CN117040862A

CN117040862A - Access method, system, device and storage medium of virtual private dial-up network

Info

Publication number: CN117040862A
Application number: CN202311042071.3A
Authority: CN
Inventors: 左晓熙; 吴峰; 潘圣宇; 修旭
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2023-08-17
Filing date: 2023-08-17
Publication date: 2023-11-10

Abstract

The invention discloses an access method, a system, a device and a storage medium of a virtual private dial-up network, comprising the following steps: receiving a dialing request sent by a terminal; the dialing request comprises authentication information of the terminal, wherein the authentication information comprises account information and password information; transmitting the authentication information to an AAA server, and receiving domain information of a virtual private dial-up network and IP address information of LNS equipment, which are transmitted by the AAA server; initiating an L2TP tunnel establishment request to LNS equipment corresponding to the IP address information according to the domain information of the virtual private dial-up network; if the L2TP tunnel is successfully established, the intra-domain IP address information of the virtual private dial-up network sent by the LNS equipment corresponding to the IP address information is received, so that the access of the virtual private dial-up network is completed. The embodiment of the invention can improve the working efficiency without increasing the cost, and can be widely applied to the technical field of communication.

Description

Access method, system, device and storage medium of virtual private dial-up network

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method, a system, an apparatus, and a storage medium for accessing a virtual private dial-up network.

Background

Video services are increasingly more, and more importance is placed on the security of the video services, and the security can be improved by adopting a VPDN (Virtual Private Dial-up Networks) network to carry the video services. At present, a common VPDN technology requires a professional to go to a gate to modify an account number into an account number with a specific suffix at a user terminal. Under the conventional condition, when the existing common broadband network of a user is transformed into a VPDN network, the common broadband account number is required to be modified into the VPDN account number at a user terminal, and the workload of manually entering the door to modify the user terminal account number is large, and the efficiency is low.

Disclosure of Invention

Accordingly, an object of the embodiments of the present invention is to provide a method, a system, a device and a storage medium for accessing a virtual private dial-up network, which can improve the working efficiency without increasing the cost.

In one aspect, an embodiment of the present invention provides an access method for a virtual private dial-up network, which is applied to a broadband remote access server, and includes:

receiving a dialing request sent by a terminal; the dialing request comprises authentication information of the terminal, wherein the authentication information comprises account information and password information;

transmitting the authentication information to an AAA server, and receiving domain information of a virtual private dial-up network and IP address information of LNS equipment, which are transmitted by the AAA server;

Initiating an L2TP tunnel establishment request to LNS equipment corresponding to IP address information according to the domain information of the virtual private dial-up network;

if the L2TP tunnel is successfully established, the intra-domain IP address information of the virtual private dial-up network sent by the LNS equipment corresponding to the IP address information is received, so that the access of the virtual private dial-up network is completed.

Optionally, the initiating an L2TP tunnel establishment request to the LNS device corresponding to the IP address information according to the domain information of the virtual private dial-up network specifically includes:

determining the suffix information of the virtual private dial-up network domain according to the domain information of the virtual private dial-up network, and adding the suffix information to the account number of the terminal;

determining corresponding LNS equipment according to the IP address information;

and using the broadband remote access server as LAC, and initiating an L2TP tunnel establishment request to LNS equipment corresponding to the IP address information.

On the other hand, the embodiment of the invention provides an access method of a virtual private dial-up network, which is applied to an AAA server and comprises the following steps:

receiving authentication information sent by a broadband remote access server; the authentication information comprises account information and password information;

determining whether the account number of the terminal belongs to the virtual private dial-up network account number according to the stored account number book of the virtual private dial-up network and the account number information;

And if the account number of the terminal belongs to the virtual private dial-up network account number, transmitting domain information of the virtual private dial-up network and IP address information of the LNS device to the broadband remote access server.

Optionally, the access method further includes:

if the account number of the terminal belongs to the common broadband account number, authentication is carried out according to the common broadband account number, and the terminal does not enter the virtual private dial-up network domain.

On the other hand, the embodiment of the invention provides an access method of a virtual private dial-up network, which is applied to LNS equipment and comprises the following steps:

receiving an L2TP tunnel establishment request initiated by a broadband remote access server; the L2TP tunnel establishment request comprises authentication information of a terminal; the authentication information comprises account information and password information;

if the L2TP tunnel is successfully established, authenticating the authentication information;

if the authentication is passed, distributing the intra-domain IP address information of the virtual private dial-up network for the terminal, and sending the intra-domain IP address information of the virtual private dial-up network to a broadband remote access server so as to complete the access of the virtual private dial-up network.

Optionally, the access method further includes:

if the authentication fails, feeding back authentication failure information to the broadband remote access server, so that the broadband remote access server re-acquires domain information of the virtual private dial-up network and IP address information of the LNS device from the AAA server, and re-initiates an L2TP tunnel establishment request to the LNS device.

On the other hand, the embodiment of the invention provides an access system of a virtual private dial-up network, which is applied to a broadband remote access server and comprises:

the first module is used for receiving a dialing request sent by the terminal; the dialing request comprises authentication information of the terminal, wherein the authentication information comprises account information and password information;

a second module, configured to send the authentication information to an AAA server, and receive domain information of a virtual private dial-up network and IP address information of an LNS device sent by the AAA server;

a third module, configured to initiate an L2TP tunnel establishment request to an LNS device corresponding to the IP address information according to the domain information of the virtual private dial-up network;

and a fourth module, configured to receive intra-domain IP address information of the virtual private dial-up network sent by the LNS device corresponding to the IP address information, if the L2TP tunnel is successfully established, so as to complete access of the virtual private dial-up network.

In another aspect, an embodiment of the present invention provides an access device for a virtual private dial-up network, including:

at least one processor;

at least one memory for storing at least one program;

and when the at least one program is executed by the at least one processor, the at least one processor is enabled to implement the above access method of the virtual private dial-up network.

In another aspect, an embodiment of the present invention provides a storage medium in which a processor-executable program is stored, where the processor-executable program, when executed by a processor, is configured to perform the above-described access method of a virtual private dial-up network.

On the other hand, the embodiment of the invention provides an access system of a virtual private dial-up network, which comprises a terminal, a broadband remote access server, an AAA server and an LNS; wherein,

the terminal is used for sending a dialing request to the broadband remote access server and receiving intra-domain IP address information of the virtual private dial-up network sent by the broadband remote access server;

the broadband remote access server is used for executing an access method of a virtual special dial-up network applied to the broadband remote access server;

the AAA server is used for executing an access method of the virtual private dial-up network for the AAA server;

the LNS is used for executing an access method applied to the LNS virtual private dial-up network.

The embodiment of the invention has the following beneficial effects: in this embodiment, the terminal sends a dialing request to the broadband remote access server; after receiving the dialing request, the broadband remote access server sends authentication information determined according to the dialing request to the AAA server; after receiving the authentication information sent by the broadband remote access server, the AAA server determines whether the account number of the terminal belongs to a virtual private dial-up network account number, and if the account number of the terminal belongs to the virtual private dial-up network account number, sends domain information of the virtual private dial-up network and IP address information of the LNS device to the broadband remote access server; the broadband remote access server initiates an L2TP tunnel establishment request to LNS equipment corresponding to the IP address information according to the domain information of the virtual private dial-up network; the LNS device receives the L2TP tunnel establishment request, if the L2TP tunnel is successfully established, the authentication information is authenticated, if the authentication is passed, the terminal is distributed with the intra-domain IP address information of the virtual private dial-up network, so as to complete the access of the virtual private dial-up network; firstly, authentication is carried out through an AAA server to obtain domain information of a virtual private dial-up network and IP address information of LNS equipment, then an L2TP tunnel is established according to the domain information of the virtual private dial-up network and the IP address information of the LNS equipment, the authentication is carried out to obtain intra-domain IP address information of the virtual private dial-up network, no change or setting is carried out on a terminal, no change of the terminal into a VPDN domain is realized by carrying out configuration modification on the AAA server and a broadband remote access server, the problem of large workload of terminal change is solved, user perception is improved, and working efficiency is improved; in addition, no extra equipment is needed, only the transformation of the broadband remote access server and the AAA server is needed, no extra cost is needed, and the method has higher realizability.

Drawings

Fig. 1 is a block diagram of an access system of a virtual private dial-up network according to an embodiment of the present invention;

fig. 2 is a schematic flow chart of steps of an access method of a virtual private dial-up network applied to a broadband remote access server according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating steps of a broadband remote access server initiating an L2TP tunnel establishment request according to domain information of a virtual private dial-up network according to an embodiment of the present invention;

fig. 4 is a schematic flow chart of steps of an access method of a virtual private dial-up network applied to an AAA server according to an embodiment of the present invention;

fig. 5 is a schematic step flow diagram of an access method of a virtual private dial-up network applied to an LNS according to an embodiment of the present invention;

fig. 6 is a schematic flow chart of steps of an access method of a virtual private dial-up network according to an embodiment of the present invention;

fig. 7 is a block diagram of an access system of a virtual private dial-up network applied to a broadband remote access server according to an embodiment of the present invention;

fig. 8 is a block diagram of an access system of a virtual private dial-up network applied to an AAA server according to an embodiment of the present invention;

Fig. 9 is a block diagram of an access system for a virtual private dial-up network applied to an LNS according to an embodiment of the present application;

fig. 10 is a block diagram of an access device of a virtual private dial-up network according to an embodiment of the present application;

fig. 11 is a block diagram of a computer device according to an embodiment of the present application.

Detailed Description

The application will now be described in further detail with reference to the drawings and to specific examples. The step numbers in the following embodiments are set for convenience of illustration only, and the order between the steps is not limited in any way, and the execution order of the steps in the embodiments may be adaptively adjusted according to the understanding of those skilled in the art.

It should be noted that although functional block division is performed in a device diagram and a logic sequence is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the block division in the device, or in the flowchart. The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.

Some technical terms in this embodiment are explained below.

VPDN (Virtual Private Dial-up Networks), virtual private dial-up network (vpn) services are dial-up based virtual private network services that are open over the internet. The method provides a user with access to broadband Internet in a dialing mode, and adopts a special network encryption and communication protocol to enable an enterprise to construct a virtual special channel which is not interfered by the outside on a public network, thereby safely accessing the business of the data resources in the enterprise network.

Bras (Broadband Remote Access Server ) is an access gateway for broadband network applications, is a bridge between broadband access networks and backbone networks, and provides basic access means and management functions of broadband access networks.

AAA (Authentication, authorization, accounting, authentication, authorization, and accounting) is a server program that is capable of handling user access requests, providing authentication authorization and account services, primarily for the purpose of managing user access to a web server, providing services to users with access rights. AAA servers typically work in conjunction with network access controls, gateway servers, databases, user information directories, etc.

L2TP (Layer 2Tunneling Protocol, two-Layer tunneling protocol) is a virtual tunneling protocol commonly used for virtual private networks. The L2TP protocol does not provide encryption and reliability verification functions, and can be matched with a security protocol for use, so that encrypted transmission of data is realized.

LAC (L2 TP Access Concentrator ) is one side endpoint of the L2TP tunnel, which is used primarily to provide connectivity services for user terminals over PSTN/Internet networks. The LAC is located between the remote dialing subscriber and the LNS device and is responsible for forwarding data between the remote dialing subscriber and the LNS device.

The LNS (L2 TP Network server) is an end point on the other side of the L2TP tunnel, and the server device for processing the L2TP protocol is an opposite end device of the LAC, and is a logical termination end point tunneled by the LAC.

An L2TP tunnel is established between the LAC and the LNS, consisting of one control connection and at least one L2TP session, between a pair of LAC and LNS a plurality of L2TP tunnels may be established. The sessions are in one-to-one correspondence with the calls, the call state is maintained by the LAC and the LNS, and a plurality of sessions can be established in one L2TP tunnel. The establishment of the session connection must be performed after the successful establishment of the tunnel (control connection). The LAC requests the LNS to accept a session corresponding to "in-call", or the LNS requests the LAC to accept a request corresponding to "out-call".

Radius (Remote Authentication Dial In User Service), remote user dial authentication service, is the most widely used AAA protocol. Radius is a protocol of a C/S architecture, its client is initially a NAS (Net Access Server) server, and any computer running Radius client software can become a client of Radius. The Radius protocol authentication mechanism is flexible, and can adopt various modes such as PAP, CHAP or Unix login authentication and the like. Radius is an extensible protocol that performs all of its tasks based on the vector of Attribute-Length-Value. Radius is a distributed, client/server structured information interaction protocol that protects the network from unauthorized access, and is often used in a variety of network environments where high security is required and remote user access is allowed.

Referring to fig. 1, the application scenario of the present embodiment is as follows: the user terminal initiates a dialing request to the Bras; after receiving the dialing request, the Bras sends authentication information determined according to the dialing request to an AAA server; after receiving authentication information sent by the Bras, the AAA server determines whether the account number of the terminal belongs to a virtual private dial-up network account number, and if the account number of the terminal belongs to the virtual private dial-up network account number, sends domain information of the virtual private dial-up network and IP address information of the LNS device to the Bras; the Bras is used as LAC in the L2TP tunnel according to the domain information of the virtual private dial-up network, and initiates an L2TP tunnel establishment request to LNS equipment corresponding to the IP address information; the LNS device receives the L2TP tunnel establishment request, if the L2TP tunnel establishment is successful, the authentication information is authenticated, if the authentication is passed, the intra-domain IP address information of the virtual private dial-up network is distributed to the terminal, and the intra-domain IP address information of the virtual private dial-up network is sent to the terminal through the Bras, so that the access of the virtual private dial-up network is completed.

Note that the Bras, AAA server, and LNS devices all store computer program software that implements their functions.

As shown in fig. 2, an embodiment of the present invention provides an access method of a virtual private dial-up network, which is applied to a broadband remote access server, and includes steps S110 to S140.

S110, receiving a dialing request sent by a terminal; the dialing request includes authentication information of the terminal, and the authentication information includes account information and password information.

The dialing request refers to a VPDN connection request sent by the terminal, and the authentication information is used for verifying identity information of the terminal, and the authentication information includes but is not limited to account information and password information.

Under the original common broadband network, the terminal normally initiates a dialing request to the broadband remote access server, and the original bandwidth account number of the terminal is maintained without modification. The dialing request carries authentication information of the terminal, wherein the authentication information comprises account information and password information. For example, authentication information included in a dial request initiated by the terminal 1 to the broadband remote access server includes an account number 1 and a password 1.

S120, the authentication information is sent to the AAA server, and the domain information of the virtual private dial-up network and the IP address information of the LNS device, which are sent by the AAA server, are received.

After receiving the dialing request sent by the terminal, the broadband remote access server does not authenticate account information, password information and the like in the authentication information, directly sends the authentication information to the AAA server without authentication release, so that the AAA server authenticates the account information of the terminal, and if the authenticated terminal account is a VPDN account, the AAA server sends suffix information of a virtual special dial-up network domain corresponding to the terminal account and IP address information of LNS equipment to the broadband remote access server. The domain information of the virtual private dial-up network includes, but is not limited to, suffix information of the virtual private dial-up network domain.

In a specific embodiment, the broadband remote access server sends account 1 and password 1 to the AAA server; the AAA server authenticates the account number 1, determines that the account number 1 is a VPDN account number, and feeds back suffix information of a virtual private dial-up network domain corresponding to the account number 1 and IP address information of LNS equipment to the broadband remote access server.

S130, initiating an L2TP tunnel establishment request to LNS equipment corresponding to the IP address information according to the domain information of the virtual private dial-up network.

The broadband remote access server determines LAC equipment information according to the domain information of the virtual private dial-up network, determines corresponding LNS equipment information according to the IP address information, then takes the broadband remote access server as LAC, and the equipment initiates an L2TP tunnel establishment request to the LNS equipment.

And S140, if the L2TP tunnel is successfully established, receiving the intra-domain IP address information of the virtual private dial-up network sent by the LNS equipment corresponding to the IP address information, so as to complete the access of the virtual private dial-up network.

If the L2TP tunnel between the LAC equipment and the LNS equipment is successfully established, the LNS equipment authenticates the authentication information of the terminal, if the authentication is passed, an IP address in a VPDN domain is allocated for a terminal account, and the IP address information in the VPDN domain is sent to a broadband remote access server to finish VPDN network access.

Optionally, referring to fig. 3, according to domain information of the virtual private dial-up network, an L2TP tunnel establishment request is initiated to an LNS device corresponding to the IP address information, which specifically includes:

s131, determining the suffix information of the virtual private dial-up network domain according to the domain information of the virtual private dial-up network, and adding the suffix information to the account number of the terminal;

s132, determining corresponding LNS equipment according to the IP address information;

s133, using the broadband remote access server as LAC, and initiating an L2TP tunnel establishment request to LNS equipment corresponding to the IP address information.

The broadband remote access server determines the suffix information of the virtual private dial-up network domain according to the domain information of the virtual private dial-up network fed back by the AAA server, adds the suffix information in the account number of the terminal, then determines the corresponding LNS equipment identification information according to the IP address information, finally takes the broadband remote access server as LAC, and initiates an L2TP tunnel establishment request to the identified LNS equipment.

In a specific embodiment, the broadband remote access server determines that the suffix information of the virtual private dial-up network domain is VV according to the domain information of the virtual private dial-up network, and obtains after adding the suffix to the account 1 of the terminal: the account number 1.VV, the IP address information of the LNS device is marked as LNS IP1, and the LNS device corresponding to the LNS IP1 is marked as LNS1; the broadband remote access server is used as LAC in the L2TP tunnel, and initiates an L2TP tunnel establishment request to the LNS1 according to the LNS IP 1.

