Disclosure of Invention
An object of the present disclosure is to provide a method and an apparatus for providing a VPN service, a blockchain network, and a node device, so as to solve the above technical problems.
In order to achieve the above object, a first aspect of the present disclosure provides a blockchain network for providing a virtual private network VPN service, including a plurality of nodes, the plurality of nodes being nodes in the blockchain network, the plurality of nodes including a service node and a relay node; the intelligent contract of the block chain network records the forwarding sequence information of the nodes; each node is used for determining whether a subsequent node exists in the node according to the forwarding sequence information when receiving a VPN connection request of a client, and forwarding the VPN connection request to the subsequent node if the subsequent node exists in the node; the service node is further configured to provide VPN service to the client when receiving the VPN connection request.
Optionally, the intelligent contract of the blockchain network is configured to, when receiving a VPN connection request sent by the client, sort the plurality of nodes, and write a result of the sorting into the intelligent contract as the forwarding order information.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; before forwarding the VPN connection request to a next hop node, any node decrypts the access information of the next hop node through a private key of the node; and after the decrypted access information is obtained, forwarding the VPN connection request to the next hop node according to the access information.
Optionally, each node is specifically configured to determine, according to the forwarding sequence information, a previous-hop node of the node, encrypt an IP address and/or a port of the node by using a public key of the previous-hop node, and write the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; each node is specifically configured to, when receiving a VPN connection request, replace source address information of the VPN connection request with address information of the node, and replace destination address information of the VPN connection request with address information of a next-hop node of the node, and then send the destination address information.
Optionally, the service node is further configured to provide a VPN service to the client when receiving the VPN connection request, and replace the source address information of the VPN connection request with the address information of the node, and replace the destination address information of the VPN connection request with the address information of the next-hop node of the node, and then send the destination address information.
Optionally, the blockchain network is further configured to send, when receiving a VPN connection request sent by the client, the VPN connection request to a first node in the forwarding order information.
In a second aspect of the present disclosure, a method for providing a VPN service is provided, the method being applied to a node in a blockchain network, and the method including: receiving a VPN connection request of a client; determining subsequent nodes of the nodes according to forwarding sequence information of the nodes recorded in an intelligent contract of the block chain network, wherein the nodes comprise service nodes for providing VPN service; forwarding the received VPN connection request to the subsequent node.
Optionally, the node is a service node providing a VPN service, and the method further includes providing a VPN service for a client after receiving a VPN connection request from the client.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the forwarding the received VPN coupling request to the successor node includes: before forwarding the VPN connection request to a next hop node, the node decrypts the access information of the next hop node through a private key of the node; and after the decrypted access information is obtained, forwarding the VPN connection request to the next hop node according to the access information.
Optionally, the method further includes determining a previous hop node of the node according to the forwarding sequence information, encrypting the IP address and/or the port of the node by using the public key of the previous hop node, and writing the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; the forwarding the received VPN coupling request to the successor node includes: when receiving a VPN connection request, the source address information of the VPN connection request is replaced by the address information of the node, and the destination address information of the VPN connection request is replaced by the address information of the next hop node of the node and then is transmitted.
In a third aspect of the present disclosure, an apparatus for providing a VPN service is provided, where the apparatus is applied to nodes in a blockchain network, where the nodes include a service node and a relay node, and the apparatus includes: the receiving module is used for receiving a VPN connection request of a client; the determining module is used for determining the subsequent nodes of the nodes according to the forwarding sequence information of the nodes recorded in the intelligent contract of the block chain network; and the forwarding module is used for forwarding the received VPN connection request to the subsequent node.
Optionally, when the apparatus is applied to the service node, the apparatus further includes a service module, configured to provide a VPN service to the client.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the device also comprises a decryption module used for decrypting the access information of the next hop node through a private key of the decryption module, and the forwarding module is used for forwarding the VPN connection request to the next hop node according to the access information after the decrypted access information is obtained.
Optionally, the apparatus further includes an encryption module, configured to determine a previous-hop node of the node according to the forwarding sequence information, encrypt the IP address and/or the port of the node by using a public key of the previous-hop node, and write the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; and the forwarding module is used for replacing the source address information of the VPN connection request with the address information of the node and replacing the destination address information of the VPN connection request with the address information of the next hop node of the node for sending when receiving the VPN connection request.
In a fourth aspect of the present disclosure, a node device is provided, which is configured as a relay node in a blockchain network according to any one of the first aspect of the present disclosure.
In a fifth aspect of the present disclosure, a node device is provided, which is configured as a serving node in a blockchain network according to any one of the first aspect of the present disclosure.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
First, an implementation scenario of the present disclosure will be explained. The method and the system are applied to the scene of providing the VPN service for the client. If an external user wants to connect the intranet, a connection request needs to be sent to the VPN server through the client, after the identity of the client is confirmed by the VPN server, VPN service is provided for the client, and the user can access resources in the intranet through the client. However, since a VPN server is required to be used as a bridge for communication between an intranet and a client, an address of the VPN server needs to be disclosed in the internet, so that an external user can access the VPN server anywhere through any interface of the internet, and such address information exposure brings great hidden trouble to information security of the VPN server.
In the disclosure, the VPN server is hidden in the blockchain network, and an external user does not directly access an address where the VPN server is located, but a node in the blockchain network forwards a VPN connection request of the external user layer by layer to the VPN server, so that the effect that the external user can access the VPN server from any position through any interface of the internet is achieved, and simultaneously, a real address of the VPN server is hidden, so that information security of the VPN server is guaranteed.
Fig. 1 is a schematic diagram illustrating a blockchain network according to an exemplary disclosed embodiment. As shown in fig. 1, the blockchain network includes a plurality of nodes including a serving node and a relay node. For convenience of description, fig. 1 shows 1 serving node and 5 relay nodes in total, and the number of the serving nodes and the number of the relay nodes are not limited.
An intelligent contract for a blockchain network may be considered a rule that constrains the blockchain network to perform an operation when certain conditions are satisfied. The intelligent contract records the forwarding sequence information of a plurality of nodes (including the service node and the relay node). In fig. 1, the forwarding order among the nodes is "relay node 1" to "relay node 3" to "serving node" to "relay node 5" to "relay node 2" to "relay node 4". The forwarding order information may be a constant order preset by an administrator. The blockchain network may also automatically re-randomly order the nodes after a certain time interval, which may be an hour, a day, a week, a month, etc.
In a possible implementation, the forwarding sequence information is generated by the intelligent contract of the blockchain network sorting the nodes when the blockchain network receives a VPN connection request sent by a client, that is, the intelligent contract of the blockchain network randomly sorts the nodes in the blockchain network once each VPN connection request is received, so that the forwarding sequence information changes each time a VPN connection request is received, and the security of a VPN server (i.e., a service node) in the blockchain network is further increased.
The VPN connection request is forwarded in the blockchain network according to the ordering in the forwarding order information. When receiving the VPN connection request, the node in the blockchain network may determine whether a subsequent node exists according to the forwarding sequence information, and if so, forward the VPN connection request to the subsequent node, and if not (that is, if the node is a chain tail), discard the VPN connection request or do no processing. The VPN connection request may traverse all relay nodes and serving nodes in the blockchain network.
In order to further improve the security of the service node in the blockchain network, the node in the blockchain network can only receive the data sent by the preamble node. That is, the address information (IP address and/or port) of each node may be encrypted by the public key of the previous hop node to obtain access information, and the access information is synchronized into the intelligent contract, so that the previous hop node may decrypt the access information of its next hop node before forwarding, and forward the access information to the next hop node according to the decrypted access information.
In a possible implementation manner, after determining the forwarding order information, each node may determine a public key of its previous-hop node (if any), encrypt its IP address and/or port by using the public key, and write the encrypted IP address and/or port into the intelligent contract.
After receiving a VPN connection request in a blockchain network, forwarding the VPN connection request to a first node in a forwarding sequence, forwarding the first node to a next hop node of the first node, and forwarding the VPN connection request in the blockchain sequentially along the forwarding sequence through all nodes until a last node at the tail of the blockchain discards the VPN connection request; when the VPN connection request passes through the service node on the way, the service node responds to the VPN connection request to provide VPN connection service and forwards the VPN connection service.
When the node receives the VPN connection request, the source address information in the received VPN connection request may be replaced with its own address information, and the destination address information may be replaced with the address information of the next-hop node, so as to implement forwarding of the VPN connection request.
For the service node, in addition to replacing the source address information and the destination address information in the VPN connection request, it is also necessary to provide a responsive VPN service in response to the VPN connection request.
Fig. 2 is a schematic diagram illustrating a process for providing VPN services in a blockchain network according to an exemplary disclosed embodiment. The process of providing VPN services in a blockchain network comprises the steps of:
and S21, when the block chain network receives the VPN connection request of the client, the intelligent contract sequences the nodes in the block chain network and records the sequencing result as the forwarding sequence information. S22, all nodes in the block chain network acquire the public key of the previous hop node (if any) according to the sequencing result, encrypt the address information of the nodes to obtain access information, and upload the encrypted access information to an intelligent contract or send the access information to other nodes. And S23, the block chain network sends the VPN connection request to the first node in the forwarding sequence information. And S24, the first node replaces the source address information in the VPN connection request with the address information of the first node, replaces the destination address information with the address information of the next hop, and forwards the address information. S25, the relay node in the blockchain network replaces the address information in the VPN connection request and sequentially forwards the address information in the VPN connection request in the same manner as the first node, and the service node needs to both forward the VPN connection request and provide the VPN service in response to the VPN connection request until the VPN connection request is forwarded to the node at the end of the chain (the last node in the forwarding order information). And S26, the node at the tail of the chain discards the VPN connection request. It should be noted that, when the service node is a node at the end of the chain, the service node directly provides the VPN service based on the VPN connection request, and the VPN connection request may not be discarded.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Fig. 3 is a flow chart illustrating a method for providing VPN services according to an exemplary disclosed embodiment. The method is applied to a node in a block chain network, wherein the node can be a service node or a relay node, and the method comprises the following steps: receiving a VPN connection request of a client; determining subsequent nodes of the nodes according to forwarding sequence information of the nodes recorded in an intelligent contract of the block chain network, wherein the nodes comprise service nodes for providing VPN service; forwarding the received VPN connection request to the subsequent node. When the node is a serving node, the method further comprises: after receiving a VPN connection request of a client, providing VPN service for the client. As shown in fig. 3, the method comprises the steps of:
and S31, receiving a VPN connection request of the client.
For a first node in the forwarding order information, the VPN connection request is sent by the blockchain network; for other nodes, the VPN coupling request is sent by the preceding node.
S32, determining whether the nodes have subsequent nodes according to the forwarding sequence information of the nodes recorded in the intelligent contract of the block chain network.
If a subsequent node exists, go to step S33; if no subsequent node exists, the VPN connection request is discarded.
The forwarding order information may be a constant order preset by an administrator. The blockchain network may also automatically re-randomly order the nodes after a certain time interval, which may be an hour, a day, a week, a month, etc.
In a possible implementation, the forwarding sequence information is generated by the intelligent contract of the blockchain network sorting the nodes when the blockchain network receives a VPN connection request sent by a client, that is, the intelligent contract of the blockchain network randomly sorts the nodes in the blockchain network once each VPN connection request is received, so that the forwarding sequence information changes each time a VPN connection request is received, and the security of a VPN server (i.e., a service node) in the blockchain network is further increased.
When receiving the VPN connection request, the node in the blockchain network may determine whether a subsequent node exists according to the forwarding sequence information, and if so, forward the VPN connection request to the subsequent node, and if not (that is, if the node is a chain tail), discard the VPN connection request or do no processing. The VPN connection request may traverse all relay nodes and serving nodes in the blockchain network.
And S33, judging whether the node is a relay node or a service node.
If the node is a relay node, go to step S34, and if the node is a serving node, go to step S35.
S34, forwarding the received VPN connection request to the subsequent node.
S35, providing VPN service for the client, and forwarding the received VPN connection request to the subsequent node.
When the service node receives the VPN connection request, the service node may verify the verification information in the VPN connection request, and after the verification is passed, the service node may provide the VPN service for the client (e.g., feed back information to the client through the blockchain network, etc.). After receiving the VPN connection request, the service node not only needs to provide the VPN service to the client, but also needs to forward the VPN connection request to a subsequent node (if the subsequent node exists), so that the VPN connection request is forwarded by all the relay nodes, and other people are difficult to locate a specific address of the service node according to the interrupt position of the forwarding record, thereby further ensuring the information security of the service node.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the forwarding the received VPN coupling request to the successor node includes: before forwarding the VPN connection request to a next hop node, the node decrypts the access information of the next hop node through a private key of the node; and after the decrypted access information is obtained, forwarding the VPN connection request to the next hop node according to the access information.
Optionally, the method further includes determining a previous hop node of the node according to the forwarding sequence information, encrypting the IP address and/or the port of the node by using the public key of the previous hop node, and writing the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; the forwarding the received VPN coupling request to the successor node includes: when receiving a VPN connection request, the source address information of the VPN connection request is replaced by the address information of the node, and the destination address information of the VPN connection request is replaced by the address information of the next hop node of the node and then is transmitted.
With regard to the method in the above-described embodiment, the detailed implementation of each step has been described in detail in the embodiment related to the blockchain network, and will not be elaborated herein.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Fig. 4 is a flow chart illustrating an apparatus for providing VPN services according to an exemplary disclosed embodiment. The apparatus 400 is applied to a node in a block chain network, where the node may be a serving node or a relay node, and the apparatus 400 includes:
a receiving module 410, configured to receive a VPN connection request of a client.
The determining module 420 is configured to determine a subsequent node of the nodes according to the forwarding sequence information of the plurality of nodes recorded in the intelligent contract of the block chain network.
A forwarding module 430, configured to forward the received VPN connection request to the subsequent node.
When the apparatus 400 is applied to the service node, the apparatus 400 further includes a service module for providing a VPN service to the client.
Optionally, the access information of the next hop node of the node is further recorded in the intelligent contract for each node, and the access information of the next hop node of any node is obtained by encrypting the IP address and/or the port of the next hop node of the node through the public key of the node; the device also comprises a decryption module used for decrypting the access information of the next hop node through a private key of the decryption module, and the forwarding module is used for forwarding the VPN connection request to the next hop node according to the access information after the decrypted access information is obtained.
Optionally, the apparatus further includes an encryption module, configured to determine a previous-hop node of the node according to the forwarding sequence information, encrypt the IP address and/or the port of the node by using a public key of the previous-hop node, and write the encrypted IP address and/or port into the intelligent contract.
Optionally, the VPN connection request includes source address information and destination address information; and the forwarding module is used for replacing the source address information of the VPN connection request with the address information of the node and replacing the destination address information of the VPN connection request with the address information of the next hop node of the node for sending when receiving the VPN connection request.
With regard to the apparatus in the above embodiments, the specific implementation of each module has been described in detail in the embodiments related to the blockchain network, and will not be elaborated herein.
Through the technical scheme, when the VPN connection request is initiated from the outside, the connection request is forwarded through a plurality of nodes in the blockchain network, and the service node in the blockchain network provides the VPN service, so that the VPN server (namely the service node) can be hidden in the blockchain network, an external connector cannot know which node in the blockchain network the real VPN server is, and therefore cannot attack the VPN server, and therefore the address of the VPN server can be effectively hidden on the basis that the VPN server can receive the access request from any position in the internet, and the information security of the VPN server can be protected.
Fig. 5 is a schematic diagram illustrating a node device according to an exemplary disclosed embodiment. The node device may be provided as a relay node or a serving node in the above-described blockchain network. Referring to fig. 5, the electronic device 500 comprises a processor 522, which may be one or more in number, and a memory 532 for storing computer programs executable by the processor 522. The computer programs stored in memory 532 may include one or more modules that each correspond to a set of instructions. Further, the processor 522 may be configured to execute the computer program to perform the above-described method for providing a VPN service.
Additionally, the electronic device 500 may also include a power component 526 and a communication component 550, the power component 526 may be configured to perform power management of the electronic device 500, and the communication component 550 may be configured to enable communication, e.g., wired or wireless communication, of the electronic device 500. In addition, the electronic device 500 may also include input/output (I/O) interfaces 558. The electronic device 500 may operate based on an operating system stored in memory 532, such as Windows Server, Mac OS XTM, UnixTM, Linux, and the like.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the above-described method for providing VPN services is also provided. For example, the computer readable storage medium may be the memory 532 described above including program instructions that are executable by the processor 522 of the electronic device 500 to perform the method for providing VPN services described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned method for providing VPN services when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.