CN110311894A - A kind of method that local area network internal dynamic penetrates - Google Patents

A kind of method that local area network internal dynamic penetrates Download PDF

Info

Publication number
CN110311894A
CN110311894A CN201910440647.9A CN201910440647A CN110311894A CN 110311894 A CN110311894 A CN 110311894A CN 201910440647 A CN201910440647 A CN 201910440647A CN 110311894 A CN110311894 A CN 110311894A
Authority
CN
China
Prior art keywords
server
pptp
public network
intranet equipment
tunneling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910440647.9A
Other languages
Chinese (zh)
Inventor
赖懿
叶生晅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Creative Technology (hangzhou) Co Ltd
Original Assignee
Creative Technology (hangzhou) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Creative Technology (hangzhou) Co Ltd filed Critical Creative Technology (hangzhou) Co Ltd
Priority to CN201910440647.9A priority Critical patent/CN110311894A/en
Publication of CN110311894A publication Critical patent/CN110311894A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention proposes a kind of method that local area network internal dynamic penetrates, comprising steps of establishing client computer and server architecture between client computer and public network IP server using the Intranet equipment in local area network;Intranet equipment and public network IP server establish TCP connection by proprietary protocol, establish chain of command channel;When needing reversely to penetrate data, public network IP server notifies Intranet equipment to establish pptp tunneling, i.e. data surface tunnel by chain of command channel;Intranet equipment establishes the pptp tunneling between public network IP server;Public network IP server is communicated with Intranet equipment by established pptp tunneling;When service stopping, Intranet equipment and public network IP server remove the routing configuration of pptp tunneling.The present invention by building C/S framework, dynamically establish tunnel connect and distribute according to need resource realize local area network Intranet penetrate, be applicable to the weaker equipment of edge calculations ability.

Description

A kind of method that local area network internal dynamic penetrates
Technical field
The present invention relates to intranet and extranet field of communication technology, especially a kind of method that local area network internal dynamic penetrates is applicable in Stable inverted access is carried out in Internet of Things web network equipment.
Background technique
In the prior art, carried out data transmission between Intranet and outer net by NAT gateway, specific transmission process such as Fig. 1 institute Show, needs to configure a mapping table in NAT gateway in advance, have recorded the request that gateway receives on table and be forwarded to intranet server Mapping, then if public network has host to initiate request to Intranet equipment, NAT gateway can repair according to the content of mapping table Change the purpose IP address and destination port of the data packet.Finally the data packet after modification is sent to the destination host of request, Equal destination hosts have sent back to response bag and then have modified source IP address and source port according to mapping table and be sent in public network. The intranet host that public network host accesses not public network IP is thereby realized, by NAPT technology unique one by router Public network IP to provide service to public network.
Drawback of the prior art is that:
(1) it needs to configure in advance, once network environment changes, needs to log in NAT device and be modified;
(2) port needs to carry out planning in advance and port number is limited, will be unable to support newly once port uses to finish Intranet equipment;
(3) NAT gateway needs to monitor and occupy the port that a large amount of ports carry out SNAT to public network and sharply reduces;
(4) service can not be provided when NAT gateway equipment is also at intranet environment;
(5) TCP and UDP service is only supported.
Summary of the invention
Goal of the invention: to overcome drawbacks described above, the present invention proposes a kind of method that local area network internal dynamic penetrates.
Technical solution: technical solution proposed by the present invention are as follows:
A kind of method that local area network internal dynamic penetrates, comprising steps of
(1) client computer and server knot are established between client computer and public network IP server using the Intranet equipment in local area network Structure;
(2) Intranet equipment and public network IP server establish TCP connection by proprietary protocol, establish chain of command channel;
(3) when needing reversely to penetrate data, public network IP server notifies Intranet equipment to establish by chain of command channel Pptp tunneling, i.e. data surface tunnel;
(4) Intranet equipment establishes the pptp tunneling between public network IP server;
(5) public network IP server is communicated with Intranet equipment by established pptp tunneling;
(6) when service stopping, Intranet equipment and public network IP server remove the routing configuration of pptp tunneling.
Further, the specific steps for establishing pptp tunneling include:
1) Intranet equipment issues request and establishes control connection message, and the reply request of public network IP server establishes control connection and disappears Control connection is established after breath breath, between PPTP client and public network IP server;
2) Intranet equipment issues the message of request creation pptp tunneling, includes for identifying pptp tunneling only in the message One ID;The TCP port number of dynamic allocation is used when the message of PPTP client sending request creation pptp tunneling;
3) public network IP server is according to the message for using remaining end slogan to reply request creation pptp tunneling, and establishes port Mapping;
4) routing is respectively configured in Intranet equipment and public network IP server, and the flow of needs is oriented to tunnel, at this time public network IP server can be communicated directly with Intranet equipment by the IP of tunnel face.
Further, the port mapping is interim or permanent.
Further, the other equipment in the internet can visit Intranet equipment by the port of server mappings It asks.
Further, a kind of method that local area network internal dynamic penetrates further comprises the steps of:
After establishing pptp tunneling foundation, carried out at encryption using IP traffic of the IPSec to pptp tunneling both ends Reason.
Further, it after establishing control connection, is controlled and is connected by PPTP between Intranet equipment and public network IP server Message safeguards that pptp tunneling, PPTP control connection message and carry PPTP Call- Control1 and management information, PPTP Call- Control1 and pipe The echo request and corresponding return response message in information comprising periodicity sending are managed, for detecting PPTP client and public network Whether there is disconnecting between IP server.
Further, the holding line mechanism between the Intranet equipment and public network IP server are as follows:
Intranet equipment or public network IP server issue echo-request message, and another party's response echo-request disappears Breath, if not receiving the response of another party within a preset period of time after a side issues echo-request message, then pptp tunneling is whole Only.
Further, the case where pptp tunneling terminates further include:
Intranet equipment issues call-clear-request message, and request terminates pptp tunneling;Public network IP server response After call-clear-request message, pptp tunneling is terminated.
Further, the case where pptp tunneling terminates further include:
Public network IP server issues call-disconnect-notify message, and Intranet equipment responds call- After disconnect-notify message, pptp tunneling is terminated.
Further, the method that control connection terminates are as follows: public network IP server or Intranet equipment either party issue stop- Control-connection-request message notifies another party to control connection and will be terminated, and another party responds stop- Control-connection-request message, control connection terminate.
The utility model has the advantages that compared with prior art, present invention has the advantage that
The present invention can be realized local area network Intranet without NAT gateway and penetrate, and the present invention is moved by building C/S framework State establishes tunnel connection, and resource of distributing according to need, and is suitable for the weaker equipment of edge calculations ability.
Detailed description of the invention
Fig. 1 is the flow diagram of the prior art;
Fig. 2 is flow diagram of the invention.
Specific embodiment
The present invention will be further explained with reference to the accompanying drawing.
Fig. 2 is flow diagram of the invention, and whole system of the present invention is divided into chain of command and data surface two large divisions:
Chain of command: to the foundation of data surface and issuing for management configuration
Data surface: the transmission to carry reverse data
The transmission flow that data are reversely penetrated in the present invention is as follows:
1. Intranet equipment and public network IP server establish TCP connection by proprietary protocol, chain of command channel is got through;
2. public network IP server notifies Intranet equipment to establish PPTP by chain of command channel when needing reversely to penetrate data Tunnel, i.e. data surface tunnel;
3. Intranet device configuration, which is routed, is oriented to tunnel for the flow of needs;
4. public network IP server establishes temporary or permanent port mapping according to business demand, while configuring routing for flow It is oriented to tunnel;
5. public network IP can be communicated directly with Intranet equipment by the IP of tunnel face at this time;
6. internet other equipment can access to Intranet equipment by the port of public network IP server mappings;
7. routing configuration is removed when service stopping, closure of a tunnel.
Specifically, the specific steps for establishing pptp tunneling include:
1) Intranet equipment issues request and establishes control connection message, and the reply request of public network IP server establishes control connection and disappears Control connection is established after breath breath, between PPTP client and public network IP server;
2) Intranet equipment issues the message of request creation pptp tunneling, includes for identifying pptp tunneling only in the message One ID;The TCP port number of dynamic allocation is used when the message of PPTP client sending request creation pptp tunneling;
3) public network IP server is according to the message for using remaining end slogan to reply request creation pptp tunneling, and establishes interim Or permanent port mapping;
4) routing is respectively configured in Intranet equipment and public network IP server, and the flow of needs is oriented to tunnel, at this time public network IP server can be communicated directly with Intranet equipment by the IP of tunnel face.
Specifically, being disappeared between Intranet equipment and public network IP server by PPTP control connection after establishing control connection Breath maintenance pptp tunneling, PPTP control connection message and carry PPTP Call- Control1 and management information, PPTP Call- Control1 and management It include the echo request and corresponding return response message of periodicity sending in information, for detecting PPTP client and public network IP Whether there is disconnecting between server.
Specifically, the holding line mechanism between the Intranet equipment and public network IP server are as follows:
Intranet equipment or public network IP server issue echo-request message, and another party's response echo-request disappears Breath, if not receiving the response of another party within a preset period of time after a side issues echo-request message, then pptp tunneling is whole Only.
Specifically, the case where pptp tunneling terminates further include:
Intranet equipment issues call-clear-request message, and request terminates pptp tunneling;Public network IP server response After call-clear-request message, pptp tunneling is terminated;
Or,
Public network IP server issues call-disconnect-notify message, and Intranet equipment responds call- After disconnect-notify message, pptp tunneling is terminated.
And control the method that connection terminates are as follows: public network IP server or Intranet equipment either party issue stop- Control-connection-request message notifies another party to control connection and will be terminated, and another party responds stop- Control-connection-request message, control connection terminate.
Preferably, when there is security requirements, after establishing pptp tunneling foundation, using IPSec to pptp tunneling two The IP traffic at end is encrypted.
The above is only a preferred embodiment of the present invention, it should be pointed out that: for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (10)

1. a kind of method that local area network internal dynamic penetrates, which is characterized in that comprising steps of
(1) client computer and server architecture are established between client computer and public network IP server using the Intranet equipment in local area network;
(2) Intranet equipment and public network IP server establish TCP connection by proprietary protocol, establish chain of command channel;
(3) when needing reversely to penetrate data, public network IP server notifies Intranet equipment to establish PPTP tunnel by chain of command channel Road, i.e. data surface tunnel;
(4) Intranet equipment establishes the pptp tunneling between public network IP server;
(5) public network IP server is communicated with Intranet equipment by established pptp tunneling;
(6) when service stopping, Intranet equipment and public network IP server remove the routing configuration of pptp tunneling.
2. a kind of method that local area network internal dynamic penetrates according to claim 1, which is characterized in that described to establish PPTP The specific steps in tunnel include:
1) Intranet equipment issues request and establishes control connection message, and public network IP server replys request and establishes control connection message breath Afterwards, control connection is established between PPTP client and public network IP server;
2) Intranet equipment issues the message of request creation pptp tunneling, includes for identifying the unique of pptp tunneling in the message ID;The TCP port number of dynamic allocation is used when the message of PPTP client sending request creation pptp tunneling;
3) public network IP server is according to the message for using remaining end slogan to reply request creation pptp tunneling, and establishes port and reflect It penetrates;
4) routing is respectively configured in Intranet equipment and public network IP server, and the flow of needs is oriented to tunnel, and public network IP takes at this time Business device can be communicated directly with Intranet equipment by the IP of tunnel face.
3. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that the port mapping It is interim or permanent.
4. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that in the internet Other equipment can be accessed by the port of server mappings to Intranet equipment.
5. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that further comprise the steps of:
After establishing pptp tunneling foundation, it is encrypted using IP traffic of the IPSec to pptp tunneling both ends.
6. a kind of method that local area network internal dynamic penetrates according to claim 2, which is characterized in that connect establishing control After connecing, connection message is controlled by PPTP between Intranet equipment and public network IP server and safeguards pptp tunneling, PPTP control connection Message carries PPTP Call- Control1 and management information, and the loopback comprising periodicity sending is asked in PPTP Call- Control1 and management information It sums corresponding return response message, whether disconnecting occurs between PPTP client and public network IP server for detecting.
7. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that the Intranet equipment Holding line mechanism between public network IP server are as follows:
Intranet equipment or public network IP server sending echo-request message, and another party's response echo-request message, If not receiving the response of another party within a preset period of time after a side issues echo-request message, then pptp tunneling terminates.
8. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that the pptp tunneling The case where termination further include:
Intranet equipment issues call-clear-request message, and request terminates pptp tunneling;Public network IP server response call- After clear-request message, pptp tunneling is terminated.
9. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that the pptp tunneling The case where termination further include:
Public network IP server issues call-disconnect-notify message, and Intranet equipment is responded
After call-disconnect-notify message, pptp tunneling is terminated.
10. a kind of method that local area network internal dynamic penetrates according to claim 6, which is characterized in that control connection is eventually Method only are as follows: public network IP server or Intranet equipment either party issue stop-control-connection-request Message notifies another party to control connection and will be terminated, and another party responds stop-control-connection-request and disappears Breath, control connection terminate.
CN201910440647.9A 2019-05-24 2019-05-24 A kind of method that local area network internal dynamic penetrates Pending CN110311894A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910440647.9A CN110311894A (en) 2019-05-24 2019-05-24 A kind of method that local area network internal dynamic penetrates

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910440647.9A CN110311894A (en) 2019-05-24 2019-05-24 A kind of method that local area network internal dynamic penetrates

Publications (1)

Publication Number Publication Date
CN110311894A true CN110311894A (en) 2019-10-08

Family

ID=68075006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910440647.9A Pending CN110311894A (en) 2019-05-24 2019-05-24 A kind of method that local area network internal dynamic penetrates

Country Status (1)

Country Link
CN (1) CN110311894A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064650A (en) * 2019-12-23 2020-04-24 浙江宇视科技有限公司 Method and device for dynamically changing tunnel connection service port number
CN111885036A (en) * 2020-07-16 2020-11-03 武汉秒开网络科技有限公司 Method and system for realizing multi-device access by router penetrating intranet
CN113612675A (en) * 2021-06-25 2021-11-05 北京劲群科技有限公司 Distributed intranet transparent implementation architecture and method
CN113965338A (en) * 2021-08-24 2022-01-21 国网北京市电力公司 Intranet penetration method
CN117439815A (en) * 2023-12-08 2024-01-23 中国人民解放军31203部队 Intranet penetration system and method based on reverse transparent bridging

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090271512A1 (en) * 1998-07-10 2009-10-29 Jorgensen Jacob W TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP) PACKET-CENTRIC WIRELESS POINT TO MULTI-POINT (PtMP) TRANSMISSION SYSTEM ARCHITECTURE
CN102710644A (en) * 2012-05-30 2012-10-03 浙江宇视科技有限公司 Method and device for saving bandwidth in internet protocol (IP) monitoring system
CN103051642A (en) * 2013-01-18 2013-04-17 上海云和信息系统有限公司 Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system
CN103368809A (en) * 2013-07-06 2013-10-23 马钢(集团)控股有限公司 Internet reverse penetration tunnel implementation method
CN103379009A (en) * 2012-04-20 2013-10-30 南京易安联网络技术有限公司 SSL VPN communication method based on data link layers
CN103391234A (en) * 2013-08-01 2013-11-13 厦门市美亚柏科信息股份有限公司 Method for realizing multi-user fixed port mapping and PPTP VPN server side
CN105933198A (en) * 2016-04-21 2016-09-07 浙江宇视科技有限公司 Device for establishing direct connection VPN tunnel
CN108769279A (en) * 2018-04-11 2018-11-06 北京富邦智慧物联科技有限公司 Intranet fire fighting monitoring video access methods and system based on ssh reverse tunnels
CN109787848A (en) * 2019-04-02 2019-05-21 浙江数值跳跃网络科技有限公司 Technology for establishing decentralized network architecture through intranet penetration technology

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090271512A1 (en) * 1998-07-10 2009-10-29 Jorgensen Jacob W TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP) PACKET-CENTRIC WIRELESS POINT TO MULTI-POINT (PtMP) TRANSMISSION SYSTEM ARCHITECTURE
CN103379009A (en) * 2012-04-20 2013-10-30 南京易安联网络技术有限公司 SSL VPN communication method based on data link layers
CN102710644A (en) * 2012-05-30 2012-10-03 浙江宇视科技有限公司 Method and device for saving bandwidth in internet protocol (IP) monitoring system
CN103051642A (en) * 2013-01-18 2013-04-17 上海云和信息系统有限公司 Method for realizing accessing of local area network equipment in firewall based on VPN (Virtual Private Network) and network system
CN103368809A (en) * 2013-07-06 2013-10-23 马钢(集团)控股有限公司 Internet reverse penetration tunnel implementation method
CN103391234A (en) * 2013-08-01 2013-11-13 厦门市美亚柏科信息股份有限公司 Method for realizing multi-user fixed port mapping and PPTP VPN server side
CN105933198A (en) * 2016-04-21 2016-09-07 浙江宇视科技有限公司 Device for establishing direct connection VPN tunnel
CN108769279A (en) * 2018-04-11 2018-11-06 北京富邦智慧物联科技有限公司 Intranet fire fighting monitoring video access methods and system based on ssh reverse tunnels
CN109787848A (en) * 2019-04-02 2019-05-21 浙江数值跳跃网络科技有限公司 Technology for establishing decentralized network architecture through intranet penetration technology

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
(美)MICROSOFT公司: "《WINDOWS 2000 SERVER资源大全 第4卷 网络互连》", 31 January 2001, 北京:机械工业出版社 *
HAMZEH, ET AL: ""Point-to-Point Tunneling Protocol (PPTP)"", 《IETF RFC2637》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064650A (en) * 2019-12-23 2020-04-24 浙江宇视科技有限公司 Method and device for dynamically changing tunnel connection service port number
CN111885036A (en) * 2020-07-16 2020-11-03 武汉秒开网络科技有限公司 Method and system for realizing multi-device access by router penetrating intranet
CN111885036B (en) * 2020-07-16 2022-08-16 武汉秒开网络科技有限公司 Method and system for realizing multi-device access by router penetrating intranet
CN113612675A (en) * 2021-06-25 2021-11-05 北京劲群科技有限公司 Distributed intranet transparent implementation architecture and method
CN113612675B (en) * 2021-06-25 2022-07-12 北京劲群科技有限公司 Distributed intranet transparent implementation architecture and method
CN113965338A (en) * 2021-08-24 2022-01-21 国网北京市电力公司 Intranet penetration method
CN113965338B (en) * 2021-08-24 2024-01-23 国网北京市电力公司 Intranet penetration method
CN117439815A (en) * 2023-12-08 2024-01-23 中国人民解放军31203部队 Intranet penetration system and method based on reverse transparent bridging
CN117439815B (en) * 2023-12-08 2024-03-19 中国人民解放军31203部队 Intranet penetration system and method based on reverse transparent bridging

Similar Documents

Publication Publication Date Title
CN110311894A (en) A kind of method that local area network internal dynamic penetrates
CN105025044B (en) A kind of apparatus control method and system
EP2569902B1 (en) Interconnecting members of a virtual network
US8340103B2 (en) System and method for creating a secure tunnel for communications over a network
US9264403B2 (en) Virtualization platform
CN102664972B (en) Method and device for mapping address in virtual network
CN112437168B (en) Intranet penetration system
CN103023898A (en) Method and device for accessing intranet resource of virtual private network (VPN) server
CN105072213A (en) IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway
CN101447956A (en) Cross-GAP communication method and communication system using same
CN102685268A (en) Fast private network traversal method based on ICE (Information and Content Exchange) protocol in VoIP (Voice over Internet Protocol)
CN104408777B (en) Internet attendance management system and method based on P2P communication realized by NAT traversal
CN106330479A (en) Equipment operation and maintenance method and equipment operation and maintenance system
CN110661858A (en) Websocket-based intranet penetration method and system
CN103747116A (en) Business access method and device based on Layer 2 Tunneling Protocol (L2TP)
CN105635335B (en) Social resources cut-in method, apparatus and system
CN113259372A (en) Method for dynamic allocation channel to penetrate intranet to access local system
CN102546350A (en) Method and device for saving WAN (wide area network) bandwidth in IP (internet protocol) monitoring system
CN112738200A (en) Convenient operation and maintenance tool and method based on closed public network system
CN102724767A (en) Virtual private network access method and device for mobile user
SE9904841L (en) Method and system of communication
CN100490393C (en) Method for accessing user network management platform
CN101951380B (en) Access control method and device used therein in dual-stack lite network
CN111343070A (en) Communication control method for sdwan network
CN111182071A (en) Method for intranet penetration and service release

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191008

RJ01 Rejection of invention patent application after publication