The Analysis Of IPSec In Linux Kernel 2.6 And The Research And Implementation Of VPN Gateway

The thesis has firstly made original thorough research and analysis to the IPSec support mechanism in Linux kernel 2.6 and then has given out a comprehensive building scheme of the IPSec VPN security gateway based on Linux kernel 2.6, combined with self-designed VPN security management console, the security gateway's interaction with kernel module, and the IKE module. The thesis has designed and implemented an IPSec VPN security gateway prototype. Its specific work includes: Make original deep analysis on the seamless integration of IPSec in Linux kernel 2.6and the kernel realization of AH protocol and ESP protocol. Expatiate on the structures of security association and security policy which are bothneeded in the design of VPN gateway and the building method of security associationdatabase and security policy database. Design the message communication mechanism of VPN gateway in detail. Designevery message to communicate with IPSec in kernel based on the analysis of thecommunication mechanism between user process and IPSec in kernel. Propose a building scheme based on the requirements analysis of the IPSec VPNsecurity gateway. Design the VPN security gateway management console module andthe security gateway's interaction with kernel module. Implement a VPN gateway prototype with the analysis and design mentioned above.Test the prototype system and analyze the test resultThe research of this thesis has sponsored by the natural science foundation of Jiangsu Province for the project "Research on the High Intensity VPN Security Gateway Techniques and Core System Based on PKI and ECC" (Project Number: BK2004039).