As shown in fig. 4, an embodiment of the present invention provides an access method of a virtual private dial-up network, which is applied to an AAA server, and includes:

s210, receiving authentication information sent by a broadband remote access server; the authentication information includes account information and password information.

The AAA server receives authentication information sent by the broadband remote access server, wherein the authentication information is determined by the dialing request and is not processed, and the authentication information comprises but is not limited to account information and password information.

S220, determining whether the account number of the terminal belongs to the virtual private dial-up network account number according to the stored account number book and account number information of the virtual private dial-up network.

The account book records all VPDN account numbers of the virtual private dial network, corresponding VPDN domain information, LNS device IP address information and the like. Specifically, the AAA server searches the account book of the virtual private dial-up network for whether an account signal of the terminal exists, if so, the account of the terminal belongs to the virtual private dial-up network account, and if not, the account of the terminal belongs to the ordinary bandwidth account.

It should be noted that, the specific form of the account book is determined according to practical applications, and includes, but is not limited to, forms of a table, a database, and the like.

And S230, if the account number of the terminal belongs to the virtual private dial-up network account number, transmitting domain information of the virtual private dial-up network and IP address information of the LNS device to the broadband remote access server.

If the account number of the terminal belongs to the virtual private dial-up network account number, the AAA server determines the domain information of the virtual private dial-up network corresponding to the terminal account number and the IP address information of the LNS device according to the account number information of the terminal and the account book, and returns the domain information of the virtual private dial-up network and the IP address information of the LNS device to the broadband remote access server.

Optionally, the access method further includes:

s240, if the account number of the terminal belongs to the common broadband account number, authentication is carried out according to the common broadband account number, and the virtual private dial-up network domain is not accessed.

If the account number of the terminal belongs to the common broadband account number, authentication is performed according to the common broadband account number, namely, account number information, password information and the like in the terminal authentication information are authenticated according to the existing network authentication flow, and the virtual private dial-up network domain is not entered.

As shown in fig. 5, an embodiment of the present invention provides an access method of a virtual private dial-up network, which is applied to an LNS device, and includes:

S310, receiving an L2TP tunnel establishment request initiated by a broadband remote access server; the L2TP tunnel establishment request contains authentication information of the terminal; the authentication information includes account information and password information.

Firstly, a broadband remote access server is used as LAC equipment, first Radius authentication is carried out on a terminal account through Radius, and domain names are authenticated, the Radius returns corresponding tunnel attributes according to the domain names, wherein the tunnel attributes comprise LNS IP, tunnel type, tunnel password and the like; and then, the broadband remote access server is used as LAC equipment, initiates an L2TP tunnel establishment request to the LNS equipment according to the tunnel attribute, and establishes an L2TP tunnel between the LAC equipment and the LNS equipment.

S320, if the L2TP tunnel is established successfully, authentication information is authenticated.

After the L2TP tunnel is successfully established, a session is established for the terminal account in the tunnel, the LAC equipment sends authentication information of the terminal to the LNS equipment, and the LNS equipment initiates authentication of account information, password information and the like in the terminal authentication information to the two-layer Radius.

S330, if the authentication is passed, distributing the intra-domain IP address information of the virtual private dial-up network for the terminal, and sending the intra-domain IP address information of the virtual private dial-up network to the broadband remote access server to complete the access of the virtual private dial-up network.

If the authentication is passed, the LNS device distributes the intra-domain IP address information of the virtual private dial-up network for the terminal, and after the Radius authentication is passed, the LNS device returns the relevant information to the LNS device, and the LNS device feeds back the intra-domain IP address information of the virtual private dial-up network to the terminal through the broadband remote access server so as to complete the access of the virtual private dial-up network.

Optionally, the access method further includes:

and S340, if authentication fails, feeding back authentication failure information to the broadband remote access server so that the broadband remote access server re-acquires domain information of the virtual private dial-up network and IP address information of the LNS device from the AAA server, and re-initiates an L2TP tunnel establishment request to the LNS device.

If authentication fails, feeding back authentication failure information to the broadband remote access server so as to re-acquire new authentication information of the terminal through the terminal, and re-acquiring domain information of the virtual private dial-up network and IP address information of the LNS device according to the method by the broadband remote access server according to the new authentication information of the terminal, and re-initiating an L2TP tunnel establishment request to the LNS device according to the domain information of the new virtual private dial-up network and the IP address information of the LNS device.

Referring to fig. 6, in a specific embodiment, a terminal accesses a VPDN on the basis of an original normal bandwidth network by: the user terminal ONU1 initiates a dialing request to the Bras1; the Bras1 receives a dialing request and sends terminal authentication information determined according to the dialing request to an AAA server; the AAA server compares the account information in the authentication information with the stored account book to determine whether the terminal account is a VPDN, if the terminal account is a common account, the authentication is carried out according to the common account, if the terminal account is a VPDN account, the VPDN information corresponding to the terminal account is further determined, and the VPDN information is fed back to the Bras1; after receiving the VPDN information, the Bras1 adds the VPDN information into account information, and establishes an L2TP tunnel with the LNS1 by taking the VPDN information as LAC1, if the L2TP tunnel is failed to be established, reestablishing the L2TP tunnel until the L2TP tunnel is successfully established; after the L2TP tunnel is successfully established, the LNS1 authenticates account information, if the authentication is successful, the LNS1 distributes an IP address for the account 1, if the authentication is identified, authentication failure is fed back to the terminal through the Bras1, a user is prompted to modify authentication information of the terminal, such as account information, password information and the like, after the Bras1 receives new authentication information retransmitted by the terminal, the new authentication information is retransmitted to the AAA server for authentication.

As shown in fig. 7, an embodiment of the present invention provides an access system of a virtual private dial-up network, which is applied to a broadband remote access server, and includes:

a second module, configured to send authentication information to the AAA server, and receive domain information of the virtual private dial-up network and IP address information of the LNS device sent by the AAA server;

a third module, configured to initiate an L2TP tunnel establishment request to an LNS device corresponding to the IP address information according to domain information of the virtual private dial-up network;

As shown in fig. 8, an embodiment of the present invention provides an access system of a virtual private dial-up network, which is applied to an AAA server, and includes:

a fifth module, configured to receive authentication information sent by the broadband remote access server; the authentication information comprises account information and password information;

a sixth module, configured to determine, according to the stored account book and account information of the virtual private dial-up network, whether the account of the terminal belongs to the virtual private dial-up network account;

And a seventh module, configured to send domain information of the virtual private dial-up network and IP address information of the LNS device to the broadband remote access server if the account of the terminal belongs to the account of the virtual private dial-up network.

As shown in fig. 9, an embodiment of the present invention provides an access system of a virtual private dial-up network, which is applied to an LNS device, and includes:

an eighth module, configured to receive an L2TP tunnel establishment request initiated by the broadband remote access server; the L2TP tunnel establishment request contains authentication information of the terminal; the authentication information comprises account information and password information;

a ninth module, configured to authenticate the authentication information if the L2TP tunnel is successfully established;

and a tenth module, configured to allocate the intra-domain IP address information of the virtual private dial-up network to the terminal if the authentication is passed, and send the intra-domain IP address information of the virtual private dial-up network to the broadband remote access server, so as to complete access of the virtual private dial-up network.

It can be seen that the content in the above method embodiment is applicable to the system embodiment, and the functions specifically implemented by the system embodiment are the same as those of the method embodiment, and the beneficial effects achieved by the method embodiment are the same as those achieved by the method embodiment.

As shown in fig. 10, the embodiment of the present application further provides an access device for a virtual private dial-up network, including:

at least one processor;

at least one memory for storing at least one program;

the at least one program, when executed by the at least one processor, causes the at least one processor to implement the steps of the method for accessing a virtual private dial-up network described in the method embodiment applied to a broadband remote access server, AAA server or LNS device.

It can be seen that the content in the above method embodiment is applicable to the embodiment of the present device, and the functions specifically implemented by the embodiment of the present device are the same as those of the embodiment of the above method, and the beneficial effects achieved by the embodiment of the above method are the same as those achieved by the embodiment of the above method.

Furthermore, the embodiment of the application also discloses a computer program product or a computer program, and the computer program product or the computer program is stored in a computer readable storage medium. The processor of the computer device may read the computer program from the computer readable storage medium and execute the computer program, so that the computer device performs the above-described methods, respectively. Similarly, the content in the above method embodiment is applicable to the present storage medium embodiment, and the specific functions of the present storage medium embodiment are the same as those of the above method embodiment, and the achieved beneficial effects are the same as those of the above method embodiment.

In particular, referring to FIG. 11, a computer device 1100 may include RF (Radio Frequency) circuitry 1110, memory 1120 including one or more computer-readable storage media, input unit 1130, display unit 1140, sensor 1150, audio circuit 1160, short-range wireless transmission module 1170, processor 1180 including one or more processing cores, and power source 11110. It will be appreciated by those skilled in the art that the device structure shown in fig. 11 is not limiting of the electronic device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.

The RF circuit 1110 may be used for receiving and transmitting signals during a message or a call, and in particular, after receiving downlink information of a base station, the downlink information is processed by one or more processors 1180; in addition, data relating to uplink is transmitted to the base station. Typically, RF circuitry 1110 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, an LNA (Low Noise Amplifier ), a duplexer, and the like. In addition, RF circuitry 1110 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol including, but not limited to, GSM (Global System of Mobile communication, global system for mobile communications), GPRS (General Packet Radio Service ), CDMA (Code Division Multiple Access, code division multiple access), WCDMA (Wideband Code Division Multiple Access ), LTE (Long Term Evolution, long term evolution), email, SMS (Short Messaging Service, short message service), and the like.

Memory 1120 may be used to store software programs and modules. The processor 1180 executes various functional applications and data processing by running software programs and modules stored in the memory 1120. The memory 1120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, phonebooks, etc.) created according to the use of the device 1100, and the like. In addition, memory 1120 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 1120 may also include a memory controller to provide access to the memory 1120 by the processor 1180 and the input unit 1130. While fig. 11 shows RF circuit 1110, it is to be understood that it is not an essential component of device 1100 and may be omitted entirely as desired within the scope of not changing the essence of the invention.

The input unit 1130 may be used to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, the input unit 1130 may include a touch-sensitive surface 1131 and other input devices 1132. The touch-sensitive surface 1131, also referred to as a touch display screen or touch pad, may collect touch operations thereon or thereabout by a user (e.g., operations of the user on the touch-sensitive surface 1131 or thereabout using any suitable object or accessory such as a finger, stylus, etc.), and actuate the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface 1131 may include two portions, a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device and converts it into touch point coordinates, which are then sent to the processor 1180, and can receive commands from the processor 1180 and execute them. In addition, the touch-sensitive surface 1131 may be implemented using various types of resistive, capacitive, infrared, surface acoustic waves, and the like. In addition to the touch-sensitive surface 1131, the input unit 1130 may also include other input devices 1132. In particular, other input devices 1132 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.

The display unit 1140 may be used to display information entered by a user or information provided to a user and various graphical user interfaces of the control 1100, which may be composed of graphics, text, icons, video, and any combination thereof. The display unit 1140 may include a display panel 1141, and optionally, the display panel 1141 may be configured in the form of an LCD (Liquid Crystal Display ), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch sensitive surface 1131 may be overlaid on the display panel 1141, and upon detection of a touch operation thereon or thereabout by the touch sensitive surface 1131, the touch sensitive surface is passed to the processor 1180 for determination of the type of touch event, and the processor 1180 then provides a corresponding visual output on the display panel 1141 in accordance with the type of touch event. Although in FIG. 11 the touch-sensitive surface 1131 and the display panel 1141 are implemented as two separate components for input and output functions, in some embodiments the touch-sensitive surface 1131 may be integrated with the display panel 1141 to implement input and output functions.

The computer device 1100 may also include at least one sensor 1150, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 1141 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 1141 and/or the backlight when the device 1100 is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the acceleration in all directions (generally three axes), and can detect the gravity and the direction when the mobile phone is stationary, and can be used for applications of recognizing the gesture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and knocking), and the like; other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc. that may also be configured with the device 1100 are not described in detail herein.

Audio circuitry 1160, speakers 1161, and microphone 1162 may provide an audio interface between a user and device 1100. The audio circuit 1160 may transmit the received electrical signal converted from audio data to the speaker 1161, and may be converted into a sound signal by the speaker 1161 to be output; on the other hand, the microphone 1162 converts the collected sound signals into electrical signals, which are received by the audio circuit 1160 and converted into audio data, which are processed by the audio data output processor 1180 for transmission to another control device via the RF circuit 1110, or which are output to the memory 1120 for further processing. Audio circuit 1160 may also include an ear bud jack to provide for communication of a peripheral ear bud with device 1100.

The short-range wireless transmission module 1170 may be a WIFI (wireless fidelity ) module, a bluetooth module, an infrared module, or the like. The device 1100 may communicate information with a wireless transmission module provided on the combat device via the short-range wireless transmission module 1170.

The processor 1180 is a control center of the device 1100, connecting various parts of the overall control device using various interfaces and lines, performing various functions of the device 1100 and processing data by running or executing software programs and/or modules stored in the memory 1120, and invoking data stored in the memory 1120, thereby performing overall monitoring of the control device. Optionally, the processor 1180 may include one or more processing cores; alternatively, the processor 1180 may integrate an application processor that primarily processes operating systems, user interfaces, applications, etc., with a modem processor that primarily processes wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 1150.

The device 1100 also includes a power source 11110 (e.g., a battery) that provides power to the various components, preferably through a power management system logically coupled to the processor 1180 for managing charge, discharge, and power consumption through the power management system. The power source 11110 may also include one or more of any components, such as a direct current or alternating current power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.

Although not shown, the device 1100 may further include a camera, a bluetooth module, etc., which will not be described herein.

It is to be understood that all or some of the steps, systems, and methods disclosed above may be implemented in software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.

As shown in fig. 1, an embodiment of the present invention provides an access system for a virtual private dial-up network, including a terminal, a broadband remote access server, an AAA server, and an LNS; wherein,

the terminal is used for sending a dialing request to the broadband remote access server and receiving the intra-domain IP address information of the virtual private dial-up network sent by the broadband remote access server;

a broadband remote access server for executing an access method of a virtual private dial-up network applied to the broadband remote access server;

an AAA server for executing an access method of a virtual private dial-up network applied to the AAA server;

and the LNS is used for executing an access method applied to the LNS virtual private dial-up network.

Specifically, the terminal sends a dialing request to a broadband remote access server; after receiving the dialing request, the broadband remote access server sends authentication information determined according to the dialing request to the AAA server; after receiving the authentication information sent by the broadband remote access server, the AAA server determines whether the account number of the terminal belongs to a virtual private dial-up network account number, and if the account number of the terminal belongs to the virtual private dial-up network account number, sends domain information of the virtual private dial-up network and IP address information of the LNS device to the broadband remote access server; the broadband remote access server initiates an L2TP tunnel establishment request to LNS equipment corresponding to the IP address information according to the domain information of the virtual private dial-up network; the LNS device receives the L2TP tunnel establishment request, if the L2TP tunnel establishment is successful, the authentication information is authenticated, if the authentication is passed, the terminal is distributed with the intra-domain IP address information of the virtual private dial-up network, and the intra-domain IP address information of the virtual private dial-up network is sent to the broadband remote access server; the broadband remote access server receives the intra-domain IP address information of the virtual private dial-up network, sends the intra-domain IP address information of the virtual private dial-up network to the terminal, and accesses the virtual private dial-up network according to the intra-domain IP address information of the virtual private dial-up network.

It should be understood that in the present application, "at least one (item)" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

While the preferred embodiment of the present application has been described in detail, the application is not limited to the embodiment, and various equivalent modifications and substitutions can be made by those skilled in the art without departing from the spirit of the application, and these equivalent modifications and substitutions are intended to be included in the scope of the present application as defined in the appended claims.

Claims

1. An access method of a virtual private dial-up network, which is applied to a broadband remote access server, comprises the following steps:

2. The access method according to claim 1, wherein the initiating an L2TP tunnel establishment request to the LNS device corresponding to the IP address information according to the domain information of the virtual private dial-up network specifically includes:

3. An access method of a virtual private dial-up network, which is applied to an AAA server, comprises the following steps:

4. An access method according to claim 3, characterized in that the access method further comprises:

5. An access method of a virtual private dial-up network, which is applied to an LNS device, comprises the following steps:

6. The access method of claim 5, further comprising:

7. An access system for a virtual private dial-up network, applied to a broadband remote access server, comprising:

8. An access device for a virtual private dial-up network, comprising:

At least one processor;

at least one memory for storing at least one program;

the at least one program, when executed by the at least one processor, causes the at least one processor to implement the method of access to a virtual private dial-up network as claimed in any one of claims 1 to 6.

9. A storage medium having stored therein a processor executable program, wherein the processor executable program when executed by a processor is for performing the virtual private dial-network access method according to any of claims 1-6.

10. An access system of a virtual private dial-up network is characterized by comprising a terminal, a broadband remote access server, an AAA server and an LNS; wherein,

the broadband remote access server for performing the access method of the virtual private dial-up network according to any one of claims 1-2;

said AAA server for performing the access method of the virtual private dial-up network according to any one of claims 3-4;

The LNS is configured to perform the access method of the virtual private dial-up network according to any one of claims 5-6.