CN116232787A - Network access method, device and system of sslvpn client and storage medium - Google Patents

Network access method, device and system of sslvpn client and storage medium Download PDF

Info

Publication number
CN116232787A
CN116232787A CN202211631255.9A CN202211631255A CN116232787A CN 116232787 A CN116232787 A CN 116232787A CN 202211631255 A CN202211631255 A CN 202211631255A CN 116232787 A CN116232787 A CN 116232787A
Authority
CN
China
Prior art keywords
sslvpn
client
parameter information
network
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211631255.9A
Other languages
Chinese (zh)
Inventor
李欣强
李冲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202211631255.9A priority Critical patent/CN116232787A/en
Publication of CN116232787A publication Critical patent/CN116232787A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0253Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using browsers or web-pages for accessing management information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a network access method, a device, a system and a storage medium of a sslvpn client, wherein the method is applied to a network server and comprises the following steps: acquiring a sslvpn access request sent by a browser; determining parameter information about a sslvpn client daemon based on the sslvpn access request; establishing network connection with a sslvpn client background program based on the parameter information; transmitting the parameter information to the sslvpn client background program based on the network connection, enabling the sslvpn client background program to transmit the parameter information to a sslvpn server, receiving a feedback message of the sslvpn server, and transmitting the feedback message to the network server; processing the feedback message to generate a response message in a target format; and sending the response message to the browser to finish the access of sslvpn. The network access method of the sslvpn client can quickly and conveniently realize the access connection between the sslvpn client and the sslvpn server based on the network server.

Description

Network access method, device and system of sslvpn client and storage medium
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a network access method, a device, a system and a storage medium.
Background
When sslvpn is used, the user needs to log in through the client, and before that, the user needs to acquire the client installation package and then install the client installation package, so that the operation is complex. The access mode of the sslvpn through the browser does not need the user to actively acquire and install the client, so that the browser access scheme of the sslvpn is particularly important. But only supports sslvpn client-side retrofit of computer clients based on existing solutions.
For example, as shown in fig. 1, the prior art scheme is to directly modify the original sslvpn client, including to perform transceiving interaction with the browser by developing an http frame, so that the modification of the sslvpn client of the old computer is relatively large and complex. In addition, when the existing computer client supports access of the sslvpn browser, the newly-added http resolution framework is a huge and complex module, so that the development of the function is time-consuming and labor-consuming, the requirements on the integrity and stability of the equipment and the module are high, and the implementation is difficult.
Disclosure of Invention
The invention provides a network access method for realizing the access connection between the sslvpn client and the sslvpn server based on the network server.
In order to solve the above technical problems, an embodiment of the present invention provides a network access method of a sslvpn client, which is applied to a network server, and the method includes:
acquiring a sslvpn access request sent by a browser;
determining parameter information about a sslvpn client daemon based on the sslvpn access request;
establishing network connection with a sslvpn client background program based on the parameter information;
transmitting the parameter information to the sslvpn client background program based on the network connection, enabling the sslvpn client background program to transmit the parameter information to a sslvpn server, receiving a feedback message of the sslvpn server, and transmitting the feedback message to the network server;
processing the feedback message to generate a response message in a target format;
and sending the response message to the browser to finish the access of sslvpn.
As an optional embodiment, the obtaining the sslvpn access request sent by the browser includes:
the user initiates the sslvpn access request based on the browser;
and the browser sends the sslvpn access request to the network server, so that the network server obtains the sslvpn access request.
As an optional embodiment, the determining parameter information about the sslvpn client daemon based on the sslvpn access request includes:
carrying out data analysis on the sslvpn access request;
and determining the communication address and the access request parameter of the sslvpn client background program based on the analysis result.
As an optional embodiment, the establishing a network connection with the sslvpn client background program based on the parameter information includes:
and establishing TCP connection with the sslvpn client background program based on the communication address.
As an optional embodiment, said sending the parameter information to the sslvpn client daemon based on the network connection includes:
encapsulating the parameter information based on a transmission protocol of the network connection;
and sending the encapsulated parameter information to the sslvpn client background program based on the network connection.
As an alternative embodiment, the sslvpn client daemon sends the parameter information to a sslvpn server, including:
and the sslvpn client-side background program encapsulates the parameter information and sends the parameter information to the sslvpn server.
As an optional embodiment, the processing the feedback message to generate a response message in the target format includes:
and constructing an http response message based on the feedback message.
Another embodiment of the present invention also provides a browser access device of a sslvpn client, which is applied to a network server, and is characterized in that the browser access device of the sslvpn client includes:
the acquisition module is used for acquiring a sslvpn access request sent by the browser;
a determining module, configured to determine parameter information about a sslvpn client background procedure based on the sslvpn access request;
the establishing module is used for establishing network connection with the sslvpn client background program based on the parameter information;
the first sending module is used for sending the parameter information to the sslvpn client-side background program based on the network connection, so that the sslvpn client-side background program sends the parameter information to a sslvpn server, receives a feedback message of the sslvpn server, and sends the feedback message to the network server;
the processing module is used for processing the feedback message to generate a response message in a target format;
and the second sending module is used for sending the response message to the browser to finish the access of sslvpn.
Another embodiment of the present invention further provides a browser access system of a sslvpn client, which is characterized by including:
one or more processors;
a memory configured to store one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the network access method of a sslvpn client as in any one of the embodiments above.
Another embodiment of the present invention also provides a storage medium, characterized in that a computer program is stored thereon, which when executed by a processor implements a network access method of a sslvpn client according to any one of the embodiments above.
Based on the disclosure of the above embodiment, it can be known that the beneficial effects of the embodiment of the present invention include that the network server is used as the middleware between the sslvpn client and the sslvpn server to execute the request interaction between the two, so that it is unnecessary to construct a complicated http frame in the existing scheme, the computer client needs not to process the data of the browser, and can obtain the data directly based on the network server, and when interacting with the sslvpn server, it is also unnecessary to process intermediate data, and the data are processed by the network server, thereby greatly reducing the workload. In addition, the network server technology is mature, and compared with an http frame constructed in the existing scheme, the performance is more stable.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
fig. 1 is a sslvpn access method in a prior art scheme.
Fig. 2 is a flowchart of a network access method of a sslvpn client in an embodiment of the present invention.
Fig. 3 is a flow chart of a network access method of a sslvpn client in another embodiment of the invention.
Fig. 4 is an application flowchart of a network access method of a sslvpn client in an embodiment of the present invention.
Fig. 5 is another application flowchart of the network access method of the sslvpn client in the embodiment of the present invention.
Fig. 6 is a block diagram of a network access device of a sslvpn client in an embodiment of the invention.
Detailed Description
Hereinafter, specific embodiments of the present invention will be described in detail with reference to the accompanying drawings, but not limiting the invention.
It should be understood that various modifications may be made to the embodiments disclosed herein. Therefore, the following description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of this disclosure will occur to persons of ordinary skill in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and, together with a general description of the disclosure given above and the detailed description of the embodiments given below, serve to explain the principles of the disclosure.
These and other characteristics of the invention will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It is also to be understood that, although the invention has been described with reference to some specific examples, a person skilled in the art will certainly be able to achieve many other equivalent forms of the invention, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present disclosure will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present disclosure will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely examples of the disclosure, which may be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the disclosure in unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely serve as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present disclosure in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the disclosure.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
As shown in fig. 2, an embodiment of the present invention provides a network access method of a sslvpn client, which is applied to a network server, where the method includes:
acquiring a sslvpn access request sent by a browser;
determining parameter information about a sslvpn client daemon based on the sslvpn access request;
establishing network connection with a sslvpn client background program based on the parameter information;
the parameter information is sent to a sslvpn client background program based on network connection, so that the sslvpn client background program sends the parameter information to a sslvpn server, receives a feedback message of the sslvpn server, and sends the feedback message to a network server;
processing the feedback message to generate a response message in a target format;
and sending a response message to the browser to finish the access of the sslvpn.
In this embodiment, a sslvpn module may be built in the web server, so as to perform an interaction step between the browser and the sslvpn client daemon, that is, connect the two. And the web server may be integrated as an intermediate into the sslvpn client for performing the steps described above in this embodiment.
Based on the disclosure of the above embodiment, it can be known that the beneficial effects of the present embodiment include that the network server is used as the middleware between the sslvpn client and the sslvpn server to execute the request interaction between the sslvpn client and the sslvpn server, so that a complicated http frame in the existing scheme is not required to be constructed, the computer client is not required to process the data of the browser, and the data can be obtained directly based on the network server, and the intermediate data is also not required to be processed when the network server interacts with the sslvpn server, and the data are processed by the network server, thereby greatly reducing the workload. In addition, the network server technology is mature, and compared with an http frame constructed in the existing scheme, the performance is more stable. Therefore, the method based on the embodiment can effectively solve the technical problems that when the existing sslvpn computer client realizes the browser access function, the http framework is necessary in the function, the framework development is complex, the original client is changed greatly, the processing process is complex, and the client is required to process a large amount of interaction data.
Further, in this embodiment, when obtaining the sslvpn access request sent by the browser, the method includes:
the user initiates a sslvpn access request based on a browser;
the browser sends the sslvpn access request to the network server, so that the network server obtains the sslvpn access request.
As shown in fig. 3, determining parameter information about the sslvpn client daemon based on the sslvpn access request includes:
carrying out data analysis on the sslvpn access request;
and determining the communication address and the access request parameter of the sslvpn client background program based on the analysis result.
Establishing network connection with the sslvpn client-side background program based on the parameter information, wherein the network connection comprises the following steps:
and establishing the TCP connection with the sslvpn client background program based on the communication address.
Transmitting the parameter information to the sslvpn client daemon based on the network connection, comprising:
packaging the parameter information based on a transmission protocol of network connection;
and sending the encapsulated parameter information to a sslvpn client background program based on network connection.
The sslvpn client daemon sends parameter information to the sslvpn server, including:
and the parameter information is packaged by the sslvpn client-side background program and then sent to the sslvpn server.
Processing the feedback message to generate a response message in a target format, including:
and constructing an http response message based on the feedback message.
Specifically, as shown in fig. 4, the user acquires a sslvpn login page based on the browser, and the sslvpn server responds to the login page and feeds back response information. After receiving the response information, the browser determines connection with the sslvpn, detects whether the background degree of the sslvpn client exists in the current equipment, and if the background degree of the sslvpn client does not exist, obtains a background program package of the sslvpn client from the sslvpn server and installs the background program package. If the information exists or is installed, a user can input a user name, a password and access request information through a sslvpn login page of the browser, the browser can acquire the information and send the information to a network server (namely a web server in the figure), and the network server is located in user equipment and can be regarded as middleware for interaction between the browser and a sslvpn client-side background program.
In the network server, the network server is responsible for analyzing http data from a browser, encapsulating the data according to the requirements of the sslvpn client-side background program, and then sending the encapsulated data to the sslvpn client-side background program.
The sslvpn client-side background program interacts with the sslvpn server based on the received data, sends an access request, receives a response result returned by the sslvpn server, and returns the result to the network server.
And the network server processes the response result returned by the background program of the sslvpn client, constructs an http response message, and finally returns the http response message to the browser to complete sslvpn access of the user.
Further, to better illustrate the execution of the network server, the following details are described with reference to fig. 4:
as shown in fig. 5, a user initiates a sslvpn access request through a browser, and then the browser sends the request data (here, http request data) to a local web server (i.e., a web server in the figure), where the web server can be understood as a middleware in the sslvpn system;
after receiving the http request data, the network server analyzes the data from the existing http frame to obtain carried sslvpn access request parameters and communication addresses of a background program of the sslvpn client, wherein the communication addresses specifically comprise ip, ports, user names and passwords of a virtual gateway of the sslvpn;
according to the frame flow of the network server, entering an added new module sslvpn module, establishing tcp connection with a sslvpn client background program through the module by combining a communication address of the sslvpn client background program, packaging the obtained access request parameters, and transmitting the access request parameters to the sslvpn client background program based on the tcp connection;
the client background program of the sslvpn encapsulates according to the access data transmitted by the network server, then initiates an access request to the sslvpn server, namely, the encapsulated information is transmitted to the sslvpn server, receives the information returned by the sslvpn server, and forwards the information to the network server;
and the sslvpn module of the network server constructs the returned result into a response message, and then the http frame of the network server returns the data to the browser to complete the access of the sslvpn.
As shown in fig. 6, another embodiment of the present invention also provides a browser access device 100 of a sslvpn client, which is applied to a web server, where the browser access device of the sslvpn client includes:
the acquisition module is used for acquiring a sslvpn access request sent by the browser;
a determining module, configured to determine parameter information about a sslvpn client background procedure based on the sslvpn access request;
the establishing module is used for establishing network connection with the sslvpn client background program based on the parameter information;
the first sending module is used for sending the parameter information to the sslvpn client-side background program based on the network connection, so that the sslvpn client-side background program sends the parameter information to a sslvpn server, receives a feedback message of the sslvpn server, and sends the feedback message to the network server;
the processing module is used for processing the feedback message to generate a response message in a target format;
and the second sending module is used for sending the response message to the browser to finish the access of sslvpn.
As an optional embodiment, the obtaining the sslvpn access request sent by the browser includes:
the user initiates the sslvpn access request based on the browser;
and the browser sends the sslvpn access request to the network server, so that the network server obtains the sslvpn access request.
As an optional embodiment, the determining parameter information about the sslvpn client daemon based on the sslvpn access request includes:
carrying out data analysis on the sslvpn access request;
and determining the communication address and the access request parameter of the sslvpn client background program based on the analysis result.
As an optional embodiment, the establishing a network connection with the sslvpn client background program based on the parameter information includes:
and establishing TCP connection with the sslvpn client background program based on the communication address.
As an optional embodiment, said sending the parameter information to the sslvpn client daemon based on the network connection includes:
encapsulating the parameter information based on a transmission protocol of the network connection;
and sending the encapsulated parameter information to the sslvpn client background program based on the network connection.
As an alternative embodiment, the sslvpn client daemon sends the parameter information to a sslvpn server, including:
and the sslvpn client-side background program encapsulates the parameter information and sends the parameter information to the sslvpn server.
As an optional embodiment, the processing the feedback message to generate a response message in the target format includes:
and constructing an http response message based on the feedback message.
Another embodiment of the present invention further provides a browser access system, including:
one or more processors;
a memory configured to store one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the network access method of the sslvpn client described above.
Further, an embodiment of the present invention also provides a storage medium having stored thereon a computer program which, when executed by a processor, implements a network access method of a sslvpn client as described above. It should be understood that each solution in this embodiment has a corresponding technical effect in the foregoing method embodiment, which is not described herein.
Further, embodiments of the present invention also provide a computer program product tangibly stored on a computer-readable medium and comprising computer-readable instructions that, when executed, cause at least one processor to perform a device log processing method such as in the embodiments described above.
The computer storage medium of the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage media element, a magnetic storage media element, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, antenna, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Additionally, it should be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create a system for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
The above embodiments are only exemplary embodiments of the present invention and are not intended to limit the present invention, the scope of which is defined by the claims. Various modifications and equivalent arrangements of this invention will occur to those skilled in the art, and are intended to be within the spirit and scope of the invention.

Claims (10)

1. A network access method of a sslvpn client, which is applied to a network server, characterized in that the method comprises the following steps:
acquiring a sslvpn access request sent by a browser;
determining parameter information about a sslvpn client daemon based on the sslvpn access request;
establishing network connection with a sslvpn client background program based on the parameter information;
transmitting the parameter information to the sslvpn client background program based on the network connection, enabling the sslvpn client background program to transmit the parameter information to a sslvpn server, receiving a feedback message of the sslvpn server, and transmitting the feedback message to the network server;
processing the feedback message to generate a response message in a target format;
and sending the response message to the browser to finish the access of sslvpn.
2. The network access method of the sslvpn client according to claim 1, wherein the obtaining the sslvpn access request sent by the browser includes:
the user initiates the sslvpn access request based on the browser;
and the browser sends the sslvpn access request to the network server, so that the network server obtains the sslvpn access request.
3. The network access method of a sslvpn client according to claim 1, wherein the determining parameter information about a sslvpn client daemon based on the sslvpn access request includes:
carrying out data analysis on the sslvpn access request;
and determining the communication address and the access request parameter of the sslvpn client background program based on the analysis result.
4. A network access method for a sslvpn client according to claim 3, wherein the establishing a network connection with a sslvpn client daemon based on the parameter information includes:
and establishing TCP connection with the sslvpn client background program based on the communication address.
5. A network access method of a sslvpn client according to claim 3, characterized in that the sending the parameter information to the sslvpn client daemon based on the network connection comprises:
encapsulating the parameter information based on a transmission protocol of the network connection;
and sending the encapsulated parameter information to the sslvpn client background program based on the network connection.
6. The network access method of a sslvpn client according to claim 1, wherein the sslvpn client daemon transmits the parameter information to a sslvpn server, comprising:
and the sslvpn client-side background program encapsulates the parameter information and sends the parameter information to the sslvpn server.
7. The network access method of the sslvpn client according to claim 1, wherein the processing the feedback message to generate the response message in the target format includes:
and constructing an http response message based on the feedback message.
8. A network access device of a sslvpn client, which is applied to a network server, wherein the browser access device of the sslvpn client comprises:
the acquisition module is used for acquiring a sslvpn access request sent by the browser;
a determining module, configured to determine parameter information about a sslvpn client background procedure based on the sslvpn access request;
the establishing module is used for establishing network connection with the sslvpn client background program based on the parameter information;
the first sending module is used for sending the parameter information to the sslvpn client-side background program based on the network connection, so that the sslvpn client-side background program sends the parameter information to a sslvpn server, receives a feedback message of the sslvpn server, and sends the feedback message to the network server;
the processing module is used for processing the feedback message to generate a response message in a target format;
and the second sending module is used for sending the response message to the browser to finish the access of sslvpn.
9. A network access system of sslvpn clients, comprising:
one or more processors;
a memory configured to store one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the network access method of the sslvpn client of any one of claims 1-7.
10. A storage medium having stored thereon a computer program which when executed by a processor implements a network access method of a sslvpn client according to any one of claims 1 to 7.
CN202211631255.9A 2022-12-19 2022-12-19 Network access method, device and system of sslvpn client and storage medium Pending CN116232787A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211631255.9A CN116232787A (en) 2022-12-19 2022-12-19 Network access method, device and system of sslvpn client and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211631255.9A CN116232787A (en) 2022-12-19 2022-12-19 Network access method, device and system of sslvpn client and storage medium

Publications (1)

Publication Number Publication Date
CN116232787A true CN116232787A (en) 2023-06-06

Family

ID=86588175

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211631255.9A Pending CN116232787A (en) 2022-12-19 2022-12-19 Network access method, device and system of sslvpn client and storage medium

Country Status (1)

Country Link
CN (1) CN116232787A (en)

Similar Documents

Publication Publication Date Title
CN108306877B (en) NODE JS-based user identity information verification method and device and storage medium
US20180157562A1 (en) Virtual machine-based data transmission method, apparatus and system
WO2016173199A1 (en) Mobile application single sign-on method and device
CN102843437A (en) Conversion method and device for webpage application and network device
CN112217771B (en) Data forwarding method and data forwarding device based on tenant information
CN102143177B (en) Portal authentication method, Portal authentication device,Portal authentication equipment and Portal authentication system
EP4120109A1 (en) Cluster access method and apparatus, electronic device, and medium
EP4319097A1 (en) Communication method, apparatus, computer-readable medium electronic device, and program product
TW201706901A (en) Authentication method, apparatus, and system
CN110769009B (en) User identity authentication method and system
CN110493239B (en) Authentication method and device
CN110399578A (en) Page access method and device
CN105282095A (en) Login verification method and device of virtual desktop
CN111066014B (en) Apparatus, method, and program for remotely managing devices
EP2813051B1 (en) Dynamic sharing of a webservice
CN110730189B (en) Communication authentication method, device, equipment and storage medium
CN103634396A (en) Method, gateway equipment and system for accessing intranet webpage service data
CN106911732A (en) A kind of website visiting accelerating method and device
CN107786502A (en) A kind of authentication proxy's method, apparatus and equipment
CN110572394B (en) Access control method and device
CN109005250B (en) Method and device for accessing server
CN116232787A (en) Network access method, device and system of sslvpn client and storage medium
CN113746851B (en) Proxy system and method supporting real-time analysis of GRPC request
CN113766020A (en) Remote control system and method for satellite navigation receiver equipment
CN110839231B (en) Method and equipment for acquiring terminal identification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination