CN1231024C - Virtual specsel net realizing method based on dynamic IP address and system - Google Patents
Virtual specsel net realizing method based on dynamic IP address and system Download PDFInfo
- Publication number
- CN1231024C CN1231024C CNB021257604A CN02125760A CN1231024C CN 1231024 C CN1231024 C CN 1231024C CN B021257604 A CNB021257604 A CN B021257604A CN 02125760 A CN02125760 A CN 02125760A CN 1231024 C CN1231024 C CN 1231024C
- Authority
- CN
- China
- Prior art keywords
- gateway
- address
- address server
- server
- virtual private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a realization method and a system of a virtual private network (VPN) based on a dynamic IP address. The method comprises the following steps that an address server for managing a dynamic IP address is established in an IP public network; the information of the dynamic IP address, a name, etc. is registered in the address server by a gateway of a virtual private network; when an initiating end gateway needs to be connected to a target gateway, the initiating end gateway is firstly enquired in the address server to obtain an IP address of the target gateway, and the IP address is used for establishing connection. The system of the present invention comprises an IP network, a virtual private network gateway which is connected with the IP network, and the address server for managing the dynamic IP address. A dynamic IP address management module and a data module are arranged in the address server. Public components of the address server are fully used by the present invention, and a VPN network can be conveniently established under the condition that the fixed IP address of a target VPN is not known by a VPN gateway. The present invention is very convenient and economical for an enterprise adopting dialing to be accessed in the IP network.
Description
Technical field
The present invention relates to a kind of Virtual Private Network implementation method and system based on dynamic IP addressing.
Background technology
Virtual Private Network (Virtua1 Private Network is called for short VPN) is to utilize public network infrastructure, reaches the data security transmission of similar privately owned private network by means such as " tunnel " technology.This network has virtual characteristics: VPN to be not the proprietary closed-loop of certain company or to rent the closed-loop that certain Internet service provider provides, but VPN has the data-transformation facility of special line again simultaneously, because VPN can handle the information of own company as special line on public network.
The operation principle of VPN:
IP-based VPN is summed up as two classes basically: dial vpn (is commonly referred to as VDPN, be VPDN) and special line VPN (Dedicated VPN, be the VPN of special line), complete vpn solution is combined the user demand of satisfying all users to dial vpn and special line VPN usually.
Dial vpn:
Dial vpn (being VDPN) provides remote access to incorporated business's net for mobile subscriber and telecommuting user.This is that current modal a kind of VPN disposes form, mainly is based on L2F (Layer 2 ForwardingProtocol) agreement.VDPN allows the user of a plurality of different field can both obtain the Intranet that is routed to them of safety by public network or Internet or other common networks.Dial vpn can be divided into (Client-Initiated) VPN of client's initiation and the VPN that NAS initiates again.
In the VPN that the client initiates, subscriber dialing is sent the encryption tunnel of asking and being established to its intranet to local POP by the client.In order to set up the connection of a safety, client operation IPsec software, the IPsec process communication on client software and the company's internal network fire compartment wall, perhaps directly with the router communication of support IPsec, guarantee the fail safe that connects.The VPN characteristics of this form are:
(1) long-distance user can set up IP tunnel (IPTunnel) with a plurality of home gateways (Home Gateway) simultaneously.
(2) long-distance user needn't dial again, just can enter another network.
(3) developing and managing with ISP (ISP:internet serviceprovider) of VPN has nothing to do.
(4) vpn tunneling of this encryption is transparent for the service provider, needs special-purpose dialer software in client.
(5) client need be known the fixed ip address of enterprise, so that authenticate to the server of enterprise.
In the VPN that NAS initiates, ask and be created to the vpn tunneling of client company router (perhaps Home Gateway) by the NAS in the service provider pop.NAS uses L2F (Layer 2 Forwarding Protocol) or L2TP (Layer 2 Tunneling Protocol) agreement to be established to the secure tunnel of client Home Gateway.
In this dial vpn form, authentification of user divides bi-level treatment.When the user dials in, at first carry out basic authentication by service provider NAS, this authentication only identifies user's identity of company.Then, NAS is opened to the tunnel of the Home Gateway of user company, is carried out the authentication function of user class by Home Gateway.This VPN form is in when authentication, and the service provider also needs to know the IP address of the Home Gateway of enterprise.
Special line VPN:
In the special line VPN based on IP Tunnel, point-to-point protocol (PPP:Point to Point Protocol) data packet stream transmits by the tunnel on the share I P network.The tunnel is formed by tunnel protocol, this with popular diverse network be rely on corresponding procotol to finish to communicate by letter as broad as long.In order to transmit the packet from heterogeneous networks, the most generally the method for Shi Yonging is earlier talk various network protocols (IP, IPX and AppleTalk etc.) to be encapsulated in the PPP, this entire PP P packet is packed in the tunnel protocol again.In this case, need know the fixed ip address of each end points.
In the VPN based on virtual circuit (Vitual Circuit), the service provider can provide virtual circuit to set up IP VPN service.In frame relay (Frame Relay) and atm network, set up point-to-point the connection with PVC, and manage the 3rd layer information by router.Telecom operators or post and telecommunications office can adopt this way, make full use of its existing frame exchange (as frame relay) or cell switching (as ATM) infrastructure IP VPN is provided service.
From the above, be that dial vpn or special line VPN need a fixed IP addresses to be used as the center of authentication control at least.But for small business, perhaps chain type enterprise, each branch is all smaller, employing is an economic way based on the broadband or the narrow band access of dynamic IP, but being difficult to adopt traditional VPN technologies to set up VPN between the dynamic IP customer group under the mode of prior art, unless exchange present IP address mutually by artificial approach.Especially true for individual groupuscule.
Summary of the invention
The object of the present invention is to provide a kind of Virtual Private Network implementation method and system, to satisfy the automatic foundation of the VPN under the dynamic IP addressing situation based on dynamic IP addressing.
Method of the present invention may further comprise the steps: the address server of setting up the management dynamic IP addressing in the IP public network; The connection of the gateway of Virtual Private Network by being established to the IP public network is to obtain the public network IP address in exit; The Virtual Private Network gateway is registered in address server, is registered in the address server to major general's gateway name and dynamic IP addressing; When originating end need be connected to intended gateway, the gateway of originating end was inquired about the IP address with the acquisition intended gateway earlier from address server, and utilizes this IP address to connect.
System of the present invention comprises IP network and the Virtual Private Network gateway that is connected with this network at least, its design feature is: be connected with the address server of management dynamic IP addressing in the described IP network, be provided with dynamic IP addressing administration module and data module in this address server; Described Virtual Private Network gateway sends the information comprise self title and dynamic IP addressing at least by IP network to address server; Described dynamic IP addressing administration module in data module, from data module obtains the dynamic IP addressing of intended gateway according to the query requests of originating end with the information stores of Virtual Private Network gateway, offers initiating end gateway by address server.
The present invention is by increasing the mechanism of dynamic IP addressing registration and inquiry, realize the automatic foundation of VPN under the dynamic IP addressing situation, effectively solved prior art and be difficult to adopt traditional VPN technologies to set up the technical problem of the VPN between the dynamic IP customer group, and to the process of setting up of VPN itself without any influence.Compared with prior art, the present invention is simple, realizes easily.For address server, can also utilize the online WEB that generally adopts of INTERNET, WEB serves (WEB SERVICE), lightweight target access agreement (LDAP:LightweightDirectory Access Protocol), domain name service public services such as (DNS:domineer name server) realizes, thereby it is embodied as originally lower.
Description of drawings
Fig. 1 is for realizing system block diagram of the present invention;
Fig. 2 is a flow chart of the present invention;
Fig. 3 is the flow chart of vpn gateway registration among the present invention;
Fig. 4 sets up the process schematic diagram for VPN;
Fig. 5 is the flow chart that address server of the present invention adopts the WEB server to realize.
Embodiment
With reference to figure 1 and Fig. 2: include dynamic IP addressing administration module and data module in the address server.This address server is connected in the IP public network, is used for the dynamic IP addressing that inserts the public network vpn gateway is managed, and address server has fixed IP addresses, as 66.77.9.76.Private network in branch one and the branch two inserts in the IP public network by vpn gateway, gateway then adopts point-to-point protocol (PPP:Point to PointProtocol), is established to the link of IP network by the point-to-point protocol modes such as (PPPOE:PPP over Ethernet) of Ethernet.When chains of gateways is received the IP public network, obtain a dynamic public network IP address, then, gateway is registered in address server, gateway name, public network IP address, authentication password and other relevant information are registered to address server, by the dynamic IP addressing administration module it is stored in the data module, as shown in Figure 3.As succeed in registration, address server will be confirmed.When needing to connect between the VPN(Virtual Private Network), originating end is the IP address of query aim gateway from address server earlier, the dynamic IP addressing administration module obtains the dynamic IP addressing of intended gateway from data module, offer initiating end gateway by address server.Originating end connects by this IP address after obtaining the IP address of intended gateway from address server.Originating end must be by authentication during inquiry, and for the gateway by authorization identifying not, the inquiry of address service refusal is to ensure information security.
Consult Fig. 4, expressed the process that connects between Virtual Private Network gateway A and the gateway B among the figure.Public network IP address 61.145.x.x, the 61.135.x.x in vpn gateway A and vpn gateway B exit, title, licencing key and other relevant information are registered in address server, when vpn gateway B need connect with vpn gateway A, vpn gateway B connects by fixed ip address 66.77.9.76 and address server, and the authorization identifying by vpn gateway A, inquiry obtains the dynamic public network IP address 61.145.x.x of vpn gateway from server.Vpn gateway B carries out the negotiation that VPN sets up according to the IP address 61.145.x.x of the intended gateway A that obtains, has just set up vpn tunneling between vpn gateway A and the vpn gateway B after finishing.
Address server among the present invention can be a plurality of, and rationally distributes according to the region.
Address server can be independently server, also utilizes the online WEB that generally adopts of INTERNET, WEBSERVICE, and LDAP, public services such as DNS realize; Address server adopts the mode of WEB SERVICE to set up, vpn gateway can pass through Simple Object Access Protocol (SOAP:Simple Object Access Protocol) and address service mutual, by universal description, discovery and integrated (UDDI:Universal Description, Discovery, and Integration) finds this service; Address server adopts LDAP SERVER to provide, and vpn gateway can be mutual by ldap protocol and address service; Address server adopts the custom protocol based on TCP/IP to carry out, and vpn gateway comes with address service mutual by the custom protocol that is carried on the ICP/IP protocol.
Fig. 5 has then expressed the flow process when address server adopts the WEB server to realize.Because general enterprise all has the WEB website, so this service can be embedded in the website of oneself, reliability and fail safe can be by enterprise oneself controls, and vpn gateway need dispose the web page address of corresponding with service simultaneously.As can be seen from Figure, change has taken place in the interaction flow between vpn gateway A and vpn gateway B and the address server, utilizes HTTP(Hypertext Transport Protocol) to carry relevant registration and Query Information.
An enterprise can have the address server of oneself, and all networkings of enterprise can be used dial-up access like this, and perhaps the mode of ADSL etc. inserts, and does not need operator that special support is provided.
Independently service provider can be arranged yet, provide such service to the public, for enterprise, can fully only utilize dial-up access or the dynamic access way of ADSL like this, couple together, oneself does not need to safeguard address server yet.
The present invention make full use of public address server parts, make vpn gateway under the situation of the fixed ip address of not knowing target VPN, can set up the VPN network easily.For the enterprise that adopts the dial-up access that distributes fully is very convenient and economical.
Claims (15)
1, based on the Virtual Private Network implementation method of dynamic IP addressing, it is characterized in that: may further comprise the steps:
In the IP public network, set up the address server of management dynamic IP addressing;
The connection of the gateway of Virtual Private Network by being established to the IP public network is to obtain the public network IP address in exit;
The Virtual Private Network gateway is registered in address server, is registered in the address server to major general's gateway name and dynamic IP addressing;
When originating end need be connected to intended gateway, the gateway of originating end was inquired about the IP address with the acquisition intended gateway earlier from address server, and utilizes this IP address to connect;
Described originating end is the originating end that request connects at Virtual Private Network, and described intended gateway is a gateway of accepting the Virtual Private Network of this request.
2, method according to claim 1 is characterized in that: described address server is address server independently.
3, method according to claim 1 and 2 is characterized in that: described address server is a plurality of, and distributes according to the region.
4, method according to claim 1 is characterized in that: described address server is the WEB server, and this WEB server adopts HTML (Hypertext Markup Language) to exchange with the gateway of Virtual Private Network.
5, method according to claim 1 is characterized in that: described address server adopts the WEB service manner to set up, and the virtual private gateway is mutual by Simple Object Access Protocol and address server.
6, method according to claim 1 is characterized in that: described address server adopts lightweight target access protocol server to provide, and the virtual private gateway is mutual by lightweight target access agreement and address server.
7, method according to claim 1 is characterized in that: the Virtual Private Network gateway also comprises when registering in address server authentication password is registered in the address server.
8, method according to claim 1 is characterized in that: the IP address that initiating end gateway inserts the IP public network is that dynamical fashion distributes.
9, method according to claim 1 is characterized in that: carry out authorization identifying before the IP address of initiating end gateway query aim gateway from address server, to the gateway by authorization identifying, address server provides inquiry service, otherwise the refusal inquiry.
10, a kind of system of method according to claim 1 that realizes, at least comprise IP network and the Virtual Private Network gateway that is connected with this network, it is characterized in that: be connected with the address server of management dynamic IP addressing in the described IP network, be provided with dynamic IP addressing administration module and data module in this address server;
Described Virtual Private Network gateway sends the information comprise self title and dynamic IP addressing at least by IP network to address server;
Described dynamic IP addressing administration module in data module, from data module obtains the dynamic IP addressing of intended gateway according to the query requests of originating end with the information stores of Virtual Private Network gateway, offers initiating end gateway by address server;
Described originating end is the originating end that request connects at Virtual Private Network, and described intended gateway is a gateway of accepting the Virtual Private Network of this request.
11, system according to claim 10 is characterized in that: described address server is a plurality of, and distributes according to the region.
12, system according to claim 10 is characterized in that: the authorization message that also comprises the virtual private gateway in the described data module.
13, system according to claim 10 is characterized in that: described address server is the WEB server, and this WEB server adopts HTML (Hypertext Markup Language) to exchange with the gateway of Virtual Private Network.
14, system according to claim 10 is characterized in that: described address server is the server of WEB World Wide Web, and the virtual private gateway is mutual by Simple Object Access Protocol and address server.
15, system according to claim 10 is characterized in that: described address server is a lightweight target access protocol server, and the virtual private gateway is mutual by lightweight target access agreement and address server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021257604A CN1231024C (en) | 2002-08-16 | 2002-08-16 | Virtual specsel net realizing method based on dynamic IP address and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021257604A CN1231024C (en) | 2002-08-16 | 2002-08-16 | Virtual specsel net realizing method based on dynamic IP address and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1476204A CN1476204A (en) | 2004-02-18 |
| CN1231024C true CN1231024C (en) | 2005-12-07 |
Family
ID=34143044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021257604A Expired - Fee Related CN1231024C (en) | 2002-08-16 | 2002-08-16 | Virtual specsel net realizing method based on dynamic IP address and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1231024C (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100596076C (en) * | 2006-10-20 | 2010-03-24 | 华为技术有限公司 | User equipment registration, activation system, method and device in personal management |
| US8874693B2 (en) * | 2009-02-20 | 2014-10-28 | Microsoft Corporation | Service access using a service address |
| CN101557336B (en) * | 2009-05-04 | 2012-05-02 | 成都市华为赛门铁克科技有限公司 | Method for establishing network tunnel, data processing method and relevant equipment |
| CN101572729B (en) * | 2009-05-04 | 2012-02-01 | 成都市华为赛门铁克科技有限公司 | Processing method of node information of virtual private network, interrelated equipment and system |
| WO2010127610A1 (en) * | 2009-05-04 | 2010-11-11 | 成都市华为赛门铁克科技有限公司 | Method, equipment and system for processing visual private network node information |
| CN102196059A (en) * | 2011-05-26 | 2011-09-21 | 石家庄博士德软件科技开发有限公司 | Technology for acquiring dynamic Internet protocol (IP) address of server in real time |
| CN102299836A (en) * | 2011-09-16 | 2011-12-28 | 北京星网锐捷网络技术有限公司 | Method and device for accessing access equipment |
| CN103780713A (en) * | 2012-10-26 | 2014-05-07 | 苏州精易会信息技术有限公司 | Method for acquiring dynamic IP address of server in real time |
| CN103475563A (en) * | 2013-09-28 | 2013-12-25 | 上海成业智能科技股份有限公司 | Implementation method and monitoring system for public network VPN with non-fixed IP address |
| CN105357331A (en) * | 2015-10-28 | 2016-02-24 | 烽火通信科技股份有限公司 | Pseudo-static IP implementation method and system based on dynamic IP |
| CN109728988B (en) * | 2017-10-27 | 2020-05-12 | 贵州白山云科技股份有限公司 | Inter-intranet communication method and device |
| CN109245998A (en) * | 2018-10-09 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of method, system and associated component accessing NAS |
| CN110943999B (en) * | 2019-12-05 | 2022-03-22 | 拉货宝网络科技有限责任公司 | Logistics multi-bin network intercommunication and monitoring method |
| CN113271218B (en) * | 2020-02-17 | 2023-03-21 | 中国电信股份有限公司 | VPN service configuration method, system, orchestrator and storage medium |
| CN113194160A (en) * | 2021-04-22 | 2021-07-30 | 西安交通大学 | Large-span domain IP address rapid dynamic switching system and method |
-
2002
- 2002-08-16 CN CNB021257604A patent/CN1231024C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1476204A (en) | 2004-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1231024C (en) | Virtual specsel net realizing method based on dynamic IP address and system | |
| EP1735985B1 (en) | A method, network element and system for providing security of a user session | |
| EP1370040B1 (en) | A method, a network access server, an authentication-authorization-and-accounting server, and a computer software product for proxying user authentication-authorization-and-accounting messages via a network access server | |
| CN1802821A (en) | Personal remote firewall | |
| EP1413094B1 (en) | Distributed server functionality for emulated lan | |
| US20020038371A1 (en) | Communication method and system | |
| US7325058B1 (en) | Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites | |
| CN100370869C (en) | Method and system for providing user network roam | |
| Cohen | On the establishment of an access VPN in broadband access networks | |
| US20030028648A1 (en) | Method and device for tunnel switching | |
| US20040243710A1 (en) | Method of user data exchange in the data network and a data network | |
| CN101146017B (en) | Relay-server | |
| US6874030B1 (en) | PPP domain name and L2TP tunnel selection configuration override | |
| JP2004505383A (en) | System for distributed network authentication and access control | |
| CN1478232A (en) | System and method for secure network mobility | |
| WO2006083414A2 (en) | Method and apparatus for l2tp dialout and tunnel switching | |
| CN101309284A (en) | Remote access communication method, apparatus and system | |
| EP1168718B1 (en) | Method and device to communicate with a device not belonging to the same virtual private network | |
| CN1538706A (en) | HTTP relocation method for WEB identification | |
| WO2001041392A2 (en) | Virtual private network selection | |
| US7698384B2 (en) | Information collecting system for providing connection information to an application in an IP network | |
| JP3616570B2 (en) | Internet relay connection method | |
| US7616625B1 (en) | System and method for selective enhanced data connections in an asymmetrically routed network | |
| AU2004214282A1 (en) | Terminating a session in a network | |
| Cisco | Overview of Access VPNs and Tunneling Technologies |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20051207 Termination date: 20130816 |