CN114285891A - SSLVPN-based session reconstruction method and system - Google Patents
SSLVPN-based session reconstruction method and system Download PDFInfo
- Publication number
- CN114285891A CN114285891A CN202111535678.6A CN202111535678A CN114285891A CN 114285891 A CN114285891 A CN 114285891A CN 202111535678 A CN202111535678 A CN 202111535678A CN 114285891 A CN114285891 A CN 114285891A
- Authority
- CN
- China
- Prior art keywords
- session
- information
- sslvpn
- client
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 121
- 230000008569 process Effects 0.000 claims abstract description 71
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 abstract description 12
- 230000000694 effects Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 13
- 230000009471 action Effects 0.000 description 5
- 238000011084 recovery Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000875 corresponding effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The embodiment of the application provides a session reestablishment method and system based on an SSLVPN, an electronic device and a storage medium, and relates to the technical field of network communication. The session reestablishment method based on the SSLVPN comprises the following steps: acquiring configuration overloading information; sending session reestablishment information to the client according to the configuration overloading information; receiving additional connection information returned by the client, wherein the additional connection information comprises session key information of an old VPN session; matching according to the conversation key information to generate a matching result; and rebuilding the working process of the new VPN session according to the matching result. The SSLVPN-based session reconstruction method can achieve the technical effects of simplifying the session reconstruction process and saving the resources of the authentication server.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method, a system, an electronic device, and a storage medium for session reestablishment based on an SSLVPN.
Background
At present, a Virtual Private Network (VPN) technology for establishing a remote secure access channel based on a Secure Socket Layer (SSL), which is also called as SSLVPN; SSLVPN is a VPN technology that has emerged in recent years, and its application has been rapidly developed with the popularization of the Web and the rise of electronic commerce and telecommuting.
In the prior art, a VPN technology for establishing a remote secure access channel based on a secure socket layer protocol disconnects an original client session when a VPN server is configured and switched, and then the client actively initiates connection reestablishment, and at this time, authentication is initiated to an authentication server again. However, when the configuration of the existing SSLVPN server changes, the original VPN session is disconnected, requiring the client user to make an active reconnection; when the session is recovered, the access process is repeated, and the authentication server needs to be authenticated again, which increases the burden of the authentication server.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method, a system, an electronic device, and a storage medium for session reconstruction based on SSLVPN, which can achieve the technical effects of simplifying a session reconstruction process and saving resources of an authentication server.
In a first aspect, an embodiment of the present application provides a session reestablishing method based on an SSLVPN, including:
acquiring configuration overloading information;
sending session reestablishment information to the client according to the configuration overloading information;
receiving additional connection information returned by the client, wherein the additional connection information comprises session key information of an old VPN session;
matching according to the conversation key information to generate a matching result;
and rebuilding the working process of the new VPN session according to the matching result.
In the implementation process, when the SSLVPN-based session reconstruction method performs configuration updating at the SSLVPN server, configuration overloading information is firstly acquired, and the session can be reestablished at the SSLVPN server through session reconstruction information, additional connection information returned by a client and the like; therefore, when the SSLVN server configuration is updated, the VPN session between the SSLVN server and the client is logically disconnected, the client does not need to actively log in, and the client does not sense; in the process, the re-authentication is not needed through the authentication server, and the session reconstruction process is simplified, so that the resources of the authentication server are saved; therefore, the SSLVPN-based session reconstruction method can achieve the technical effects of simplifying the session reconstruction process and saving the resources of the authentication server.
Further, the step of sending session reestablishment information to the client according to the configuration reload information includes:
generating heavy load notification information according to the configuration heavy load information, wherein the heavy load notification information is used for notifying the working process of the old VPN session;
and sending the session reestablishment information to the client according to the overload notice information.
In the implementation process, the working process of the old VPN session is notified through the heavy load notification information; after receiving the overload notification information, all VPN sessions are informed, and session reestablishment information is sent to the client side so that the client side can execute the action.
Further, after the step of obtaining the configuration reload information, the method further comprises:
and establishing a working process of the new VPN session.
In the implementation process, after the configuration overload occurs at the SSLVPN server, the work process of the new VPN session is established, so that the reconnection between the SSLVPN server and the client is facilitated.
Further, before the step of reconstructing a working process of a new VPN session according to the matching result, the method further includes:
attaching a work process of the new VPN session to a logical session.
In the implementation process, the SSLVPN server matches the session key information in the additional connection information, and if the matching is successful, the working process of the new VPN session is added to the VPN logical session (one VPN logical session can have a plurality of VPN communication sessions); therefore, repeated authentication can be avoided through the steps, the session recovery process is more convenient and fast on the premise of safety, and resources of the authentication server are saved.
Further, the step of reconstructing the working process of the VPN session according to the matching result includes:
judging whether the session key information is successfully matched according to the matching result;
if the matching is successful, closing the old VPN session, and enabling the new VPN session to communicate with the client;
and if the matching is unsuccessful, closing the old VPN session, and acquiring login information sent by the client to reestablish the working process of the new VPN session.
In the implementation process, when the matching is successful, the session reconstruction process can be simplified, and the authentication server resources are saved; and when the matching is unsuccessful, the client can still actively log in again and establish connection with the SSLVPN server.
In a second aspect, an embodiment of the present application provides a session reestablishing system based on an SSLVPN, including:
the configuration overloading module is used for acquiring configuration overloading information;
the heavy load notification module is used for sending session reconstruction information to the client according to the configuration heavy load information;
an additional connection module, configured to receive additional connection information returned by the client, where the additional connection information includes session key information of an old VPN session;
the matching module is used for matching according to the conversation key information to generate a matching result;
and the session reestablishing module is used for reestablishing the working process of the new VPN session according to the matching result.
Further, the reload notification module comprises:
the notification information unit is used for generating heavy-load notification information according to the configuration heavy-load information, and the heavy-load notification information is used for notifying the working process of the old VPN session;
and the heavy load notification unit is used for sending the session reestablishment information to the client according to the heavy load notification information.
Further, the SSLVPN-based session reestablishment system further includes:
and the new VPN session establishing module is used for establishing the working process of the new VPN session.
Further, the SSLVPN-based session reestablishment system further includes:
a logical session module for attaching the work process of the new VPN session to a logical session.
Further, the session reestablishment module includes:
the judging unit is used for judging whether the session key information is successfully matched according to the matching result;
the first session reestablishing unit is used for closing the old VPN session and enabling the new VPN session to communicate with the client if the matching is successful;
and the second session reestablishing unit is used for closing the old VPN session and acquiring login information sent by the client to reestablish the working process of the new VPN session if the matching is unsuccessful.
In a third aspect, an electronic device provided in an embodiment of the present application includes: memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to any of the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium having instructions stored thereon, which, when executed on a computer, cause the computer to perform the method according to any one of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product, which when run on a computer, causes the computer to perform the method according to any one of the first aspect.
Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the above-described techniques.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic diagram of an access flow of a client and a session recovery flow after a configuration reload of an SSLVPN server according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a session reestablishment method based on the SSLVPN according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another session reestablishment method based on the SSLVPN according to an embodiment of the present application;
fig. 4 is a schematic diagram of session reestablishment between an SSLVPN server and a client according to an embodiment of the present application;
fig. 5 is a block diagram of a session reestablishment system based on the SSLVPN according to an embodiment of the present application;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
The embodiment of the application provides a session reconstruction method, a system, electronic equipment and a storage medium based on an SSLVPN, which can be applied to the session reconstruction process of an SSLVPN server; when the SSLVPN-based session reconstruction method performs configuration updating on an SSLVPN server, firstly, configuration overloading information is obtained, and a session can be reestablished on the SSLVPN server through session reconstruction information, additional connection information returned by a client and the like; therefore, when the SSLVN server configuration is updated, the VPN session between the SSLVN server and the client is logically disconnected, the client does not need to actively log in, and the client does not sense; in the process, the re-authentication is not needed through the authentication server, and the session reconstruction process is simplified, so that the resources of the authentication server are saved; therefore, the SSLVPN-based session reconstruction method can achieve the technical effects of simplifying the session reconstruction process and saving the resources of the authentication server.
Referring to fig. 1, fig. 1 is a schematic diagram of an access flow of a client and a session recovery flow after an SSLVPN server configuration is overloaded according to an embodiment of the present application; it should be understood that what is shown in fig. 1 is a prior art solution.
Illustratively, establishing a VPN session involves the client, the SSLVPN server and the authentication server; as shown in fig. 1, SSLSSLVPN is a flow of recovering a session of a server after a client accesses an SSLVPN server and the SSLVPN server is configured with a reload.
Exemplarily, when a client accesses, authentication data needs to be sent to an SSLVPN server, and the SSLVPN server sends the authentication data to an authentication server for authentication, and then receives and analyzes a result returned by the authentication server; when the SSLVPN server is overloaded for configuration, the original VPN session established between the SSLSSLVPN server and the client is disconnected, and at this time, the client needs to actively reconnect, and repeat the login process, and log in again to recover the VPN session.
Referring to fig. 2, fig. 2 is a schematic flowchart of a session reestablishment method based on the SSLVPN according to an embodiment of the present application, where the session reestablishment method based on the SSLVPN includes the following steps:
s100: and acquiring configuration overloading information.
Exemplarily, the session reestablishment method based on the SSLVPN takes the SSLVPN server as an execution subject; when the SSLVPN server side is subjected to configuration reloading, configuration reloading information indicates that the configuration of the SSLVPN server side is updated, and VPN connection needs to be reestablished between the SSLVPN server side and the client side.
S200: and sending the session reestablishment information to the client according to the configuration overloading information.
Illustratively, after the configuration reload, the SSLVPN server sends session reestablishment information to the client, so as to inform the client that VPN connection needs to be resumed, so that the client performs a corresponding action.
S300: and receiving additional connection information returned by the client, wherein the additional connection information comprises conversation key information of the old VPN session.
Exemplarily, the client establishes a connection with the SSLVPN server after receiving the session reestablishment information, and sends additional connection information, where the additional connection information carries session key information of the old VPN session (the session key information is obtained by negotiation when the client establishes a connection with the SSLVPN server for the first time); therefore, through the steps, the connection with the SSLVPN server can be established again under the condition that the client side does not sense.
Illustratively, the additional connection information comprises session key information of the old VPN session, so that repeated authentication behaviors can be avoided, and authentication server resources are effectively saved.
S400: and matching according to the session key information to generate a matching result.
Illustratively, the SSLVPN server matches the session key information in the additional connection message, and performs the next operation according to the matching result.
S500: and rebuilding the working process of the new VPN session according to the matching result.
Illustratively, according to the matching result, if the session key information is successfully matched, the SSLVPN client closes the working process of the old VPN session and communicates with the client using the new VPN session; if the matching of the session key information is unsuccessful, the SSLVPN client still closes the old VPN session, and then only the client (user) can actively log in again. Therefore, when the matching is successful, the session reconstruction process can be simplified, and the resources of the authentication server are saved; and when the matching is unsuccessful, the client can still actively log in again and establish connection with the SSLVPN server.
In some embodiments, when the SSLVPN is configured and updated at the SSLVPN server, the configuration reload information is first obtained, and the session can be reestablished at the SSLVPN server through the session reestablishment information, the additional connection information returned by the client, and the like; therefore, when the SSLVN server configuration is updated, the VPN session between the SSLVN server and the client is logically disconnected, the client does not need to actively log in, and the client does not sense; in the process, the re-authentication is not needed through the authentication server, and the session reconstruction process is simplified, so that the resources of the authentication server are saved; therefore, the SSLVPN-based session reconstruction method can achieve the technical effects of simplifying the session reconstruction process and saving the resources of the authentication server.
Referring to fig. 3, fig. 3 is a schematic flowchart of another session reestablishment method based on SSLVPN according to an embodiment of the present application.
Exemplarily, S200: the step of sending the session reestablishment information to the client according to the configuration overloading information comprises the following steps:
s210: generating heavy load notification information according to the configuration heavy load information, wherein the heavy load notification information is used for notifying the working process of the old VPN session;
s220: and sending the session reestablishment information to the client according to the overload notification information.
Illustratively, the work process of the old VPN session is advertised by reloading the advertisement information; after receiving the overload notification information, all VPN sessions are informed, and session reestablishment information is sent to the client side so that the client side can execute the action.
Exemplarily, at S100: after the step of obtaining the configuration reloading information, the method further comprises the following steps:
s110: a work process for establishing a new VPN session.
Illustratively, after the SSLVPN server is overloaded with configuration, a work process of a new VPN session is established, which facilitates reconnection between the SSLVPN server and the client.
Exemplarily, at S500: before the step of reconstructing the work process of the new VPN session according to the matching result, the method further includes:
s501: the work process of the new VPN session is appended to the logical session.
Illustratively, the SSLVPN server matches the session key information in the additional connection information, and if the matching is successful, attaches the work process of the new VPN session to the VPN logical session (one VPN logical session may have multiple VPN communication sessions); therefore, repeated authentication can be avoided through the steps, the session recovery process is more convenient and fast on the premise of safety, and resources of the authentication server are saved.
Exemplarily, S500: the step of rebuilding the work process of the VPN session according to the matching result comprises the following steps:
s510: judging whether the session key information is successfully matched according to the matching result;
s520: if the matching is successful, closing the old VPN session, and starting a new VPN session to communicate with the client;
s530: if the matching is unsuccessful, the old VPN session is closed, and login information sent by the client is acquired to rebuild the working process of the new VPN session.
Illustratively, when the matching is successful, the session reestablishment process can be simplified, and the authentication server resources are saved; and when the matching is unsuccessful, the client can still actively log in again and establish connection with the SSLVPN server.
Referring to fig. 4, fig. 4 is a schematic diagram of session reestablishment between the SSLVPN server and the client according to the embodiment of the present application.
Exemplarily, as shown in fig. 4, a specific process of session reestablishment between the SSLVPN server and the client is as follows:
(1) the administrator initiates a configuration overloading operation;
(2) the process management of the SSLVPN server side sends heavy load notification information to the working process of the old VPN session of the SSLVPN server side;
(3) after receiving the heavy load notification information, informing all VPN sessions to send session reestablishment information to the client;
(4) the client establishes connection with the SSLVPN server after receiving the session reestablishment information and sends additional connection information, wherein the additional connection information carries session key information of the old VPN session, so that the client can establish connection with the SSLVPN server again under the condition of no perception;
(5) the SSLVPN service matches the session key information in the message, and if the matching is successful, the new VPN session is added to the logic session, and the design of the step can avoid repeated authentication, so that the session recovery process is simplified on the premise of safety, and the resources of an authentication server are saved;
(6) the SSLVPN server returns a matching result to the client;
(7) if the matching is successful, the client closes the working process of the old VPN session and uses the new VPN session for communication; if the match fails, the client closes the old VPN session and can only be actively re-logged in by the client (user). The working process of the old VPN session, whether successful or not, exits after 30 seconds.
In some embodiments, the SSLVPN-based session reestablishment method provided in the embodiments of the present application may implement a "reestablishment session" protocol, which is an autonomous design, and when a server configuration updates and disconnects a vpn session, a session may be reestablished through the protocol, and the purpose that a client does not sense and an access flow is simplified is achieved.
Referring to fig. 5, fig. 5 is a block diagram of a structure of a SSLVPN-based session reestablishment system according to an embodiment of the present application, where the SSLVPN-based session reestablishment system includes:
a configuration reload module 100 for acquiring configuration reload information;
the overload notification module 200 is configured to send session reestablishment information to the client according to the configuration overload information;
an additional connection module 300, configured to receive additional connection information returned by the client, where the additional connection information includes session key information of an old VPN session;
the matching module 400 is used for matching according to the session key information to generate a matching result;
and a session reestablishing module 500, configured to reestablish a working process of the new VPN session according to the matching result.
Illustratively, the reload notification module 200 includes:
the notification information unit is used for generating heavy-load notification information according to the configuration heavy-load information, and the heavy-load notification information is used for notifying the working process of the old VPN session;
and the heavy load notification unit is used for sending the session reestablishment information to the client according to the heavy load notification information.
Illustratively, the SSLVPN-based session reestablishment system further includes:
and the new VPN session establishing module is used for establishing the working process of the new VPN session.
Illustratively, the SSLVPN-based session reestablishment system further includes:
and the logical session module is used for attaching the work process of the new VPN session to the logical session.
Illustratively, the session reestablishment module 500 includes:
the judging unit is used for judging whether the session key information is successfully matched according to the matching result;
the first session reestablishing unit is used for closing the old VPN session and starting the new VPN session to communicate with the client if the matching is successful;
and the second session reestablishing unit is used for closing the old VPN session and acquiring login information sent by the client to reestablish the working process of the new VPN session if the matching is unsuccessful.
It should be understood that the SSLVPN-based session reconstruction system shown in fig. 5 corresponds to the method embodiments shown in fig. 1 to fig. 4, and details are not repeated here to avoid repetition.
Fig. 6 shows a block diagram of an electronic device according to an embodiment of the present disclosure, where fig. 6 is a block diagram of the electronic device. The electronic device may include a processor 510, a communication interface 520, a memory 530, and at least one communication bus 540. Wherein the communication bus 540 is used for realizing direct connection communication of these components. In this embodiment, the communication interface 520 of the electronic device is used for performing signaling or data communication with other node devices. Processor 510 may be an integrated circuit chip having signal processing capabilities.
The Processor 510 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 510 may be any conventional processor or the like.
The Memory 530 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Read Only Memory (EPROM), an electrically Erasable Read Only Memory (EEPROM), and the like. The memory 530 stores computer readable instructions, which when executed by the processor 510, enable the electronic device to perform the steps involved in the method embodiments of fig. 1-4.
Optionally, the electronic device may further include a memory controller, an input output unit.
The memory 530, the memory controller, the processor 510, the peripheral interface, and the input/output unit are electrically connected to each other directly or indirectly, so as to implement data transmission or interaction. For example, these elements may be electrically coupled to each other via one or more communication buses 540. The processor 510 is used to execute executable modules stored in the memory 530, such as software functional modules or computer programs included in the electronic device.
The input and output unit is used for providing a task for a user to create and start an optional time period or preset execution time for the task creation so as to realize the interaction between the user and the server. The input/output unit may be, but is not limited to, a mouse, a keyboard, and the like.
It will be appreciated that the configuration shown in fig. 6 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 6 or have a different configuration than shown in fig. 6. The components shown in fig. 6 may be implemented in hardware, software, or a combination thereof.
The embodiment of the present application further provides a storage medium, where the storage medium stores instructions, and when the instructions are run on a computer, when the computer program is executed by a processor, the method in the method embodiment is implemented, and in order to avoid repetition, details are not repeated here.
The present application also provides a computer program product which, when run on a computer, causes the computer to perform the method of the method embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A session reestablishment method based on SSLVPN is characterized by comprising the following steps:
acquiring configuration overloading information;
sending session reestablishment information to the client according to the configuration overloading information;
receiving additional connection information returned by the client, wherein the additional connection information comprises session key information of an old VPN session;
matching according to the conversation key information to generate a matching result;
and rebuilding the working process of the new VPN session according to the matching result.
2. The SSLVPN-based session re-establishment method according to claim 1, wherein the step of sending session re-establishment information to the client according to the configuration reload information comprises:
generating heavy load notification information according to the configuration heavy load information, wherein the heavy load notification information is used for notifying the working process of the old VPN session;
and sending the session reestablishment information to the client according to the overload notice information.
3. The SSLVPN-based session re-establishment method according to claim 1, wherein after the step of obtaining the configuration reload information, further comprising:
and establishing a working process of the new VPN session.
4. The SSLVPN-based session reestablishment method according to claim 3, wherein before the step of reestablishing a new VPN session according to the matching result, the method further comprises:
attaching a work process of the new VPN session to a logical session.
5. The SSLVPN-based session reestablishment method according to claim 1, wherein the step of reestablishing a working process of a VPN session according to the matching result includes:
judging whether the session key information is successfully matched according to the matching result;
if the matching is successful, closing the old VPN session, and enabling the new VPN session to communicate with the client;
and if the matching is unsuccessful, closing the old VPN session, and acquiring login information sent by the client to reestablish the working process of the new VPN session.
6. A system for session reestablishment based on SSLVPN, comprising:
the configuration overloading module is used for acquiring configuration overloading information;
the heavy load notification module is used for sending session reconstruction information to the client according to the configuration heavy load information;
an additional connection module, configured to receive additional connection information returned by the client, where the additional connection information includes session key information of an old VPN session;
the matching module is used for matching according to the conversation key information to generate a matching result;
and the session reestablishing module is used for reestablishing the working process of the new VPN session according to the matching result.
7. The SSLVPN based session re-establishment system according to claim 6, wherein the reload notification module comprises:
the notification information unit is used for generating heavy-load notification information according to the configuration heavy-load information, and the heavy-load notification information is used for notifying the working process of the old VPN session;
and the heavy load notification unit is used for sending the session reestablishment information to the client according to the heavy load notification information.
8. The SSLVPN-based session re-establishment system of claim 6, wherein the system further comprises:
and the new VPN session establishing module is used for establishing the working process of the new VPN session.
9. An electronic device, comprising: memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the SSLVPN based session re-establishment method according to any of the claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium having stored thereon instructions which, when executed on a computer, cause the computer to perform the SSLVPN based session re-establishment method according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111535678.6A CN114285891B (en) | 2021-12-15 | 2021-12-15 | SSLVPN-based session reconstruction method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111535678.6A CN114285891B (en) | 2021-12-15 | 2021-12-15 | SSLVPN-based session reconstruction method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114285891A true CN114285891A (en) | 2022-04-05 |
| CN114285891B CN114285891B (en) | 2024-01-23 |
Family
ID=80872605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111535678.6A Active CN114285891B (en) | 2021-12-15 | 2021-12-15 | SSLVPN-based session reconstruction method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285891B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090037998A1 (en) * | 2007-08-03 | 2009-02-05 | Saibal Adhya | Systems and Methods for Authorizing a Client in an SSL VPN Session Failover Environment |
| CN101714918A (en) * | 2009-10-23 | 2010-05-26 | 浙江维尔生物识别技术股份有限公司 | Safety system for logging in VPN and safety method for logging in VPN |
| CN101729543A (en) * | 2009-12-04 | 2010-06-09 | 同济大学 | Method for improving performance of mobile SSL VPN by utilizing remote Socks5 technology |
| CN104580537A (en) * | 2015-02-06 | 2015-04-29 | 深圳中兴网信科技有限公司 | Rapid reconnecting method based on XMPP (extensible messaging and presence protocol) client side, terminal and server |
| CN104704448A (en) * | 2012-08-31 | 2015-06-10 | 思杰系统有限公司 | Reverse seamless integration between local and remote computing environments |
| CN105279603A (en) * | 2015-09-11 | 2016-01-27 | 福建师范大学 | Dynamically configured big data analysis system and method |
| CN105359486A (en) * | 2013-05-03 | 2016-02-24 | 思杰系统有限公司 | Secured access to resources using a proxy |
| CN106274805A (en) * | 2015-05-29 | 2017-01-04 | 比亚迪股份有限公司 | Automotive electronic key and method, automobile controller and method thereof and system |
| CN107026783A (en) * | 2016-01-31 | 2017-08-08 | 上海格尔软件股份有限公司 | A kind of quick reconnection method suitable for VPN |
| CN109936529A (en) * | 2017-12-15 | 2019-06-25 | 华为技术有限公司 | A kind of methods, devices and systems of secure communication |
-
2021
- 2021-12-15 CN CN202111535678.6A patent/CN114285891B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090037998A1 (en) * | 2007-08-03 | 2009-02-05 | Saibal Adhya | Systems and Methods for Authorizing a Client in an SSL VPN Session Failover Environment |
| CN101714918A (en) * | 2009-10-23 | 2010-05-26 | 浙江维尔生物识别技术股份有限公司 | Safety system for logging in VPN and safety method for logging in VPN |
| CN101729543A (en) * | 2009-12-04 | 2010-06-09 | 同济大学 | Method for improving performance of mobile SSL VPN by utilizing remote Socks5 technology |
| CN104704448A (en) * | 2012-08-31 | 2015-06-10 | 思杰系统有限公司 | Reverse seamless integration between local and remote computing environments |
| CN105359486A (en) * | 2013-05-03 | 2016-02-24 | 思杰系统有限公司 | Secured access to resources using a proxy |
| CN104580537A (en) * | 2015-02-06 | 2015-04-29 | 深圳中兴网信科技有限公司 | Rapid reconnecting method based on XMPP (extensible messaging and presence protocol) client side, terminal and server |
| CN106274805A (en) * | 2015-05-29 | 2017-01-04 | 比亚迪股份有限公司 | Automotive electronic key and method, automobile controller and method thereof and system |
| CN105279603A (en) * | 2015-09-11 | 2016-01-27 | 福建师范大学 | Dynamically configured big data analysis system and method |
| CN107026783A (en) * | 2016-01-31 | 2017-08-08 | 上海格尔软件股份有限公司 | A kind of quick reconnection method suitable for VPN |
| CN109936529A (en) * | 2017-12-15 | 2019-06-25 | 华为技术有限公司 | A kind of methods, devices and systems of secure communication |
Non-Patent Citations (2)
| Title |
|---|
| 周亦敏;邱立强;: "嵌入式网络SSL VPN安全技术的研究", 微计算机信息, no. 08, pages 47 - 49 * |
| 顾大明;: "基于隧道技术的SSL VPN实现", 电脑知识与技术, no. 26 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114285891B (en) | 2024-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108600182B (en) | Block chain key management method, system, key management device and storage medium | |
| JP4122341B2 (en) | System and method for session resetting between client terminal device and server | |
| EP3068093B1 (en) | Security authentication method and bidirectional forwarding detection method | |
| CN104580537A (en) | Rapid reconnecting method based on XMPP (extensible messaging and presence protocol) client side, terminal and server | |
| CN108874947B (en) | Data processing system and data processing method | |
| CN101227452B (en) | System and method of network access authentication | |
| CN114285891A (en) | SSLVPN-based session reconstruction method and system | |
| CN112699326B (en) | Webpage rendering control method and device | |
| CN111901298A (en) | Method and device for determining cloud short message platform during SSLVPN authentication and electronic equipment | |
| CN110620695A (en) | Data processing method and related equipment | |
| CN106802832B (en) | Jenkins node state management method and device | |
| CN110602133A (en) | Intelligent contract processing method, block chain management device and storage medium | |
| CN115714805A (en) | Cross-platform communication connection method and system and electronic equipment | |
| CN115243256A (en) | Gateway dynamic login method and device | |
| EP2981148A1 (en) | Device management method, apparatus and system | |
| CN115664761A (en) | Single sign-on method and device, electronic equipment and readable storage medium | |
| CN115426403A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN111093169B (en) | Communication establishing method and device | |
| CN114281373A (en) | Device state updating method and device, computer device and storage medium | |
| CN114138629A (en) | Test method, device, equipment and storage medium | |
| CN114885042A (en) | Network data transmission method, client, server and system | |
| CN108270613B (en) | Message sending method and network equipment | |
| CN114500565B (en) | Method and device for manufacturing remote server disk mirror image | |
| CN113541971B (en) | Data hosting method, device and equipment based on key replacement and heartbeat check | |
| CN116367204B (en) | User equipment service processing method, electronic equipment, storage medium and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |