CN116938639A - Virtual private network access method, device and storage medium - Google Patents
Virtual private network access method, device and storage medium Download PDFInfo
- Publication number
- CN116938639A CN116938639A CN202311177785.5A CN202311177785A CN116938639A CN 116938639 A CN116938639 A CN 116938639A CN 202311177785 A CN202311177785 A CN 202311177785A CN 116938639 A CN116938639 A CN 116938639A
- Authority
- CN
- China
- Prior art keywords
- vpn
- vpn client
- access point
- access
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 85
- 238000004891 communication Methods 0.000 claims description 70
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000001360 synchronised effect Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 230000005291 magnetic effect Effects 0.000 description 5
- 238000006073 displacement reaction Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000005294 ferromagnetic effect Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure provides a Virtual Private Network (VPN) access method, equipment and storage medium, wherein the method comprises the following steps: the control equipment receives an access authentication request sent by a VPN client; the access authentication request at least comprises identity information and first position information of the VPN client; acquiring a first pre-selected point-of-presence PoP equipment list based on the first position information of the VPN client; the first pre-selected PoP equipment list comprises at least one PoP equipment and second position information corresponding to each PoP equipment; determining access PoP equipment based on the first location information of the VPN client and the second location information corresponding to each PoP equipment in the first pre-selected PoP equipment list; creating a VPN Server corresponding to the VPN client on the access PoP equipment; and sending the second configuration information of the VPN Server to the VPN client so that the VPN client creates a VPN tunnel between the VPN client and the access PoP equipment according to the second configuration information of the VPN Server.
Description
Technical Field
The present disclosure relates to the field of virtual private networks (Virtual Private Network, abbreviated as VPN), and in particular, to a virtual private network access method, device, and storage medium.
Background
With the rapid development and promotion of enterprise business, the enterprise has an increasing demand for remote mobile offices such as business trip, home office, etc. In view of this, various VPN technologies supporting mobile office are becoming technical hotspots. In the related art, a VPN Server is usually created on all access point (Point of Presence, POP) devices in advance, and when a VPN client creates a VPN tunnel with a related access POP device, only the access POP device needs to be determined. In the method, when the VPN tunnel is not established between the VPN client and the access POP equipment, the access POP equipment still needs to bear the data flow of the VPN Server, so that the idle time power consumption of the access POP equipment is increased.
Disclosure of Invention
The present disclosure provides a virtual private network VPN access method, apparatus, and storage medium to solve the problems in the related art.
An embodiment of a first aspect of the present disclosure provides a virtual private network VPN access method, including:
the control equipment receives an access authentication request sent by a VPN client; the access authentication request at least comprises identity information and first position information of the VPN client;
Acquiring a first pre-selected network-in point equipment list based on first position information of the VPN client; the first pre-selected network access point equipment list comprises at least one network access point equipment and second position information corresponding to each network access point equipment;
determining access point equipment based on the first position information of the VPN client and the second position information corresponding to each access point equipment in the first pre-selected access point equipment list;
creating a VPN server corresponding to a VPN client on the access point device;
and sending the second configuration information of the VPN server to the VPN client so that the VPN client creates a VPN tunnel between the VPN client and the access point equipment according to the second configuration information of the VPN server.
In some embodiments of the disclosure, the acquiring a list of pre-selected network access point devices based on the first location information of the VPN client includes:
judging whether the VPN client is a legal VPN client or not based on the identity information of the VPN client; the identity information at least comprises account information and tenant identification information of the VPN client;
if the judgment result is yes, determining a first position of the VPN client based on the first position information of the VPN client;
And acquiring the first pre-selected network access point equipment list which has the position relation with the VPN client and meets the preset position condition based on the first position of the VPN client and the preset position condition.
In some embodiments of the present disclosure, the preset location condition is:
the distance between the network-in point equipment and the VPN client is not greater than a preset distance threshold, or,
the network-in point device and the VPN client are in the same administrative area.
In some embodiments of the present disclosure, the determining the access point device based on the first location information of the VPN client and the second location information corresponding to each point device in the first pre-selected point device list includes:
determining a first network access point device closest to the VPN client in the first pre-selected network access point device list based on first position information of the VPN client and second position information corresponding to each network access point device in the first pre-selected network access point device list;
judging whether the first access point device has created the VPN server corresponding to the VPN client based on the identity information of the VPN client;
if the judgment result is negative, the first network access point equipment is determined to be the network access point equipment.
In some embodiments of the present disclosure, the creating, on the access point device, a VPN server corresponding to a VPN client includes:
judging whether the resource utilization rate of the access point equipment is larger than a preset resource utilization rate threshold value or not based on the first configuration information of the access point equipment;
if the judgment result is negative, acquiring an idle port and an address pool of the access point equipment;
and configuring a VPN server corresponding to the VPN client by using the idle port and the address pool of the access point equipment.
In some embodiments of the present disclosure, the VPN access method further includes:
acquiring the communication quality of the VPN tunnel;
judging whether the communication quality of the VPN tunnel meets the requirement of a preset communication quality index; the preset communication quality index at least comprises one of a preset data transmission rate index, a preset network jitter index and a preset time delay index;
if the judgment result is negative, updating the first pre-selected network access point equipment list into a second pre-selected network access point equipment list; the second pre-selected network-access point equipment list refers to a first pre-selected network-access point equipment list after deleting the network-access point equipment;
And re-determining access point equipment based on the first position information of the VPN client and the second position information corresponding to each access point equipment in the second pre-selected access point equipment list until the communication quality of the VPN tunnel meets the requirement of a preset communication quality index.
In some embodiments of the present disclosure, the VPN access method further includes:
acquiring the communication state of the VPN tunnel according to a preset time interval;
and deleting the VPN server when the continuous times of the communication state of the VPN tunnel in the off-line state reach the preset times.
An embodiment of a second aspect of the present disclosure provides a VPN access method, including:
the VPN client sends an access authentication request to the control equipment; the access authentication request at least comprises identity information and first position information of the VPN client;
receiving second configuration information of a VPN server corresponding to a VPN client sent by the control equipment;
and creating a VPN tunnel between access point devices corresponding to the second configuration information of the VPN server based on the second configuration information of the VPN server.
An embodiment of a third aspect of the present disclosure proposes a control apparatus including:
The first receiving unit is used for receiving an access authentication request sent by the VPN client; the access authentication request at least comprises identity information and first position information of the VPN client;
an obtaining unit, configured to obtain a first pre-selected mesh point device list based on first location information of the VPN client; the first pre-selected network access point equipment list comprises at least one network access point equipment and second position information corresponding to each network access point equipment;
a determining unit, configured to determine access point devices based on the first location information of the VPN client and the second location information corresponding to each point device in the first pre-selected point device list;
a first creating unit, configured to create a VPN server corresponding to a VPN client on the access point device;
and the first sending unit is used for sending the second configuration information of the VPN server to the VPN client so that the VPN client creates a VPN tunnel between the VPN client and the access point equipment according to the second configuration information of the VPN server.
An embodiment of a fourth aspect of the present disclosure proposes a VPN client, including:
a second sending unit, configured to send an access authentication request to the control device; the access authentication request at least comprises identity information and first position information of the VPN client;
A second receiving unit, configured to receive second configuration information of a VPN server corresponding to a VPN client sent by the control device;
and the second creating unit is used for creating a VPN tunnel between access network point devices corresponding to the second configuration information of the VPN server based on the second configuration information of the VPN server.
A fifth aspect embodiment of the present disclosure proposes a communication device including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method described in the first aspect embodiment or the second aspect embodiment of the present disclosure.
A sixth aspect embodiment of the present disclosure proposes a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method described in the first aspect embodiment or the second aspect embodiment of the present disclosure.
In summary, the VPN access method provided by the present disclosure includes that a VPN client sends an access authentication request to a control device; the access authentication request at least comprises identity information and first position information of the VPN client; the control equipment receives an access authentication request sent by a VPN client; the control equipment acquires a first pre-selected point-of-presence PoP equipment list based on the first position information of the VPN client; the first pre-selected PoP equipment list comprises at least one PoP equipment and second position information corresponding to each PoP equipment; the control equipment determines access PoP equipment based on the first position information of the VPN client and the second position information corresponding to each PoP equipment in the first pre-selected PoP equipment list; the control equipment creates a VPN Server corresponding to the VPN client on the access PoP equipment; the control equipment sends second configuration information of the VPN Server to the VPN client; the VPN client receives second configuration information of VPN Server corresponding to the VPN client, which is sent by the control equipment; and the VPN client creates a VPN tunnel between the access PoP devices corresponding to the second configuration information of the VPN Server based on the second configuration information of the VPN Server.
The scheme provided by the disclosure can determine the access PoP device through the first location information of the VPN client and the second location information of each PoP device in the first pre-selected PoP device list. And then creating a VPN Server corresponding to the VPN client on the access PoP equipment, and enabling the VPN client to create a VPN tunnel between the access PoP equipment corresponding to the second configuration information of the VPN Server based on the second configuration information of the VPN Server. In the above process, since the VPN Server is not created on the PoP device in advance, when the VPN tunnel is not created between the access PoP device and the VPN client, the access PoP device does not need to bear the data traffic of the VPN Server, so as to effectively reduce the power consumption of the access PoP device.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure and do not constitute an undue limitation on the disclosure.
Fig. 1 is an application scenario diagram of a VPN access system provided by an embodiment of the present disclosure;
fig. 2 is a flow chart of a first VPN access method according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a method for obtaining a first pre-selected point-of-presence PoP device list provided in an embodiment of the present disclosure;
fig. 4 is a flowchart of a method for determining access to a PoP device according to an embodiment of the present disclosure;
FIG. 5 is a flowchart of a method for creating a VPN Server according to an embodiment of the present disclosure;
fig. 6 is a flowchart illustrating a method for reconstructing a VPN tunnel according to an embodiment of the present disclosure;
fig. 7 is a flow chart of a second VPN access method according to an embodiment of the present disclosure;
fig. 8 is a flow chart of a VPN access method provided by an application example of the present disclosure;
fig. 9 is a flowchart of a method for obtaining the first pre-selected PoP device list provided by the application example of the present disclosure;
FIG. 10 is a flow chart of a method for dynamically creating VPN Server provided by the disclosed application example;
fig. 11 is a schematic structural diagram of a control device according to an embodiment of the present disclosure;
fig. 12 is a schematic structural diagram of a VPN client according to an embodiment of the present disclosure;
fig. 13 is a schematic diagram of a hardware composition structure of a communication device according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are exemplary and intended for the purpose of explaining the present disclosure and are not to be construed as limiting the present disclosure.
With the rapid development and promotion of enterprise business, the enterprise has an increasing demand for remote mobile offices such as business trip, home office, etc. In view of this, various VPN technologies supporting mobile office are becoming technical hotspots. In the process of constructing the VPN tunnel between the VPN client and the PoP device, how to select the PoP access device and build a stable and reliable network is a great technical problem.
Several schemes in the related art are briefly described below:
scheme a: and manually configuring VPN, and manually selecting POP access equipment by operation and maintenance personnel to build a VPN network.
Scheme B: the method comprises the steps of periodically detecting communication quality indexes such as packet loss rate, average time delay, jitter value and the like of network lines on all the PoP devices, comprehensively considering the indexes by a design algorithm, calculating the communication quality score of each PoP device, sequencing, and selecting the PoP device with the optimal communication quality as an access PoP device.
Scheme C: all historical data (at least including one or more of actual completion time, packet loss rate, jitter value and average delay value) and standard data (at least including one or more of PoP identification, task type and standard processing time) about the PoP equipment in the SD-WAN network are acquired and input into a neural network, and training is carried out to obtain a PoP equipment selective access model. And selecting an access model by using the PoP equipment obtained through training, and obtaining the PoP equipment suitable for the current task to establish an access path according to the state data (namely the historical data when the PoP equipment completes the last task) and the standard data of all the current PoP equipment.
The three schemes have the following defects:
scheme a: the efficiency is low due to the fact that manual configuration is seriously relied on; and when the manually configured VPN network fails, the access PoP equipment still needs to be manually relocated and the VPN network is configured, so that dynamic switching is not supported, and the flexibility is low.
Scheme B: according to the scheme, the VPN network communication quality index is required to be detected periodically, so that not only does the user bandwidth be occupied, but also in an extreme scene, the non-real-time performance detection method can cause larger calculation result deviation due to the problems of network delay, jitter and the like; in addition, VPN configuration information is also preserved when idle, increasing the cost of use of PoP devices.
Scheme C: the scheme relies on a large amount of historical data to improve the accuracy of the PoP equipment in selecting the access model, so that the method has high calculation and storage requirements and needs a large amount of additional resources; moreover, as no historical data is used as a training sample, the selection result for the new task type is not ideal, and the robustness of the PoP equipment in selecting the access model is poor.
In order to solve the problems in the related art, the disclosure proposes a VPN access method, which does not need to detect the communication quality of the related PoP device, and does not occupy the bandwidth of the user. And the access PoP device can be determined by the first location information of the VPN client and the second location information of each PoP device in the first pre-selected PoP device list. And then creating a VPN Server corresponding to the VPN client on the access PoP equipment, and enabling the VPN client to create a VPN tunnel between the access PoP equipment corresponding to the second configuration information of the VPN Server based on the second configuration information of the VPN Server. In the above process, since the VPN Server is not created on the PoP device in advance, when the VPN tunnel is not created between the access PoP device and the VPN client, the access PoP device does not need to bear the data traffic of the VPN Server, so as to effectively reduce the power consumption of the access PoP device.
Before introducing the detailed scheme of the present disclosure, a description is given of a scenario to which the scheme of the present disclosure is applied. Fig. 1 is an application scenario diagram of a VPN access system provided in an embodiment of the present disclosure. As shown in fig. 1, the application scenario includes a control device (VPN control device), a VPN client, and a PoP device; wherein,,
the VPN client can be located on a user terminal (the user terminal can be a mobile phone, a computer and other terminal equipment of a user) in a software or hardware mode, and mainly completes functions of VPN access authentication, VPN tunnel construction, VPN data packet unpacking/packaging and the like.
The control equipment mainly completes VPN access authentication and VPN access PoP equipment selection, can acquire configuration information of the PoP equipment through interfaces among the control equipment and realize that the mobile user terminal accesses to the appointed access PoP equipment, and completes VPN network resource deployment, configuration, monitoring and the like.
The PoP device, as a VPN data forwarding plane, mainly completes creation and maintenance of VPN contexts, matching of VPN access to corresponding VPN contexts, unpacking/packing of VPN data packets, and so on. Here, a plurality of PoP devices may be disposed in each area (for example, area 1, area 2 …, area M in fig. 1, etc.), and as an example only, one PoP device is disposed in each area in fig. 1, the present invention may not be limited to disposing one PoP device in each area in practical application.
The example of fig. 1 is merely an example of a system architecture for implementing embodiments of the disclosure, and embodiments of the disclosure are not limited to the system architecture described in fig. 1, and various embodiments of the disclosure are presented based on the system architecture.
The present disclosure will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 2 is a flow chart of a first VPN access method according to an embodiment of the present disclosure. The VPN access method provided by the embodiment of the disclosure comprises the following steps:
step 201, a control device receives an access authentication request sent by a VPN client; the access authentication request at least comprises identity information and first position information of the VPN client;
in an embodiment, the control device may be a controller, a server, or the like, and the VPN service management platform is running on the control device. The control device is used for completing VPN access authentication and VPN access PoP device selection, configuration information of the PoP devices can be obtained through interfaces between the control devices, the mobile user terminal can access to the appointed access PoP devices, and VPN network resource deployment, configuration, monitoring and the like are completed. The VPN client can be located on a user terminal (the user terminal can be a mobile phone, a computer and other terminal equipment of a user) in a software or hardware mode, and mainly completes functions of VPN access authentication, VPN tunnel construction, VPN data packet unpacking/packaging and the like.
Step 202, acquiring a first pre-selected point-of-presence PoP equipment list based on first location information of the VPN client; the first pre-selected PoP equipment list comprises at least one PoP equipment and second position information corresponding to each PoP equipment;
in an embodiment, the first location information of the VPN client may be acquired by a GPS module built in the client.
In an embodiment, before the first pre-selected point-of-presence PoP device list is obtained, whether account information and tenant identification information of a user corresponding to the VPN client are legal or not needs to be further determined based on identity information of the VPN client, so as to determine whether the VPN client is a legal VPN client. For example, the account information does not exist, or the account in the account information does not correspond to the password information, so that the user can be judged to be an illegal user. Or the tenant identification information is illegal, and the client can be judged to be an illegal client. If the VPN client is not a legal VPN client, the VPN access flow is directly ended. If the VPN client is a legal VPN client, according to the principle that the longer the physical distance is, the worse the channel communication quality is under the same communication condition in wide area network communication, according to the principle of nearby, a first pre-selected network point PoP equipment list is obtained.
Based on this, in one embodiment, as shown in fig. 3, the step 202 includes:
step 301, judging whether the VPN client is a legal VPN client or not based on the identity information of the VPN client; the identity information at least comprises account information and tenant identification information of the VPN client;
step 302, if the judgment result is yes, determining a first position of the VPN client based on the first position information of the VPN client;
step 303, based on the first location of the VPN client and a preset location condition, obtaining the first pre-selected PoP device list having a location relationship with the VPN client satisfying the preset location condition.
Step 203, determining an access PoP device based on the first location information of the VPN client and the second location information corresponding to each PoP device in the first pre-selected PoP device list;
in an embodiment, a first location of the VPN client may be determined based on first location information of the VPN client; based on the second position information corresponding to each PoP device in the first pre-selected PoP device list, the second position of each PoP device in the first pre-selected PoP device list; and further, according to the nearby principle, determining the PoP device closest to the VPN client in the first pre-selected PoP device list as the access PoP device.
Step 204, creating a VPN Server corresponding to the VPN client on the access PoP device;
in an embodiment, the control device may determine the corresponding QoS parameter based on tenant identification information of the VPN client; the QoS parameters comprise flow priority, bandwidth limitation and other related information corresponding to the user; the control device may further determine, based on the first configuration information of the access PoP device, an idle port and an address pool of the access PoP device, and further determine configuration parameters, such as an IP address, a network port, and the like, of the VPN Server corresponding to the VPN client, so as to ensure that the configuration parameters are matched with the configuration of the VPN client. Finally, proper encryption protocol can be selected to complete configuration of VPN Server.
Step 205, sending the second configuration information of the VPN Server to the VPN client, so that the VPN client creates a VPN tunnel between the VPN client and the access PoP device according to the second configuration information of the VPN Server.
In summary, the solution provided by the present disclosure may determine the access PoP device through the first location information of the VPN client and the second location information of each PoP device in the first pre-selected PoP device list. And then creating a VPN Server corresponding to the VPN client on the access PoP equipment, and enabling the VPN client to create a VPN tunnel between the access PoP equipment corresponding to the second configuration information of the VPN Server based on the second configuration information of the VPN Server. In the above process, since the VPN Server is not created on the PoP device in advance, when the VPN tunnel is not created between the access PoP device and the VPN client, the access PoP device does not need to bear the data traffic of the VPN Server, so as to effectively reduce the power consumption of the access PoP device.
In one embodiment, the preset position conditions in step 303 are:
the distance between the PoP device and the VPN client is not greater than a preset distance threshold, or,
the PoP device is in the same administrative area as the VPN client.
In an embodiment, the preset distance threshold is one of 50 km, 100 km, 150 km or 200 km, or the preset distance threshold is selected appropriately according to actual needs, which is not limited in the present disclosure.
In one embodiment, the administrative areas include countries, provinces, cities, counties, etc. For example, it is first determined whether there are PoP devices in the same county (region) as the VPN client, and if so, a first pre-selected PoP device list is obtained that is made up of all PoP devices in the same county (region) as the VPN client. If not, judging whether the PoP equipment in the same city with the VPN client exists, and if so, acquiring a first pre-selected PoP equipment list formed by all the PoP equipment in the same city with the VPN client. And so on, the first pre-selected PoP device list is obtained.
The method for acquiring the first pre-selected PoP equipment list according to the preset position condition not only meets the principle that the longer the physical distance is, the worse the channel communication quality is under the same communication condition, but also does not need to detect the communication quality of the PoP equipment, does not occupy the bandwidth of a user, improves the determination efficiency of the access PoP equipment and reduces the use cost.
In an embodiment, if the VPN client and PoP device are not first accessed, then in the first pre-selected PoP device list, a VPN Server corresponding to the VPN client may already exist on the PoP device closest to the VPN client. In this scenario, the VPN Server does not need to be re-created, and the VPN tunnel between the VPN client and the PoP device is directly constructed by using the existing VPN Server, so as to form a CPN network.
Based on this, in one embodiment, as shown in fig. 4, the step 203 includes:
step 401, determining a first PoP device closest to the VPN client in the first pre-selected PoP device list based on the first location information of the VPN client and the second location information corresponding to each PoP device in the first pre-selected PoP device list;
step 402, based on the identity information of the VPN client, determining whether the first PoP device has created the VPN Server corresponding to the VPN client;
step 403, if the result of the determination is no, determining that the first PoP device is the access PoP device.
In one embodiment, multiple VPN servers can be created on a PoP device depending on the hardware and software and configuration of the PoP device. If the number of VPN servers created on one PoP device is too large, the resource utilization rate of the PoP device will be high, and the load will be too high, thereby affecting the communication quality of the VPN network.
Based on this, as shown in fig. 5, the step 204 includes:
step 501, based on the first configuration information of the access PoP device, determining whether the resource utilization rate of the access PoP device is greater than a preset resource utilization rate threshold;
step 502, if the judgment result is no, acquiring an idle port and an address pool of the access PoP equipment;
and step 503, configuring a VPN Server corresponding to the VPN client by using the idle port and the address pool of the access PoP device.
In an embodiment, after a VPN tunnel is established between the VPN client and the access PoP device, quality of the VPN network, that is, communication quality of the VPN tunnel, needs to be detected. When the communication quality of the VPN tunnel is not in accordance with the requirement, the access PoP equipment is replaced in order to establish the VPN tunnel in accordance with the communication quality requirement, so that a new VPN tunnel is established between the VPN client and the replaced access PoP equipment.
Based on this, in an embodiment, as shown in fig. 6, the VPN access method further includes:
step 601, obtaining the communication quality of the VPN tunnel;
step 602, judging whether the communication quality of the VPN tunnel meets the requirement of a preset communication quality index; the preset communication quality index at least comprises one of a preset data transmission rate index, a preset network jitter index and a preset time delay index;
If the judgment result is negative, the step 603 is entered;
step 603, updating the first pre-selected PoP device list to a second pre-selected PoP device list; the second pre-selected PoP equipment list refers to a first pre-selected PoP equipment list after deleting the access PoP equipment;
step 604, redetermining access PoP equipment based on the first location information of the VPN client and the second location information corresponding to each PoP equipment in the second pre-selected PoP equipment list, until the communication quality of the VPN tunnel meets the preset communication quality index requirement.
In one embodiment, the VPN client is not always online, but is only online when needed. Therefore, in order to reduce the data traffic of the idle-time PoP device, when the offline state of the VPN client reaches the preset standard, the VPN Server may be deleted from the PoP device, so as to reduce the power consumption of the idle-time PoP device.
Based on this, in an embodiment, the VPN access method further includes:
acquiring the communication state of the VPN tunnel according to a preset time interval;
and deleting the VPN Server when the continuous times of the communication state of the VPN tunnel in the off-line state reaches the preset times.
In an embodiment, the preset time interval may be any one of 5 minutes, 10 minutes or 15 minutes, and the preset time interval may also be set according to actual needs, which is not limited in the present disclosure.
In an embodiment, a plurality of VPN clients are typically associated with one VPN Server, so when the communication state of the VPN tunnel is an offline state, it may mean that all VPN clients associated with the VPN Server are in an offline state.
Compared with the related art, the VPN access method provided by the embodiment of the disclosure comprises the following steps:
firstly, the access PoP device closest to the VPN client in the first pre-selected PoP device list can be determined by the first location information of the VPN client and the second location information of each PoP device in the first pre-selected PoP device list. The communication quality of each PoP device does not need to be detected, the user bandwidth does not need to be occupied, the determination efficiency of the access PoP device is improved, and the use cost is reduced.
And secondly, dynamically creating VPN servers corresponding to VPN clients on the access PoP equipment, and enabling the VPN clients to create VPN tunnels between the access PoP equipment corresponding to the second configuration information of the VPN servers based on the second configuration information of the VPN servers. The VPN Server is matched with the VPN Server at random, so that the power consumption of the access PoP equipment at idle time is effectively reduced.
And when the number of times that the communication state of the VPN tunnel is in the offline state reaches the preset number of times, deleting the VPN Server, and further reducing the power consumption when the access PoP equipment is idle.
Fig. 7 is a schematic flow chart of a second VPN access method according to an embodiment of the present disclosure, as shown in fig. 7. The second VPN access method provided by the embodiment of the present disclosure includes the following steps:
step 701, a VPN client sends an access authentication request to a control device; the access authentication request at least comprises identity information and first position information of the VPN client;
step 702, receiving second configuration information of VPN Server corresponding to VPN client sent by the control device;
step 703, creating a VPN tunnel between access PoP devices corresponding to the second configuration information of the VPN Server based on the second configuration information of the VPN Server.
According to the second VPN access method provided by the embodiment of the present disclosure, after receiving the second configuration information of the VPN Server sent by the control device, the VPN client may create a VPN tunnel between access PoP devices corresponding to the second configuration information of the VPN Server. Compared with the related technology, the method realizes the random-use random-allocation of the VPN Server and reduces the power consumption of the access PoP equipment when in idle.
The VPN access method provided by the present disclosure is further described below with an application example:
fig. 8 is a flow chart of a VPN access method provided by an application example of the present disclosure, as shown in fig. 8. The VPN access method comprises the following steps:
step 801, a vpn client sends an access authentication request to a control device; the access authentication request at least comprises identity information and first position information of the VPN client;
step 802, a control device receives an access authentication request sent by a VPN client;
step 803, the control device determines, based on the identity information of the VPN client, whether the VPN client is a legal VPN client; the identity information at least comprises account information and tenant identification information of the VPN client;
if the determination is yes, go to step 804,
if not, go to step 812;
step 804, the control device determines a first location of the VPN client based on the first location information of the VPN client;
step 805, obtaining the first pre-selected PoP device list with the position relationship with the VPN client satisfying the preset position condition based on the first position of the VPN client and the preset position condition;
As shown in fig. 9, the preset location condition is that the PoP device and the VPN client are in the same administrative area. The first location of the VPN client includes administrative area information of a county (district), a city, a province, and a country to which the first location belongs, and the step 805 includes the following steps:
step 901, the control device screens PoP devices in the administrative area according to administrative area information of the county (district), and obtains a first pre-selected PoP device list;
step 902, judging whether the first pre-selected PoP device list is empty;
if yes, go to step 903;
if not, go to step 910;
step 903, the control device screens PoP devices in the administrative area according to the administrative area information of the city, and obtains a first pre-selected PoP device list;
step 904, judging whether the first pre-selected PoP device list is empty;
if yes, go to step 905;
if not, go to step 910;
step 905, the control device screens PoP devices in the administrative area according to the administrative area information of the province, and obtains a first pre-selected PoP device list;
step 906, determining whether the first pre-selected PoP device list is empty;
If yes, go to step 907;
if not, go to step 910;
step 907, the control device screens PoP devices in the administrative area according to the administrative area information of the country, and obtains a first pre-selected PoP device list;
step 908, determining whether the first pre-selected PoP device list is empty;
if yes, go to step 909;
if not, go to step 910;
step 909, the control device returns that no PoP device is available;
in step 910, the control device obtains first configuration information and second location information of each PoP device in the first pre-selected PoP device list.
Step 806, the control device determines a first PoP device closest to the VPN client in the first pre-selected PoP device list;
step 807, the control device determines whether the first PoP device has created the VPN Server corresponding to the VPN client;
if yes, go to step 809;
if not, go to step 808;
step 808, the control device dynamically creates a VPN Server corresponding to the VPN Server on the first PoP device;
wherein, as shown in fig. 10, the step 808 includes the following steps:
Step 1001, the control device determines, based on the first configuration information of the access PoP device, whether the resource utilization rate of the access PoP device is greater than a preset resource utilization rate threshold;
if yes, deleting the PoP device from the first pre-selected PoP device list, and proceeding to step 806;
if the judgment result is negative, go to step 1002;
step 1002, a control device acquires a free port and an address pool of the access PoP device;
in step 1003, the control device configures a VPN Server corresponding to the VPN client by using the free port and the address pool of the access PoP device.
Step 809, the control device sends the second configuration information of the VPN Server corresponding to the VPN client;
step 810, the VPN client receives second configuration information of a VPN Server corresponding to the VPN client, which is sent by the control device;
step 811, the VPN client creates a VPN tunnel between access PoP devices corresponding to the second configuration information of the VPN Server based on the second configuration information of the VPN Server;
step 812, the VPN access procedure is ended.
In an application example, after the step 811, the method further includes:
The control equipment acquires the communication quality of the VPN tunnel;
the control equipment judges whether the communication quality of the VPN tunnel meets the requirement of a preset communication quality index; the preset communication quality index at least comprises one of a preset data transmission rate index, a preset network jitter index and a preset time delay index;
if the judgment result is negative, the control equipment updates the first pre-selected PoP equipment list into a second pre-selected PoP equipment list; the second pre-selected PoP equipment list refers to a first pre-selected PoP equipment list after deleting the access PoP equipment;
based on the first location information of the VPN client and the second location information corresponding to each PoP device in the second pre-selected PoP device list, the control device re-determines, by using steps 805 to 806, to access the PoP device until the communication quality of the VPN tunnel meets a preset communication quality index requirement.
In an application example, after the step 811, the method further includes:
determining the displacement speed and displacement track of the VPN client based on the first position information of the VPN client;
judging whether the first position of the VPN client can cross provinces within half an hour or not based on the displacement speed and the displacement track of the VPN client;
If the judgment result is yes, using step 805 to step 811, additionally establishing a second VPN tunnel between the VPN client and the PoP device, and guiding the user data traffic to the second VPN tunnel based on the load balancing policy of the PoP device;
and when the VPN client moves to a new administrative region corresponding to the province, switching all user traffic to a second VPN tunnel so as to realize smooth switching among different VPN tunnels.
In order to implement the first VPN access method provided by the embodiment of the present disclosure, the embodiment of the present disclosure further provides a control device, as shown in fig. 11. Fig. 11 is a schematic structural diagram of a control device provided in an embodiment of the present disclosure, where the control device 1100 includes:
a first receiving unit 1101, configured to receive an access authentication request sent by a VPN client; the access authentication request at least comprises identity information and first position information of the VPN client;
an obtaining unit 1102, configured to obtain a first pre-selected point-of-presence PoP device list based on the first location information of the VPN client; the first pre-selected PoP equipment list comprises at least one PoP equipment and second position information corresponding to each PoP equipment;
a determining unit 1103, configured to determine an access PoP device based on the first location information of the VPN client and the second location information corresponding to each PoP device in the first pre-selected PoP device list;
A first creating unit 1104, configured to create a VPN Server corresponding to the VPN client on the access PoP device;
a first sending unit 1105, configured to send the second configuration information of the VPN Server to the VPN client, so that the VPN client creates a VPN tunnel between the VPN client and the access PoP device according to the second configuration information of the VPN Server.
In an embodiment, the obtaining unit 1102 is specifically configured to:
judging whether the VPN client is a legal VPN client or not based on the identity information of the VPN client; the identity information at least comprises account information and tenant identification information of the VPN client;
if the judgment result is yes, determining a first position of the VPN client based on the first position information of the VPN client;
and acquiring the first pre-selected PoP equipment list which has the position relation with the VPN client and meets the preset position condition based on the first position of the VPN client and the preset position condition.
In an embodiment, the preset position condition is:
the distance between the PoP device and the VPN client is not greater than a preset distance threshold, or,
the PoP device is in the same administrative area as the VPN client.
In an embodiment, the determining unit 1103 is specifically configured to:
determining a first PoP device closest to the VPN client in the first pre-selected PoP device list based on the first location information of the VPN client and the second location information corresponding to each PoP device in the first pre-selected PoP device list;
judging whether the first PoP device has created the VPN Server corresponding to the VPN client based on the identity information of the VPN client;
and if the judgment result is negative, determining that the first PoP equipment is the access PoP equipment.
In an embodiment, the first creating unit 1104 is specifically configured to:
judging whether the resource utilization rate of the access PoP equipment is larger than a preset resource utilization rate threshold value or not based on the first configuration information of the access PoP equipment;
if the judgment result is negative, acquiring an idle port and an address pool of the access PoP equipment;
and configuring the VPN Server corresponding to the VPN client by using the idle port and the address pool of the access PoP equipment.
In an embodiment, the VPN access device 1100 further includes a re-access unit, where the re-access unit is configured to:
acquiring the communication quality of the VPN tunnel;
Judging whether the communication quality of the VPN tunnel meets the requirement of a preset communication quality index; the preset communication quality index at least comprises one of a preset data transmission rate index, a preset network jitter index and a preset time delay index;
if the judgment result is negative, updating the first pre-selected PoP equipment list into a second pre-selected PoP equipment list; the second pre-selected PoP equipment list refers to a first pre-selected PoP equipment list after deleting the access PoP equipment;
and re-determining access PoP equipment based on the first position information of the VPN client and the second position information corresponding to each PoP equipment in the second pre-selected PoP equipment list until the communication quality of the VPN tunnel meets the preset communication quality index requirement.
In an embodiment, the VPN access device 1100 further includes a deletion unit, where the deletion unit is configured to:
acquiring the communication state of the VPN tunnel according to a preset time interval;
and deleting the VPN Server when the continuous times of the communication state of the VPN tunnel in the off-line state reaches the preset times.
It should be noted that: in the VPN access device provided in the foregoing embodiment, only the division of each program module is used for illustration, and in practical application, the processing allocation may be performed by different program modules according to needs, that is, the internal structure of the VPN access device is divided into different program modules, so as to complete all or part of the processing described above. In addition, the VPN access device provided in the foregoing embodiment belongs to the same concept as the first VPN access method embodiment provided in the embodiment of the present disclosure, and a detailed implementation process of the VPN access device is referred to the method embodiment and is not described herein again.
In order to implement the second VPN access method provided by the embodiment of the present disclosure, the embodiment of the present disclosure further provides a VPN client, as shown in fig. 12. Fig. 12 is a schematic structural diagram of a VPN client provided in an embodiment of the present disclosure, where the VPN client 1200 includes:
a second transmitting unit 1201 configured to transmit an access authentication request to the control device; the access authentication request at least comprises identity information and first position information of the VPN client;
a second receiving unit 1202, configured to receive second configuration information of a VPN Server corresponding to a VPN client sent by the control device;
a second creating unit 1203, configured to create, based on the second configuration information of the VPN Server, a VPN tunnel between access PoP devices corresponding to the second configuration information of the VPN Server.
It should be noted that: in the VPN client provided in the foregoing embodiment, only the division of each program module is used for illustration when VPN access is performed, and in practical application, the processing allocation may be performed by different program modules according to needs, that is, the internal structure of the VPN client is divided into different program modules, so as to complete all or part of the processing described above. In addition, the VPN client provided in the foregoing embodiment and the second VPN access method embodiment provided in the embodiments of the present disclosure belong to the same concept, and specific implementation processes of the VPN client and the second VPN access method embodiment are detailed in the method embodiment and are not described herein again.
Fig. 13 is a schematic diagram of a hardware composition structure of a communication device according to an embodiment of the disclosure, as shown in fig. 13, where the communication device 1300 includes at least one processor 1302; and a memory 1301 communicatively coupled to the at least one processor 1302; wherein the memory 1301 stores instructions executable by the at least one processor 1302 to implement the steps of the VPN access method applied to the control device according to the embodiments of the present disclosure; alternatively, the instructions are executed by the at least one processor 1302 to implement the steps of the VPN access method applied to VPN clients as described in the embodiments of the present disclosure.
Optionally, the communication device may be specifically a control device in the embodiment of the present application, and the communication device may implement a corresponding flow implemented by the control device in each method in the embodiment of the present application, which is not described herein for brevity.
Optionally, the communication device may be a VPN client in the embodiment of the present application, and the communication device may implement a corresponding flow implemented by the VPN client in each method in the embodiment of the present application, which is not described herein for brevity.
It will be appreciated that a communication interface 1303 is also included in the communication device. The various components in the communication device are coupled together by a bus system 1304. It is appreciated that the bus system 1304 is used to facilitate connected communications between the components. The bus system 1304 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration, the various buses are labeled as bus system 1304 in fig. 13.
It is to be appreciated that memory 1301 can be volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory
And a nonvolatile memory. Wherein the nonvolatile Memory may be Read Only Memory (ROM), programmable Read Only Memory (PROM, programmable Read-Only Memory), erasable programmable Read Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable programmable Read Only Memory (EEPROM, electrically Erasable Programmable Read-Only Memory), magnetic random access Memory (FRAM, ferromagnetic random access Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk Read Only Memory (CD-ROM, compact Disc Read-Only Memory); the magnetic surface memory may be a disk memory or a tape memory. The volatile memory may be random access memory (RAM, random Access Memory), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (ddr SDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). The memory 1301 described in embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The methods disclosed in the embodiments of the present disclosure described above may be applied to the processor 1302 or implemented by the processor 1302. The processor 1302 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the methods described above may be performed by integrated logic circuitry in hardware or instructions in software in processor 1302. The processor 1302 may be a general purpose processor, DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 1302 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiment of the invention can be directly embodied in the hardware of the decoding processor or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium in the memory 1301 and the processor 1302 reads information in the memory 1301, in combination with its hardware, to perform the steps of the method as described above.
In an exemplary embodiment, the communication device may be implemented by one or more application specific integrated circuits (ASIC, application Specific Integrated Circuit), DSP, programmable logic device (PLD, programmable Logic Device), complex programmable logic device (CPLD, complex Programmable Logic Device), FPGA, general purpose processor, controller, MCU, microprocessor, or other electronic element for performing the aforementioned methods.
The present public security embodiment also provides a non-transitory computer readable storage medium storing computer instructions, where the computer instructions are configured to cause the computer to implement the steps of the VPN access method applied to the control device according to the embodiment of the present application when executed; or, the computer instructions are used for implementing the steps of the VPN access method applied to the VPN client according to the embodiment of the present application when the computer executes the steps.
Optionally, the computer readable storage medium may be applied to the control device in the embodiment of the present application, and the computer instructions cause the computer to execute corresponding processes implemented by the control device in each method of the embodiment of the present application, which are not described herein for brevity.
Optionally, the computer readable storage medium may be applied to the VPN client in the embodiment of the present application, and the computer instructions cause a computer to execute corresponding processes implemented by the VPN client in each method of the embodiment of the present application, which are not described herein for brevity.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present invention may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
Alternatively, the above-described integrated units of the present invention may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A virtual private network VPN access method, comprising:
the control equipment receives an access authentication request sent by a VPN client; the access authentication request at least comprises identity information and first position information of the VPN client;
acquiring a first pre-selected network-in point equipment list based on first position information of the VPN client; the first pre-selected network access point equipment list comprises at least one network access point equipment and second position information corresponding to each network access point equipment;
determining access point equipment based on the first position information of the VPN client and the second position information corresponding to each access point equipment in the first pre-selected access point equipment list;
creating a VPN server corresponding to a VPN client on the access point device;
and sending the second configuration information of the VPN server to the VPN client so that the VPN client creates a VPN tunnel between the VPN client and the access point equipment according to the second configuration information of the VPN server.
2. The method of claim 1, wherein the obtaining a list of pre-selected point-of-access devices based on the first location information of the VPN client comprises:
Judging whether the VPN client is a legal VPN client or not based on the identity information of the VPN client; the identity information at least comprises account information and tenant identification information of the VPN client;
if the judgment result is yes, determining a first position of the VPN client based on the first position information of the VPN client;
and acquiring the first pre-selected network access point equipment list which has the position relation with the VPN client and meets the preset position condition based on the first position of the VPN client and the preset position condition.
3. The method according to claim 2, wherein the preset location condition is:
the distance between the network-in point equipment and the VPN client is not greater than a preset distance threshold, or,
the network-in point device and the VPN client are in the same administrative area.
4. The method of claim 1, wherein determining the access point device based on the first location information of the VPN client and the second location information corresponding to each point device in the first list of pre-selected point devices comprises:
determining a first network access point device closest to the VPN client in the first pre-selected network access point device list based on first position information of the VPN client and second position information corresponding to each network access point device in the first pre-selected network access point device list;
Judging whether the first access point device has created the VPN server corresponding to the VPN client based on the identity information of the VPN client;
if the judgment result is negative, the first network access point equipment is determined to be the network access point equipment.
5. The method of claim 1, wherein creating a VPN server on the access point device corresponding to a VPN client comprises:
judging whether the resource utilization rate of the access point equipment is larger than a preset resource utilization rate threshold value or not based on the first configuration information of the access point equipment;
if the judgment result is negative, acquiring an idle port and an address pool of the access point equipment;
and configuring a VPN server corresponding to the VPN client by using the idle port and the address pool of the access point equipment.
6. The method according to any one of claims 1 to 5, further comprising:
acquiring the communication quality of the VPN tunnel;
judging whether the communication quality of the VPN tunnel meets the requirement of a preset communication quality index; the preset communication quality index at least comprises one of a preset data transmission rate index, a preset network jitter index and a preset time delay index;
If the judgment result is negative, updating the first pre-selected network access point equipment list into a second pre-selected network access point equipment list; the second pre-selected network-access point equipment list refers to a first pre-selected network-access point equipment list after deleting the network-access point equipment;
and re-determining access point equipment based on the first position information of the VPN client and the second position information corresponding to each access point equipment in the second pre-selected access point equipment list until the communication quality of the VPN tunnel meets the requirement of a preset communication quality index.
7. The method according to any one of claims 1 to 5, further comprising:
acquiring the communication state of the VPN tunnel according to a preset time interval;
and deleting the VPN server when the continuous times of the communication state of the VPN tunnel in the off-line state reach the preset times.
8. A virtual private network VPN access method, comprising:
the VPN client sends an access authentication request to the control equipment; the access authentication request at least comprises identity information and first position information of the VPN client;
receiving second configuration information of a VPN server corresponding to a VPN client sent by the control equipment;
And creating a VPN tunnel between access point devices corresponding to the second configuration information of the VPN server based on the second configuration information of the VPN server.
9. A control apparatus, characterized by comprising:
the first receiving unit is used for receiving an access authentication request sent by the VPN client; the access authentication request at least comprises identity information and first position information of the VPN client;
an obtaining unit, configured to obtain a first pre-selected mesh point device list based on first location information of the VPN client; the first pre-selected network access point equipment list comprises at least one network access point equipment and second position information corresponding to each network access point equipment;
a determining unit, configured to determine access point devices based on the first location information of the VPN client and the second location information corresponding to each point device in the first pre-selected point device list;
a first creating unit, configured to create a VPN server corresponding to a VPN client on the access point device;
and the first sending unit is used for sending the second configuration information of the VPN server to the VPN client so that the VPN client creates a VPN tunnel between the VPN client and the access point equipment according to the second configuration information of the VPN server.
10. A VPN client, comprising:
a second sending unit, configured to send an access authentication request to the control device; the access authentication request at least comprises identity information and first position information of the VPN client;
a second receiving unit, configured to receive second configuration information of a VPN server corresponding to a VPN client sent by the control device;
and the second creating unit is used for creating a VPN tunnel between access network point devices corresponding to the second configuration information of the VPN server based on the second configuration information of the VPN server.
11. A communication device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 7 or claim 8.
12. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1 to 7 or claim 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311177785.5A CN116938639B (en) | 2023-09-13 | 2023-09-13 | Virtual private network access method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311177785.5A CN116938639B (en) | 2023-09-13 | 2023-09-13 | Virtual private network access method, device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116938639A true CN116938639A (en) | 2023-10-24 |
CN116938639B CN116938639B (en) | 2023-12-01 |
Family
ID=88382804
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311177785.5A Active CN116938639B (en) | 2023-09-13 | 2023-09-13 | Virtual private network access method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116938639B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104025518A (en) * | 2012-08-08 | 2014-09-03 | 华为技术有限公司 | Tunnel forwarding method, apparatus, device and system |
WO2018094654A1 (en) * | 2016-11-24 | 2018-05-31 | 深圳前海达闼云端智能科技有限公司 | Vpn transmission tunnel scheduling method and device, and vpn client-end server |
CN111371664A (en) * | 2018-12-25 | 2020-07-03 | 中国移动通信有限公司研究院 | Virtual private network access method and equipment |
CN114844697A (en) * | 2022-04-29 | 2022-08-02 | 杭州云缔盟科技有限公司 | Method, device and application for realizing remote access of Windows computer to AD domain |
-
2023
- 2023-09-13 CN CN202311177785.5A patent/CN116938639B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104025518A (en) * | 2012-08-08 | 2014-09-03 | 华为技术有限公司 | Tunnel forwarding method, apparatus, device and system |
WO2018094654A1 (en) * | 2016-11-24 | 2018-05-31 | 深圳前海达闼云端智能科技有限公司 | Vpn transmission tunnel scheduling method and device, and vpn client-end server |
CN111371664A (en) * | 2018-12-25 | 2020-07-03 | 中国移动通信有限公司研究院 | Virtual private network access method and equipment |
CN114844697A (en) * | 2022-04-29 | 2022-08-02 | 杭州云缔盟科技有限公司 | Method, device and application for realizing remote access of Windows computer to AD domain |
Also Published As
Publication number | Publication date |
---|---|
CN116938639B (en) | 2023-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111436160B (en) | Local area network communication method, device and system | |
CN110166409B (en) | Device access method, related platform and computer storage medium | |
CN113596191B (en) | Data processing method, network element equipment and readable storage medium | |
CN114902634A (en) | Apparatus and method for providing information of application server in mobile communication system | |
CN112437104B (en) | Method and device for managing service quality and communication system | |
CN107889194B (en) | Obtain, provide method, equipment and the medium of wireless access point access information | |
CN113765874B (en) | Private network and dual-mode networking method based on 5G mobile communication technology | |
CN108271255B (en) | Method and device for distributing service data | |
CN114080054A (en) | PDU session establishment method, terminal equipment and chip system | |
CN112312481B (en) | Communication method and system for MEC and multi-operator core network | |
CN110870256B (en) | Method, system and computer readable medium for operating a telecommunication network | |
CN108738027B (en) | Network processing method, resource management system and network equipment | |
CN116938639B (en) | Virtual private network access method, device and storage medium | |
CN115250264B (en) | Controlling network traffic associated with domain names based on DNS-IP mapping | |
CN109661796B (en) | Network intercommunication method, network element and system | |
CN110213769B (en) | Intranet access method and related device | |
CN110324826B (en) | Intranet access method and related device | |
CN104869180B (en) | The method and apparatus of controlling terminal communication range | |
CN105791164A (en) | Network resource allocation method and system | |
CN106254574B (en) | A kind of address distribution method and device | |
KR102039583B1 (en) | Base station and control method thereof | |
CN104735749A (en) | Network accessing method, wireless router, and portal platform server | |
WO2024066961A1 (en) | Edge enabler layer service differentiation | |
WO2022083272A1 (en) | Network switching method and apparatus, and terminal device and storage medium | |
KR102626955B1 (en) | Method for providing private network slice in communication system and apparatus for the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |