CN109672602A - A kind of method and apparatus remotely accessing VPN - Google Patents
A kind of method and apparatus remotely accessing VPN Download PDFInfo
- Publication number
- CN109672602A CN109672602A CN201910004783.3A CN201910004783A CN109672602A CN 109672602 A CN109672602 A CN 109672602A CN 201910004783 A CN201910004783 A CN 201910004783A CN 109672602 A CN109672602 A CN 109672602A
- Authority
- CN
- China
- Prior art keywords
- vpn
- user
- terminal
- firewall
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of methods and apparatus for remotely accessing VPN, it is related to field of communication technology, the VPN access protocol that operating system to solve current some terminals does not support switching equipment provider privately owned, the problem of VPN can not be accessed, the method of the present invention includes: to determine that user needs VPN access protocol to be used in assembly of protocols after terminal establishes the channel Virtual Private Network VPN with firewall;The VPN access protocol that terminal is selected according to user is remotely connect with server foundation, since terminal of the present invention is integrated with the privately owned VPN access protocol of Duo Jia switching equipment provider, after the success of VPN Path Setup, user selects a kind of VPN access protocol according to their own needs, the VPN access protocol that terminal is selected according to user is remotely connect with server foundation, the operating system of terminal is allowed to support a variety of VPN access protocols, so as to access the switching equipment for supporting different agreement.
Description
Technical field
The present invention relates to field of communication technology, in particular to a kind of method and apparatus for remotely accessing VPN.
Background technique
VPN (Virtual Private Network, Virtual Private Network) is that one kind establishes private network in common network
Network carries out encryption communication.It is widely used in enterprise network.Vpn gateway passes through encryption to data packet and data packet destination
Remote access is realized in the conversion of address.There are many mode classifications by VPN, mainly classify by agreement.VPN can pass through service
The various ways such as device, hardware, software are realized.
VPN has feature at low cost, easy to use.
Present portable equipment telecommuting demand is increasingly vigorous, and especially operation maintenance personnel timely responds to realize, needs
Portable equipment safely access system, and complete to operate server file etc..Therefore portable equipment is accessed by various protocols
Remote operating system is particularly significant for system stability.
Android (Android) system only supports that (Internet Protocol Security, internet connect IPSec at present
Connect agreement) etc. publicly-owned VPN agreement.For the privately owned VPN access protocol of Duo Jia switching equipment provider, many VPN accesses
Agreement does not support Android operation system.
In conclusion the VPN access protocol that the operating system of some terminals does not support switching equipment provider privately owned at present,
VPN can not be accessed.
Summary of the invention
The present invention provides a kind of method and apparatus for remotely accessing VPN, to solve existing in the prior art current one
The VPN access protocol that the operating system of a little terminals does not support switching equipment provider privately owned, the problem of VPN can not be accessed.
In a first aspect, a kind of method for remotely accessing VPN provided in an embodiment of the present invention includes:
After terminal and firewall establish the channel Virtual Private Network VPN, determine that user needs VPN to be used in assembly of protocols
Access protocol;
The VPN access protocol that the terminal is selected according to the user is remotely connect with server foundation.
The above method summarizes a variety of VPN access protocols in the assembly of protocols of terminal, after the success of VPN Path Setup,
User selects a kind of VPN access protocol according to their own needs, and the VPN access protocol that terminal is selected according to user is built with server
Vertical long-range connection, is integrated with the privately owned VPN access protocol of a variety of switching equipment providers in terminal, so that the operating system of terminal
A variety of VPN access protocols can be supported, so as to access the switching equipment for supporting different agreement.
In one possible implementation, the terminal determines that user needs VPN access to be used association in assembly of protocols
Before view, further includes:
The corresponding protocol parameter of VPN protocol type that the terminal requests the user to select to the firewall;
The VPN agreement corresponding with the VPN protocol type of user selection that the terminal is returned from the firewall is joined
The VPN protocol parameter of user's selection is determined in number;
After the VPN protocol parameter that the terminal is selected according to the user determines authentication mode, by user input with institute
The VPN protocol parameter for stating the corresponding log-on message of authentication mode and user selection is sent to the firewall, so that described
Firewall authenticates the log-on message according to the authentication mode;
The terminal is assisted after the firewall passes through log-on message certification according to the VPN of user selection
View parameter and the firewall establish the channel VPN.
The above method is also integrated with different types of VPN agreement in the assembly of protocols of terminal, establishes in terminal and firewall
Before the channel VPN, user can select VPN protocol type according to their own needs, and the VPN of default type is supported with existing
Agreement is compared, more diversification, and can choose different authentication modes etc. according to different protocol types, is provided abundant
VPN login method.
In one possible implementation, the VPN agreement that the terminal requests the user to select to the firewall
The corresponding protocol parameter of type, comprising:
The VPN protocol type that the terminal is selected according to the user establishes Microsoft Loopback Adapter, and passes through physical network card for institute
The data packet for stating Microsoft Loopback Adapter is sent to the firewall.
The above method, in the data packet for the Microsoft Loopback Adapter that the VPN protocol type that terminal is selected according to user creates comprising with
The data packet of Microsoft Loopback Adapter is transmitted to firewall by physical network card by the relevant data of VPN protocol type, terminal, can make to prevent
Wall with flues returns to VPN protocol parameter to terminal according to VPN protocol type.
In one possible implementation, the VPN protocol parameter that the terminal is selected according to the user is prevented with described
Wall with flues establishes the channel VPN, comprising:
The terminal receives the network determined according to the VPN protocol parameter of user selection that the firewall returns and believes
Breath;
The terminal establishes the channel VPN according to the network information and the firewall.
The above method, after the VPN protocol parameter that terminal receives that firewall returns, what user selected from these parameters
A kind of VPN protocol parameter, according to the VPN protocol parameter that user selects, after user inputs log-on message, firewall steps on user
Record information is authenticated, and certification returns to the network that VPN protocol parameter selected by user determines to user by rear firewall and believes
Breath, terminal establish the channel VPN according to the network information and the firewall, i.e., according to the VPN protocol type of user's selection and
VPN protocol parameter establishes the channel VPN.
In one possible implementation, it after the terminal and firewall establish the channel VPN, determines in assembly of protocols and uses
Family needs before VPN access protocol to be used, further includes:
The terminal is according to network delay and/or the determining channel VPN established with the firewall of data packet status transmission
Stablize.
The above method can then be communicated using stable channel after determining that the channel VPN is stablized, convenient for terminal with
Server establishes connection.
In one possible implementation, after the terminal and firewall establish the channel VPN, further includes:
If the terminal is established according to the network delay and/or data packet transmission situation determination with the firewall
The channel VPN is unstable, then the user is prompted to switch the channel VPN.
The above method establishes the channel VPN in terminal and firewall and carries out a judgement to the stability in channel, if unstable
It is fixed, then user can be prompted to switch a channel VPN, highly reliable low time delay may be implemented using the stable channel VPN
Communication.
In one possible implementation, VPN access protocol and server that the terminal is selected according to the user
It establishes after long-range connection, further includes:
After the terminal receives the input instruction of input equipment by bluetooth, if input instruction is that default input refers to
It enables, is then converted input instruction according to the VPN access protocol of user selection, and the input after conversion is instructed
It is sent to the server.
The above method, terminal can access some input equipments by bluetooth, and preset some quick behaviour to input equipment
Make, configures default input instruction corresponding with these prompt operations in terminal, used fast in user by input equipment
When operation, terminal will receive input instruction, and judge whether the input instruction is default input instruction, if it is, will
It receives instruction to be converted and sent to server, to realize prompt operation, if it is not, then terminal is not necessarily to receiving
Instruction converted, it is inconvenient to the input of the terminal of the small screen to solve the problems, such as.
Second aspect, a kind of equipment remotely accessing VPN provided in an embodiment of the present invention includes: at least one processing unit
And at least one storage unit, wherein the storage unit is stored with program code, when said program code is by the processing
When unit executes, so that the processing unit executes following process:
After establishing the channel Virtual Private Network VPN with firewall, determine that user needs VPN access to be used in assembly of protocols
Agreement;
It is remotely connect according to the VPN access protocol of user selection with server foundation.
In one possible implementation, the processing unit is also used to:
The corresponding protocol parameter of VPN protocol type for requesting the user to select to the firewall;
It is determined in the VPN protocol parameter corresponding with the VPN protocol type of user selection returned from the firewall
Determine that user needs VPN access protocol to be used in assembly of protocols after the VPN protocol parameter of user's selection;
According to the user select VPN protocol parameter determine authentication mode after, by user input with the authenticating party
The corresponding log-on message of formula and the VPN protocol parameter of user selection are sent to the firewall, so that described fire prevention the foot of a wall
The log-on message is authenticated according to the authentication mode;
The firewall to the log-on message certification pass through after, according to the user selection VPN protocol parameter with
The firewall establishes the channel VPN.
In one possible implementation, the processing unit is specifically used for:
Microsoft Loopback Adapter is established according to the VPN protocol type that the user selects, and passes through physical network card for the virtual net
The data packet of card is sent to the firewall.
In one possible implementation, the processing unit is specifically used for:
Receive the network information determined according to the VPN protocol parameter of user selection that the firewall returns;
The channel VPN is established according to the network information and the firewall.
In one possible implementation, the processing unit is also used to:
After establishing the channel VPN with firewall, according to network delay and/or the determination of data packet status transmission and the firewall
Stablize in the channel VPN of foundation.
In one possible implementation, the processing unit is also used to:
After establishing the channel VPN with firewall, if according to the network delay and/or data packet transmission situation it is determining with it is described
The channel VPN that firewall is established is unstable, then the user is prompted to switch the channel VPN.
In one possible implementation, the processing unit is also used to:
After establishing long-range connect with server according to the VPN access protocol of user selection, received by bluetooth
After the input instruction of input equipment, if input instruction is default input instruction, accessed according to the VPN of user selection
Agreement converts input instruction, and the input instruction after conversion is sent to the server.
The third aspect, the embodiment of the present invention also provide a kind of equipment for remotely accessing VPN, the equipment include determining module and
AM access module:
Determining module determines user's needs in assembly of protocols after establishing the channel Virtual Private Network VPN with firewall
The VPN access protocol used;
AM access module, the VPN access protocol for being selected according to the user are remotely connect with server foundation.
In one possible implementation, the determining module is also used to:
The corresponding protocol parameter of VPN protocol type for requesting the user to select to the firewall;
It is determined in the VPN protocol parameter corresponding with the VPN protocol type of user selection returned from the firewall
Determine that user needs VPN access protocol to be used in assembly of protocols after the VPN protocol parameter of user's selection;
According to the user select VPN protocol parameter determine authentication mode after, by user input with the authenticating party
The corresponding log-on message of formula and the VPN protocol parameter of user selection are sent to the firewall, so that described fire prevention the foot of a wall
The log-on message is authenticated according to the authentication mode;
The firewall to the log-on message certification pass through after, according to the user selection VPN protocol parameter with
The firewall establishes the channel VPN.
In one possible implementation, the determining module is specifically used for:
Microsoft Loopback Adapter is established according to the VPN protocol type that the user selects, and passes through physical network card for the virtual net
The data packet of card is sent to the firewall.
In one possible implementation, the determining module is specifically used for:
Receive the network information determined according to the VPN protocol parameter of user selection that the firewall returns;
The channel VPN is established according to the network information and the firewall.
In one possible implementation, the AM access module is also used to:
After establishing the channel VPN with firewall, according to network delay and/or the determination of data packet status transmission and the firewall
Stablize in the channel VPN of foundation.
In one possible implementation, the AM access module is also used to:
After establishing the channel VPN with firewall, if according to the network delay and/or data packet transmission situation it is determining with it is described
The channel VPN that firewall is established is unstable, then the user is prompted to switch the channel VPN.
In one possible implementation, the AM access module is also used to:
After establishing long-range connect with server according to the VPN access protocol of user selection, received by bluetooth
After the input instruction of input equipment, if input instruction is default input instruction, accessed according to the VPN of user selection
Agreement converts input instruction, and the input instruction after conversion is sent to the server.
Fourth aspect, the application also provide a kind of computer storage medium, are stored thereon with computer program, the program quilt
The step of first aspect the method is realized when processing unit executes.
5th aspect, present invention also provides a kind of computing devices, including at least one processor;And with it is described at least
The memory of one processor communication connection;Wherein, the memory be stored with can by least one described processor execute
Instruction, described instruction are executed by least one described processor, so that at least one described processor is able to carry out the application reality
Any method for remotely accessing VPN of example offer is provided.
In addition, third aspect technical effect brought by any implementation into the 5th aspect can be found in first aspect
Technical effect brought by middle difference implementation, details are not described herein again.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without any creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is a kind of Entity Architecture schematic diagram for remotely accessing VPN provided in an embodiment of the present invention;
Fig. 2 is a kind of integrated stand composition that VPN agreement is integrated by software program provided in an embodiment of the present invention;
Fig. 3 is a kind of method schematic diagram for remotely accessing VPN provided in an embodiment of the present invention;
Fig. 4 is a kind of Android system terminal provided in an embodiment of the present invention and server-side Principle of Communication figure;
Fig. 5 is a kind of login page schematic diagram for remotely accessing VPN provided in an embodiment of the present invention;
Fig. 6 A is a kind of schematic diagram for switching VPN port presentation provided in an embodiment of the present invention;
Fig. 6 B is the schematic diagram of another switching VPN port presentation provided in an embodiment of the present invention;
Fig. 6 C is the equipment schematic diagram that another kind provided in an embodiment of the present invention remotely accesses VPN;
Fig. 6 D is a kind of schematic diagram of VPN access protocol prompt provided in an embodiment of the present invention;
Fig. 7 is a kind of schematic diagram of user setting shortcut key provided in an embodiment of the present invention;
Fig. 8 is a kind of complete method flow chart for remotely accessing VPN provided in an embodiment of the present invention;
Fig. 9 is a kind of equipment schematic diagram for remotely accessing VPN provided in an embodiment of the present invention;
Figure 10 is the equipment schematic diagram that another kind provided in an embodiment of the present invention remotely accesses VPN;
Figure 11 is the equipment schematic diagram that another kind provided in an embodiment of the present invention remotely accesses VPN;
Figure 12 is the structural schematic diagram according to the computing device of the application embodiment.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
It is described in detail to one step, it is clear that the described embodiments are only some of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
All other embodiment, shall fall within the protection scope of the present invention.
The some words occurred in text are explained below:
1, term "and/or" in the embodiment of the present invention describes the incidence relation of affiliated partner, indicates that there may be three kinds of passes
System, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Character "/" one
As indicate forward-backward correlation object be a kind of "or" relationship.
2, in the embodiment of the present invention term " firewall (Firewall) " be a kind of internally positioned network and external network it
Between network safety system, the guard system of an information security allows or the data of limitation transmission according to specific rule
Pass through.
3, term " IPSec VPN (Internet Protocol Security Virtual in the embodiment of the present invention
Private Network, internet connection protocol Virtual Private Network) " refer to and is realized and remotely access using ipsec protocol
A kind of VPN technologies are defined by IETF (Internet Engineering Task Force, Internet Engineering Task group)
Safety standard frame, to provide end to end security and the service for checking credentials of public and dedicated network.
4, term " SSL VPN (Secure Sockets Layer Virtual Private in the embodiment of the present invention
Network, secure socket layer protocol Virtual Private Network) " it is to solve remote user access company sensitive data most simply most to pacify
Full solution technology.Compared with complicated IPSec VPN, SSL realizes that information remote is connected to by method easy to use.It is any
The machine for installing browser can use SSL VPN, this is because SSL is embedded in a browser, it is not needed as tradition
IPSec VPN is equally necessary for each client computer installation client software.
5, term " DNS (Domain Name System, domain name system) " in the embodiment of the present invention is used as domain on internet
The distributed data base that name and IP address mutually map, is able to use family and more easily accesses internet, without spending note
The IP number string that can be firmly directly read by machine.By host name, finally obtain the process of the corresponding IP address of the host name
Do domain name mapping (or hostname resolution).DNS Protocol operates in UDP (User Datagram Protocol, User Datagram Protocol
View) on, use port numbers 53.
6, term " Open VPN " is that the application layer VPN based on the library OpenSSL is realized in the embodiment of the present invention.And biography
System VPN is compared, and its advantages are easy to use.The single-point that OpenVPN allows to participate in establishing VPN uses shared golden key, electronics card
Book or usemame/password carry out authentication.The technological core of Open VPN is Microsoft Loopback Adapter, and followed by ssl protocol is real
It is existing.
The application scenarios of description of the embodiment of the present invention are the technical solutions in order to more clearly illustrate the embodiment of the present invention,
The restriction for technical solution provided in an embodiment of the present invention is not constituted, those of ordinary skill in the art are it is found that with newly answering
With the appearance of scene, technical solution provided in an embodiment of the present invention is equally applicable for similar technical problem.Wherein, at this
In the description of invention, unless otherwise indicated, the meaning of " plurality " is two or more.
Why referred to as VPN refers to the technology that dedicated network is established in common network, virtual net, is primarily due to whole
Connection between any two node of a VPN network is there is no physical link end to end needed for traditional private network, but frame
Structure network platform provided by common network service provider, such as Internet (internet), ATM (Asynchronous
Transfer Mode, asynchronous transfer mode), the logical network on Frame Relay (frame relay) etc., user data patrolling
It collects and is transmitted in link.It covers the dedicated network that encapsulation, encryption and authentication across shared network or public network link
Extension.VPN mainly uses tunneling technique, encryption and decryption technology, key management technology and user and equipment identities certification skill
Art.
It can be divided into three categories by the application class of VPN:
(1) Access VPN (remotely accessing VPN): client-to-gateway, use public network as backbone network between devices
Transmit VPN data flow;
(2) Intranet VPN (Intranet VPN): gateway to gateway, by the network architecture connection of company from public
The resource of department;
(3) Extranet VPN (extranet VPN): with affiliate's enterprise network constitute Extranet, by a company with
The resource of another company is attached.
Present invention is generally directed to be to remotely access VPN, Android (Android) system only supports IPSec etc. publicly-owned at present
VPN agreement.For the privately owned VPN access protocol of Duo Jia switching equipment provider, many VPN access protocols do not support Android to grasp
Make system, current operation maintenance personnel is difficult without computer maintenance work.
Therefore a kind of method and apparatus for remotely accessing VPN of the embodiment of the present invention, integrates more switching equipment by program
The privately owned VPN access protocol of provider, and it is adapted to the inputs such as this program needs to cooperate bluetooth foldable keyboard and mouse is two-in-one
Equipment carries out novel maintenance service to realize on a small screen.
For above-mentioned scene, the embodiment of the present invention is described in further detail with reference to the accompanying drawings of the specification.
As shown in Figure 1, being a kind of Entity Architecture figure for remotely accessing VPN provided in an embodiment of the present invention, including end
End, firewall, interchanger and multiple servers.Since the present invention summarizes a variety of VPN accesses in the collection of programs of terminal
Agreement may be implemented remotely to connect with the foundation of the server of different manufacturers by different VPN access protocols.
As shown in Fig. 2, being a kind of integrated stand composition for integrating VPN agreement by software program provided by the invention, wherein
Software program is by SSL VPN, channel of the VPN such as the IPSec VPN protocol interface as external connection, by establishing the channel VPN, beating
Access is by rear, by SSH (Secure Shell, safety shell protocol), RDP (Remote Desktop Protocol, long-range table
Face agreement), VNC (Virtual Network Console, virtual network controls platform), FTP (File Transfer
Protocol, File Transfer Protocol), the long-range connection type such as Telnet (remote terminal protocol) carries out to remote server backstage
The connection of operating system;Bluetooth module therein connects the two-in-one external member of portable keyboard mouse, as necessary input equipment, with
Prevent dummy keyboard from occupying too many mobile phone screen spacial flex.Automation timing component can be determined according to the strategy of design
When task push, or automation troubleshooting.Terminal is connected to firewall box shown in FIG. 1 by VPN, then by not
Same VPN access protocol is connected to back-end server and the network equipment after firewall.
Wherein, SSH is formulated by the network work group (Network Working Group) of IETF;SSH is to establish
Security protocol on the basis of application layer and transport layer.SSH be at present it is relatively reliable, aim at telnet session and other network services
The agreement of safety is provided.The information leakage problem in remote management procedures can be effectively prevented using SSH agreement, can pass through
Command line mode logs in remote server.
Transmitted in both directions of the FTP for the control file on Internet.Meanwhile it is also an application program
(Application).There is different FTP application programs based on different operating system, and all these application programs are in compliance with
Same agreement is to transmit file.In the use of FTP, user frequently encounters two concepts: " downloading " (Download) and
" upload " (Upload)." downloading " file is exactly the computer (terminal) from distance host (server) copied files to oneself
On;" upload " file is exactly to be copied to file on distance host from the computer of oneself, i.e., user can pass through client computer journey
Sequence on distance host transmitting file or from distance host download file.
RDP is the agreement of a multichannel (multi-channel), for allowing terminal (client or " local computing ")
It connects and the computer (server end or " remote computer ") of Microsoft's terminating machine service is provided.
VNC is in the free open source software for being based on UNIX (You Nisi) and (SuSE) Linux OS, and remote control ability is strong
Greatly, highly effective can be patterned behaviour by being remotely connected into the server of UNIX operating system or (SuSE) Linux OS
Make.
Telnet agreement is that (Transmission Control Protocol/Internet Protocol is passed TCP/IP
The agreement interconnected between transport control protocol view/network) a member in protocol suite is the standard agreement of Internet telnet service
And major way.It provides the ability for completing distance host work on the local computer for user.In terminal user
Telnet program is used on computer, is connected to server with it.Terminal user can input order in Telnet program, this
A little orders can be run on the server, just as inputting directly on the console of server.It can just can control locally
Server.Start a telnet session, it is necessary to input username and password and carry out login service device.Telnet is common remote
The method of process control Web server.
As shown in figure 3, the method for remotely accessing VPN of the embodiment of the present invention, specifically includes the following steps:
Step 300, after terminal and firewall establish the channel Virtual Private Network VPN, user's needs in assembly of protocols are determined
The VPN access protocol used;
Step 301, the VPN access protocol that the terminal is selected according to the user is remotely connect with server foundation.
Through the above scheme, a variety of VPN access protocols are summarized in the assembly of protocols of terminal, when VPN Path Setup at
After function, user selects a kind of VPN access protocol, the VPN access protocol and clothes that terminal is selected according to user according to their own needs
Being engaged in, device foundation is long-range to be connected, since terminal of the invention is integrated with the privately owned VPN access protocol of Duo Jia switching equipment provider,
The operating system of terminal is allowed to support a variety of VPN access protocols, so as to access the switching equipment for supporting different agreement.
In embodiments of the present invention, when user establishes connection by terminal and remote server, terminal notifying user selection
The VPN protocol type needed, after user selects, VPN protocol type pair of the terminal to firewall request user's selection
The protocol parameter answered, the detailed process for the corresponding protocol parameter of VPN protocol type that terminal is selected to firewall request user are as follows:
The VPN protocol type that terminal is selected according to user establishes Microsoft Loopback Adapter, and is sent out the data packet of Microsoft Loopback Adapter by physical network card
Give firewall.
