CN113067908B - NAT (network Address translation) traversing method and device, electronic equipment and storage medium - Google Patents
NAT (network Address translation) traversing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113067908B CN113067908B CN202010002187.4A CN202010002187A CN113067908B CN 113067908 B CN113067908 B CN 113067908B CN 202010002187 A CN202010002187 A CN 202010002187A CN 113067908 B CN113067908 B CN 113067908B
- Authority
- CN
- China
- Prior art keywords
- nat
- cpe
- type
- equipment
- address information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 238000013519 translation Methods 0.000 title claims description 8
- 238000012545 processing Methods 0.000 claims description 59
- 238000012360 testing method Methods 0.000 claims description 54
- 238000004590 computer program Methods 0.000 claims description 15
- 238000004080 punching Methods 0.000 claims description 7
- 230000005641 tunneling Effects 0.000 claims description 2
- 238000006243 chemical reaction Methods 0.000 claims 1
- 102100039223 Cytoplasmic polyadenylation element-binding protein 1 Human genes 0.000 description 26
- 101710143198 Cytoplasmic polyadenylation element-binding protein 1 Proteins 0.000 description 26
- 238000001514 detection method Methods 0.000 description 16
- 238000010586 diagram Methods 0.000 description 15
- 230000008569 process Effects 0.000 description 12
- 230000003993 interaction Effects 0.000 description 10
- 238000013507 mapping Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 230000004044 response Effects 0.000 description 8
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- UDPGUMQDCGORJQ-UHFFFAOYSA-N (2-chloroethyl)phosphonic acid Chemical compound OP(O)(=O)CCCl UDPGUMQDCGORJQ-UHFFFAOYSA-N 0.000 description 2
- 238000004690 coupled electron pair approximation Methods 0.000 description 2
- 238000011330 nucleic acid test Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and a device for NAT traversal, electronic equipment and a storage medium. The method comprises the following steps: determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE; and configuring an L2TP tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the public network address information which corresponds to the second CPE and is subjected to NAT.
Description
Technical Field
The present invention relates to mobile communication technologies, and in particular, to a Network Address Translation (NAT) traversal method, an apparatus, an electronic device, and a storage medium.
Background
A Layer Two Tunneling Protocol (L2 TP) technology is a very widely used Virtual Private Network (VPN) technology, and an L2TP user is first connected to an L2TP Access Concentrator (LAC) device through an Access Network, and then connected to a remote L2TP Network Server (LNS, L2TP Network Server) device through an L2TP tunnel of a lower Layer Network. The LAC and the LNS have a user management function, the LNS manages all L2TP users corresponding to one VPN in a centralized mode, and the L2TP tunnel passes through lower-layer network equipment between the LAC and the LNS.
In the related art, at least one of two ends of an L2TP tunnel running on a public network must have a public network address, otherwise, the L2TP tunnel cannot be established.
Disclosure of Invention
In view of this, the present invention mainly aims to provide a NAT traversal method, apparatus, electronic device, and storage medium.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the embodiment of the invention provides a Network Address Translation (NAT) traversing method, which is applied to a first Customer Premise Equipment (CPE); the method comprises the following steps:
determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
and configuring an L2TP tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the public network address information corresponding to the second CPE after NAT.
In the foregoing solution, the determining the type of the second NAT device includes:
and receiving the type of the second NAT equipment sent by the server.
In the above solution, the type corresponding to the first NAT device is basic NAT, and the type of the second NAT device is basic NAT or Network Address Port Translation (NAPT); determining the NAT-enabled public network address information corresponding to the second CPE, comprising:
and receiving an L2TP message which is sent by the second CPE and comprises public network address information corresponding to the second CPE after NAT.
In the above scheme, the method further comprises:
sending a first test message to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
In the above scheme, the method further comprises:
sending an L2TP message with a target address being any address; and the target address is an L2TP message of any address and is used for punching holes on the first NAT equipment.
In the foregoing solution, determining the NAT-passed public network address information corresponding to the second CPE when the type of the first NAT device is basic NAT or NAPT and the type of the second NAT device is basic NAT includes:
and receiving the public network address information which is sent by the server and corresponds to the second CPE after NAT.
In the foregoing solution, the method further includes:
sending a second test message to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
In the above scheme, the method further comprises:
and sending an L2TP message which comprises the public network address information corresponding to the first CPE after NAT to the second CPE.
In the foregoing embodiment, the NAPT includes at least one of: symmetric NAT, complete cone NAT, address restricted cone NAT, port restricted cone NAT.
In the foregoing solution, the tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
In the above scheme, the public network address information includes: public network address and port number.
The embodiment of the invention also provides a Network Address Translation (NAT) traversing method, which is applied to a server and comprises the following steps:
determining the type of a first NAT device and the type of a second NAT device; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
the public network address information is used for configuring an L2TP tunnel and tunnel address information.
In the foregoing solution, the determining the type of the first NAT device and the type of the second NAT device includes:
receiving a first test message sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine the type of the first NAT device; receiving the type of the first NAT equipment sent by a first CPE;
receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
In the foregoing solution, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the above solution, the public network address information includes: public network address and port number.
An embodiment of the present invention further provides a device for NAT traversal for network address translation, where the device is applied to a first CPE, and the device includes: the device comprises a first processing module and a second processing module;
the first processing module is used for determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information which corresponds to the second CPE and is subjected to NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
and the second processing module is used for configuring an L2TP tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the public network address information which corresponds to the second CPE and is subjected to NAT.
In the foregoing solution, the first processing module is configured to receive the type of the second NAT device sent by the server.
In the above solution, the type corresponding to the first NAT device is basic NAT, and the type of the second NAT device is basic NAT or NAPT; the first processing module is configured to receive an L2TP packet that includes public network address information after NAT and corresponds to the second CPE, and is sent by the second CPE.
In the above solution, the first processing module is further configured to send a first test packet to the server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
In the foregoing solution, the second processing module is further configured to send an L2TP packet with a destination address being any address; and the target address is an L2TP message of any address and is used for punching holes on the first NAT equipment.
In the foregoing solution, the first processing module is configured to receive public network address information after NAT, which is sent by a server and corresponds to the second CPE, where the type of the first NAT device is basic NAT or NAPT, and the type of the second NAT device is basic NAT.
In the above solution, the first processing module is further configured to send a second test packet to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
In the foregoing solution, the first processing module is further configured to send, to the second CPE, an L2TP packet including public network address information after NAT, which corresponds to the first CPE.
Specifically, the NAPT includes at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the foregoing solution, the tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
In the above scheme, the public network address information includes: public network address and port number.
The embodiment of the invention also provides a NAT traversal device, which comprises: the device comprises a third processing module, a fourth processing module and a fifth processing module; wherein,
the third processing module is used for determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
the fourth processing module is configured to send the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
the fifth processing module is configured to determine public network address information after NAT processing corresponding to the first CPE when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, and send the public network address information after NAT processing corresponding to the first CPE to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
the public network address information is used for configuring an L2TP tunnel and tunnel address information.
In the above solution, the third processing module is configured to receive a first test packet sent by a first CPE, where the first test packet includes address information of the first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device;
receiving a second test message sent by a second CPE, wherein the second test message comprises address information of the second CPE; sending a second result message based on the second test message; the second result message is used for the first CPE to determine the type of the second NAT equipment.
In the foregoing embodiment, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
In the above scheme, the public network address information includes: public network address and port number.
The embodiment of the invention also provides electronic equipment, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and is characterized in that the processor realizes the steps of the NAT traversal method at any one of the first CPE sides when executing the program; or,
the processor executes the program to realize the steps of any NAT traversal method at the server side.
The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the NAT traversal method on any one of the first CPE sides; or,
the processor executes the program to realize the steps of any NAT traversal method at the server side.
The embodiment of the invention provides a method, a device, electronic equipment and a storage medium for NAT traversal, which determine the type of a first NAT device, the type of a second NAT device and public network address information after NAT corresponding to a second CPE; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE; configuring an L2TP tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the public network address information corresponding to the second CPE after NAT; therefore, under the scene that both ends do not have public network addresses, the L2TP tunnel can be established.
Drawings
Fig. 1 is an architecture diagram of an existing L2TP tunnel establishment;
FIG. 2 is another architecture diagram for establishing an existing L2TP tunnel
Fig. 3 is a schematic flowchart of an NAT traversal method according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention;
fig. 5 is a schematic view of a scenario where one end traverses the NAT according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a second L2TP packet according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a third L2TP packet according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a NAT traversal device according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of another NAT traversal device according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Before describing the present invention in further detail with reference to embodiments, the L2TP tunnel will be described.
In an L2TP tunnel operating on a public network, at least one of two ends must have a public network address, otherwise the L2TP tunnel cannot be established. Fig. 1 is an architecture diagram of an existing L2TP tunnel establishment; at least one end of the two tunnels shown in fig. 1 has a public network address (NAT device is not connected), i.e. an L2TP tunnel can be established.
Fig. 2 is another architecture diagram for establishing an L2TP tunnel, as shown in fig. 2, both ends do not have public network addresses, and an L2TP tunnel cannot be actually established.
The present invention will be described in further detail with reference to examples.
Fig. 3 is a schematic flowchart of an NAT traversal method according to an embodiment of the present invention; as shown in fig. 3, the NAT traversal method is applied to the first CPE; the method comprises the following steps:
Specifically, the determining the type of the second NAT device includes: and receiving the type of the second NAT equipment sent by the server.
Here, the type of the second NAT device may be determined by a CPE connected to the second NAT device and the determined type is sent to the server; sending, by the server, the type of the second NAT device to the first CPE.
In an embodiment, the type of the first NAT device connected to the first CPE is basic NAT, and the type of the second NAT device connected to the second CPE is basic NAT or NAPT; the determining the public network address information corresponding to the second CPE after NAT includes:
and receiving an L2TP message which is sent by the second CPE and comprises (or carries) public network address information corresponding to the second CPE after NAT.
That is, the first CPE determines, based on the received L2TP packet, public network address information after NAT corresponding to the second CPE.
Here, it can be understood that the second CPE transmits an L2TP packet, the transmitted L2TP packet includes or carries an address, the L2TP packet is received by the first CPE after being subjected to NAT, and the displayed address is public network address information after being subjected to NAT corresponding to the second CPE, that is, the first CPE can determine public network address information after being subjected to NAT corresponding to the second CPE based on the received L2TP packet.
Here, the source address of the L2TP message sent by the second CPE is a private network address of the second CPE itself, and the destination address is public network address information (including a public network address and a port number) after NAT corresponding to the first CPE.
Specifically, the method further comprises:
sending a first test message to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
Here, the first test packet includes address information of the first CPE.
Specifically, the method further comprises:
sending an L2TP message with a target address being any address; and the target address is an L2TP message of any address and is used for punching a hole in the first NAT equipment.
Here, the type of the first NAT device connected to the first CPE is basic NAT, and the type of the second NAT device connected to the second CPE is basic NAT or NAPT; the first CPE may be an LNS, and the second CPE may be a Personal Computer (PC) or the like.
In an embodiment, when the type of the first NAT device connected to the first CPE is basic NAT or NAPT and the type of the second NAT device connected to the second CPE is basic NAT, the determining public network address information after NAT processing corresponding to the second CPE includes:
and receiving the public network address information which is sent by the server and corresponds to the second CPE after NAT.
Specifically, the method further comprises:
sending a second test message to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
Specifically, the method further comprises: and sending an L2TP message comprising the public network address information corresponding to the first CPE after NAT to the second CPE.
Here, the second CPE may be an LNS, and the first CPE is a Personal Computer (PC) or the like, corresponding to a case where the type of the first NAT device to which the first CPE is connected is basic NAT or NAPT, and the type of the second NAT device to which the second CPE is connected is basic NAT.
Specifically, the NAPT includes at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Specifically, the tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
Specifically, the private network address information includes: private network address and port number.
The public network address information comprises: public network address and port number.
Fig. 4 is a schematic flowchart of an NAT traversal method according to an embodiment of the present invention; as shown in fig. 4, the NAT traversal method is applied to a server, and the method includes:
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
the public network address information is used for configuring an L2TP tunnel and tunnel address information.
Here, when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, the corresponding first CPE is LNS, and the second CPE is a device such as a PC.
Conversely, when the type of the first NAT device is basic NAT or NAPT and the type of the second NAT device is basic NAT, that is, the corresponding first CPE is a device such as a PC, and the second CPE is an LNS.
Specifically, the determining the type of the first NAT device and the type of the second NAT device includes:
receiving a first test message sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device; receiving the type of the first NAT equipment sent by the first CPE
Receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
Here, the first test packet may include address information of the first CPE; the second test message may include address information of the second CPE.
Specifically, when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, the determining the NAT-passed public network address information corresponding to the first CPE includes:
and determining public network address information corresponding to the first CPE after NAT based on the received first test message.
Specifically, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
Specifically, the public network address information includes: public network address and port number.
The following describes the NAT traversal performed at both ends in conjunction with the above-mentioned methods shown in fig. 3 and fig. 4.
For example, the two ends include a CPEA (such as LNS) and a CPEB (such as PC), the CPEA is connected to the first NAT device, and the type of the first NAT device can only be a basic NAT; the CPEB is connected with a second NAT device, and the type of the second NAT device can be basic NAT or NAPT; the method for NAT traversal at two ends comprises the following steps:
step 01, the CPEA interacts with the server (specifically, sends a first test message and receives a corresponding result message) to determine the type of the first NAT equipment, and sends the type of the first NAT equipment to the server; the CPEB interacts with the server (specifically, sends a second test message and receives a corresponding result message) to determine the type of the second NAT equipment, and sends the type of the second NAT equipment to the server;
step 02, the server sends the type of the second NAT equipment to the CPEA; sending the type of the first NAT device to the CPEB;
step 03, the server determines public network address information corresponding to the CPEA after the NAT based on the first test message, and sends the public network address information corresponding to the CPEA after the NAT to the CPEB;
step 04, configuring and sending an L2TP message with a target address as an arbitrary address by the CPEA, and punching holes on the first NAT equipment;
step 05, the CPEB sends an L2TP message to the CPEA;
here, the source address of the L2TP message sent by the CPEB is the home-end private network address, and the destination address is the public network address information (including the public network address and port after NAT corresponding to the CEPA) after NAT corresponding to the CPEA;
step 06, the CPEA receives the L2TP message sent by the CPEB, and determines the public network address information corresponding to the CPEB after NAT;
here, after receiving the L2TP message, the CPEA displays the address as public network address information (including the public network address and port number after NAT corresponding to the CPEB) after NAT corresponding to the CPEB; it can be understood that the L2TP packet includes or carries an address, and after the CPEA receives the address, the displayed address is public network address information after passing through the NAT corresponding to the CPEB.
And step 07, performing interaction and forwarding of the conventional L2TP tunnel message between the CPEA and the CPEB.
The following further describes scenarios of the L2TP tunnel, where the L2TP tunnel generally has the following two types of scenarios:
1. an L2TP conventional scene, namely a scene that only one end passes through NAT;
a scenario in which one end of the L2TP traverses the NAT is mainly a mobile office scenario, a source end of the L2TP tunnel is at a PC end, and no L2TP Access Concentrator (LAC) device exists. The L2TP message of the PC terminal uses a User Datagram Protocol (UDP) 1701 port as a destination port. Specifically, refer to fig. 5, which is a schematic diagram of a scenario in which one end traverses the NAT.
2. The two ends of the L2TP tunnel pass through the NAT, namely the method is suitable for the applied scene;
1) In the scene that two ends of the L2TP penetrate through the NAT, the L2TP is used as a bearing tunnel;
2) One end of the CPE is an LNS used for receiving the message with the destination port 1701, and the other end of the CPE is equipment such as a PC.
Here, in the methods shown in fig. 3 and 4, the CPE that can be connected to the NAT device of the type basic NAT or NAPT is the PC or the like, and the CPE that can be connected only to the NAT device of the type basic NAT is the LNS.
Here, description is made for each type of NAT in the methods shown in fig. 3 and 4.
NAT can be mainly divided into two categories: basic NAT, NAPT (Network Address Port transfer); wherein,
the basic NAT is generally applicable to statically binding a public network address and an intranet host under the condition that NAT equipment has multiple public Internet Protocol (IP) addresses (hereinafter referred to as public network addresses), and the number of types of NAT equipment is small.
The NAPT is a conventional NAT type, which can map an internal address to a single IP address in the external network, adding a port number selected by the NAT device to the address. According to different mapping modes, NAPT can be divided into symmetric NAT and conical NAT, where the conical NAT includes: full cone NAT, address restricted cone NAT and port restricted cone NAT.
Specifically, NAPT is the most common NAT type in public networks, and is classified into the following four types:
1. symmetric NAT (Symmetric NAT)
The symmetric NAT maps all requests from the same internal network address and port to the same destination address and port to the same public network address and port. If the same intranet host sends a message to another destination address by using the same intranet address and port, different mappings are used. Unlike port-restricted NATs, which map all requests to the same public IP address and port, symmetric NATs map different requests to different mappings.
2. Complete Cone type NAT (Full Cone NAT)
The full cone NAT maps all requests from one internal IP address and port to the same external IP address and port. And any external host can realize the communication with the internal host by sending a message to the mapped external address. This is a relatively loose policy, and as long as the mapping relationship between the IP address and port of the internal network and the IP address and port of the public network is established, all hosts on the Internet can access the hosts behind the NAT device.
3. Address Restricted Cone type NAT (Address Restricted Cone NAT)
The address restriction cone NAT also maps all requests from the same internal IP address and port to the same public network IP address and port. However, unlike the full cone NAT, the public network host address can only send messages to the intranet host if and only if the intranet host has previously sent a message to the public network host address.
4. Port Restricted Cone type NAT (Port Restricted Cone NAT)
The port restriction cone NAT is similar to the address restriction cone NAT, but is more restrictive. The port limiting conical NAT increases the limitation of the port number, and only when the intranet host sends a message to the address and the port number of the public network host before, the address and the port number of the public network host can communicate with the intranet host.
Fig. 6 is a schematic flowchart of another NAT traversal method according to an embodiment of the present invention; as shown in fig. 6, in order to implement that two ends of an L2TP tunnel traverse an NAT, the NAT traversal method provided in the embodiment of the present invention includes: detecting the type of NAT equipment; and after the type of the NAT equipment is determined, configuring an L2TP tunnel and related address information according to the type of the NAT equipment.
The detecting the type of the NAT device comprises the following steps: in combination with other protocols (refer to NAT detection server, that is, related protocols required for interaction with the above server, such as IP protocol, etc.), the client-side gateway CPEA and the client-side gateway CPEB perform message interaction through the server for NAT detection (corresponding to the server in the methods shown in fig. 3 and fig. 4, and may use a public network free server or a network controller to function as both), and detect the types of NAT devices that the CPEA and the CPEB need to traverse, that is, the types of NAT devices connected to the CPEA and the types of NAT devices connected to the CPEB.
The L2TP tunnel and associated address information, including:
configuring L2TP to adopt a tunnel mode;
configuring tunnel address information; for each CPE, the tunnel address information includes: the private network address of the home terminal and the public network address of the opposite terminal after NAT.
The method of the above embodiment of the present invention is explained below using different types of NAT devices.
In the first embodiment, after the message interaction with the NAT detection server, the type of the NAT device connected with the CPEA is determined to be the basic NAT, and the type of the NAT device connected with the CPEB is determined to be the basic NAT.
The NAT traversal method comprises the following steps:
001, the NAT detection Server sends a first L2TP message to the CPEB to inform the NAT detection Server of the public network address which is recorded by the NAT detection Server and corresponds to the CPEA and is subjected to NAT;
002, configuring and sending a second L2TP message by the CPEA; the configured source address information of the second L2TP packet includes a home-end private network address and a port number (for example, the port number is 1701 in fig. 5, and the port is still 1701 after basic NAT mapping), and the destination address is an arbitrary address; here, configuring a message with a destination address as an arbitrary address for punching a hole on the NAT connected by the CPEA);
fig. 7 is a schematic structural diagram of a second L2TP packet according to an embodiment of the present invention; as shown in fig. 7, the second L2TP packet at least includes one of the following: an Outer Ethernet header (Outer Ethernet header), an Outer IP header (Outer IP header), an Outer UDP header (Outer UDP header); the source address of the second L2TP message includes: the destination address of the home private network port (1701) is an arbitrary address.
Step 003, the CPEB configures a third L2TP message, the source address of the third L2TP message is the local private network address, the destination address is the public network address and port after NAT corresponding to CPEA (namely 1701); and the CPEB sends the third LT2P message to the CPEA, so that after the CPEA receives the third L2TP message, the CPEA obtains a public network address and a port which correspond to the CPEB and are subjected to NAT based on the third L2TP message.
Fig. 8 is a schematic structural diagram of a third L2TP packet according to an embodiment of the present invention; as shown in fig. 8, the third L2TP packet at least includes one of the following: an external ethernet header, an external IP header, an external UDP header; the destination address of the third L2TP message is the public network address and port 1701 after NAT corresponding to CPEA.
Step 004, through the above configuration, an L2TP tunnel is established between the CPEA and the CPEB, and interaction and forwarding of a conventional L2TP message can be performed.
In the second embodiment, after the message interaction with the NAT detection server, it is determined that the type of the CPEA-connected NAT device is the basic NAT and the type of the CPEB-connected NAT device is the full cone NAT:
here, the full cone NAT has the same NAT mapping for the same source and port IP packets, that is, the full cone NAT maps all requests from the same internal IP address and port to the same external IP address and port. And any external host can realize the communication with the internal host by sending a message to the mapped external address.
Therefore, the same method as in the first embodiment described above may be used for the treatment.
After the message interaction with the NAT detection server, the type of the CPEA-connected NAT device is determined to be a basic NAT, and the type of the CPEB-connected NAT device is determined to be an address restriction cone:
here, the address restriction conical NAT has the same NAT mapping for the same source and port IP messages (i.e. all requests from the same internal IP address and port are mapped to the same public network IP address and port); however, unlike the full cone NAT, the public network host can send a message to the intranet host if and only if the intranet host has previously sent a message to the public network host address.
For the scenario that the address-restricted conical NAT device is the CPEB-connected NAT, the same method as that in the first embodiment may be used to perform the processing.
After the message interaction with the NAT detection server, the type of the CPEA-connected NAT device is determined to be the basic NAT, and the type of the CPEB-connected NAT device is determined to be the port restricted conical NAT:
here, the port restricted conical NAT is also a same-source same-port IP packet NAT mapping (i.e. all requests from the same internal IP address and port are mapped to the same public network IP address and port), but the port restricted conical NAT increases the restriction on the port number, and a public network host can communicate with the intranet host if and only if the internal host has previously sent a packet to the public network host address.
For the scenario that the CPEB-connected NAT device is a port-restricted conical NAT, the same method as that in the first embodiment may be used to perform the processing.
And after message interaction with the NAT detection server, determining that the type of the NAT equipment connected with the CPEA is the basic NAT and the type of the NAT equipment connected with the CPEB is the symmetric NAT.
Here, a symmetric NAT will map all requests from the same internal IP address and port to the same public IP address and port. If the same intranet host sends a message to another destination address by using the same intranet address and port, different mappings are used.
That is, the destination address sent by CPEB is always the NAT-enabled public network address and port number 1701 corresponding to CPEA. Therefore, for a scenario in which the NAT device connected to the CPEB is a symmetric NAT, the same method as that in the first embodiment may be used to perform the processing.
The following is a further description of probing the type of NAT device.
Taking CPEA-connected NAT devices as an example (the detection methods of CPEA-connected NAT devices are the same, and therefore only one of the CPEA-connected NAT devices is taken as an example for explanation here), the NAT detection server receives a first test message sent by the CPEA; the first test message comprises address information (IP address and port) of CPEA, and the NAT detection server executes the following steps after determining that the first test message is received.
The first step is as follows: detecting whether the CPE is positioned behind NAT equipment or not;
the client of the CPEA establishes a UDP socket (socket), sends a data packet (namely the first test message) to (IP-1, port-1) of the server by using the established UDP socket and requires the server to return address information (including IP and Port) of the CPE, the client immediately starts to receive the data packet after sending a request, and socket Timeout (300 ms) can be set to prevent infinite blocking; this process was repeated several times. If the time is out every time and the response of the server cannot be received, the CPEA cannot carry out UDP communication, and possibly a firewall or NAT equipment prevents the UDP communication.
When the client of the CPEA can receive the response of the server, the (IP, port) returned by the server needs to be compared with the (localp, localPort) of the CPE socket, and if the (IP, port) returned by the server is completely the same as the (LocalPort), the CPEA is determined not to be behind the NAT device; if not, the CPEA is determined to be behind the NAT equipment, and the type of the NAT equipment needs to be further detected.
The second step is that: detecting whether the NAT equipment is a complete cone type NAT or not;
the client of the CPEA establishes a UDP socket, the established UDP socket is used for sending a data packet to the (IP-1, port-1) of the server to request the server to respond to the client by another pair (IP-2, port-2), the server responds to a request and returns a data packet, the client immediately starts to receive the data packet after sending the request, the socket Timeout (300 ms) can be set, infinite blockage is prevented, and the process is repeated for a plurality of times. If the server can receive a response UDP packet returned from (IP-2, port-2), the NAT is a complete cone type NAT; if the time is out every time and the response of the server cannot be received, the NAT equipment connected with the CPEA is not a complete cone type NAT, the specific type of the NAT equipment is detected in the next step, and the next step is started.
The third step: detecting whether the NAT equipment is a symmetric NAT or not;
the client of the CPEA establishes a UDP socket, sends a data packet to (IP-1, port-1) of the server by using the established UDP socket, requires the server to return the IP and the Port of the client, immediately starts to receive the data packet after the client sends a request, can set socket Timeout (300 ms), and prevents infinite blockage; this process is repeated until a response is received;
sending a packet to the server (IP-2, port-2) with another socket in the same way requires the server to return IP and Port.
Comparing the (IP, port) returned from the server in the two processes, if the (IP, port) returned from the two processes are different, the two processes are indicated as symmetrical NAT, otherwise, the two processes are restricted conical NAT, and specifically, whether the two processes are Port restricted conical NAT enters the next detection;
the fourth step: detecting that the NAT equipment is an address limiting cone type NAT or a port limiting cone type NAT;
the client of the CPEA establishes a UDP socket, sends a data packet to (IP-1, port-1) of the server by using the established UDP socket, requires the server to send a UDP data packet to respond by using the IP-1 and a Port different from the Port-1, immediately starts to receive the data packet after the client sends a request, sets socket Timeout (300 ms), and prevents infinite blockage; this process is repeated several times. If the time is out every time, the response of the server cannot be received, the terminal is indicated to be a port restriction cone type NAT, and if the response of the server can be received, the terminal is indicated to be an address restriction cone type NAT.
The data packet sent by the client of the CEPA is the first test packet, and correspondingly, the data packet sent by the server is the first result packet fed back.
The server to which the NAT traversal method in the embodiment of the present invention is applied may be a public network free server or a public network controller, that is, the public network free server or the public network controller may be functionally extended, so as to implement the foregoing scheme.
It should be noted that the method for detecting the type of the NAT device is only an embodiment, and other methods may also be used in the embodiment of the present invention to perform detection, and after the type of the connected NAT device is determined after detection, the result is sent to the server, and is sent to the opposite-end CPE through the server. For example: after the CPEA determines the type of the connected NAT equipment through interaction with the server, the CPEA sends a result to the server, and the server can send the result to the CPEB; the reverse is the same.
Fig. 9 is a schematic structural diagram of an NAT traversal device according to an embodiment of the present invention; as shown in fig. 9, the NAT traversal apparatus is applied to a first CPE, and the apparatus includes: a first processing module and a second processing module;
the first processing module is used for determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
and the second processing module is used for configuring an L2TP tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the public network address information which corresponds to the second CPE and is subjected to NAT.
Specifically, the first processing module is configured to receive the type of the second NAT device sent by the server.
In an embodiment, the type corresponding to the first NAT device is basic NAT, and the type of the second NAT device is basic NAT or NAPT; the first processing module is configured to receive an L2TP packet that includes public network address information after NAT and corresponds to the second CPE, and is sent by the second CPE.
Specifically, the first processing module is further configured to send a first test packet to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
Specifically, the second processing module is further configured to send an L2TP packet with a destination address being an arbitrary address; and the target address is an L2TP message of any address and is used for punching a hole in the first NAT equipment.
In an embodiment, in response to the fact that the type of the first NAT device is basic NAT or NAPT and the type of the second NAT device is basic NAT, the first processing module is configured to receive public network address information after NAT processing, which is sent by the server and corresponds to the second CPE.
Specifically, the first processing module is further configured to send a second test packet to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the second server, determining the type of the NAT equipment connected with the second server based on the second result message, and sending the determined type of the NAT equipment connected with the second server to the server.
Specifically, the first processing module is further configured to send an L2TP packet including public network address information after NAT corresponding to the first CPE to the second CPE.
Specifically, the NAPT includes at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
The tunnel address information includes at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
The public network address information comprises: public network address and port number.
Fig. 10 is a schematic structural diagram of another NAT traversal device according to an embodiment of the present invention; as shown in fig. 10, the NAT traversal device is applied to a server, and the device includes: the device comprises a third processing module, a fourth processing module and a fifth processing module; wherein,
the third processing module is used for determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
the fourth processing module is configured to send the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
the fifth processing module is configured to, when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, determine public network address information after NAT processing corresponding to the first CPE, and send the public network address information after NAT processing corresponding to the first CPE to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
the public network address information is used for configuring an L2TP tunnel and tunnel address information.
Specifically, the third processing module is configured to receive a first test packet sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine a type of the first NAT device; receiving the type of the first NAT equipment sent by the first CPE
Receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
Specifically, the NAPT includes at least one of:
symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
The public network address information comprises: public network address and port number.
Fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present invention; as shown in fig. 11, the apparatus 110 includes: a processor 1101 and a memory 1102 for storing computer programs operable on the processor; wherein, when the electronic device is applied to a first CPE, the processor 1101 is configured to execute, when running the computer program, the following steps:
in an embodiment, the processor 1101 is further configured to, when running the computer program, perform: determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
and configuring an L2TP tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the public network address information which corresponds to the second CPE and is subjected to NAT.
Specifically, the method shown in fig. 3 executed by the electronic device belongs to the same concept as the NAT traversal method embodiment shown in fig. 3, and the specific implementation process thereof is described in detail in the method embodiment, and is not described herein again.
As another embodiment, when the electronic device is applied to a server, the processor 1101 is configured to execute, when running the computer program, the following steps: determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
the public network address information is used for configuring an L2TP tunnel and tunnel address information.
Specifically, the method shown in fig. 4 is executed by the electronic device, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 4, and the specific implementation process of the method is described in detail in the method embodiment and is not described herein again.
In practical applications, the apparatus 110 may further include: at least one network interface 1103. The various components in electronic device 110 are coupled together by a bus system 1104. It is understood that the bus system 1104 is used to enable communications among the components for connection. The bus system 1104 includes a power bus, a control bus, and a status signal bus in addition to the data bus. For clarity of illustration, however, the various buses are designated as the bus system 1104 in FIG. 11. Wherein, the number of the processors 1101 may be at least one. The network interface 1103 is used for wired or wireless communication between the electronic device 110 and other devices.
The memory 1102 in embodiments of the present invention is used to store various types of data to support the operation of the electronic device 110.
The methods disclosed in the embodiments of the present invention described above may be implemented in the processor 1101 or by the processor 1101. The processor 1101 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by instructions in the form of hardware, integrated logic circuits, or software in the processor 1101. The Processor 1101 described above may be a general purpose Processor, a DiGital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 1101 may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 1102, and the processor 1101 reads the information in the memory 1102 to perform the steps of the aforementioned methods in conjunction with its hardware.
In an exemplary embodiment, the electronic Device 110 may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, programmable Logic Devices (PLDs), complex Programmable Logic Devices (CPLDs), field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the aforementioned methods.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where when the computer program is executed by a processor, the computer program executes: determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE; and configuring an L2TP tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the public network address information which corresponds to the second CPE and is subjected to NAT. Specifically, when the computer program is executed by the processor, the method shown in fig. 3 is executed, which belongs to the same concept as the NAT traversal method embodiment shown in fig. 3, and the specific implementation process thereof is described in detail in the method embodiment, and is not described herein again.
As another implementation manner, when executed by a processor, the computer program performs: determining the type of a first NAT device and the type of a second NAT device; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE; sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE; under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE; under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE; the public network address information is used for configuring an L2TP tunnel and tunnel address information. Specifically, when being executed by the processor, the computer program may execute the method shown in fig. 4, and belongs to the same concept as the NAT traversal method embodiment shown in fig. 4.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described device embodiments are merely illustrative, for example, the division of the unit is only one logical function division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps of implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer-readable storage medium, and when executed, executes the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (17)
1. A NAT traversing method is applied to a first Customer Premise Equipment (CPE); characterized in that the method comprises:
determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information which corresponds to the second CPE and is subjected to NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
configuring a second layer tunneling protocol (L2 TP) tunnel and tunnel address information based on the type of the first NAT equipment, the type of the second NAT equipment and the NAT-passed public network address information corresponding to the second CPE;
wherein, determining the public network address information corresponding to the second CPE after NAT comprises:
receiving public network address information which is sent by a server and corresponds to a second CPE after NAT, wherein the type of the first NAT equipment is basic NAT, and the type of the second NAT equipment is basic NAT or the condition of network address port conversion NAPT;
and receiving an L2TP message which is sent by the second CPE and comprises public network address information after NAT corresponding to the second CPE and corresponds to the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT.
2. The method of claim 1, wherein the determining the type of the second NAT device comprises:
and receiving the type of the second NAT equipment sent by the server.
3. The method of claim 1, further comprising:
sending a first test message to a server; the first test message is used for the server to determine public network address information corresponding to the first CPE after NAT, and to request the server to send a first result message;
and receiving a first result message sent by the server, determining the type of the NAT equipment connected with the server based on the first result message, and sending the determined type of the NAT equipment connected with the server to the server.
4. The method of claim 3, further comprising:
sending an L2TP message with a target address being any address; and the target address is an L2TP message of any address and is used for punching a hole in the first NAT equipment.
5. The method of claim 1, further comprising:
sending a second test message to the server; the second test message is used for requesting the server to send a second result message;
and receiving a second result message sent by the server, determining the type of the NAT equipment connected with the server based on the second result message, and sending the determined type of the NAT equipment connected with the server to the server.
6. The method of claim 5, further comprising:
and sending an L2TP message which comprises the public network address information corresponding to the first CPE after NAT to the second CPE.
7. The method of claim 1, wherein the NAPT comprises at least one of: symmetric NAT, perfect cone NAT, address restricted cone NAT, port restricted cone NAT.
8. The method of claim 1, wherein the tunnel address information comprises at least one of:
private network address information of the first CPE, and public network address information corresponding to the second CPE after NAT.
9. The method of claim 8, wherein the public network address information comprises: public network address and port number.
10. A NAT traversal method is applied to a server, and is characterized by comprising the following steps:
determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
sending the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or NAPT, determining public network address information corresponding to the first CPE after NAT, and sending the public network address information corresponding to the first CPE after NAT to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
the public network address information is used for configuring an L2TP tunnel and tunnel address information.
11. The method of claim 10, wherein determining the type of the first NAT device and the type of the second NAT device comprises:
receiving a first test message sent by a first CPE; sending a first result message based on the first test message; the first result message is used by the first CPE to determine the type of the first NAT device; receiving the type of the first NAT equipment sent by a first CPE;
receiving a second test message sent by a second CPE; sending a second result message based on the second test message; the second result message is used for the second CPE to determine the type of the second NAT equipment; and receiving the type of the second NAT equipment sent by the second CPE.
12. The method according to claim 10, wherein the NAPT comprises at least one of:
symmetric NAT, complete cone NAT, address restricted cone NAT, port restricted cone NAT.
13. The method of claim 10, wherein the public network address information comprises: public network addresses and port numbers.
14. An NAT traversal apparatus, applied to a first CPE, comprising: a first processing module and a second processing module;
the first processing module is used for determining the type of the first NAT equipment, the type of the second NAT equipment and public network address information corresponding to the second CPE after NAT; the first NAT equipment is connected with the first CPE, and the second NAT equipment is connected with the second CPE;
the second processing module is configured to configure an L2TP tunnel and tunnel address information based on the type of the first NAT device, the type of the second NAT device, and the NAT-passed public network address information corresponding to the second CPE;
wherein, determining the public network address information corresponding to the second CPE after NAT comprises:
receiving public network address information which is sent by a server and corresponds to a second CPE after NAT, wherein the public network address information corresponds to the situation that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT or network address port translation NAPT;
and receiving an L2TP message which is sent by the second CPE and comprises public network address information after NAT corresponding to the second CPE and corresponds to the condition that the type of the first NAT equipment is basic NAT and the type of the second NAT equipment is basic NAT.
15. An apparatus for NAT traversal, the apparatus comprising: the device comprises a third processing module, a fourth processing module and a fifth processing module; wherein,
the third processing module is used for determining the type of the first NAT equipment and the type of the second NAT equipment; the first NAT equipment is connected with a first CPE, and the second NAT equipment is connected with a second CPE;
the fourth processing module is configured to send the type of the second NAT device to the first CPE; sending the type of the first NAT device to the second CPE;
the fifth processing module is configured to, when the type of the first NAT device is basic NAT and the type of the second NAT device is basic NAT or NAPT, determine public network address information after NAT processing corresponding to the first CPE, and send the public network address information after NAT processing corresponding to the first CPE to the second CPE;
under the condition that the type of the first NAT equipment is basic NAT or NAPT and the type of the second NAT equipment is basic NAT, determining public network address information corresponding to the second CPE after NAT, and sending the public network address information corresponding to the second CPE after NAT to the first CPE;
the public network address information is used for configuring an L2TP tunnel and tunnel address information.
16. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method of any one of claims 1 to 9 when executing the program; or,
the processor, when executing the program, implements the steps of the method of any of claims 10 to 13.
17. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 9; or,
the processor, when executing the program, performs the steps of the method of any one of claims 10 to 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010002187.4A CN113067908B (en) | 2020-01-02 | 2020-01-02 | NAT (network Address translation) traversing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010002187.4A CN113067908B (en) | 2020-01-02 | 2020-01-02 | NAT (network Address translation) traversing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113067908A CN113067908A (en) | 2021-07-02 |
| CN113067908B true CN113067908B (en) | 2023-03-31 |
Family
ID=76558203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010002187.4A Active CN113067908B (en) | 2020-01-02 | 2020-01-02 | NAT (network Address translation) traversing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113067908B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004063843A2 (en) * | 2003-01-15 | 2004-07-29 | Matsushita Electric Industrial Co., Ltd. | PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATOR (NATs) AT BOTH ENDS |
| CN101217435B (en) * | 2008-01-16 | 2011-03-16 | 中兴通讯股份有限公司 | L2TP over IPSEC remote access method and device |
| CN105516062B (en) * | 2014-09-25 | 2020-07-31 | 南京中兴软件有限责任公司 | Method for realizing L2 TP over IPsec access |
| CN106027508A (en) * | 2016-05-11 | 2016-10-12 | 北京网御星云信息技术有限公司 | Authentication encrypted data transmission method and device |
| CN108512755B (en) * | 2017-02-24 | 2021-03-30 | 华为技术有限公司 | Method and device for learning routing information |
-
2020
- 2020-01-02 CN CN202010002187.4A patent/CN113067908B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113067908A (en) | 2021-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105376299B (en) | Network communication method, equipment and network attached storage equipment | |
| US6591306B1 (en) | IP network access for portable devices | |
| US9705844B2 (en) | Address management in a connectivity platform | |
| RU2543304C2 (en) | Packet relay method and device | |
| US20050066035A1 (en) | Method and apparatus for connecting privately addressed networks | |
| CN100464540C (en) | Communication for spanning gateway | |
| CN105072213B (en) | A kind of two-way traversing method of IPSec NAT, system and vpn gateway | |
| US11888818B2 (en) | Multi-access interface for internet protocol security | |
| CN112039905B (en) | Reverse connection-based network communication method and device, electronic equipment and medium | |
| CN115022281B (en) | NAT penetration method, client and system | |
| US9413590B2 (en) | Method for management of a secured transfer session through an address translation device, corresponding server and computer program | |
| CN113067910B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| Thaler | Teredo extensions | |
| Abdulla | Survey of security issues in IPv4 to IPv6 tunnel transition mechanisms | |
| CN113067908B (en) | NAT (network Address translation) traversing method and device, electronic equipment and storage medium | |
| US20180063255A1 (en) | Method and Apparatus for Terminal Application Accessing NAS | |
| CN110351394B (en) | Network data processing method and device, computer device and readable storage medium | |
| CN103516820A (en) | Port forwarding method and apparatus based on MAC address | |
| WO2011044810A1 (en) | Method, device and system for implementing multiparty communication | |
| JP3575369B2 (en) | Access routing method and access providing system | |
| CN113067911B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging | |
| Pandya | Transmission control protocol/internet protocol packet analysis | |
| CN114513387A (en) | Tunnel establishment method, device and equipment | |
| US20170264454A1 (en) | Method and apparatus for routing data to cellular network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |