnet session, it is necessary to input username and password and carry out login service device.Telnet is common remote The method of process control Web server.

As shown in figure 3, the method for remotely accessing VPN of the embodiment of the present invention, specifically includes the following steps:

Step 300, after terminal and firewall establish the channel Virtual Private Network VPN, user's needs in assembly of protocols are determined The VPN access protocol used；

Step 301, the VPN access protocol that the terminal is selected according to the user is remotely connect with server foundation.

Through the above scheme, a variety of VPN access protocols are summarized in the assembly of protocols of terminal, when VPN Path Setup at After function, user selects a kind of VPN access protocol, the VPN access protocol and clothes that terminal is selected according to user according to their own needs Being engaged in, device foundation is long-range to be connected, since terminal of the invention is integrated with the privately owned VPN access protocol of Duo Jia switching equipment provider, The operating system of terminal is allowed to support a variety of VPN access protocols, so as to access the switching equipment for supporting different agreement.

In embodiments of the present invention, when user establishes connection by terminal and remote server, terminal notifying user selection The VPN protocol type needed, after user selects, VPN protocol type pair of the terminal to firewall request user's selection The protocol parameter answered, the detailed process for the corresponding protocol parameter of VPN protocol type that terminal is selected to firewall request user are as follows: The VPN protocol type that terminal is selected according to user establishes Microsoft Loopback Adapter, and is sent out the data packet of Microsoft Loopback Adapter by physical network card Give firewall.

Wherein, the protocol type includes but is not limited to some or all of following:

SSL VPN、IPSec VPN。

For example, user opens terminal notifying after application program after mobile phone Android application market downloads installation application program User selects the VPN protocol type needed in SSL VPN, IPSec VPN, and the VPN protocol type that user selects is SSL association View establishes connection by SSL VPN and firewall, as shown in figure 4, being established in user's selection by SSL VPN and firewall After connection, step 1: thread (SSL VPN thread) meeting VPN agreement according to selected by user in the operating system of terminal of program Type establishes a Microsoft Loopback Adapter automatically；Step 2: operating system can joining comprising the corresponding agreement of SSL VPN by Microsoft Loopback Adapter The data packet of number solicited message is transmitted to physical network card, and step 3: data packet is transmitted to the gateway of SSLVPN by physical network card, During terminal and VPN establish channel, server-side shown in Fig. 4 is firewall, and in embodiments of the present invention, steps 1 and 2,3 lead to Open VPN open source component is crossed to realize.

After the data packet that firewall receives the corresponding protocol parameter solicited message of SSL VPN, deposited according in firewall The VPN protocol type of storage and the corresponding relationship of protocol parameter determine protocol parameter corresponding with SSL VPN and return to terminal.

Wherein, the corresponding protocol parameter of VPN protocol type includes but is not limited to some or all of following:

Domain information, user log-in authentication mode.

Optionally, the user log-in authentication mode includes auth type and certification mode.

For example, the protocol parameter corresponding with the SSL VPN of user's selection that the firewall that terminal receives returns is respectively as follows: 4 domain informations, comprising: market department, research and development department, test organization, Finance Department；3 kinds of user log-in authentication types, comprising: AD (directory service in Active Directory, Windows server operating system), RADIUS (Remote Authentication Dial In User Service, remote customer dialing authentication system), LDAP (Lightweight Directory Access Protocol, Light Directory Access Protocol)；3 kinds of user log-in authentication modes: password, certificate, close Code+certificate.

In embodiments of the present invention, terminal receives the VPN corresponding with the VPN protocol type of user's selection that firewall returns After protocol parameter, terminal is from the corresponding VPN protocol parameter of VPN protocol type selected with user for receiving firewall and returning The VPN protocol parameter of middle determining user's selection, and authentication mode is determined according to the VPN protocol parameter that user selects.

For example, the protocol parameter corresponding with the SSL VPN of user's selection that the firewall that terminal receives returns is respectively as follows: 4 domain informations, comprising: market department, research and development department, test organization, Finance Department；3 kinds of user log-in authentication types, comprising: AD,RADIUS,LDAP；3 kinds of user log-in authentication modes: password, certificate, password+certificate.User's selection that wherein terminal determines Domain information be research and development department, user log-in authentication type be AD, user log-in authentication mode be password.According to user's selection VPN protocol parameter determines authentication mode are as follows: AD authenticates user password.

In embodiments of the present invention, terminal is after the authentication mode for determining user by the corresponding with authentication mode of user's input Log-on message and user selection VPN protocol parameter be sent to firewall.Specifically, terminal will be comprising stepping on by physical network card Record information and the data packet of the VPN protocol parameter of user's selection are sent to firewall.Firewall is being received comprising log-on message And after the data packet of the VPN protocol parameter of user's selection, firewall judges that the login of user is believed according to the authentication mode of user Whether breath is correct, and when the log-on message of user is correct, firewall returns to code key to terminal, logins successfully at this time；It logins successfully Afterwards, firewall returns to the network information determined according to the VPN protocol parameter that the user selects.

Wherein the network information includes but is not limited to following part or all of:

Virtual gateway, DNS, routing iinformation.

For example, user authenticates user password using AD, and the domain information that user selects is market department, as shown in figure 5, with The user name of family input are as follows: ihebut, password are as follows: 111111, log in domain are as follows: market department, after firewall determines that certification passes through, Virtual gateway, DNS and the routing iinformation in domain where determining user according to the domain information of user, user correspond in market department domain Virtual gateway be gateway 1, DNS IP1, routing iinformation: IP11, IP12, IP13, IP21, IP31, IP32, gateway 1, gateway 2, gateway 3.

In embodiments of the present invention, in embodiments of the present invention, terminal is after firewall passes through log-on message certification, root The channel VPN is established according to the VPN protocol parameter and firewall of user's selection.Specifically, terminal receive firewall return according to The network information that the VPN protocol parameter of family selection determines, terminal establish the channel VPN, i.e. VPN line according to the network information and firewall The network information received can be handed down to Android operation system by journey, realize final VPN Path Setup.

Optionally, terminal is carried out when carrying out data communication with firewall according to the code key encrypted packet that firewall returns Communication.

For example, passing through openssl (Open Secure Sockets Layer, Open Security are socketed layer protocol) technology Terminal is encrypted by the data packet that physical network card is transmitted to firewall according to the code key that firewall returns, firewall is connecing It is decrypted after receiving data packet.

In embodiments of the present invention, it after terminal and firewall establish the channel VPN, is passed according to network delay and/or data packet Defeated situation judgement is stablized with the channel VPN that firewall is established.

If the channel VPN is unstable, user is prompted to switch the channel VPN, user can be clear by adjusting resolution ratio at this time The information such as degree.

For example, 3 data-bag losts 2 to firewall of terminal transmission, then illustrate that the terminal and firewall are established The channel VPN is unstable or data transmission network delay is higher, be higher than preset threshold, then show the terminal and fire prevention The channel VPN that wall is established is unstable.

Wherein, it when the channel VPN is unstable there are many kinds of the modes in user's switching channel VPN, is set forth below several:

Switching mode one, handover network.

As shown in Figure 6A, when detecting that the channel VPN is unstable, i.e., unstable networks when, prompt user's handover network, then use What family selected before can switching the channel VPN, such as user by switching WIFI (Wireless Fidelity, Wireless Fidelity) The VPN to be accessed is ihebut, then can be switched to other networks, such as being switched to network is chinanet hebut.

Switching mode two, switching VPN protocol type.

As shown in Figure 6B, when detecting that the channel VPN is unstable, user is prompted to switch other access gatewaies, user's selection VPN protocol type be IPSec, then can be switched to SSL.

Switching mode three, switching gateway.

As shown in Figure 6 C, when detecting that the channel VPN is unstable, user is prompted to switch other access gatewaies, current VPN Gateway is gateway 1, then can be switched to other gateways, such as be switched to gateway 2.

It should be noted that the mode in the switching channel VPN cited in the embodiment of the present invention is merely illustrative, it is any A kind of mode that can switch the channel VPN is suitable for the embodiment of the present invention.

As shown in Figure 6 D, if the channel VPN is stablized, user is prompted to select to need that accesses to remotely access mode, is selected in user Determine that user needs VPN access protocol to be used in assembly of protocols after selecting VPN access protocol.

Wherein, the VPN access protocol includes but is not limited to some or all of following:

SSH、RDP、VNC、FTP、Telnet。

For different VPN access protocols, user can select according to their own needs, such as user needs to pass through When long-range VPN downloading file, then FTP access protocol may be selected；Such as user just hopes and closes company by long-range VPN at home Computer when, then may be selected SSH agreement, complete to operate by way of order line.

Optionally, after terminal and server are established and remotely connect, call interactive window, load key mouse drives, by with Family selection uses dummy keyboard or external input equipment, by bluetooth by external input equipment access terminal, wherein institute Stating external input equipment is Bluetooth input equipment.

For example, the bluetooth to open a terminal with bluetooth foldable keyboard and mouse two-in-one device, is folded bluetooth by bluetooth Keyboard and mouse two-in-one device access terminal.In user's operation bluetooth foldable keyboard and mouse two-in-one device, terminal is logical The input instruction that bluetooth receives input equipment is crossed, judges whether the input instruction is that terminal is pre- after receiving input instruction If input instruction, if so, converting input instruction according to the VPN access protocol of user's selection, it is converted into the clothes of connection The instruction that the operating system of business device can identify, and the input instruction after conversion is sent to server, otherwise, terminal directly will The operational order received is transmitted to the server of connection.

For example, the preset input instruction of terminal are as follows: Ctrl+Shift+F12: printing, Ctrl+F1: screenshotss, Ctrl+R: brush Ctrl+S: new page saves, Ctrl+Shift: switching screen, Shift+A: switch window, Shift+B screen locking, Shift+C are moved back Out.

When user clicks the Ctrl+F1 key on foldable keyboard, the input instruction that terminal is received by bluetooth is Ctrl+F1, by judging that determining that Ctrl+F1 inputs for preset volume instructs, and the VPN access protocol that user selects is SSH, by It is Linux in the operating system of SSH agreement, then Ctrl+F1 is converted into the instruction that Linux can be identified by terminal, and will be Instruction after conversion, which is transmitted to, establishes the server remotely connecting with terminal.

Optionally, user can also carry out manual setting in terminal, provide default input instruction, such as Fig. 7 by user oneself It is shown, switch screen, switch window, screen locking is exited, optionally, can recommend to user in user oneself setting, Recommend some common shortcut keys.

For example, the default input instruction that user sets in terminal oneself are as follows: Ctrl+Alt+Z: extract message, Ctrl+Alt+ C: capture screen, Ctrl+Alt: sending message, the input instruction that terminal is received by bluetooth is B, determined by judgement described in Input instruction is not default input instruction, then actual input instruction B is directly transmitted to the remote server connecting with terminal.

Optionally, step 4 as shown in Figure 4, the SSL session that remote protocol window is established by Microsoft Loopback Adapter and SSL VPN Data communication is carried out, after terminal and remote server establish connection, server-side shown in Fig. 4 is remote server, in user When carrying out remote interaction with remote server by operation, it can choose whether to record operation content by user.

For example, then recorded video records user to remote service to terminal after determining that user selects record screen record operation content The operation of device is then remembered user by the information of keyboard typing after terminal determines that user selects record keyboard typing information Record.

Optionally, task push can be timed according to the strategy of design by the automation timing component of terminal, or Person automates troubleshooting.

For example, being set in advance in user logs in the merchandise news that a certain enterprise VPN half an hour rear line pushes the enterprise, Malfunction elimination etc. is carried out after user logs in a certain VPN mono- hour.

As shown in figure 8, a kind of complete method for remotely accessing VPN provided in an embodiment of the present invention includes:

Step 800, terminal notifying user select VPN protocol type；

Step 801, terminal determine the VPN agreement selected after the VPN protocol type that user selects to firewall request user The corresponding protocol parameter of type；

Step 802, firewall return to VPN protocol parameter corresponding with the VPN protocol type that user selects to terminal；

In the VPN protocol parameter corresponding with the VPN protocol type of user's selection that step 803, terminal slave firewall return Determine the VPN protocol parameter of user's selection；

The VPN protocol parameter that step 804, terminal are selected according to user determines user input and certification after authentication mode The corresponding log-on message of mode；

Step 805, terminal are sent to firewall to the VPN protocol parameter that firewall sends log-on message and user's selection；

According to certification after the log-on message corresponding with authentication mode that step 806, firewall input the user received Mode authenticates log-on message；

Step 807, firewall are returned to terminal after being verified and are determined according to the VPN protocol parameter that the user selects The network information；

Step 808, firewall send determining internet message to terminal；

After step 809, terminal receive the network information determined according to the VPN protocol parameter of user's selection that firewall returns The channel VPN is established according to the network information and firewall；

After step 810, terminal determine that the channel VPN is stablized, determine that user needs VPN access to be used association in assembly of protocols View；

The VPN access protocol that step 811, terminal are selected according to user is remotely connect with server foundation；

Step 812, terminal and server interact；

Step 813 passes through record screen record user's remote operation.

Based on identical design, the embodiment of the present invention provides a kind of terminal device for remotely accessing VPN, as shown in figure 9, eventually End includes: input unit 900, radio frequency (Radio Frequency, RF) circuit 910, power supply 920, processor 930, memory 940, remote protocol AM access module 950, bluetooth module 960, VPN AM access module 970, interactive module 980, display unit 990 etc. Component.It will be understood by those skilled in the art that the restriction of the structure of terminal shown in Fig. 9 not structure paired terminal, the application The terminal that embodiment provides may include perhaps combining certain components or different portions than illustrating more or fewer components Part arrangement.

It is specifically introduced below with reference to each component parts of the Fig. 9 to the terminal:

Optionally, input unit 900 may include touch panel 901 and other input terminals 902.

Wherein, the touch panel 901, also referred to as touch screen collect the touch operation (ratio of user on it or nearby Such as user is using finger, stylus any suitable object or attachment on the touch panel 901 or in the touch panel Operation near 901), and corresponding attachment device is driven according to preset formula.Optionally, the touch panel 901 It may include both touch detecting apparatus and touch controller.Wherein, the touch orientation of touch detecting apparatus detection user, And touch operation bring signal is detected, transmit a signal to touch controller；Touch controller connects from touch detecting apparatus Touch information is received, and is converted into contact coordinate, then give the processor 930, and the processor 930 can be received and sent Order and executed.Furthermore, it is possible to be realized using multiple types such as resistance-type, condenser type, infrared ray and surface acoustic waves The touch panel 901.

Optionally, other described input terminals 902 can include but is not limited to physical keyboard, function key (such as volume control Key processed, switch key etc.), trace ball, mouse, one of operating stick etc. or a variety of.

The input unit 900 can be used for receiving the number or character information of user's input, and generate and the terminal User setting and function control related key signals input.

The RF circuit 910 can be used in communication or communication process, and data send and receive.Particularly, the RF electricity Road 910 is sent to the processor 930 and handles after receiving the downlink data of base station；In addition, by upstream data to be sent It is sent to base station.In general, the RF circuit 910 include but is not limited to antenna, at least one amplifier, transceiver, coupler, Low-noise amplifier (Low Noise Amplifier, LNA), duplexer etc..

In addition, RF circuit 910 can also be communicated with network and other terminals by wireless communication.The wireless communication can be with Use any communication standard or agreement, including but not limited to global system for mobile communications (Global System of Mobile Communication, GSM), general packet radio service (General Packet Radio Service, GPRS), code it is point more Location (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term Evolution, LTE), Email, short message service (Short Messaging Service, SMS) etc..

The terminal can realize physical connection with other terminals by the communication interface 990.Optionally, the communication The communication interface of interface 990 and other terminals realizes the data between the terminal and other terminals by cable connection Transmission.

Since in the embodiment of the present application, the terminal can be realized communication service, information is sent to other contact persons, because This described terminal is needed with data-transformation facility, i.e., the described terminal inner is needed comprising communication module.

For example, the terminal may include the RF circuit 910 when the terminal is mobile phone, it can also be comprising described WiFi module 990；When the terminal is computer, the terminal may include the communication interface 990, can also include institute State WiFi module 990；When the terminal is tablet computer, the terminal may include the WiFi module.

The memory 940 can be used for storing software program and module.The processor 930 is stored in institute by operation The software program and module of memory 940 are stated, thereby executing the various function application and data processing of the terminal, and Some or all of after processor 930 executes the program code in memory 940, may be implemented in Figure 11 of the embodiment of the present invention Process.

Optionally, the memory 940 can mainly include storing program area and storage data area.Wherein, program is stored It area can storage program area, various application programs (such as communications applications) and face recognition module etc.；Storage data area can deposit According to the created data that use of the terminal, (for example the multimedia files such as various pictures, video file and face are believed for storage Cease template) etc..

In addition, the memory 940 may include high-speed random access memory, it can also include non-volatile memories Device, for example, at least a disk memory, flush memory device or other volatile solid-state parts.

Wherein, the remote protocol AM access module 950, for determine user selection VPN access protocol after with clothes Being engaged in, device foundation is long-range to be connected；Bluetooth (Bluetooth) is a kind of wireless technology standard, it can be achieved that fixed equipment, mobile device and Short-range data exchange between building personal area network, to realize the access of data network.The bluetooth module 960 can be used for In communication process, data are sended and received；The VPN AM access module 970 removes protocol parameter to firewall drawing, receives firewall The initial engagement of return information, establish the channel VPN with firewall；The interactive module 980 with server for interacting.

The display unit 990 can be used for showing information input by user or be supplied to user information and the end The various menus at end.The display unit 990 is the display system of the terminal, for rendering interface, realizes human-computer interaction.

The display unit 990 may include display panel 991.Optionally, the display panel 991 can use liquid crystal Display screen (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) etc. forms configure.

Further, the touch panel 901 can cover the display panel 991, when the touch panel 901 detects After touch operation on it or nearby, the processor 930 is sent to determine the type of touch event, the subsequent processing Device 930 provides corresponding visual output on the display panel 991 according to the type of touch event.

Although the touch panel 901 with the display panel 991 is come in fact as two independent components in Fig. 9 The input and input function of the existing terminal, but in some embodiments it is possible to by the touch panel 901 and the display Panel 991 is integrated and that realizes the terminal output and input function.

The processor 930 is that the control centre of the terminal is passed through using various interfaces and connection all parts Operation executes the software program and/or module being stored in the memory 940, and calls and be stored in the memory Data in 940 execute the various functions and processing data of the terminal, to realize the multiple business based on the terminal.

Optionally, the processor 930 may include one or more processing units.Optionally, the processor 930 can collect At application processor and modem processor, wherein the main processing operation system of application processor, user interface and apply journey Sequence etc., modem processor mainly handle wireless communication.It is understood that above-mentioned modem processor can not also collect At into the processor 930.

The terminal further includes the power supply 920 (such as battery) for powering to all parts.Optionally, the power supply 920 can be logically contiguous by power-supply management system and the processor 930, to realize that management is filled by power-supply management system The functions such as electricity, electric discharge and power consumption.

Although being not shown, the terminal can also include at least one sensor, voicefrequency circuit etc., and details are not described herein.

Wherein, memory 940 can store it is identical with storage unit 1001 have program code, when said program code quilt When processor 930 executes, so that processor 930 realizes that the institute of processing unit 1000 is functional.

Based on identical inventive concept, a kind of equipment for remotely accessing VPN is additionally provided in the embodiment of the present invention, due to this Equipment is the equipment in the method in the embodiment of the present invention, and the principle that the equipment solves the problems, such as is similar to this method, because The implementation of this equipment may refer to the implementation of method, and overlaps will not be repeated.

As shown in Figure 10, the embodiment of the present invention also provides a kind of equipment for remotely accessing VPN, which includes: at least one A processing unit 1000 and at least one storage unit 1001, wherein the storage unit 1001 is stored with program code, when When said program code is executed by the processing unit 1000, so that the processing unit 1000 executes following process:

Optionally, the processing unit 1000 is also used to:

Optionally, the processing unit 1000 is specifically used for:

Optionally, the processing unit 1000 is also used to:

As shown in figure 11, the embodiment of the present invention also provides a kind of equipment for remotely accessing VPN, which comprises determining that mould Block 1100 and AM access module 1101:

Determining module 1100: after establishing the channel Virtual Private Network VPN with firewall, user in assembly of protocols is determined Need VPN access protocol to be used；

AM access module 1101: the VPN access protocol for being selected according to the user is remotely connect with server foundation.

Optionally, the determining module 1100 is also used to:

Optionally, the determining module 1100 is specifically used for:

Optionally, the AM access module 1101 is also used to:

The embodiment of the present invention also provides a kind of computer-readable non-volatile memory medium, including program code, when described For program code when running on computing terminal, said program code is for making the computing terminal execute the embodiments of the present invention The step of remotely accessing the method for VPN.

In a kind of method for remotely accessing VPN for describing the application illustrative embodiments, after equipment, next, Introduce the computing device of the another exemplary embodiment according to the application.

Person of ordinary skill in the field it is understood that the various aspects of the application can be implemented as system, method or Program product.Therefore, the various aspects of the application can be with specific implementation is as follows, it may be assumed that complete hardware embodiment, complete The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here Referred to as circuit, " module " or " system ".

In some possible embodiments, at least one processing can be included at least according to the computing device of the application Device and at least one processor.Wherein, memory is stored with program code, when program code is executed by processor, so that Processor executes in the long-range VPN cut-in method according to the various illustrative embodiments of the application of this specification foregoing description Step.For example, processor can execute step 300-301 as shown in Figure 3.

The computing device 120 of this embodiment according to the application is described referring to Figure 12.The calculating of Figure 12 fills Setting 120 is only an example, should not function to the embodiment of the present application and use scope bring any restrictions.

Such as Figure 12, computing device 120 is showed in the form of general-purpose calculating appts.The component of computing device 120 may include But be not limited to: at least one above-mentioned processor 121, above-mentioned at least one processor 122, the different system components of connection (including are deposited Reservoir 122 and processor 121) bus 123.

Bus 123 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller, Peripheral bus, processor or the local bus using any bus structures in a variety of bus structures.

Memory 122 may include the readable medium of form of volatile memory, such as random access memory (RAM) 1221 and/or cache memory 1222, it can further include read-only memory (ROM) 1223.

Memory 122 can also include program/utility 1225 with one group of (at least one) program module 1224, Such program module 1224 includes but is not limited to: operating system, one or more application program, other program modules and It may include the realization of network environment in program data, each of these examples or certain combination.

Computing device 120 can also be communicated with one or more external equipments 124 (such as keyboard, sensing equipment etc.), also Can be enabled a user to one or more equipment interacted with computing device 120 communication, and/or with make the computing device The 120 any equipment (such as router, modem etc.) that can be communicated with one or more of the other computing device are led to Letter.This communication can be carried out by input/output (I/O) interface 125.Also, computing device 120 can also be suitable by network Orchestration 126 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, such as because of spy Net) communication.As shown, network adapter 126 is communicated by bus 123 with other modules for computing device 120.It should Understand, although not shown in the drawings, other hardware and/or software module can be used in conjunction with computing device 120, including but unlimited In: microcode, device driver, redundant processor, external disk drive array, RAID system, tape drive and data Backup storage system etc..

In some possible embodiments, the various aspects of long-range VPN cut-in method provided by the present application can also be real It is now a kind of form of program product comprising program code, when program product is run on a computing device, program code The long-range VPN according to the various illustrative embodiments of the application for making computer equipment execute this specification foregoing description connects Enter the step in method, for example, computer equipment can execute step 300-301 as shown in Figure 3.

Program product can be using any combination of one or more readable mediums.Readable medium can be readable signal Jie Matter or readable storage medium storing program for executing.Readable storage medium storing program for executing for example may be-but not limited to-electricity, magnetic, optical, electromagnetic, infrared The system of line or semiconductor, device or device, or any above combination.The more specific example of readable storage medium storing program for executing is (non- The list of exhaustion) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), Read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, the read-only storage of portable compact disc Device (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.

The program product of the long-range VPN access of presently filed embodiment can use portable compact disc read only memory (CD-ROM) it and including program code, and can run on the computing device.However, the program product of the application is without being limited thereto, In this document, readable storage medium storing program for executing can be any tangible medium for including or store program, which can be commanded and hold Row system, device or device use or in connection.

Readable signal medium may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying Readable program code.The data-signal of this propagation can take various forms, including --- but being not limited to --- electromagnetism letter Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be other than readable storage medium storing program for executing it is any can Read medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Program in connection.

The program code for including on readable medium can transmit with any suitable medium, including --- but being not limited to --- Wirelessly, wired, optical cable, RF etc. or above-mentioned any appropriate combination.

Can with any combination of one or more programming languages come write for execute the application operation program Code, programming language include object oriented program language-Java, C++ etc., further include conventional process Formula programming language-such as " C " language or similar programming language.Program code can be calculated fully in user It executes on device, partly execute on a user device, executing, as an independent software package partially in user's computing device Upper part executes on remote computing device or executes on remote computing device or server completely.It is being related to remotely counting In the situation for calculating device, remote computing device can pass through the network of any kind --- including local area network (LAN) or wide area network (WAN)-it is connected to user's computing device, or, it may be connected to external computing device (such as provided using Internet service Quotient is connected by internet).

It should be noted that although being referred to several unit or sub-units of device in the above detailed description, this stroke It point is only exemplary not enforceable.In fact, according to presently filed embodiment, it is above-described two or more The feature and function of unit can embody in a unit.Conversely, the feature and function of an above-described unit can It is to be embodied by multiple units with further division.

In addition, although describing the operation of the application method in the accompanying drawings with particular order, this do not require that or Hint must execute these operations in this particular order, or have to carry out shown in whole operation be just able to achieve it is desired As a result.Additionally or alternatively, it is convenient to omit multiple steps are merged into a step and executed by certain steps, and/or by one Step is decomposed into execution of multiple steps.

It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the application range.

Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the application Mind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologies Within, then the application is also intended to include these modifications and variations.

Claims

1. a kind of method of remote access virtual dedicated network VPN, which is characterized in that this method comprises:

After terminal and firewall establish the channel VPN, determine that user needs VPN access protocol to be used in assembly of protocols；

2. the method as described in claim 1, which is characterized in that the terminal determines that user needs to be used in assembly of protocols Before VPN access protocol, further includes:

In the VPN protocol parameter corresponding with the VPN protocol type of user selection that the terminal is returned from the firewall Determine the VPN protocol parameter of user's selection；

After the VPN protocol parameter that the terminal is selected according to the user determines authentication mode, by recognizing with described for user's input The corresponding log-on message of card mode and the VPN protocol parameter of user selection are sent to the firewall, so that the fire prevention The foot of a wall authenticates the log-on message according to the authentication mode；

The terminal is joined after the firewall passes through log-on message certification according to the VPN agreement of user selection It is several to establish the channel VPN with the firewall.

3. method according to claim 2, which is characterized in that the terminal requests the user to select to the firewall The corresponding protocol parameter of VPN protocol type, comprising:

The VPN protocol type that the terminal is selected according to the user establishes Microsoft Loopback Adapter, and passes through physical network card for the void The data packet of quasi- network interface card is sent to the firewall.

4. method according to claim 2, which is characterized in that the VPN protocol parameter that the terminal is selected according to the user The channel VPN is established with the firewall, comprising:

The terminal receives the network information determined according to the VPN protocol parameter of user selection that the firewall returns；

5. the method as described in claim 1, which is characterized in that after the terminal establishes the channel VPN with firewall, determine agreement In set before user's need VPN access protocol to be used, further includes:

The terminal is stablized according to network delay and/or the determining channel VPN established with the firewall of data packet status transmission.

6. method as claimed in claim 5, which is characterized in that after the terminal establishes the channel VPN with firewall, further includes:

If the terminal is logical according to the network delay and/or the determining VPN established with the firewall of data packet transmission situation Road is unstable, then the user is prompted to switch the channel VPN.

7. the method as described in claim 1, which is characterized in that the VPN access protocol that the terminal is selected according to the user It is established with server after remotely connecting, further includes:

After the terminal receives the input instruction of input equipment by bluetooth, if input instruction is default input instruction, Then input instruction is converted according to the VPN access protocol of user selection, and the input after conversion is instructed into hair Give the server.

8. a kind of equipment for remotely accessing VPN, which is characterized in that the equipment include: at least one processing unit and at least one Storage unit, wherein the storage unit is stored with program code, when one or more computers of storage unit storage When program is executed by the processing unit, so that the terminal executes following process:

After establishing the channel Virtual Private Network VPN with firewall, determine that user needs VPN access to be used association in assembly of protocols View；

9. a kind of computer-readable medium, is stored with computer executable instructions, which is characterized in that the computer is executable to be referred to It enables for executing the method as described in any claim in claim 1-7.

10. a kind of computing device characterized by comprising at least one processor；And it is logical at least one described processor Believe the memory of connection；Wherein, the memory is stored with the instruction that can be executed by least one described processor, described instruction It is executed by least one described processor, so that at least one described processor is able to carry out such as power any in claim 1-7 Benefit requires the method.