Wherein, the protocol type includes but is not limited to some or all of following:
SSL VPN、IPSec VPN。
For example, user opens terminal notifying after application program after mobile phone Android application market downloads installation application program
User selects the VPN protocol type needed in SSL VPN, IPSec VPN, and the VPN protocol type that user selects is SSL association
View establishes connection by SSL VPN and firewall, as shown in figure 4, being established in user's selection by SSL VPN and firewall
After connection, step 1: thread (SSL VPN thread) meeting VPN agreement according to selected by user in the operating system of terminal of program
Type establishes a Microsoft Loopback Adapter automatically;Step 2: operating system can joining comprising the corresponding agreement of SSL VPN by Microsoft Loopback Adapter
The data packet of number solicited message is transmitted to physical network card, and step 3: data packet is transmitted to the gateway of SSLVPN by physical network card,
During terminal and VPN establish channel, server-side shown in Fig. 4 is firewall, and in embodiments of the present invention, steps 1 and 2,3 lead to
Open VPN open source component is crossed to realize.
After the data packet that firewall receives the corresponding protocol parameter solicited message of SSL VPN, deposited according in firewall
The VPN protocol type of storage and the corresponding relationship of protocol parameter determine protocol parameter corresponding with SSL VPN and return to terminal.
Wherein, the corresponding protocol parameter of VPN protocol type includes but is not limited to some or all of following:
Domain information, user log-in authentication mode.
Optionally, the user log-in authentication mode includes auth type and certification mode.
For example, the protocol parameter corresponding with the SSL VPN of user's selection that the firewall that terminal receives returns is respectively as follows:
4 domain informations, comprising: market department, research and development department, test organization, Finance Department;3 kinds of user log-in authentication types, comprising:
AD (directory service in Active Directory, Windows server operating system), RADIUS (Remote
Authentication Dial In User Service, remote customer dialing authentication system), LDAP (Lightweight
Directory Access Protocol, Light Directory Access Protocol);3 kinds of user log-in authentication modes: password, certificate, close
Code+certificate.
In embodiments of the present invention, terminal receives the VPN corresponding with the VPN protocol type of user's selection that firewall returns
After protocol parameter, terminal is from the corresponding VPN protocol parameter of VPN protocol type selected with user for receiving firewall and returning
The VPN protocol parameter of middle determining user's selection, and authentication mode is determined according to the VPN protocol parameter that user selects.
For example, the protocol parameter corresponding with the SSL VPN of user's selection that the firewall that terminal receives returns is respectively as follows:
4 domain informations, comprising: market department, research and development department, test organization, Finance Department;3 kinds of user log-in authentication types, comprising:
AD,RADIUS,LDAP;3 kinds of user log-in authentication modes: password, certificate, password+certificate.User's selection that wherein terminal determines
Domain information be research and development department, user log-in authentication type be AD, user log-in authentication mode be password.According to user's selection
VPN protocol parameter determines authentication mode are as follows: AD authenticates user password.
In embodiments of the present invention, terminal is after the authentication mode for determining user by the corresponding with authentication mode of user's input
Log-on message and user selection VPN protocol parameter be sent to firewall.Specifically, terminal will be comprising stepping on by physical network card
Record information and the data packet of the VPN protocol parameter of user's selection are sent to firewall.Firewall is being received comprising log-on message
And after the data packet of the VPN protocol parameter of user's selection, firewall judges that the login of user is believed according to the authentication mode of user
Whether breath is correct, and when the log-on message of user is correct, firewall returns to code key to terminal, logins successfully at this time;It logins successfully
Afterwards, firewall returns to the network information determined according to the VPN protocol parameter that the user selects.
Wherein the network information includes but is not limited to following part or all of:
Virtual gateway, DNS, routing iinformation.
For example, user authenticates user password using AD, and the domain information that user selects is market department, as shown in figure 5, with
The user name of family input are as follows: ihebut, password are as follows: 111111, log in domain are as follows: market department, after firewall determines that certification passes through,
Virtual gateway, DNS and the routing iinformation in domain where determining user according to the domain information of user, user correspond in market department domain
Virtual gateway be gateway 1, DNS IP1, routing iinformation: IP11, IP12, IP13, IP21, IP31, IP32, gateway 1, gateway
2, gateway 3.
In embodiments of the present invention, in embodiments of the present invention, terminal is after firewall passes through log-on message certification, root
The channel VPN is established according to the VPN protocol parameter and firewall of user's selection.Specifically, terminal receive firewall return according to
The network information that the VPN protocol parameter of family selection determines, terminal establish the channel VPN, i.e. VPN line according to the network information and firewall
The network information received can be handed down to Android operation system by journey, realize final VPN Path Setup.
Optionally, terminal is carried out when carrying out data communication with firewall according to the code key encrypted packet that firewall returns
Communication.
For example, passing through openssl (Open Secure Sockets Layer, Open Security are socketed layer protocol) technology
Terminal is encrypted by the data packet that physical network card is transmitted to firewall according to the code key that firewall returns, firewall is connecing
It is decrypted after receiving data packet.
In embodiments of the present invention, it after terminal and firewall establish the channel VPN, is passed according to network delay and/or data packet
Defeated situation judgement is stablized with the channel VPN that firewall is established.
If the channel VPN is unstable, user is prompted to switch the channel VPN, user can be clear by adjusting resolution ratio at this time
The information such as degree.
For example, 3 data-bag losts 2 to firewall of terminal transmission, then illustrate that the terminal and firewall are established
The channel VPN is unstable or data transmission network delay is higher, be higher than preset threshold, then show the terminal and fire prevention
The channel VPN that wall is established is unstable.
Wherein, it when the channel VPN is unstable there are many kinds of the modes in user's switching channel VPN, is set forth below several:
Switching mode one, handover network.
As shown in Figure 6A, when detecting that the channel VPN is unstable, i.e., unstable networks when, prompt user's handover network, then use
What family selected before can switching the channel VPN, such as user by switching WIFI (Wireless Fidelity, Wireless Fidelity)
The VPN to be accessed is ihebut, then can be switched to other networks, such as being switched to network is chinanet hebut.
Switching mode two, switching VPN protocol type.
As shown in Figure 6B, when detecting that the channel VPN is unstable, user is prompted to switch other access gatewaies, user's selection
VPN protocol type be IPSec, then can be switched to SSL.
Switching mode three, switching gateway.
As shown in Figure 6 C, when detecting that the channel VPN is unstable, user is prompted to switch other access gatewaies, current VPN
Gateway is gateway 1, then can be switched to other gateways, such as be switched to gateway 2.
It should be noted that the mode in the switching channel VPN cited in the embodiment of the present invention is merely illustrative, it is any
A kind of mode that can switch the channel VPN is suitable for the embodiment of the present invention.
As shown in Figure 6 D, if the channel VPN is stablized, user is prompted to select to need that accesses to remotely access mode, is selected in user
Determine that user needs VPN access protocol to be used in assembly of protocols after selecting VPN access protocol.
Wherein, the VPN access protocol includes but is not limited to some or all of following:
SSH、RDP、VNC、FTP、Telnet。
For different VPN access protocols, user can select according to their own needs, such as user needs to pass through
When long-range VPN downloading file, then FTP access protocol may be selected;Such as user just hopes and closes company by long-range VPN at home
Computer when, then may be selected SSH agreement, complete to operate by way of order line.
Optionally, after terminal and server are established and remotely connect, call interactive window, load key mouse drives, by with
Family selection uses dummy keyboard or external input equipment, by bluetooth by external input equipment access terminal, wherein institute
Stating external input equipment is Bluetooth input equipment.
For example, the bluetooth to open a terminal with bluetooth foldable keyboard and mouse two-in-one device, is folded bluetooth by bluetooth
Keyboard and mouse two-in-one device access terminal.In user's operation bluetooth foldable keyboard and mouse two-in-one device, terminal is logical
The input instruction that bluetooth receives input equipment is crossed, judges whether the input instruction is that terminal is pre- after receiving input instruction
If input instruction, if so, converting input instruction according to the VPN access protocol of user's selection, it is converted into the clothes of connection
The instruction that the operating system of business device can identify, and the input instruction after conversion is sent to server, otherwise, terminal directly will
The operational order received is transmitted to the server of connection.
For example, the preset input instruction of terminal are as follows: Ctrl+Shift+F12: printing, Ctrl+F1: screenshotss, Ctrl+R: brush
Ctrl+S: new page saves, Ctrl+Shift: switching screen, Shift+A: switch window, Shift+B screen locking, Shift+C are moved back
Out.
When user clicks the Ctrl+F1 key on foldable keyboard, the input instruction that terminal is received by bluetooth is
Ctrl+F1, by judging that determining that Ctrl+F1 inputs for preset volume instructs, and the VPN access protocol that user selects is SSH, by
It is Linux in the operating system of SSH agreement, then Ctrl+F1 is converted into the instruction that Linux can be identified by terminal, and will be
Instruction after conversion, which is transmitted to, establishes the server remotely connecting with terminal.
Optionally, user can also carry out manual setting in terminal, provide default input instruction, such as Fig. 7 by user oneself
It is shown, switch screen, switch window, screen locking is exited, optionally, can recommend to user in user oneself setting,
Recommend some common shortcut keys.
For example, the default input instruction that user sets in terminal oneself are as follows: Ctrl+Alt+Z: extract message, Ctrl+Alt+
C: capture screen, Ctrl+Alt: sending message, the input instruction that terminal is received by bluetooth is B, determined by judgement described in
Input instruction is not default input instruction, then actual input instruction B is directly transmitted to the remote server connecting with terminal.
Optionally, step 4 as shown in Figure 4, the SSL session that remote protocol window is established by Microsoft Loopback Adapter and SSL VPN
Data communication is carried out, after terminal and remote server establish connection, server-side shown in Fig. 4 is remote server, in user
When carrying out remote interaction with remote server by operation, it can choose whether to record operation content by user.
For example, then recorded video records user to remote service to terminal after determining that user selects record screen record operation content
The operation of device is then remembered user by the information of keyboard typing after terminal determines that user selects record keyboard typing information
Record.
For example, then recorded video records user to remote service to terminal after determining that user selects record screen record operation content
The operation of device is then remembered user by the information of keyboard typing after terminal determines that user selects record keyboard typing information
Record.
Optionally, task push can be timed according to the strategy of design by the automation timing component of terminal, or
Person automates troubleshooting.
For example, being set in advance in user logs in the merchandise news that a certain enterprise VPN half an hour rear line pushes the enterprise,
Malfunction elimination etc. is carried out after user logs in a certain VPN mono- hour.
As shown in figure 8, a kind of complete method for remotely accessing VPN provided in an embodiment of the present invention includes:
Step 800, terminal notifying user select VPN protocol type;
Step 801, terminal determine the VPN agreement selected after the VPN protocol type that user selects to firewall request user
The corresponding protocol parameter of type;
Step 802, firewall return to VPN protocol parameter corresponding with the VPN protocol type that user selects to terminal;
In the VPN protocol parameter corresponding with the VPN protocol type of user's selection that step 803, terminal slave firewall return
Determine the VPN protocol parameter of user's selection;
The VPN protocol parameter that step 804, terminal are selected according to user determines user input and certification after authentication mode
The corresponding log-on message of mode;
Step 805, terminal are sent to firewall to the VPN protocol parameter that firewall sends log-on message and user's selection;
According to certification after the log-on message corresponding with authentication mode that step 806, firewall input the user received
Mode authenticates log-on message;
Step 807, firewall are returned to terminal after being verified and are determined according to the VPN protocol parameter that the user selects
The network information;
Step 808, firewall send determining internet message to terminal;
After step 809, terminal receive the network information determined according to the VPN protocol parameter of user's selection that firewall returns
The channel VPN is established according to the network information and firewall;
After step 810, terminal determine that the channel VPN is stablized, determine that user needs VPN access to be used association in assembly of protocols
View;
The VPN access protocol that step 811, terminal are selected according to user is remotely connect with server foundation;
Step 812, terminal and server interact;
Step 813 passes through record screen record user's remote operation.
Based on identical design, the embodiment of the present invention provides a kind of terminal device for remotely accessing VPN, as shown in figure 9, eventually
End includes: input unit 900, radio frequency (Radio Frequency, RF) circuit 910, power supply 920, processor 930, memory
940, remote protocol AM access module 950, bluetooth module 960, VPN AM access module 970, interactive module 980, display unit 990 etc.
Component.It will be understood by those skilled in the art that the restriction of the structure of terminal shown in Fig. 9 not structure paired terminal, the application
The terminal that embodiment provides may include perhaps combining certain components or different portions than illustrating more or fewer components
Part arrangement.
It is specifically introduced below with reference to each component parts of the Fig. 9 to the terminal:
Optionally, input unit 900 may include touch panel 901 and other input terminals 902.
Wherein, the touch panel 901, also referred to as touch screen collect the touch operation (ratio of user on it or nearby
Such as user is using finger, stylus any suitable object or attachment on the touch panel 901 or in the touch panel
Operation near 901), and corresponding attachment device is driven according to preset formula.Optionally, the touch panel 901
It may include both touch detecting apparatus and touch controller.Wherein, the touch orientation of touch detecting apparatus detection user,
And touch operation bring signal is detected, transmit a signal to touch controller;Touch controller connects from touch detecting apparatus
Touch information is received, and is converted into contact coordinate, then give the processor 930, and the processor 930 can be received and sent
Order and executed.Furthermore, it is possible to be realized using multiple types such as resistance-type, condenser type, infrared ray and surface acoustic waves
The touch panel 901.
Optionally, other described input terminals 902 can include but is not limited to physical keyboard, function key (such as volume control
Key processed, switch key etc.), trace ball, mouse, one of operating stick etc. or a variety of.
The input unit 900 can be used for receiving the number or character information of user's input, and generate and the terminal
User setting and function control related key signals input.
The RF circuit 910 can be used in communication or communication process, and data send and receive.Particularly, the RF electricity
Road 910 is sent to the processor 930 and handles after receiving the downlink data of base station;In addition, by upstream data to be sent
It is sent to base station.In general, the RF circuit 910 include but is not limited to antenna, at least one amplifier, transceiver, coupler,
Low-noise amplifier (Low Noise Amplifier, LNA), duplexer etc..
In addition, RF circuit 910 can also be communicated with network and other terminals by wireless communication.The wireless communication can be with
Use any communication standard or agreement, including but not limited to global system for mobile communications (Global System of Mobile
Communication, GSM), general packet radio service (General Packet Radio Service, GPRS), code it is point more
Location (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division
Multiple Access, WCDMA), long term evolution (Long Term Evolution, LTE), Email, short message service
(Short Messaging Service, SMS) etc..
The terminal can realize physical connection with other terminals by the communication interface 990.Optionally, the communication
The communication interface of interface 990 and other terminals realizes the data between the terminal and other terminals by cable connection
Transmission.
Since in the embodiment of the present application, the terminal can be realized communication service, information is sent to other contact persons, because
This described terminal is needed with data-transformation facility, i.e., the described terminal inner is needed comprising communication module.
For example, the terminal may include the RF circuit 910 when the terminal is mobile phone, it can also be comprising described
WiFi module 990;When the terminal is computer, the terminal may include the communication interface 990, can also include institute
State WiFi module 990;When the terminal is tablet computer, the terminal may include the WiFi module.
The memory 940 can be used for storing software program and module.The processor 930 is stored in institute by operation
The software program and module of memory 940 are stated, thereby executing the various function application and data processing of the terminal, and
Some or all of after processor 930 executes the program code in memory 940, may be implemented in Figure 11 of the embodiment of the present invention
Process.
Optionally, the memory 940 can mainly include storing program area and storage data area.Wherein, program is stored
It area can storage program area, various application programs (such as communications applications) and face recognition module etc.;Storage data area can deposit
According to the created data that use of the terminal, (for example the multimedia files such as various pictures, video file and face are believed for storage
Cease template) etc..
In addition, the memory 940 may include high-speed random access memory, it can also include non-volatile memories
Device, for example, at least a disk memory, flush memory device or other volatile solid-state parts.
Wherein, the remote protocol AM access module 950, for determine user selection VPN access protocol after with clothes
Being engaged in, device foundation is long-range to be connected;Bluetooth (Bluetooth) is a kind of wireless technology standard, it can be achieved that fixed equipment, mobile device and
Short-range data exchange between building personal area network, to realize the access of data network.The bluetooth module 960 can be used for
In communication process, data are sended and received;The VPN AM access module 970 removes protocol parameter to firewall drawing, receives firewall
The initial engagement of return information, establish the channel VPN with firewall;The interactive module 980 with server for interacting.
The display unit 990 can be used for showing information input by user or be supplied to user information and the end
The various menus at end.The display unit 990 is the display system of the terminal, for rendering interface, realizes human-computer interaction.
The display unit 990 may include display panel 991.Optionally, the display panel 991 can use liquid crystal
Display screen (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting
Diode, OLED) etc. forms configure.
Further, the touch panel 901 can cover the display panel 991, when the touch panel 901 detects
After touch operation on it or nearby, the processor 930 is sent to determine the type of touch event, the subsequent processing
Device 930 provides corresponding visual output on the display panel 991 according to the type of touch event.
Although the touch panel 901 with the display panel 991 is come in fact as two independent components in Fig. 9
The input and input function of the existing terminal, but in some embodiments it is possible to by the touch panel 901 and the display
Panel 991 is integrated and that realizes the terminal output and input function.
The processor 930 is that the control centre of the terminal is passed through using various interfaces and connection all parts
Operation executes the software program and/or module being stored in the memory 940, and calls and be stored in the memory
Data in 940 execute the various functions and processing data of the terminal, to realize the multiple business based on the terminal.
Optionally, the processor 930 may include one or more processing units.Optionally, the processor 930 can collect
At application processor and modem processor, wherein the main processing operation system of application processor, user interface and apply journey
Sequence etc., modem processor mainly handle wireless communication.It is understood that above-mentioned modem processor can not also collect
At into the processor 930.
The terminal further includes the power supply 920 (such as battery) for powering to all parts.Optionally, the power supply
920 can be logically contiguous by power-supply management system and the processor 930, to realize that management is filled by power-supply management system
The functions such as electricity, electric discharge and power consumption.
Although being not shown, the terminal can also include at least one sensor, voicefrequency circuit etc., and details are not described herein.
Wherein, memory 940 can store it is identical with storage unit 1001 have program code, when said program code quilt
When processor 930 executes, so that processor 930 realizes that the institute of processing unit 1000 is functional.
Based on identical inventive concept, a kind of equipment for remotely accessing VPN is additionally provided in the embodiment of the present invention, due to this
Equipment is the equipment in the method in the embodiment of the present invention, and the principle that the equipment solves the problems, such as is similar to this method, because
The implementation of this equipment may refer to the implementation of method, and overlaps will not be repeated.
As shown in Figure 10, the embodiment of the present invention also provides a kind of equipment for remotely accessing VPN, which includes: at least one
A processing unit 1000 and at least one storage unit 1001, wherein the storage unit 1001 is stored with program code, when
When said program code is executed by the processing unit 1000, so that the processing unit 1000 executes following process:
After establishing the channel Virtual Private Network VPN with firewall, determine that user needs VPN access to be used in assembly of protocols
Agreement;
It is remotely connect according to the VPN access protocol of user selection with server foundation.
Optionally, the processing unit 1000 is also used to:
The corresponding protocol parameter of VPN protocol type for requesting the user to select to the firewall;
It is determined in the VPN protocol parameter corresponding with the VPN protocol type of user selection returned from the firewall
Determine that user needs VPN access protocol to be used in assembly of protocols after the VPN protocol parameter of user's selection;
According to the user select VPN protocol parameter determine authentication mode after, by user input with the authenticating party
The corresponding log-on message of formula and the VPN protocol parameter of user selection are sent to the firewall, so that described fire prevention the foot of a wall
The log-on message is authenticated according to the authentication mode;
The firewall to the log-on message certification pass through after, according to the user selection VPN protocol parameter with
The firewall establishes the channel VPN.
Optionally, the processing unit 1000 is specifically used for:
Microsoft Loopback Adapter is established according to the VPN protocol type that the user selects, and passes through physical network card for the virtual net
The data packet of card is sent to the firewall.
Optionally, the processing unit 1000 is specifically used for:
Receive the network information determined according to the VPN protocol parameter of user selection that the firewall returns;
The channel VPN is established according to the network information and the firewall.
Optionally, the processing unit 1000 is also used to:
After establishing the channel VPN with firewall, according to network delay and/or the determination of data packet status transmission and the firewall
Stablize in the channel VPN of foundation.
Optionally, the processing unit 1000 is also used to:
After establishing the channel VPN with firewall, if according to the network delay and/or data packet transmission situation it is determining with it is described
The channel VPN that firewall is established is unstable, then the user is prompted to switch the channel VPN.
Optionally, the processing unit 1000 is also used to:
After establishing long-range connect with server according to the VPN access protocol of user selection, received by bluetooth
After the input instruction of input equipment, if input instruction is default input instruction, accessed according to the VPN of user selection
Agreement converts input instruction, and the input instruction after conversion is sent to the server.
Based on identical inventive concept, a kind of equipment for remotely accessing VPN is additionally provided in the embodiment of the present invention, due to this
Equipment is the equipment in the method in the embodiment of the present invention, and the principle that the equipment solves the problems, such as is similar to this method, because
The implementation of this equipment may refer to the implementation of method, and overlaps will not be repeated.
As shown in figure 11, the embodiment of the present invention also provides a kind of equipment for remotely accessing VPN, which comprises determining that mould
Block 1100 and AM access module 1101:
Determining module 1100: after establishing the channel Virtual Private Network VPN with firewall, user in assembly of protocols is determined
Need VPN access protocol to be used;
AM access module 1101: the VPN access protocol for being selected according to the user is remotely connect with server foundation.
Optionally, the determining module 1100 is also used to:
The corresponding protocol parameter of VPN protocol type for requesting the user to select to the firewall;
It is determined in the VPN protocol parameter corresponding with the VPN protocol type of user selection returned from the firewall
Determine that user needs VPN access protocol to be used in assembly of protocols after the VPN protocol parameter of user's selection;
According to the user select VPN protocol parameter determine authentication mode after, by user input with the authenticating party
The corresponding log-on message of formula and the VPN protocol parameter of user selection are sent to the firewall, so that described fire prevention the foot of a wall
The log-on message is authenticated according to the authentication mode;
The firewall to the log-on message certification pass through after, according to the user selection VPN protocol parameter with
The firewall establishes the channel VPN.
Optionally, the determining module 1100 is specifically used for:
Microsoft Loopback Adapter is established according to the VPN protocol type that the user selects, and passes through physical network card for the virtual net
The data packet of card is sent to the firewall.
Optionally, the determining module 1100 is specifically used for:
Receive the network information determined according to the VPN protocol parameter of user selection that the firewall returns;
The channel VPN is established according to the network information and the firewall.
Optionally, the AM access module 1101 is also used to:
After establishing the channel VPN with firewall, according to network delay and/or the determination of data packet status transmission and the firewall
Stablize in the channel VPN of foundation.
Optionally, the AM access module 1101 is also used to:
After establishing the channel VPN with firewall, if according to the network delay and/or data packet transmission situation it is determining with it is described
The channel VPN that firewall is established is unstable, then the user is prompted to switch the channel VPN.
Optionally, the AM access module 1101 is also used to:
After establishing long-range connect with server according to the VPN access protocol of user selection, received by bluetooth
After the input instruction of input equipment, if input instruction is default input instruction, accessed according to the VPN of user selection
Agreement converts input instruction, and the input instruction after conversion is sent to the server.
The embodiment of the present invention also provides a kind of computer-readable non-volatile memory medium, including program code, when described
For program code when running on computing terminal, said program code is for making the computing terminal execute the embodiments of the present invention
The step of remotely accessing the method for VPN.
In a kind of method for remotely accessing VPN for describing the application illustrative embodiments, after equipment, next,
Introduce the computing device of the another exemplary embodiment according to the application.
Person of ordinary skill in the field it is understood that the various aspects of the application can be implemented as system, method or
Program product.Therefore, the various aspects of the application can be with specific implementation is as follows, it may be assumed that complete hardware embodiment, complete
The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here
Referred to as circuit, " module " or " system ".
In some possible embodiments, at least one processing can be included at least according to the computing device of the application
Device and at least one processor.Wherein, memory is stored with program code, when program code is executed by processor, so that
Processor executes in the long-range VPN cut-in method according to the various illustrative embodiments of the application of this specification foregoing description
Step.For example, processor can execute step 300-301 as shown in Figure 3.
The computing device 120 of this embodiment according to the application is described referring to Figure 12.The calculating of Figure 12 fills
Setting 120 is only an example, should not function to the embodiment of the present application and use scope bring any restrictions.
Such as Figure 12, computing device 120 is showed in the form of general-purpose calculating appts.The component of computing device 120 may include
But be not limited to: at least one above-mentioned processor 121, above-mentioned at least one processor 122, the different system components of connection (including are deposited
Reservoir 122 and processor 121) bus 123.
Bus 123 indicates one of a few class bus structures or a variety of, including memory bus or Memory Controller,
Peripheral bus, processor or the local bus using any bus structures in a variety of bus structures.
Memory 122 may include the readable medium of form of volatile memory, such as random access memory (RAM)
1221 and/or cache memory 1222, it can further include read-only memory (ROM) 1223.
Memory 122 can also include program/utility 1225 with one group of (at least one) program module 1224,
Such program module 1224 includes but is not limited to: operating system, one or more application program, other program modules and
It may include the realization of network environment in program data, each of these examples or certain combination.
Computing device 120 can also be communicated with one or more external equipments 124 (such as keyboard, sensing equipment etc.), also
Can be enabled a user to one or more equipment interacted with computing device 120 communication, and/or with make the computing device
The 120 any equipment (such as router, modem etc.) that can be communicated with one or more of the other computing device are led to
Letter.This communication can be carried out by input/output (I/O) interface 125.Also, computing device 120 can also be suitable by network
Orchestration 126 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, such as because of spy
Net) communication.As shown, network adapter 126 is communicated by bus 123 with other modules for computing device 120.It should
Understand, although not shown in the drawings, other hardware and/or software module can be used in conjunction with computing device 120, including but unlimited
In: microcode, device driver, redundant processor, external disk drive array, RAID system, tape drive and data
Backup storage system etc..
In some possible embodiments, the various aspects of long-range VPN cut-in method provided by the present application can also be real
It is now a kind of form of program product comprising program code, when program product is run on a computing device, program code
The long-range VPN according to the various illustrative embodiments of the application for making computer equipment execute this specification foregoing description connects
Enter the step in method, for example, computer equipment can execute step 300-301 as shown in Figure 3.
Program product can be using any combination of one or more readable mediums.Readable medium can be readable signal Jie
Matter or readable storage medium storing program for executing.Readable storage medium storing program for executing for example may be-but not limited to-electricity, magnetic, optical, electromagnetic, infrared
The system of line or semiconductor, device or device, or any above combination.The more specific example of readable storage medium storing program for executing is (non-
The list of exhaustion) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM),
Read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, the read-only storage of portable compact disc
Device (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The program product of the long-range VPN access of presently filed embodiment can use portable compact disc read only memory
(CD-ROM) it and including program code, and can run on the computing device.However, the program product of the application is without being limited thereto,
In this document, readable storage medium storing program for executing can be any tangible medium for including or store program, which can be commanded and hold
Row system, device or device use or in connection.
Readable signal medium may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying
Readable program code.The data-signal of this propagation can take various forms, including --- but being not limited to --- electromagnetism letter
Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be other than readable storage medium storing program for executing it is any can
Read medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or
Program in connection.
The program code for including on readable medium can transmit with any suitable medium, including --- but being not limited to ---
Wirelessly, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
Can with any combination of one or more programming languages come write for execute the application operation program
Code, programming language include object oriented program language-Java, C++ etc., further include conventional process
Formula programming language-such as " C " language or similar programming language.Program code can be calculated fully in user
It executes on device, partly execute on a user device, executing, as an independent software package partially in user's computing device
Upper part executes on remote computing device or executes on remote computing device or server completely.It is being related to remotely counting
In the situation for calculating device, remote computing device can pass through the network of any kind --- including local area network (LAN) or wide area network
(WAN)-it is connected to user's computing device, or, it may be connected to external computing device (such as provided using Internet service
Quotient is connected by internet).
It should be noted that although being referred to several unit or sub-units of device in the above detailed description, this stroke
It point is only exemplary not enforceable.In fact, according to presently filed embodiment, it is above-described two or more
The feature and function of unit can embody in a unit.Conversely, the feature and function of an above-described unit can
It is to be embodied by multiple units with further division.
In addition, although describing the operation of the application method in the accompanying drawings with particular order, this do not require that or
Hint must execute these operations in this particular order, or have to carry out shown in whole operation be just able to achieve it is desired
As a result.Additionally or alternatively, it is convenient to omit multiple steps are merged into a step and executed by certain steps, and/or by one
Step is decomposed into execution of multiple steps.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.
Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the application
Mind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologies
Within, then the application is also intended to include these modifications and variations.
Claims (10)
1. a kind of method of remote access virtual dedicated network VPN, which is characterized in that this method comprises:
After terminal and firewall establish the channel VPN, determine that user needs VPN access protocol to be used in assembly of protocols;
The VPN access protocol that the terminal is selected according to the user is remotely connect with server foundation.
2. the method as described in claim 1, which is characterized in that the terminal determines that user needs to be used in assembly of protocols
Before VPN access protocol, further includes:
The corresponding protocol parameter of VPN protocol type that the terminal requests the user to select to the firewall;
In the VPN protocol parameter corresponding with the VPN protocol type of user selection that the terminal is returned from the firewall
Determine the VPN protocol parameter of user's selection;
After the VPN protocol parameter that the terminal is selected according to the user determines authentication mode, by recognizing with described for user's input
The corresponding log-on message of card mode and the VPN protocol parameter of user selection are sent to the firewall, so that the fire prevention
The foot of a wall authenticates the log-on message according to the authentication mode;
The terminal is joined after the firewall passes through log-on message certification according to the VPN agreement of user selection
It is several to establish the channel VPN with the firewall.
3. method according to claim 2, which is characterized in that the terminal requests the user to select to the firewall
The corresponding protocol parameter of VPN protocol type, comprising:
The VPN protocol type that the terminal is selected according to the user establishes Microsoft Loopback Adapter, and passes through physical network card for the void
The data packet of quasi- network interface card is sent to the firewall.
4. method according to claim 2, which is characterized in that the VPN protocol parameter that the terminal is selected according to the user
The channel VPN is established with the firewall, comprising:
The terminal receives the network information determined according to the VPN protocol parameter of user selection that the firewall returns;
The terminal establishes the channel VPN according to the network information and the firewall.
5. the method as described in claim 1, which is characterized in that after the terminal establishes the channel VPN with firewall, determine agreement
In set before user's need VPN access protocol to be used, further includes:
The terminal is stablized according to network delay and/or the determining channel VPN established with the firewall of data packet status transmission.
6. method as claimed in claim 5, which is characterized in that after the terminal establishes the channel VPN with firewall, further includes:
If the terminal is logical according to the network delay and/or the determining VPN established with the firewall of data packet transmission situation
Road is unstable, then the user is prompted to switch the channel VPN.
7. the method as described in claim 1, which is characterized in that the VPN access protocol that the terminal is selected according to the user
It is established with server after remotely connecting, further includes:
After the terminal receives the input instruction of input equipment by bluetooth, if input instruction is default input instruction,
Then input instruction is converted according to the VPN access protocol of user selection, and the input after conversion is instructed into hair
Give the server.
8. a kind of equipment for remotely accessing VPN, which is characterized in that the equipment include: at least one processing unit and at least one
Storage unit, wherein the storage unit is stored with program code, when one or more computers of storage unit storage
When program is executed by the processing unit, so that the terminal executes following process:
After establishing the channel Virtual Private Network VPN with firewall, determine that user needs VPN access to be used association in assembly of protocols
View;
It is remotely connect according to the VPN access protocol of user selection with server foundation.
9. a kind of computer-readable medium, is stored with computer executable instructions, which is characterized in that the computer is executable to be referred to
It enables for executing the method as described in any claim in claim 1-7.
10. a kind of computing device characterized by comprising at least one processor;And it is logical at least one described processor
Believe the memory of connection;Wherein, the memory is stored with the instruction that can be executed by least one described processor, described instruction
It is executed by least one described processor, so that at least one described processor is able to carry out such as power any in claim 1-7
Benefit requires the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910004783.3A CN109672602B (en) | 2019-01-03 | 2019-01-03 | Method and equipment for remotely accessing VPN |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910004783.3A CN109672602B (en) | 2019-01-03 | 2019-01-03 | Method and equipment for remotely accessing VPN |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109672602A true CN109672602A (en) | 2019-04-23 |
CN109672602B CN109672602B (en) | 2021-06-04 |
Family
ID=66149194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910004783.3A Active CN109672602B (en) | 2019-01-03 | 2019-01-03 | Method and equipment for remotely accessing VPN |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109672602B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110636044A (en) * | 2019-08-19 | 2019-12-31 | 视联动力信息技术股份有限公司 | Network access method, system and device of virtual terminal and storage medium |
CN110708158A (en) * | 2019-11-06 | 2020-01-17 | 积成电子股份有限公司 | Method for remotely maintaining charging pile based on SSH reverse tunnel technology |
CN111614537A (en) * | 2020-04-29 | 2020-09-01 | 中国建设银行股份有限公司 | Disaster recovery network system |
CN111756855A (en) * | 2020-06-30 | 2020-10-09 | 北京来也网络科技有限公司 | Remote control system, method, medium and computing device |
CN112448949A (en) * | 2020-11-12 | 2021-03-05 | 武汉空格信息技术有限公司 | Computer network monitoring system |
CN112711449A (en) * | 2019-10-25 | 2021-04-27 | 西安诺瓦星云科技股份有限公司 | Data processing method, device and system and computer storage medium |
CN113852509A (en) * | 2021-09-30 | 2021-12-28 | 重庆紫光华山智安科技有限公司 | Equipment access method, system, medium and electronic terminal |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1909448A (en) * | 2005-08-05 | 2007-02-07 | 华为技术有限公司 | Method for realizing end to end encryption transmission in MPLS VPN network |
CN101669128A (en) * | 2007-04-27 | 2010-03-10 | 国际商业机器公司 | Cascading authentication system |
CN103051642A (en) * | 2013-01-18 | 2013-04-17 | 上海云和信息系统有限公司 | Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system |
US20160142374A1 (en) * | 2014-11-13 | 2016-05-19 | D. Scott CLARK | Private and secure communication systems and methods |
-
2019
- 2019-01-03 CN CN201910004783.3A patent/CN109672602B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1909448A (en) * | 2005-08-05 | 2007-02-07 | 华为技术有限公司 | Method for realizing end to end encryption transmission in MPLS VPN network |
CN101669128A (en) * | 2007-04-27 | 2010-03-10 | 国际商业机器公司 | Cascading authentication system |
CN103051642A (en) * | 2013-01-18 | 2013-04-17 | 上海云和信息系统有限公司 | Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system |
US20160142374A1 (en) * | 2014-11-13 | 2016-05-19 | D. Scott CLARK | Private and secure communication systems and methods |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110636044A (en) * | 2019-08-19 | 2019-12-31 | 视联动力信息技术股份有限公司 | Network access method, system and device of virtual terminal and storage medium |
CN112711449A (en) * | 2019-10-25 | 2021-04-27 | 西安诺瓦星云科技股份有限公司 | Data processing method, device and system and computer storage medium |
CN110708158A (en) * | 2019-11-06 | 2020-01-17 | 积成电子股份有限公司 | Method for remotely maintaining charging pile based on SSH reverse tunnel technology |
CN111614537A (en) * | 2020-04-29 | 2020-09-01 | 中国建设银行股份有限公司 | Disaster recovery network system |
CN111756855A (en) * | 2020-06-30 | 2020-10-09 | 北京来也网络科技有限公司 | Remote control system, method, medium and computing device |
CN112448949A (en) * | 2020-11-12 | 2021-03-05 | 武汉空格信息技术有限公司 | Computer network monitoring system |
CN113852509A (en) * | 2021-09-30 | 2021-12-28 | 重庆紫光华山智安科技有限公司 | Equipment access method, system, medium and electronic terminal |
CN113852509B (en) * | 2021-09-30 | 2023-06-27 | 重庆紫光华山智安科技有限公司 | Equipment access method, system, medium and electronic terminal |
Also Published As
Publication number | Publication date |
---|---|
CN109672602B (en) | 2021-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109672602A (en) | A kind of method and apparatus remotely accessing VPN | |
CN112733107B (en) | Information verification method, related device, equipment and storage medium | |
US11575663B2 (en) | System and method for secure application communication between networked processors | |
US10637724B2 (en) | Managing network connected devices | |
US9231904B2 (en) | Deploying and managing networked devices | |
CN111818100B (en) | Method for configuring channel across networks, related equipment and storage medium | |
CN113228739A (en) | Facilitating remote access | |
US10034057B2 (en) | Message processing method, device, gateway, STB and IPTV | |
JP2020520009A (en) | Secure authentication of BOT users | |
WO2017024842A1 (en) | Internet access authentication method, client, computer storage medium | |
US8601135B2 (en) | Supporting WPS sessions using TCP-based connections | |
CN103929746A (en) | Internet-surfing configuration method for equipment of Internet of things, equipment of Internet of things and user equipment | |
CN111194035B (en) | Network connection method, device and storage medium | |
KR102533536B1 (en) | A method, an apparatus, an electronic device and a storage medium for communicating between private networks | |
US20080244705A1 (en) | Method and apparatus for extending remote network visibility of the push functionality | |
CN108234124A (en) | Auth method, device and system | |
CN110418311A (en) | A kind of interconnected method based on multiple terminals, device and terminal | |
CN107948210A (en) | A kind of login method, device, client, server and medium | |
WO2017124728A1 (en) | Method and apparatus for acquiring router configuration | |
US8307411B2 (en) | Generic framework for EAP | |
CN104346161A (en) | Information processing method and electronic equipment | |
Mukhopadhyay et al. | A Prototype of IoT based Remote Controlled Car for Pentesting Wireless Networks | |
US20050166261A1 (en) | System and method for network authentication of a data service offering | |
CN110134530A (en) | A kind of processing method and processing device of session content | |
CN117040862A (en) | Access method, system, device and storage medium of virtual private dial-up network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |