CN110311894A - A kind of method that local area network internal dynamic penetrates - Google Patents
A kind of method that local area network internal dynamic penetrates Download PDFInfo
- Publication number
- CN110311894A CN110311894A CN201910440647.9A CN201910440647A CN110311894A CN 110311894 A CN110311894 A CN 110311894A CN 201910440647 A CN201910440647 A CN 201910440647A CN 110311894 A CN110311894 A CN 110311894A
- Authority
- CN
- China
- Prior art keywords
- server
- pptp
- public network
- intranet equipment
- tunneling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/82—Miscellaneous aspects
- H04L47/825—Involving tunnels, e.g. MPLS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention proposes a kind of method that local area network internal dynamic penetrates, comprising steps of establishing client computer and server architecture between client computer and public network IP server using the Intranet equipment in local area network;Intranet equipment and public network IP server establish TCP connection by proprietary protocol, establish chain of command channel;When needing reversely to penetrate data, public network IP server notifies Intranet equipment to establish pptp tunneling, i.e. data surface tunnel by chain of command channel;Intranet equipment establishes the pptp tunneling between public network IP server;Public network IP server is communicated with Intranet equipment by established pptp tunneling;When service stopping, Intranet equipment and public network IP server remove the routing configuration of pptp tunneling.The present invention by building C/S framework, dynamically establish tunnel connect and distribute according to need resource realize local area network Intranet penetrate, be applicable to the weaker equipment of edge calculations ability.
Description
Technical field
The present invention relates to intranet and extranet field of communication technology, especially a kind of method that local area network internal dynamic penetrates is applicable in
Stable inverted access is carried out in Internet of Things web network equipment.
Background technique
In the prior art, carried out data transmission between Intranet and outer net by NAT gateway, specific transmission process such as Fig. 1 institute
Show, needs to configure a mapping table in NAT gateway in advance, have recorded the request that gateway receives on table and be forwarded to intranet server
Mapping, then if public network has host to initiate request to Intranet equipment, NAT gateway can repair according to the content of mapping table
Change the purpose IP address and destination port of the data packet.Finally the data packet after modification is sent to the destination host of request,
Equal destination hosts have sent back to response bag and then have modified source IP address and source port according to mapping table and be sent in public network.
The intranet host that public network host accesses not public network IP is thereby realized, by NAPT technology unique one by router
Public network IP to provide service to public network.
Drawback of the prior art is that:
(1) it needs to configure in advance, once network environment changes, needs to log in NAT device and be modified;
(2) port needs to carry out planning in advance and port number is limited, will be unable to support newly once port uses to finish
Intranet equipment;
(3) NAT gateway needs to monitor and occupy the port that a large amount of ports carry out SNAT to public network and sharply reduces;
(4) service can not be provided when NAT gateway equipment is also at intranet environment;
(5) TCP and UDP service is only supported.
Summary of the invention
Goal of the invention: to overcome drawbacks described above, the present invention proposes a kind of method that local area network internal dynamic penetrates.
Technical solution: technical solution proposed by the present invention are as follows:
A kind of method that local area network internal dynamic penetrates, comprising steps of
(1) client computer and server knot are established between client computer and public network IP server using the Intranet equipment in local area network
Structure;
(2) Intranet equipment and public network IP server establish TCP connection by proprietary protocol, establish chain of command channel;
(3) when needing reversely to penetrate data, public network IP server notifies Intranet equipment to establish by chain of command channel
Pptp tunneling, i.e. data surface tunnel;
(4) Intranet equipment establishes the pptp tunneling between public network IP server;
(5) public network IP server is communicated with Intranet equipment by established pptp tunneling;
(6) when service stopping, Intranet equipment and public network IP server remove the routing configuration of pptp tunneling.
Further, the specific steps for establishing pptp tunneling include:
1) Intranet equipment issues request and establishes control connection message, and the reply request of public network IP server establishes control connection and disappears
Control connection is established after breath breath, between PPTP client and public network IP server;
2) Intranet equipment issues the message of request creation pptp tunneling, includes for identifying pptp tunneling only in the message
One ID;The TCP port number of dynamic allocation is used when the message of PPTP client sending request creation pptp tunneling;
3) public network IP server is according to the message for using remaining end slogan to reply request creation pptp tunneling, and establishes port
Mapping;
4) routing is respectively configured in Intranet equipment and public network IP server, and the flow of needs is oriented to tunnel, at this time public network
IP server can be communicated directly with Intranet equipment by the IP of tunnel face.
Further, the port mapping is interim or permanent.
Further, the other equipment in the internet can visit Intranet equipment by the port of server mappings
It asks.
Further, a kind of method that local area network internal dynamic penetrates further comprises the steps of:
After establishing pptp tunneling foundation, carried out at encryption using IP traffic of the IPSec to pptp tunneling both ends
Reason.
Further, it after establishing control connection, is controlled and is connected by PPTP between Intranet equipment and public network IP server
Message safeguards that pptp tunneling, PPTP control connection message and carry PPTP Call- Control1 and management information, PPTP Call- Control1 and pipe
The echo request and corresponding return response message in information comprising periodicity sending are managed, for detecting PPTP client and public network
Whether there is disconnecting between IP server.
Further, the holding line mechanism between the Intranet equipment and public network IP server are as follows:
Intranet equipment or public network IP server issue echo-request message, and another party's response echo-request disappears
Breath, if not receiving the response of another party within a preset period of time after a side issues echo-request message, then pptp tunneling is whole
Only.
Further, the case where pptp tunneling terminates further include:
Intranet equipment issues call-clear-request message, and request terminates pptp tunneling;Public network IP server response
After call-clear-request message, pptp tunneling is terminated.
Further, the case where pptp tunneling terminates further include:
Public network IP server issues call-disconnect-notify message, and Intranet equipment responds call-
After disconnect-notify message, pptp tunneling is terminated.
Further, the method that control connection terminates are as follows: public network IP server or Intranet equipment either party issue stop-
Control-connection-request message notifies another party to control connection and will be terminated, and another party responds stop-
Control-connection-request message, control connection terminate.
The utility model has the advantages that compared with prior art, present invention has the advantage that
The present invention can be realized local area network Intranet without NAT gateway and penetrate, and the present invention is moved by building C/S framework
State establishes tunnel connection, and resource of distributing according to need, and is suitable for the weaker equipment of edge calculations ability.
Detailed description of the invention
Fig. 1 is the flow diagram of the prior art;
Fig. 2 is flow diagram of the invention.
Specific embodiment
The present invention will be further explained with reference to the accompanying drawing.
Fig. 2 is flow diagram of the invention, and whole system of the present invention is divided into chain of command and data surface two large divisions:
Chain of command: to the foundation of data surface and issuing for management configuration
Data surface: the transmission to carry reverse data
The transmission flow that data are reversely penetrated in the present invention is as follows:
1. Intranet equipment and public network IP server establish TCP connection by proprietary protocol, chain of command channel is got through;
2. public network IP server notifies Intranet equipment to establish PPTP by chain of command channel when needing reversely to penetrate data
Tunnel, i.e. data surface tunnel;
3. Intranet device configuration, which is routed, is oriented to tunnel for the flow of needs;
4. public network IP server establishes temporary or permanent port mapping according to business demand, while configuring routing for flow
It is oriented to tunnel;
5. public network IP can be communicated directly with Intranet equipment by the IP of tunnel face at this time;
6. internet other equipment can access to Intranet equipment by the port of public network IP server mappings;
7. routing configuration is removed when service stopping, closure of a tunnel.
Specifically, the specific steps for establishing pptp tunneling include:
1) Intranet equipment issues request and establishes control connection message, and the reply request of public network IP server establishes control connection and disappears
Control connection is established after breath breath, between PPTP client and public network IP server;
2) Intranet equipment issues the message of request creation pptp tunneling, includes for identifying pptp tunneling only in the message
One ID;The TCP port number of dynamic allocation is used when the message of PPTP client sending request creation pptp tunneling;
3) public network IP server is according to the message for using remaining end slogan to reply request creation pptp tunneling, and establishes interim
Or permanent port mapping;
4) routing is respectively configured in Intranet equipment and public network IP server, and the flow of needs is oriented to tunnel, at this time public network
IP server can be communicated directly with Intranet equipment by the IP of tunnel face.
Specifically, being disappeared between Intranet equipment and public network IP server by PPTP control connection after establishing control connection
Breath maintenance pptp tunneling, PPTP control connection message and carry PPTP Call- Control1 and management information, PPTP Call- Control1 and management
It include the echo request and corresponding return response message of periodicity sending in information, for detecting PPTP client and public network IP
Whether there is disconnecting between server.
Specifically, the holding line mechanism between the Intranet equipment and public network IP server are as follows:
Intranet equipment or public network IP server issue echo-request message, and another party's response echo-request disappears
Breath, if not receiving the response of another party within a preset period of time after a side issues echo-request message, then pptp tunneling is whole
Only.
Specifically, the case where pptp tunneling terminates further include:
Intranet equipment issues call-clear-request message, and request terminates pptp tunneling;Public network IP server response
After call-clear-request message, pptp tunneling is terminated;
Or,
Public network IP server issues call-disconnect-notify message, and Intranet equipment responds call-
After disconnect-notify message, pptp tunneling is terminated.
And control the method that connection terminates are as follows: public network IP server or Intranet equipment either party issue stop-
Control-connection-request message notifies another party to control connection and will be terminated, and another party responds stop-
Control-connection-request message, control connection terminate.
Preferably, when there is security requirements, after establishing pptp tunneling foundation, using IPSec to pptp tunneling two
The IP traffic at end is encrypted.
The above is only a preferred embodiment of the present invention, it should be pointed out that: for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of method that local area network internal dynamic penetrates, which is characterized in that comprising steps of
(1) client computer and server architecture are established between client computer and public network IP server using the Intranet equipment in local area network;
(2) Intranet equipment and public network IP server establish TCP connection by proprietary protocol, establish chain of command channel;
(3) when needing reversely to penetrate data, public network IP server notifies Intranet equipment to establish PPTP tunnel by chain of command channel
Road, i.e. data surface tunnel;
(4) Intranet equipment establishes the pptp tunneling between public network IP server;
(5) public network IP server is communicated with Intranet equipment by established pptp tunneling;
(6) when service stopping, Intranet equipment and public network IP server remove the routing configuration of pptp tunneling.
2. a kind of method that local area network internal dynamic penetrates according to claim 1, which is characterized in that described to establish PPTP
The specific steps in tunnel include:
1) Intranet equipment issues request and establishes control connection message, and public network IP server replys request and establishes control connection message breath
Afterwards, control connection is established between PPTP client and public network IP server;
2) Intranet equipment issues the message of request creation pptp tunneling, includes for identifying the unique of pptp tunneling in the message
ID;The TCP port number of dynamic allocation is used when the message of PPTP client sending request creation pptp tunneling;
3) public network IP server is according to the message for using remaining end slogan to reply request creation pptp tunneling, and establishes port and reflect
It penetrates;
4) routing is respectively configured in Intranet equipment and public network IP server, and the flow of needs is oriented to tunnel, and public network IP takes at this time
Business device can be communicated directly with Intranet equipment by the IP of tunnel face.
3. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that the port mapping
It is interim or permanent.
4. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that in the internet
Other equipment can be accessed by the port of server mappings to Intranet equipment.
5. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that further comprise the steps of:
After establishing pptp tunneling foundation, it is encrypted using IP traffic of the IPSec to pptp tunneling both ends.
6. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that connect establishing control
After connecing, connection message is controlled by PPTP between Intranet equipment and public network IP server and safeguards pptp tunneling, PPTP control connection
Message carries PPTP Call- Control1 and management information, and the loopback comprising periodicity sending is asked in PPTP Call- Control1 and management information
It sums corresponding return response message, whether disconnecting occurs between PPTP client and public network IP server for detecting.
7. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that the Intranet equipment
Holding line mechanism between public network IP server are as follows:
Intranet equipment or public network IP server sending echo-request message, and another party's response echo-request message,
If not receiving the response of another party within a preset period of time after a side issues echo-request message, then pptp tunneling terminates.
8. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that the pptp tunneling
The case where termination further include:
Intranet equipment issues call-clear-request message, and request terminates pptp tunneling;Public network IP server response call-
After clear-request message, pptp tunneling is terminated.
9. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that the pptp tunneling
The case where termination further include:
Public network IP server issues call-disconnect-notify message, and Intranet equipment is responded
After call-disconnect-notify message, pptp tunneling is terminated.
10. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that control connection is eventually
Method only are as follows: public network IP server or Intranet equipment either party issue stop-control-connection-request
Message notifies another party to control connection and will be terminated, and another party responds stop-control-connection-request and disappears
Breath, control connection terminate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910440647.9A CN110311894A (en) | 2019-05-24 | 2019-05-24 | A kind of method that local area network internal dynamic penetrates |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910440647.9A CN110311894A (en) | 2019-05-24 | 2019-05-24 | A kind of method that local area network internal dynamic penetrates |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110311894A true CN110311894A (en) | 2019-10-08 |
Family
ID=68075006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910440647.9A Pending CN110311894A (en) | 2019-05-24 | 2019-05-24 | A kind of method that local area network internal dynamic penetrates |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110311894A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111064650A (en) * | 2019-12-23 | 2020-04-24 | 浙江宇视科技有限公司 | Method and device for dynamically changing tunnel connection service port number |
CN111885036A (en) * | 2020-07-16 | 2020-11-03 | 武汉秒开网络科技有限公司 | Method and system for realizing multi-device access by router penetrating intranet |
CN113612675A (en) * | 2021-06-25 | 2021-11-05 | 北京劲群科技有限公司 | Distributed intranet transparent implementation architecture and method |
CN113965338A (en) * | 2021-08-24 | 2022-01-21 | 国网北京市电力公司 | Intranet penetration method |
CN117439815A (en) * | 2023-12-08 | 2024-01-23 | 中国人民解放军31203部队 | Intranet penetration system and method based on reverse transparent bridging |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090271512A1 (en) * | 1998-07-10 | 2009-10-29 | Jorgensen Jacob W | TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP) PACKET-CENTRIC WIRELESS POINT TO MULTI-POINT (PtMP) TRANSMISSION SYSTEM ARCHITECTURE |
CN102710644A (en) * | 2012-05-30 | 2012-10-03 | 浙江宇视科技有限公司 | Method and device for saving bandwidth in internet protocol (IP) monitoring system |
CN103051642A (en) * | 2013-01-18 | 2013-04-17 | 上海云和信息系统有限公司 | Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system |
CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
CN103379009A (en) * | 2012-04-20 | 2013-10-30 | 南京易安联网络技术有限公司 | SSL VPN communication method based on data link layers |
CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
CN108769279A (en) * | 2018-04-11 | 2018-11-06 | 北京富邦智慧物联科技有限公司 | Intranet fire fighting monitoring video access methods and system based on ssh reverse tunnels |
CN109787848A (en) * | 2019-04-02 | 2019-05-21 | 浙江数值跳跃网络科技有限公司 | Technology for establishing decentralized network architecture through intranet penetration technology |
-
2019
- 2019-05-24 CN CN201910440647.9A patent/CN110311894A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090271512A1 (en) * | 1998-07-10 | 2009-10-29 | Jorgensen Jacob W | TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP) PACKET-CENTRIC WIRELESS POINT TO MULTI-POINT (PtMP) TRANSMISSION SYSTEM ARCHITECTURE |
CN103379009A (en) * | 2012-04-20 | 2013-10-30 | 南京易安联网络技术有限公司 | SSL VPN communication method based on data link layers |
CN102710644A (en) * | 2012-05-30 | 2012-10-03 | 浙江宇视科技有限公司 | Method and device for saving bandwidth in internet protocol (IP) monitoring system |
CN103051642A (en) * | 2013-01-18 | 2013-04-17 | 上海云和信息系统有限公司 | Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system |
CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
CN103391234A (en) * | 2013-08-01 | 2013-11-13 | 厦门市美亚柏科信息股份有限公司 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
CN108769279A (en) * | 2018-04-11 | 2018-11-06 | 北京富邦智慧物联科技有限公司 | Intranet fire fighting monitoring video access methods and system based on ssh reverse tunnels |
CN109787848A (en) * | 2019-04-02 | 2019-05-21 | 浙江数值跳跃网络科技有限公司 | Technology for establishing decentralized network architecture through intranet penetration technology |
Non-Patent Citations (2)
Title |
---|
(美)MICROSOFT公司: "《WINDOWS 2000 SERVER资源大全 第4卷 网络互连》", 31 January 2001, 北京:机械工业出版社 * |
HAMZEH, ET AL: ""Point-to-Point Tunneling Protocol (PPTP)"", 《IETF RFC2637》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111064650A (en) * | 2019-12-23 | 2020-04-24 | 浙江宇视科技有限公司 | Method and device for dynamically changing tunnel connection service port number |
CN111885036A (en) * | 2020-07-16 | 2020-11-03 | 武汉秒开网络科技有限公司 | Method and system for realizing multi-device access by router penetrating intranet |
CN111885036B (en) * | 2020-07-16 | 2022-08-16 | 武汉秒开网络科技有限公司 | Method and system for realizing multi-device access by router penetrating intranet |
CN113612675A (en) * | 2021-06-25 | 2021-11-05 | 北京劲群科技有限公司 | Distributed intranet transparent implementation architecture and method |
CN113612675B (en) * | 2021-06-25 | 2022-07-12 | 北京劲群科技有限公司 | Distributed intranet transparent implementation architecture and method |
CN113965338A (en) * | 2021-08-24 | 2022-01-21 | 国网北京市电力公司 | Intranet penetration method |
CN113965338B (en) * | 2021-08-24 | 2024-01-23 | 国网北京市电力公司 | Intranet penetration method |
CN117439815A (en) * | 2023-12-08 | 2024-01-23 | 中国人民解放军31203部队 | Intranet penetration system and method based on reverse transparent bridging |
CN117439815B (en) * | 2023-12-08 | 2024-03-19 | 中国人民解放军31203部队 | Intranet penetration system and method based on reverse transparent bridging |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110311894A (en) | A kind of method that local area network internal dynamic penetrates | |
CN105025044B (en) | A kind of apparatus control method and system | |
EP2569902B1 (en) | Interconnecting members of a virtual network | |
US8340103B2 (en) | System and method for creating a secure tunnel for communications over a network | |
US9264403B2 (en) | Virtualization platform | |
CN102664972B (en) | Method and device for mapping address in virtual network | |
CN112437168B (en) | Intranet penetration system | |
CN103023898A (en) | Method and device for accessing intranet resource of virtual private network (VPN) server | |
CN105072213A (en) | IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway | |
CN101447956A (en) | Cross-GAP communication method and communication system using same | |
CN102685268A (en) | Fast private network traversal method based on ICE (Information and Content Exchange) protocol in VoIP (Voice over Internet Protocol) | |
CN104408777B (en) | Internet attendance management system and method based on P2P communication realized by NAT traversal | |
CN106330479A (en) | Equipment operation and maintenance method and equipment operation and maintenance system | |
CN110661858A (en) | Websocket-based intranet penetration method and system | |
CN103747116A (en) | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) | |
CN105635335B (en) | Social resources cut-in method, apparatus and system | |
CN113259372A (en) | Method for dynamic allocation channel to penetrate intranet to access local system | |
CN102546350A (en) | Method and device for saving WAN (wide area network) bandwidth in IP (internet protocol) monitoring system | |
CN112738200A (en) | Convenient operation and maintenance tool and method based on closed public network system | |
CN102724767A (en) | Virtual private network access method and device for mobile user | |
SE9904841L (en) | Method and system of communication | |
CN100490393C (en) | Method for accessing user network management platform | |
CN101951380B (en) | Access control method and device used therein in dual-stack lite network | |
CN111343070A (en) | Communication control method for sdwan network | |
CN111182071A (en) | Method for intranet penetration and service release |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191008 |
|
RJ01 | Rejection of invention patent application after publication |