CN116248436A - Remote communication method and device - Google Patents

Remote communication method and device Download PDF

Info

Publication number
CN116248436A
CN116248436A CN202211598068.5A CN202211598068A CN116248436A CN 116248436 A CN116248436 A CN 116248436A CN 202211598068 A CN202211598068 A CN 202211598068A CN 116248436 A CN116248436 A CN 116248436A
Authority
CN
China
Prior art keywords
port
terminal
container
server
container mirror
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211598068.5A
Other languages
Chinese (zh)
Inventor
朱利军
马坤
刘浩杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Clover Cyber Technology Co ltd
Original Assignee
Xi'an Clover Cyber Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Clover Cyber Technology Co ltd filed Critical Xi'an Clover Cyber Technology Co ltd
Priority to CN202211598068.5A priority Critical patent/CN116248436A/en
Publication of CN116248436A publication Critical patent/CN116248436A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a remote communication method and a device, wherein the method comprises the following steps: constructing a container mirror image with a virtual tunnel private network function on a first terminal; running a container mirror image by utilizing a dock component pre-installed on a first terminal, and binding a first port of the first terminal with a second port of the container mirror image; initiating a connection to a VPS server using a container mirror or a first terminal; forwarding the second port of the container image to a third port of the VPS server; receiving the request data packet forwarded by the VPS server by utilizing a second communication link; the destination address of the request packet is obtained and the request packet is forwarded to the third terminal via the container mirror using the first communication link. The scheme ensures that the second terminal in the second local area network can access any terminal in the first local area network in an all-IP mode, has simple construction operation and lower cost, and ensures the safety of a communication link by using the encryption technology of the virtual tunnel private network.

Description

Remote communication method and device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a remote communication method and apparatus.
Background
With the rapid development of internet technology, network space has been divided into various complex network structures such as wide area networks, metropolitan area networks, and local area networks. There are a large number of network elements of the type such as local area network area A, B, C in fig. 1. Local area networks solve the problem of limited IP addresses well, but also bring about the limitation that local areas can only be accessed by terminals in the "network". On-line office becomes a normal state under the current epidemic situation, and how to enable any terminal in the A local area network area to access all terminals in the B local area network area becomes a real problem to be solved urgently.
Conventional solutions require the principal of the first local area network to find the communication regulatory unit or operator to purchase the internet address, then bind the address to the router, and finally make mapping port mapping on the router or deploy other devices at the portal.
However, the number of internet IP addresses is limited, the release and authorization of private internet IP is limited, the cost of applying for private internet IP addresses is high, the application process is troublesome, and the method is not suitable for application scenes of temporary use or short-time use.
In addition, if private internet IP is applied, port mapping can only be performed on the router without other special devices. The method can only map the ports of certain appointed terminal devices in the local area network to the Internet, and the user of the second local area network can only access the appointed ports and can not access any devices in the first local area network in an all-IP mode. Moreover, the port mapping can expose the whole service system of the first local area network to the Internet, so that great potential safety hazards are brought.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems existing in the prior art.
To this end, a first aspect of the present invention proposes a telecommunication method applied to a first terminal in a first local area network, the first terminal being any terminal in the first local area network, the method comprising:
constructing a container mirror image with a virtual tunnel private network function on the first terminal;
running the container mirror image by utilizing a dock component pre-installed on the first terminal, and binding a first port of the first terminal with a second port of the container mirror image to construct a first communication link between the first port of the first terminal and the second port of the container mirror image;
initiating a connection to a VPS server using the container mirror or the first terminal to establish a communication connection with the VPS server; the VPS server is a cloud server which has started SSH service;
forwarding the second port of the container image onto a third port of a VPS server to construct a second communication link between the second port of the container image and the third port of the VPS server;
receiving a request data packet forwarded by the VPS server by utilizing the second communication link, wherein the request data packet is sent to the VPS server by a second terminal; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network;
and acquiring a destination address of the request data packet, and forwarding the request data packet to the third terminal through the container mirror image by utilizing the first communication link.
Optionally, the constructing a container mirror image with a virtual tunnel private network function on the first terminal includes:
and constructing a container mirror image vpnserver with a virtual tunnel private network function by using OpenVPN software.
Optionally, the number of the first port, the second port, and the third port is at least one, the first port is a communication port that is not occupied by the first terminal currently, the second port is a communication port that is not occupied by the container mirror currently, and the third port is a communication port that is not occupied by the VPS server currently.
Optionally, the currently unoccupied communication port of the first terminal and the currently unoccupied communication port of the container mirror image each include 6943 ports and 6443 ports, and the binding the first port of the first terminal with the second port of the container mirror image includes:
binding 6943 port of the first terminal and 6943 port of the container mirror image respectively, and binding 6443 port of the first terminal and 6443 port of the container mirror image.
Optionally, the number of the third ports is at least one, and forwarding the second port of the container image to the third port of the VPS server includes:
the 6943 port of the container mirror is forwarded to the 6943 port of the VPS server, and the 6443 port of the container mirror is forwarded to the 6443 port of the VPS server, respectively.
Optionally, the first terminal and the third terminal are any one terminal of a computer, a server, a smart phone and a notebook computer in the first local area network, and the second terminal is any one terminal of a computer, a server, a smart phone and a notebook computer in the second local area network.
A second aspect of the present invention proposes a remote communication device applied to a first terminal in a first local area network, where the first terminal is any terminal in the first local area network, the device comprising:
the construction module is used for constructing a container mirror image with a virtual tunnel private network function on the first terminal;
the binding module is used for running the container mirror image by utilizing a dock component which is pre-installed on the first terminal, and binding a first port of the first terminal with a second port of the container mirror image so as to construct a first communication link between the first port of the first terminal and the second port of the container mirror image;
a connection module for initiating a connection to a VPS server using the container image or the first terminal to establish a communication connection with the VPS server; the VPS server is a cloud server which has started SSH service;
a first forwarding module, configured to forward the second port of the container image onto a third port of a VPS server, so as to construct a second communication link between the second port of the container image and the third port of the VPS server;
the receiving module is used for receiving a request data packet forwarded by the VPS server by utilizing the second communication link, wherein the request data packet is sent to the VPS server by a second terminal; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network;
and the second forwarding module is used for acquiring the destination address of the request data packet and forwarding the request data packet to the third terminal through the container mirror image by utilizing the first communication link.
Optionally, the construction module is specifically configured to:
and constructing a container mirror image vpnserver with a virtual tunnel private network function by using OpenVPN software.
Optionally, the binding module is specifically configured to:
binding 6943 port of the first terminal and 6943 port of the container mirror image respectively, and binding 6443 port of the first terminal and 6443 port of the container mirror image.
Optionally, the first forwarding module is specifically configured to:
the 6943 port of the container mirror is forwarded to the 6943 port of the VPS server, and the 6443 port of the container mirror is forwarded to the 6443 port of the VPS server, respectively.
A fifth aspect of the present invention proposes an electronic device comprising a processor and a memory, said memory storing at least one instruction, at least one program, a set of codes or a set of instructions, said at least one instruction, said at least one program, said set of codes or set of instructions being loaded and executed by said processor to implement the telecommunication method according to the first aspect.
A sixth aspect of the present invention proposes a computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes or a set of instructions, the at least one instruction, the at least one program, the set of codes or the set of instructions being loaded and executed by a processor to implement the telecommunication method according to the first aspect.
The embodiment of the invention has the following beneficial effects:
constructing a container mirror image with a virtual tunnel private network function on the first terminal; running the container mirror image by utilizing a dock component pre-installed on the first terminal, and binding a first port of the first terminal with a second port of the container mirror image to construct a first communication link between the first port of the first terminal and the second port of the container mirror image; initiating a connection to a VPS server using the container mirror or the first terminal to establish a communication connection with the VPS server; the VPS server is a cloud server which has started SSH service; forwarding the second port of the container image onto a third port of a VPS server to construct a second communication link between the second port of the container image and the third port of the VPS server; receiving a request data packet forwarded by the VPS server by utilizing the second communication link, wherein the request data packet is sent to the VPS server by a second terminal; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network; and acquiring a destination address of the request data packet, and forwarding the request data packet to the third terminal through the container mirror image by utilizing the first communication link. The scheme utilizes the container mirror image of the virtual tunnel private network function to construct a link which accesses any terminal in the first local area network through the first terminal, and utilizes the VPS server to construct a link which can access the first terminal from the external network, so that a second terminal positioned in the external network can access any terminal in the first local area network in an all-IP mode through the VPS server and the container mirror image. The construction operation is simple, the cost is low, and the safety of the communication link is ensured by using the encryption technology of the virtual tunnel private network.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the following description will make a brief introduction to the drawings used in the description of the embodiments or the prior art. It should be apparent that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained from these drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a schematic diagram of a LAN network architecture in the prior art;
fig. 2 is a schematic diagram of a lan network structure according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating steps of a method for remote communication according to an embodiment of the present invention;
fig. 4 is a block diagram of a remote communication device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The present specification provides method operational steps as described in the examples or flowcharts, but may include more or fewer operational steps based on conventional or non-inventive labor. When implemented in a real system or server product, the methods illustrated in the embodiments or figures may be performed sequentially or in parallel (e.g., in a parallel processor or multithreaded environment).
Fig. 1 is a schematic diagram of a lan network structure in the prior art.
As shown in fig. 1, the first local area network and the second local area network are common home networks or enterprise networks, and each network includes a router, a firewall, and terminal devices such as a computer, a smart phone, a notebook, and the like.
The inventor finds that, in the process of researching the related technology, as the router at the entrance of the local area network adopts the address conversion technology, the local area network area can access any one of the targets in the internet area, and the internet area can not access the devices such as a notebook, a computer, a smart phone and the like in the local area network area.
The network structure well protects the safety of equipment and terminals in the local area network. This is because internet addresses are used in the internet area, commonly known as public network addresses, and private addresses are used in the local area, commonly known as local area network addresses. Throughout the network space, addresses in the local area network are allowed to reappear and most of the real life is the local area network.
For example, in fig. 1 there may be a large number of network elements of a type similar to the first local area network, the second local area network, etc. Such as our home network per home, most enterprise networks, etc. Because the number of internet addresses is limited, the allocation authority of such addresses is generally cloud manufacturers, operators, communication management units and the like, and most users cannot be directly allocated and directly used. It is a difficulty how to make it possible for any terminal in the second lan area to access all terminals in the first lan area, as is the case with current online offices.
Conventional solutions require that the unit responsible person of the first local area network find the communication regulatory unit or the operator to purchase the internet address, then bind the address to the router, and finally make mapping port mapping on the router or deploy other devices at the portal to access. However, since the number of internet IP addresses is limited, the issuance and authorization of internet IP is limited; secondly, the application flow of the general communication supervision unit for the use of the Internet IP is troublesome, and the application flow is not suitable for temporary use or short-time use application scenes.
Under the condition that the private internet IP exists, port mapping can only be performed on a router without other special equipment, ports of certain specified terminal equipment in the local area network can only be mapped on the internet, a user of the second local area network can only access the specified ports, any equipment in the first local area network cannot be accessed in an all-IP mode, and then a service system is exposed to the whole internet if the port mapping is used, so that a great potential safety hazard is indirectly caused.
Fig. 2 is a schematic diagram of a lan network structure according to an embodiment of the present invention.
As shown in fig. 2, the lan network structure includes a first lan, a second lan, and other lans. According to the scheme, the cloud host is added to the Internet, and any terminal in the first local area network is set in a related mode, so that the scheme can solve the problem: a user like user a in the second local area network can easily access any terminal device or server A, B, C … … etc. in the local area B in the form of an all-IP all-port as long as it can access the internet, no matter how many, no matter in any geographical location, and the access manner is the same as that in the second local area network.
The specific implementation of this embodiment will be described in detail below based on the step method in fig. 3.
Fig. 3 is a flowchart of steps of a telecommunication method according to an embodiment of the present invention. The method is applied to a first terminal in a first local area network, wherein the first terminal is any terminal in the first local area network, and the method comprises the following steps:
and 101, constructing a container mirror image with a virtual tunnel private network function on the first terminal.
The first terminal may be a terminal device located in any one of the local area networks. Referring to fig. 2, the first terminal may be a server a located in a first local area network, for example.
Virtual private networks (Virtual Private Network, VPN), which are network technologies that rely on ISPs (internet service providers) and other NSPs (network service providers) to establish private data communications in a public network, can provide secure data transport tunneling services between enterprises or from person to person. The link between any two points in VPN is not an end-to-end physical link required by traditional private network, but is dynamically composed by using public network resources, and is realized by using public Internet network.
The container image contains a packaged application and its dependencies, as well as the process information it runs at startup. The container image may be created by providing a set of instructions in a special format.
Any software with virtual tunnel private network functionality may be selected to construct a container image with virtual tunnel private network functionality on the first terminal.
In one possible implementation manner, the building a container mirror image with a virtual tunnel private network function on the first terminal includes:
and constructing a container mirror image vpnserver with a virtual tunnel private network function by using OpenVPN software.
In the embodiment of the invention, the OpenVPN is an open source VPN under Linux, and good performance and friendly user GUI are provided. It uses a lot of SSLv3/TLSv1 protocol function library in OpenSSL encryption library. OpenVPN can run on Solaris, linux, mac OS X and Microsoft Windows, and Android and iOS and contains many security functions.
And constructing and obtaining a container mirror image vpnserver with a virtual tunnel private network function by operating OpenVPN software.
And 102, running the container mirror image by utilizing a dock component pre-installed on the first terminal, and binding a first port of the first terminal with a second port of the container mirror image to construct a first communication link between the first port of the first terminal and the second port of the container mirror image.
Dock is an open-source application container engine that allows developers to package their applications and rely on packages into a portable image, which is then published to any popular Linux or Windows operating system machine, and also allows virtualization. The containers are completely sandboxed without any interface to each other.
The docker component is pre-installed on the first terminal and the container mirroring in the import step 101 in response to the docker command is performed.
For example, execute command:
docker import vpnserver.tar vpnserver:latest
so that a container image vpnserver.
And then executing a dock command, and binding the first port of the first terminal with the second port of the container mirror image through command parameters.
For example, the following dock command is executed:
dock run-itd-p first port second port-privileged = true vpnserver/usr/sbin/init
The first port is a port of the first terminal, and the second port is a port of the container mirror image, so that the first port of the first terminal and the second port of the container mirror image can be bound, and a first communication link between the first port of the first terminal and the second port of the container mirror image is constructed.
The first port and the second port are communication ports which are not occupied or used currently by the first terminal and the container mirror image respectively in order to ensure the timeliness of the data transmission of the first communication link.
In the scheme, because VPN service exists in the dock, the communication ports of the first terminal and the container mirror image are bound, which is equivalent to constructing a reverse virtual private network which can access the whole local area network where the first terminal is located. That is, as long as the first terminal receives a data request from the internet, the data request can be forwarded to any one of the terminals in the first local area network through the VPN service.
In one possible implementation, the currently unoccupied communication port of the first terminal and the currently unoccupied communication port of the container image each include a 6943 port and a 6443 port, and the binding the first port of the first terminal with the second port of the container image includes:
binding 6943 port of the first terminal and 6943 port of the container mirror image respectively, and binding 6443 port of the first terminal and 6443 port of the container mirror image.
Specifically, the following dock command may be executed:
docker run–itd–p6943:6943–p6443:6443–privileged=true vpnserver/usr/sbin/init
the first 6943 is a port of the first terminal, the second 6943 is a port of the container mirror image, the first 6443 is a port of the first terminal, and the second 6443 is a port of the container mirror image, so that the 6943 port of the first terminal and the 6943 port of the container mirror image can be bound, and the 6443 port of the first terminal and the 6443 port of the container mirror image can be bound.
Step 103, initiating a connection to a VPS server by using the container mirror image or the first terminal so as to establish a communication connection with the VPS server; the VPS server is a cloud server with SSH service started.
The VPS server (Virtual Private Server ) is a small server that creates multiple isolated servers on a physical server using virtual server software. Each VPS server can be restarted independently and has own root access rights, users, IP addresses, memory, procedures, files, applications, system function libraries and configuration files. VPS servers have unique advantages in terms of cost savings.
The VPS server can be applied for temporary use at an internet cloud service provider, and the VPS server has low cost and is easy to apply. The VPS server, after opening the linked SSH service, can be accessed by any lan address.
SSH (Secure Shell) is a security protocol based on an application layer. SSH is a relatively reliable protocol that provides security specifically for telnet sessions and other network services. The SSH protocol can effectively prevent the information leakage problem in the remote management process.
After the VPS server sets the SSH service, the container mirror image or the first terminal where the reverse virtual machine private network in the local area network is located initiates connection to the VPS server, so as to establish a communication connection with the VPS server.
Step 104, forwarding the second port of the container image to a third port of the VPS server to construct a second communication link between the second port of the container image and the third port of the VPS server.
The second port of the container mirror is forwarded to the third port of the VPS server via an autossh command, so that the VPS server monitors the ssh reverse proxy port (i.e. the second port of the container mirror) with one specific port (i.e. the third port), thus achieving a stable communication connection.
In one possible implementation, the number of the third ports is at least one, and the forwarding the second port of the container image to the third port of the VPS server includes:
the 6943 port of the container mirror is forwarded to the 6943 port of the VPS server, and the 6443 port of the container mirror is forwarded to the 6443 port of the VPS server, respectively.
Specifically, the container mirror or first terminal performs the following commands:
autossh-fcnr 0.0.0.0:6443: IP of first terminal: IP Autossh-fcnr 0.0.0.0:6943 of 6443root@VPS server: IP of 6943root@VPS server
In this way, the 6443 port of the first terminal is forwarded to the 6443 port of the VPS server, and the 6943 port of the first terminal is forwarded to the 6943 port of the VPS server, thereby establishing the second communication link. The second communication link comprises a link between the 6443 port of the first terminal and the 6443 port of the VPS server, and a link between the 6943 port of the first terminal and the 6943 port of the VPS server.
At this time, the user accesses 6934 port of the VPS server, that is, 6943 port of the first terminal, which corresponds to 6943 port of the container image in the first lan.
In one possible implementation, the first port is a communication port that is currently unoccupied by the first terminal, the second port is a communication port that is currently unoccupied by the container image, and the third port is a communication port that is currently unoccupied by the VPS server.
Ports on a computer are unique and cannot be reused basically as long as processes are in use unless some special technical means are available for multiplexing. Therefore, the unoccupied communication ports are selected to be opened, so that the availability of a communication link can be ensured, and the data can be efficiently transmitted.
It will be appreciated that the first terminal, the VPS server, the container mirror may open the same port, or may open different ports, as long as the ports are unoccupied.
Step 105, receiving a request data packet forwarded by the VPS server by using the second communication link, where the request data packet is sent by a second terminal to the VPS server; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network.
The second terminal is located in a second local area network and the first terminal is located in a different local area network.
The second terminal sends a request data packet to a VPS server in the Internet, and the VPS server analyzes the request data packet and discovers that the destination address is a third terminal in the first local area network. At this time, the VPS server transmits the request packet to the first terminal using the second communication link. The first terminal receives the request packet.
And 106, acquiring a destination address of the request data packet, and forwarding the request data packet to the third terminal through the container mirror image by using the first communication link.
The first terminal analyzes the request data packet, acquires the destination address of the request data packet, and sends the request data to the container mirror image through the first communication link when finding that the destination address is a third terminal in the first local area network, and the container mirror image sends the request data to the third terminal.
In this way, the user in the second lan can access the VPN container in the first lan by directly using the client of OpenVPN and linking the VPS server to the designated port (e.g. 6943 port). At this time, the user can access the first local area network where the whole container is located by the identity of the container, and can access any equipment and network in the first local area network. The whole VPN is built in a first office without private Internet address
And then actively initiating connection to the Internet to construct a forwarding relation in the domain network, so that a communication link is constructed in a reverse connection 5 mode.
By the scheme, a user in the local area network can easily access any service in another local area network, and the access mode is access in a full IP (Internet protocol) and full port range, so that the effect that the visitor is just like the local area network is achieved. In addition the mode construction is simple to operate and uses reverse VPN technology,
the safety of the communication link is ensured through the encryption technology of VPN. The method not only can achieve the purpose that the user can access across the local area network, but also can reduce the use cost, and 0 breaks through the limitation of the network structure.
In one possible implementation manner, the first terminal is one of a computer, a server, a smart phone and a notebook computer located in the first local area network, and the second terminal is one of a computer, a server, a smart phone and a notebook computer located in the second local area network.
Referring to fig. 2, the first terminal and the third terminal are respectively any terminal in the first local area network, the second terminal 5 is any terminal in the second local area network, and the scheme can enable any terminal in the second local area network to be located
Any terminal in the first local area network is accessed.
In summary, in the embodiment of the present invention, a container mirror image with a virtual tunnel private network function is constructed on the first terminal; running the container using a dock component pre-installed on the first terminal
Mirror image and binding a first port of the first terminal with a second port of the container image, 0 to construct a first communication between the first port of the first terminal and the second port of the container image
A link; initiating a connection to a VPS server using the container mirror or the first terminal to establish a communication connection with the VPS server; the VPS server is a cloud server which has started SSH service; forwarding the second port of the container image to a third port of the VPS server to construct the container
A second communication link between the mirrored second port and a third port of the VPS server; receiving a request data packet forwarded by the VPS server by using the 5 second communication links, wherein the request data packet is
The second terminal sends to the VPS server; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network; acquiring a destination address of the request data packet and communicating the request data packet by using the first communication link
Forwarding to the third terminal via the container mirror. According to the scheme, a link for accessing any terminal in the first local area network through the first terminal is constructed by using the container 0 mirror image with the virtual tunnel private network function, and a link for accessing the first terminal from the external network is constructed by using the VPS server, so that a second terminal positioned in the external network can access any terminal in the first local area network in an all-IP mode through the VPS server and the container mirror image. The scheme is simple in construction and operation and low in cost, and the safety of the communication link is ensured by using the encryption technology of the virtual tunnel private network.
Fig. 4 is a block diagram of a remote communication device according to an embodiment of the present invention.
The device is applied to a first terminal in a first local area network, where the first terminal is any terminal in the first local area network, and the device 200 includes:
a construction module 201, configured to construct a container mirror image with a virtual tunnel private network function on the first terminal;
a binding module 202, configured to run the container image with a dock component pre-installed on the first terminal, and bind a first port of the first terminal with a second port of the container image, so as to construct a first communication link between the first port of the first terminal and the second port of the container image;
a connection module 203, configured to initiate a connection to a VPS server by using the container image or the first terminal, so as to establish a communication connection with the VPS server; the VPS server is a cloud server which has started SSH service;
a first forwarding module 204, configured to forward the second port of the container image onto a third port of the VPS server to construct a second communication link between the second port of the container image and the third port of the VPS server;
a receiving module 205, configured to receive, by using the second communication link, a request packet forwarded by the VPS server, where the request packet is sent by a second terminal to the VPS server; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network;
a second forwarding module 206, configured to obtain a destination address of the request packet, and forward the request packet to the third terminal through the container mirror image using the first communication link.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In yet another embodiment of the present invention, there is also provided an apparatus including a processor and a memory storing at least one instruction, at least one program, a set of codes, or a set of instructions loaded and executed by the processor to implement the telecommunication method described in the embodiments of the present invention.
In yet another embodiment of the present invention, there is also provided a computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which are loaded and executed by a processor to implement the telecommunication method described in the embodiments of the present invention.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (10)

1. A method of remote communication applied to a first terminal in a first local area network, the first terminal being any terminal in the first local area network, the method comprising:
constructing a container mirror image with a virtual tunnel private network function on the first terminal;
running the container mirror image by utilizing a dock component pre-installed on the first terminal, and binding a first port of the first terminal with a second port of the container mirror image to construct a first communication link between the first port of the first terminal and the second port of the container mirror image;
initiating a connection to a VPS server using the container mirror or the first terminal to establish a communication connection with the VPS server; the VPS server is a cloud server which has started SSH service;
forwarding the second port of the container image onto a third port of a VPS server to construct a second communication link between the second port of the container image and the third port of the VPS server;
receiving a request data packet forwarded by the VPS server by utilizing the second communication link, wherein the request data packet is sent to the VPS server by a second terminal; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network;
and acquiring a destination address of the request data packet, and forwarding the request data packet to the third terminal through the container mirror image by utilizing the first communication link.
2. The method of claim 1, wherein said constructing a virtual tunnel private network enabled container image on said first terminal comprises:
and constructing a container mirror image vpnserver with a virtual tunnel private network function by using OpenVPN software.
3. The method of claim 1, wherein the number of the first port, the second port, and the third port is at least one, the first port is a communication port that is currently unoccupied by the first terminal, the second port is a communication port that is currently unoccupied by the container mirror, and the third port is a communication port that is currently unoccupied by the VPS server.
4. The method of claim 3, wherein the currently unoccupied communication port of the first terminal and the currently unoccupied communication port of the container image each include 6943 ports, 6443 ports, and wherein binding the first port of the first terminal with the second port of the container image comprises:
binding 6943 port of the first terminal and 6943 port of the container mirror image respectively, and binding 6443 port of the first terminal and 6443 port of the container mirror image.
5. The method of claim 4, wherein the number of third ports is at least one, and wherein forwarding the second port of the container image to the third port of the VPS server comprises:
the 6943 port of the container mirror is forwarded to the 6943 port of the VPS server, and the 6443 port of the container mirror is forwarded to the 6443 port of the VPS server, respectively.
6. The method of claim 1, wherein the first terminal and the third terminal are each any one of a computer, a server, a smart phone, and a notebook computer located in the first local area network, and the second terminal is any one of a computer, a server, a smart phone, and a notebook computer located in the second local area network.
7. A telecommunications apparatus for use with a first terminal in a first local area network, the first terminal being any terminal in the first local area network, the apparatus comprising:
the construction module is used for constructing a container mirror image with a virtual tunnel private network function on the first terminal;
the binding module is used for running the container mirror image by utilizing a dock component which is pre-installed on the first terminal, and binding a first port of the first terminal with a second port of the container mirror image so as to construct a first communication link between the first port of the first terminal and the second port of the container mirror image;
a connection module for initiating a connection to a VPS server using the container image or the first terminal to establish a communication connection with the VPS server; the VPS server is a cloud server which has started SSH service;
a first forwarding module, configured to forward the second port of the container image onto a third port of a VPS server, so as to construct a second communication link between the second port of the container image and the third port of the VPS server;
the receiving module is used for receiving a request data packet forwarded by the VPS server by utilizing the second communication link, wherein the request data packet is sent to the VPS server by a second terminal; the second terminal is any terminal positioned in a second local area network; the destination address of the request data packet is a third terminal in the first local area network;
and the second forwarding module is used for acquiring the destination address of the request data packet and forwarding the request data packet to the third terminal through the container mirror image by utilizing the first communication link.
8. The apparatus of claim 7, wherein the construction module is specifically configured to:
and constructing a container mirror image vpnserver with a virtual tunnel private network function by using OpenVPN software.
9. An electronic device comprising a processor and a memory having stored therein at least one instruction, at least one program, code set, or instruction set that is loaded and executed by the processor to implement the telecommunication method of any of claims 1-6.
10. A computer readable storage medium having stored therein at least one instruction, at least one program, code set, or instruction set, the at least one instruction, the at least one program, the code set, or instruction set being loaded and executed by a processor to implement the telecommunication method of any of claims 1-6.
CN202211598068.5A 2022-12-13 2022-12-13 Remote communication method and device Pending CN116248436A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211598068.5A CN116248436A (en) 2022-12-13 2022-12-13 Remote communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211598068.5A CN116248436A (en) 2022-12-13 2022-12-13 Remote communication method and device

Publications (1)

Publication Number Publication Date
CN116248436A true CN116248436A (en) 2023-06-09

Family

ID=86626655

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211598068.5A Pending CN116248436A (en) 2022-12-13 2022-12-13 Remote communication method and device

Country Status (1)

Country Link
CN (1) CN116248436A (en)

Similar Documents

Publication Publication Date Title
US10523514B2 (en) Secure cloud fabric to connect subnets in different network domains
US11218420B2 (en) Virtual network interface objects
CA3143107C (en) Systems and methods providing a multi-cloud microservices gateway using a sidecar proxy
US8745722B2 (en) Managing remote network addresses in communications
US11032369B1 (en) System and method for non-disruptive migration of software components to a public cloud system
CN103580980A (en) Automatic searching and automatic configuration method and device of VN
BRPI0612400A2 (en) unified architecture for remote network access
CN113472625B (en) Transparent bridging method, system, equipment and storage medium based on mobile internet
CN116248436A (en) Remote communication method and device
US20220210192A1 (en) Network configuration security using encrypted transport
CN113923149B (en) Network access method, device, network system, electronic equipment and storage medium
CN110113243B (en) User non-inductive VPN access method based on container technology
KR20220070875A (en) Smart home network system based on sdn/nfv
Zientara Learn pfSense 2.4: Get up and running with Pfsense and all the core concepts to build firewall and routing solutions
CN117596285A (en) Cloud service connection method, device, equipment and storage medium
Tulloch et al. Windows vista resource kit
Janovic Integrating ACI with Virtualization and Container Platforms
CN116366455A (en) Network system, network message processing method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination