CN114513387A - Tunnel establishment method, device and equipment - Google Patents
Tunnel establishment method, device and equipment Download PDFInfo
- Publication number
- CN114513387A CN114513387A CN202011288193.7A CN202011288193A CN114513387A CN 114513387 A CN114513387 A CN 114513387A CN 202011288193 A CN202011288193 A CN 202011288193A CN 114513387 A CN114513387 A CN 114513387A
- Authority
- CN
- China
- Prior art keywords
- nat
- equipment
- l2tp tunnel
- address
- nat device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000001514 detection method Methods 0.000 claims description 32
- 230000003993 interaction Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 5
- 238000002360 preparation method Methods 0.000 claims 1
- 230000006855 networking Effects 0.000 abstract description 3
- 238000011330 nucleic acid test Methods 0.000 description 369
- 102100039223 Cytoplasmic polyadenylation element-binding protein 1 Human genes 0.000 description 35
- 101710143198 Cytoplasmic polyadenylation element-binding protein 1 Proteins 0.000 description 35
- 238000013507 mapping Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 7
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000000354 decomposition reaction Methods 0.000 description 2
- 230000006798 recombination Effects 0.000 description 2
- 238000005215 recombination Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a device and equipment for establishing a tunnel, and the method for establishing the tunnel at the first end of an L2TP tunnel to be established comprises the following steps: determining the type of a first NAT device which needs to be traversed by a first device as a complete cone type NAT device; determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device; configuring address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device. The technical scheme of the invention realizes the client side gateway equipment at two ends of the L2TP tunnel by combining with other protocols and expanding the L2TP protocol, and simultaneously passes through the NAT equipment at two ends; l2TP is an optional way to configure tunnels in various networking schemes, does not need encryption, has high performance, and can be used in the existing network.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a tunnel establishment method, apparatus, and device.
Background
In the prior art, the two ends of the L2TP tunnel running on the public network must have public network addresses at least at one end, otherwise the L2TP tunnel cannot be established.
L2TP conventional scenario: one end crossing NAT
One end of the L2TP passes through the working scene of NAT, mainly a mobile office scene, the source end of the L2TP tunnel is at the PC, and no LAC equipment exists. The PC side L2TP message uses UDP 1701 port as the destination port.
NATs can be largely classified into two categories, basic NAT and napt (network Address Port transfer).
The basic NAT is generally used for statically binding a public network IP address with an intranet host under the condition that NAT equipment has multiple public network IPs, and this type of NAT equipment is few.
NAPT (Network Address/Port transactions): NAT forms are commonly used. NAPT maps internal connections to a separate IP address in the external network, plus a port number selected by the NAT device at that address. According to different mapping modes, NAPT can be divided into symmetric NAT and cone NAT, wherein the cone NAT includes complete cone NAT, address limitation cone NAT and port limitation cone NAT.
NAPT (Network Address/Port transactions) is the most common NAT type in public networks, and is classified into the following four types:
1. symmetric NAT (symmetric NAT)
Symmetric NAT maps all requests from the same internal network address and port to the same destination address and port to the same public network address and port. If the same intranet host sends a message to another destination address by using the same intranet address and port, different mappings are used. This is in contrast to port-restricted NATs, which are all requests mapped to the same public IP address and port, whereas symmetric NATs are requests with different mappings.
2. Full Cone type NAT (full Cone NAT)
A full cone NAT maps all requests from one internal IP address and port to the same external IP address and port. And any external host can realize the communication with the internal host by sending a message to the mapped external address. This is a relatively loose policy, and as long as the mapping relationship between the IP address and port of the internal network and the IP address and port of the public network is established, all hosts on the Internet can access the hosts behind the NAT.
3. Address Restricted Cone type NAT (Address Restricted Cone NAT)
Address-restricted cone NAT is also a method of mapping all requests from the same internal IP address and port to the same public network IP address and port. However, unlike the full cone NAT, the public network host address can only send messages to the intranet host if and only if the intranet host has previously sent a message to the public network host address.
4. Port Restricted Cone type NAT (Port Restricted Cone NAT)
Similar to address-restricted conical NATs, but more stringent. The port limited conical NAT increases the limitation of the port number, and currently, only when the intranet host has sent a message to the public network host address and the port number before, the public network host address and the port number can communicate with the intranet host.
Disclosure of Invention
Embodiments of the present invention provide a tunnel establishment method, apparatus, device, and computer-readable storage medium, which are used to implement client-side gateway devices at two ends of an L2TP tunnel and simultaneously traverse NAT devices at the two ends.
A method for tunnel establishment is applied to a first end of an L2TP tunnel to be established, and comprises the following steps:
determining the type of a first NAT device which needs to be traversed by a first device as a complete cone type NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
Optionally, determining that the first NAT device connected to the first device is a full-cone NAT device includes:
and the first equipment performs message interaction with the NAT detection server to determine that the first NAT equipment connected with the first equipment is the full cone type NAT equipment.
Optionally, configuring address information of the L2TP tunnel of the first device includes:
the first device sends a message to the L2TP tunnel, where a source address is a private network address of the first device, a port number is 1701, and a destination address is an arbitrary address message.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the basic NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the complete conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the address limiting conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the port restricted conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the symmetric NAT device, and establishes an L2TP tunnel connection with the second device.
The embodiment of the present invention further provides a method for establishing a tunnel, which is applied to a second end of an L2TP tunnel to be established, and includes:
determining the type of a first NAT device which needs to be traversed by a first device as a complete cone type NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
Optionally, determining the type of the second NAT device connected to the second device includes:
the second device and the NAT detection server perform message interaction to determine that the type of the second NAT device connected with the second device is one of the following types: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device.
Optionally, configuring address information of the L2TP tunnel of the second device includes:
receiving the public network address and the port number CCC of the first device, which are transmitted by the NAT detection server and are converted by the first NATT device;
and configuring a source address of the L2TP tunnel of the second device as a private network address of the second device, a destination address as a public network address of the first device after being converted by the first NAT device, and a port number as CCC.
Optionally, when the second NAT device is a basic NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, so as to establish the L2TP tunnel with the first equipment.
Optionally, when the second NAT device is a full-cone NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, the destination address is the public network address of the first equipment after being converted by the first NAT equipment, and the port number is CCC, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is an address restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a port restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a symmetric NAT device, establishing an L2TP tunnel with the first device includes:
the second device sends a message to the L2TP tunnel, where the source address is the private network address of the second device, the destination address is the public network address of the first device after NAT, and the port number 1701.
The embodiment of the present invention further provides a tunnel establishment apparatus, which is applied to a first end of an L2TP tunnel to be established, and includes:
the first determining module is used for determining that the type of a first NAT device which needs to be traversed by a first device is a full cone type NAT device;
a second determining module, configured to determine a type of a second NAT device that the second device needs to traverse, where the type of the second NAT device includes one of: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
a configuration module to configure address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
An embodiment of the present invention further provides a tunnel establishment apparatus, which is applied to a first end of an L2TP tunnel to be established, and includes: the device comprises a transceiver and a processor, wherein the processor is used for determining that the type of a first NAT device which needs to be traversed by a first device is a complete cone type NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
The embodiment of the present invention further provides a tunnel establishment apparatus, which is applied to a second end of an L2TP tunnel to be established, and includes:
the first determining module is used for determining that the type of a first NAT device which needs to be traversed by a first device is a full cone type NAT device;
a second determining module, configured to determine a type of a second NAT device that the second device needs to traverse, where the type of the second NAT device includes one of: a basic NAT device; a full cone type NAT device; an address limiting conical NAT device; a port restricted conical NAT device; a symmetric NAT device;
a configuration module, configured to configure address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
The embodiment of the present invention further provides a tunnel establishment apparatus, which is applied to a second end of an L2TP tunnel to be established, and includes: the device comprises a transceiver and a processor, wherein the processor is used for determining that the type of a first NAT device which needs to be traversed by a first device is a complete cone type NAT device; determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device; configuring address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
The embodiment of the invention also provides communication equipment, which comprises a transceiver, a memory, a processor and a program which is stored on the memory and can run on the processor;
the processor is used for reading the program in the memory to realize the steps of the method.
Embodiments of the present invention further provide a computer-readable storage medium for storing a computer program, where the computer program is executed by a processor to implement the steps in the method described above.
The embodiment of the invention has the following technical effects:
according to the technical scheme, the client side gateway equipment at two ends of the L2TP tunnel is realized through combination with other protocols and extension of the L2TP protocol, and simultaneously, the NAT equipment at two ends is traversed; l2TP is an optional way to configure tunnels in various networking schemes, does not need encryption, has high performance, and can be used in the existing network.
Drawings
Fig. 1 is a flowchart of a tunnel establishment method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a tunnel establishment system according to an embodiment of the present invention;
fig. 3-fig. 7 are schematic diagrams respectively illustrating establishment of an L2TP tunnel according to an embodiment of the present invention;
fig. 8 is one of the structural diagrams of a tunnel establishment apparatus according to an embodiment of the present invention;
fig. 9 is a second structural diagram of a tunnel establishment apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, a method for tunnel establishment, applied to a first end of an L2TP tunnel to be established, includes:
s1, determining the type of the first NAT device which needs to be passed through by the first device as a complete cone type NAT device;
s2: determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
s3: configuring address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
The technical scheme of the invention realizes the client side gateway equipment at two ends of the L2TP tunnel by combining with other protocols and expanding the L2TP protocol, and simultaneously passes through the NAT equipment at two ends. L2TP is an optional way to configure tunnels in various networking schemes, does not need encryption, has high performance, and can be used in the existing network.
In an optional embodiment of the present invention, in step S1, determining that the first NAT device connected to the first device is a full cone NAT device includes:
and the first equipment performs message interaction with the NAT detection server to determine that the first NAT equipment connected with the first equipment is the full cone type NAT equipment.
In an alternative embodiment of the present invention, in step S1, configuring address information of the L2TP tunnel of the first device includes:
the first device sends a message to the L2TP tunnel, where a source address is a private network address of the first device, a port number is 1701, and a destination address is an arbitrary address message.
In an alternative embodiment of the present invention, in step S3, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the basic NAT device, and establishes an L2TP tunnel connection with the second device.
In an alternative embodiment of the present invention, in step S3, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the complete conical NAT device, and establishes an L2TP tunnel connection with the second device.
In an alternative embodiment of the present invention, in step S3, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the address limiting conical NAT device, and establishes an L2TP tunnel connection with the second device.
In an alternative embodiment of the present invention, in step S3, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the port restricted conical NAT device, and establishes an L2TP tunnel connection with the second device.
In an alternative embodiment of the present invention, the establishing the L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the symmetric NAT device, and establishes an L2TP tunnel connection with the second device.
The embodiment of the present invention further provides a method for establishing a tunnel, which is applied to a second end of an L2TP tunnel to be established, and includes:
determining the type of a first NAT device which needs to be traversed by a first device as a complete cone type NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
In an optional embodiment of the present invention, determining a second NAT device type connected to a second device includes:
the second device and the NAT detection server perform message interaction to determine that the type of the second NAT device connected with the second device is one of the following types: a basic NAT device; a full cone type NAT device; an address limiting conical NAT device; a port restricted conical NAT device; symmetric NAT devices.
In an alternative embodiment of the present invention, configuring address information of the L2TP tunnel of the second device includes:
receiving the public network address and the port number CCC of the first device, which are transmitted by the NAT detection server and are converted by the full cone type NAT device;
and configuring a source address of the L2TP tunnel of the second device as a private network address of the second device, a destination address as a public network address of the first device after being converted by the first NAT device, and a port number as CCC.
In an optional embodiment of the present invention, when the second NAT device is a basic NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, so as to establish the L2TP tunnel with the first equipment.
In an optional embodiment of the present invention, when the second NAT device is a full cone NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, the destination address is the public network address of the first equipment after the first NAT conversion, and the port number is CCC, and an L2TP tunnel is established between the second equipment and the first equipment.
In an optional embodiment of the present invention, when the second NAT device is an address restricted conical NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
In an optional embodiment of the present invention, when the second NAT device is a port restricted conical NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
In an optional embodiment of the present invention, when the second NAT device is a symmetric NAT device, establishing an L2TP tunnel with the first device includes:
the second device sends a message to the L2TP tunnel, where the source address is the private network address of the second device, the destination address is the public network address of the first device after the first device passes through, and the port number 1701.
As shown in fig. 2 to 7, the above technical solution may include the following implementation manners:
example 1:
as shown in fig. 3, the CPEA is a complete cone type NAT device, and the CPEB is a basic NAT device. The process comprises the following steps:
1) through message interaction between the CPEA and the CPEB and the NAT detection server, the CPEA is confirmed to be a complete cone type NAT device, and the CPEB is a basic NAT device.
2) And the NAT detection server sends a data packet to the CPEB and informs the NAT detection server of the public network address and the port number CCC recorded by the CPEA side after being converted by the complete cone type NAT equipment.
3) And the CPEA configuration sends an L2TP message, wherein the source address is a local private network address, the port number is 1701, and the destination address is an arbitrary address message, so as to establish an L2TP tunnel with the first equipment.
4) The CPEB configures L2TP, a source address is a local end private network address, a destination address is a public network address and a port number CCC of the CPEA after NAT, an LT2P message is sent to the CPEA, and after the CPEA side receives the message, the public network address and the port number of the CPEB side after complete conical NAT equipment conversion are obtained.
5) And performing interaction and forwarding of the conventional L2TP tunnel message between the CPEA and the CPEB.
Example 2:
as shown in fig. 4, the CPEA is a full cone type NAT device, and the CPEB is a full cone type NAT device. The process comprises the following steps:
1) through message interaction between the CPEA and the CPEB and the NAT detection server, the CPEA side is confirmed to be a complete cone type NAT, and the CPEB side is confirmed to be the complete cone type NAT (the complete cone type NAT is the same as the homologous same-port IP message NAT mapping).
2) The NAT detection server sends a packet to the CPEB to inform the public network address + port number CCC (the port number before conversion is IKE and port number 1701) recorded by the server after the CPEA side is converted by the NAT
3) The CPEA configures a transmission message, where the source address is the home-end private network address + port 1701, and the destination address is an arbitrary address, so as to establish an L2TP tunnel with the first device.
4) The CPEB configures and sends a message, wherein a source address is a local private network address, a port number is AAA (complete cone NAT, a port behind the NAT is BBB), a destination address is a public network address of the CPEA after being converted by complete cone NAT equipment, the port number is CCC (the port number before the NAT is 1701), the message is sent to the CPEA, and after the CPEA side receives the message, the public network address and the port number of the CPEB side after being converted by the complete cone NAT equipment are obtained.
5) And performing conventional message interaction and forwarding between the CPEA and the CPEB through an L2TP tunnel.
Example 3:
as shown in fig. 5, the CPEA is a full cone type NAT device, and the CPEB is an address restriction cone type NAT device. The process comprises the following steps:
1) through message interaction between the CPEA and the CPEB and the NAT detection server, the CPEA is confirmed to be a complete cone type NAT device, and the CPEB is confirmed to be an address limitation cone type NAT device. (address restricted conical NAT, with the same source and port IP message NAT mapping, if and only if the internal host has sent a message to the public network host address before)
2) And the NAT detection server sends a data packet to the CPEB and informs the NAT detection server of the public network address and the port number CCC recorded by the CPEA side after being converted by the complete cone type NAT equipment.
3) And the CPEA configuration sends an L2TP message, wherein the source address is a local private network address, the port number is 1701, and the destination address is an arbitrary address message, so as to establish an L2TP tunnel with the first equipment.
4) The CPEB configures L2TP and adopts a source address as a local end private network address and a destination address as a public network address and a port number CCC of the CPEA after NAT, an LT2P message is sent to the CPEA, and after the CPEA side receives the message, the public network address and the port number of the CPEB side after address limitation conical NAT equipment conversion are obtained.
5) And performing interaction and forwarding of the conventional L2TP tunnel message between the CPEA and the CPEB.
Example 4:
as shown in fig. 6, the CPEA is a full cone NAT device, and the CPEB is a port restriction cone NAT device. The process comprises the following steps:
1) through message interaction between the CPEA and the CPEB and the NAT detection server, the CPEA is confirmed to be a complete Cone type NAT device, and the CPEB is confirmed to be a Port Restricted Cone type NAT device (Port Restricted Cone NAT).
2) And the NAT detection server sends a data packet to the CPEB and informs the NAT detection server of the public network address and the port number CCC recorded by the CPEA side after being converted by the complete cone type NAT equipment. (the same source same port IP message NAT mapping is the same, if and only if the internal host has sent the message to the public network host address before)
3) And the CPEA configuration sends an L2TP message, wherein the source address is a local private network address, the port number is 1701, and the destination address is an arbitrary address message, so as to establish an L2TP tunnel with the first equipment.
4) The CPEB configures L2TP and adopts a source address as a local end private network address and a destination address as a public network address and a port number CCC of the CPEA after NAT, an LT2P message is sent to the CPEA, and after the CPEA side receives the message, the public network address and the port number of the CPEB side after being converted by the port limiting conical NAT equipment are obtained.
5) And performing interaction and forwarding of the conventional L2TP tunnel message between the CPEA and the CPEB.
Example 5:
as shown in fig. 7, the CPEA is a complete cone type NAT device, and the CPEB is a symmetric type NAT device. The process comprises the following steps:
1) through message interaction between the CPEA and the CPEB and the NAT detection server, the CPEA is confirmed to be a complete cone type NAT device, and the CPEB is confirmed to be a symmetrical type NAT device. (if the same intranet host sends a message to another destination address using the same intranet address and port, then a different mapping will be used)
2) And the NAT detection server sends a data packet to the CPEB and informs the NAT detection server of the public network address and the port number CCC recorded by the CPEA side after being converted by the complete cone type NAT equipment.
3) And the CPEA configuration sends an L2TP message, wherein the source address is a local private network address, the port number is 1701, and the destination address is an arbitrary address message, so as to establish an L2TP tunnel with the first equipment.
4) The CPEB configures L2TP, which adopts a source address as a local end private network address and a destination address as a public network address and a port number CCC of the CPEA after NAT, sends LT2P messages to the CPEA, and after receiving the messages, the CPEA side obtains the public network address and the port number of the CPEB side after being converted by the symmetric NAT equipment.
5) And performing interaction and forwarding of the conventional L2TP tunnel message between the CPEA and the CPEB.
As shown in fig. 8, an embodiment of the present invention further provides an apparatus 800 for tunnel establishment, which is applied to a first end of an L2TP tunnel to be established, and includes:
a first determining module 801, configured to determine that a type of a first NAT device that a first device needs to traverse is a full cone NAT device;
a second determining module 802, configured to determine a type of a second NAT device that the second device needs to traverse, where the type of the second NAT device includes one of: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
a configuring module 803, which configures address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
Optionally, determining that the first NAT device connected to the first device is a full cone NAT device includes:
and the first equipment performs message interaction with the NAT detection server so as to determine that the first NAT equipment connected with the first equipment is the full-cone NAT equipment.
Optionally, configuring address information of the L2TP tunnel of the first device includes:
the first device sends a message to the L2TP tunnel, where a source address is a private network address of the first device, a port number is 1701, and a destination address is an arbitrary address message.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the basic NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the complete conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the address limiting conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the port restricted conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the symmetric NAT device, and establishes an L2TP tunnel connection with the second device.
As shown in fig. 9, an embodiment of the present invention further provides a tunnel establishment apparatus 900, which is applied to a first end of an L2TP tunnel to be established, and includes: the device comprises a transceiver 902 and a processor 901, wherein the processor 901 is configured to determine that a type of a first NAT device that a first device needs to traverse is a full cone NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
Optionally, determining that the first NAT device connected to the first device is a full cone NAT device includes:
and the first equipment performs message interaction with the NAT detection server so as to determine that the first NAT equipment connected with the first equipment is the full-cone NAT equipment.
Optionally, configuring address information of the L2TP tunnel of the first device includes:
the first device sends a message to the L2TP tunnel, where a source address is a private network address of the first device, a port number is 1701, and a destination address is an arbitrary address message.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the basic NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the complete conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the address limiting conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the port restricted conical NAT device, and establishes an L2TP tunnel connection with the second device.
Optionally, the establishing an L2TP tunnel connection with the second device includes:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the symmetric NAT device, and establishes an L2TP tunnel connection with the second device.
It should be noted that all the implementations in the above method embodiments are applicable to the embodiment of the apparatus, and the same technical effects can be achieved.
The embodiment of the present invention further provides a tunnel establishment apparatus, which is applied to a second end of an L2TP tunnel to be established, and includes:
the first determining module is used for determining that the type of a first NAT device which needs to be traversed by a first device is a full cone type NAT device;
a second determining module, configured to determine a type of a second NAT device that the second device needs to traverse, where the type of the second NAT device includes one of: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
a configuration module, configured to configure address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
Optionally, determining the type of the second NAT device connected to the second device includes:
the second device and the NAT detection server perform message interaction to determine that the type of the second NAT device connected with the second device is one of the following types: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; symmetric NAT devices.
Optionally, configuring address information of the L2TP tunnel of the second device includes:
receiving a public network address and a port number CCC of the first equipment which are transmitted by the NAT detection server and are converted by the first NAT equipment;
and configuring a source address of the L2TP tunnel of the second device as a private network address of the second device, a destination address as a public network address of the first device after being converted by the first NAT device, and a port number as CCC.
Optionally, when the second NAT device is a basic NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, so as to establish the L2TP tunnel with the first equipment.
Optionally, when the second NAT device is a full-cone NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, the destination address is the public network address of the first equipment after being converted by the first NAT equipment, and the port number is CCC, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is an address restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a port restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a symmetric NAT device, establishing an L2TP tunnel with the first device includes:
and the second device sends a message to the L2TP tunnel, wherein the source address is the private network address of the second device, and the destination address is the public network address of the first device after being converted by the first NAT device, and is the port number 1701.
It should be noted that all the implementations in the above method embodiments are applicable to the embodiment of the apparatus, and the same technical effects can be achieved.
The embodiment of the present invention further provides a tunnel establishment apparatus, which is applied to a second end of an L2TP tunnel to be established, and includes: the device comprises a transceiver and a processor, wherein the processor is used for determining that the type of a first NAT device which needs to be traversed by a first device is a complete cone type NAT device; determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device; configuring address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
Optionally, determining the type of the second NAT device connected to the second device includes:
the second device and the NAT detection server perform message interaction to determine that the type of the second NAT device connected with the second device is one of the following types: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; symmetric NAT devices.
Optionally, configuring address information of the L2TP tunnel of the second device includes:
receiving the public network address and the port number CCC of the first device, which are transmitted by the NAT detection server and are converted by the full cone type NAT device;
and configuring a source address of the L2TP tunnel of the second device as a private network address of the second device, a destination address as a public network address of the first device after being converted by the first NAT device, and a port number as CCC.
Optionally, when the second NAT device is a basic NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, so as to establish the L2TP tunnel with the first equipment.
Optionally, when the second NAT device is a full-cone NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, the destination address is the public network address of the first equipment after being converted by the full cone type NAT equipment, and the port number is CCC, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is an address restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a port restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a symmetric NAT device, establishing an L2TP tunnel with the first device includes:
the second device sends a message to the L2TP tunnel, where the source address is the private network address of the second device, the destination address is the public network address of the first device after being converted by the first NAT device, and the port number 1701.
The embodiment of the invention also provides communication equipment, which comprises a transceiver, a memory, a processor and a program which is stored on the memory and can run on the processor;
the processor is used for reading the program in the memory to realize the steps of the method.
Optionally, determining the type of the second NAT device connected to the second device includes:
the second device and the NAT detection server perform message interaction to determine that the type of the second NAT device connected with the second device is one of the following types: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; symmetric NAT devices.
Optionally, configuring address information of the L2TP tunnel of the second device includes:
receiving a public network address and a port number CCC of the first equipment which are transmitted by the NAT detection server and are converted by the first NAT equipment;
and configuring a source address of the L2TP tunnel of the second device as a private network address of the second device, a destination address as a public network address of the first device after being converted by the first NAT device, and a port number as CCC.
Optionally, when the second NAT device is a basic NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, so as to establish the L2TP tunnel with the first equipment.
Optionally, when the second NAT device is a full-cone NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, the destination address is the public network address of the first equipment after being converted by the first NAT equipment, and the port number is CCC, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is an address restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a port restriction cone type NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, the source address is the private network address of the second equipment, the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
Optionally, when the second NAT device is a symmetric NAT device, establishing an L2TP tunnel with the first device includes:
and the second device sends a message to the L2TP tunnel, wherein the source address is the private network address of the second device, and the destination address is the public network address of the first device after being converted by the first NAT device, and is the port number 1701.
According to the technical scheme, the NAT equipment types are distinguished, and the scheme of how to pass through the NAT equipment is judged and processed according to the situation; and traversing the interaction flow of the detection message of each NAT equipment type and the interaction flow of the formal service data message.
Embodiments of the present invention further provide a computer-readable storage medium for storing a computer program, where the computer program, when executed by a processor, implements the steps in the method described above.
Furthermore, it is to be noted that in the device and method of the invention, it is obvious that the individual components or steps can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of performing the series of processes described above may naturally be performed chronologically in the order described, but need not necessarily be performed chronologically, and some steps may be performed in parallel or independently of each other. It will be understood by those skilled in the art that all or any of the steps or elements of the method and apparatus of the present invention may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or any combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present invention.
Thus, the objects of the invention may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. The object of the invention is thus also achieved solely by providing a program product comprising program code for implementing the method or the apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is to be understood that the storage medium may be any known storage medium or any storage medium developed in the future. It is further noted that in the apparatus and method of the present invention, it is apparent that each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (22)
1. A method for tunnel establishment, applied to a first end of an L2TP tunnel to be established, comprising:
determining the type of a first NAT device which needs to be traversed by a first device as a complete cone type NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
2. The method of claim 1, wherein determining that the first NAT device connected to the first device is a full cone NAT device comprises:
and the first equipment performs message interaction with the NAT detection server to determine that the first NAT equipment connected with the first equipment is the full cone type NAT equipment.
3. The method of claim 1, wherein configuring address information of the L2TP tunnel of the first device comprises:
the first device sends a message to the L2TP tunnel, where a source address is a private network address of the first device, a port number is 1701, and a destination address is an arbitrary address message.
4. The method of tunnel establishment according to claim 1, wherein establishing an L2TP tunnel connection with the second device comprises:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the basic NAT device, and establishes an L2TP tunnel connection with the second device.
5. The method of tunnel establishment according to claim 1, wherein establishing an L2TP tunnel connection with the second device comprises:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the complete conical NAT device, and establishes an L2TP tunnel connection with the second device.
6. The method of tunnel establishment according to claim 1, wherein establishing an L2TP tunnel connection with the second device comprises:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the address limiting conical NAT device, and establishes an L2TP tunnel connection with the second device.
7. The method of tunnel establishment according to claim 1, wherein establishing an L2TP tunnel connection with the second device comprises:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the port restricted conical NAT device, and establishes L2TP tunnel connection with the second device.
8. The method of tunnel establishment according to claim 1, wherein establishing an L2TP tunnel connection with the second device comprises:
and after receiving the message sent by the second device, the first device obtains the public network address and the port number of the second device converted by the symmetric NAT device, and establishes an L2TP tunnel connection with the second device.
9. A method for tunnel establishment, applied to a second end of an L2TP tunnel to be established, comprising:
determining the type of a first NAT device which needs to be traversed by a first device as a complete cone type NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
10. The method of tunnel establishment according to claim 9, wherein determining the second NAT device type for connection to the second device comprises:
the second device and the NAT detection server perform message interaction to determine that the type of the second NAT device connected with the second device is one of the following types: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device.
11. The method of claim 9, wherein configuring address information of the L2TP tunnel of the second device comprises:
receiving a public network address and a port number CCC of the first equipment which are transmitted by the NAT detection server and are converted by the first NAT equipment;
and configuring a source address of the L2TP tunnel of the second device as a private network address of the second device, a destination address as a public network address of the first device after being converted by the first NAT device, and a port number as CCC.
12. The method of claim 9, wherein when the second NAT device is a basic NAT device, establishing the L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, so as to establish the L2TP tunnel with the first equipment.
13. The method of claim 9, wherein the establishing the L2TP tunnel with the first device when the second NAT device is a full cone NAT device comprises:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, the destination address is the public network address of the first equipment after being converted by the first NAT equipment, and the port number is CCC, and an L2TP tunnel is established between the second equipment and the first equipment.
14. The method of claim 9, wherein when the second NAT device is an address restricted cone NAT device, establishing an L2TP tunnel with the first device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
15. The method of claim 9, wherein when the second NAT device is a port restricted cone NAT device, establishing an L2TP tunnel with the first NAT device includes:
and the second equipment sends a message to the L2TP tunnel, wherein the source address is the private network address of the second equipment, and the destination address is the public network address and the port number CCC of the first equipment after being converted by the first NAT equipment, and an L2TP tunnel is established between the second equipment and the first equipment.
16. The method of claim 9, wherein when the second NAT device is a symmetric NAT device, establishing the L2TP tunnel with the first device includes:
the second device sends a message to the L2TP tunnel, where the source address is the private network address of the second device, the destination address is the public network address of the first device after being converted by the first NAT device, and the port number 1701.
17. An apparatus for tunnel establishment, applied to a first end of an L2TP tunnel to be established, comprising:
the first determining module is used for determining that the type of a first NAT device which needs to be traversed by a first device is a full cone type NAT device;
a second determining module, configured to determine a type of a second NAT device that the second device needs to traverse, where the type of the second NAT device includes one of: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
a configuration module to configure address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
18. A tunnel establishment apparatus, applied to a first end of an L2TP tunnel to be established, comprising: the device comprises a transceiver and a processor, wherein the processor is used for determining that the type of a first NAT device which needs to be traversed by a first device is a complete cone type NAT device;
determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
configuring address information of an L2TP tunnel of the first device to establish an L2TP tunnel connection with the second device.
19. An apparatus for tunnel establishment, applied to a second end of an L2TP tunnel to be established, comprising:
the first determining module is used for determining that the type of a first NAT device which needs to be traversed by a first device is a full cone type NAT device;
a second determining module, configured to determine a type of a second NAT device that the second device needs to traverse, where the type of the second NAT device includes one of: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device;
a configuration module, configured to configure address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
20. An apparatus for tunnel establishment, applied to a second end of an L2TP tunnel to be established, comprising: the device comprises a transceiver and a processor, wherein the processor is used for determining that the type of a first NAT device which needs to be traversed by a first device is a complete cone type NAT device; determining the type of a second NAT device to be traversed by a second device, wherein the type of the second NAT device comprises one of the following: a basic NAT device; a full cone type NAT device; address limiting conical NAT equipment; a port restricted conical NAT device; a symmetric NAT device; configuring address information of an L2TP tunnel of the second device to establish an L2TP tunnel with the first device.
21. A communication device comprising a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor; it is characterized in that the preparation method is characterized in that,
the processor for reading the program in the memory to implement the steps in the method according to any one of claims 1 to 8; or implementing a step in a method according to any of claims 9 to 16.
22. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the steps in the method according to any one of claims 1 to 8; or implementing a step in a method according to any of claims 9 to 16.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011288193.7A CN114513387A (en) | 2020-11-17 | 2020-11-17 | Tunnel establishment method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011288193.7A CN114513387A (en) | 2020-11-17 | 2020-11-17 | Tunnel establishment method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114513387A true CN114513387A (en) | 2022-05-17 |
Family
ID=81546449
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011288193.7A Pending CN114513387A (en) | 2020-11-17 | 2020-11-17 | Tunnel establishment method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114513387A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050128979A1 (en) * | 2003-12-15 | 2005-06-16 | Industrial Technology Research Institute | System and method for supporting inter-NAT-domain handoff in a VPN by associating L2TP and mobile IP |
| US20080126528A1 (en) * | 2003-01-15 | 2008-05-29 | Matsushita Electric Industrial Co., Ltd. | PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS |
| JP2009010606A (en) * | 2007-06-27 | 2009-01-15 | Panasonic Corp | Tunnel connection system, tunnel control server, tunnel connecting device, and tunnel connection method |
| CN103747116A (en) * | 2014-01-24 | 2014-04-23 | 杭州华三通信技术有限公司 | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) |
| WO2015131609A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Method for implementing l2tp over ipsec access |
| CN106713100A (en) * | 2015-11-17 | 2017-05-24 | 华为数字技术(苏州)有限公司 | Method for automatically establishing tunnel, CPE and convergence device |
-
2020
- 2020-11-17 CN CN202011288193.7A patent/CN114513387A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080126528A1 (en) * | 2003-01-15 | 2008-05-29 | Matsushita Electric Industrial Co., Ltd. | PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATORS (NATs) AT BOTH ENDS |
| US20050128979A1 (en) * | 2003-12-15 | 2005-06-16 | Industrial Technology Research Institute | System and method for supporting inter-NAT-domain handoff in a VPN by associating L2TP and mobile IP |
| JP2009010606A (en) * | 2007-06-27 | 2009-01-15 | Panasonic Corp | Tunnel connection system, tunnel control server, tunnel connecting device, and tunnel connection method |
| CN103747116A (en) * | 2014-01-24 | 2014-04-23 | 杭州华三通信技术有限公司 | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) |
| WO2015131609A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Method for implementing l2tp over ipsec access |
| CN106713100A (en) * | 2015-11-17 | 2017-05-24 | 华为数字技术(苏州)有限公司 | Method for automatically establishing tunnel, CPE and convergence device |
Non-Patent Citations (1)
| Title |
|---|
| 章强;吉承平;: "基于IPSec的L2TP在校园网VPN中的实现", 扬州教育学院学报, no. 03, 30 September 2008 (2008-09-30) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8650312B2 (en) | Connection establishing management methods for use in a network system and network systems using the same | |
| CN101707619B (en) | Message filtering method, device and network device | |
| US8656052B2 (en) | Systems and methods of mapped network address translation | |
| WO2020248963A1 (en) | Method and apparatus for establishing end-to-end network connection, and network system | |
| WO2005109785A1 (en) | Information processing device, and bubble packet transmission method and program | |
| US20080205388A1 (en) | Discovery of network devices logically located between a client and a service | |
| US10652204B2 (en) | ReNAT systems and methods | |
| CN111711705A (en) | Method and device for realizing network connection based on bidirectional NAT (network Address translation) by proxy node | |
| US20160080315A1 (en) | Enhanced dynamic host configuration protocol (dhcp) | |
| Tseng et al. | Can: A context-aware NAT traversal scheme | |
| CN110995763B (en) | Data processing method and device, electronic equipment and computer storage medium | |
| US10375175B2 (en) | Method and apparatus for terminal application accessing NAS | |
| JP6990647B2 (en) | Systems and methods that provide a ReNAT communication environment | |
| Phuoc et al. | NAT traversal techniques in peer-to-peer networks | |
| CN115022281B (en) | NAT penetration method, client and system | |
| CN114513387A (en) | Tunnel establishment method, device and equipment | |
| WO2011044810A1 (en) | Method, device and system for implementing multiparty communication | |
| EP3310015A1 (en) | Network filtering using router connection data | |
| CN108337331B (en) | Network penetration method, device and system and network connectivity checking method | |
| CN113067910B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| KR100562390B1 (en) | Network Data Flow Identification Method and System Using Host Routing and IP Aliasing Technique | |
| CN113067908B (en) | NAT (network Address translation) traversing method and device, electronic equipment and storage medium | |
| CN112751946B (en) | Tunnel establishment method, device, equipment and computer readable storage medium | |
| CN114584528A (en) | Tunnel establishment method, device and equipment | |
| CN115022280B (en) | NAT detection method, client and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |