The Research And Implementation Of Security Access To SSL VPN Based On Frame Forwarding

VPN could extend the interior network of the enterprise. It makes the interior worker and co-worker could access the interior network through public internet. Owning to the property of convenient, secure, quick, flexible, VPN based on protocol of SSL becomes the first choice to remote user which want to access interior network of the enterprise quickly.Traditional solution of SSL VPN is based on Web mode or connection forwarding. It can't support the network services that are p2p or based on reversed connection. So the remote access ability of SSL VPN is reduced greatly. In order to solve the limitation, the SSL VPN based on Ethernet frame forwarding is designed and implemented. It could support any network services which based on protocol of TCP/IP.The theory of SSL VPN based on Ethernet frame forwarding is installing a virtual network interface card on each client and gateway server, forwarding Ethernet frame which communicate between client and interior service resources through mechanism of IP routing. And it so establish the connection between client and interior network. In order to assure the security of transmission, it use SSL encryption tunnel to transmit all data between client and interior network.In the part of identity authentication, it adopts the strategy which combines the policy of user name/password and PKI identity authentication. In the part of connection security, it will cut connection when detecting timeout of inactive status of client computer and tunnel transmission. In the part of access control, it adopts distributed strategy based on role privilege, and supplies the find-grained access control policy based on single service resource. In the part of secrecy of session content, it adopts the session data clean policy based on disk filter driver to clean session trace after session finished.Through testing, the client-end of SSL VPN system is simple and easy to use. It has not only realized the support to application that based on protocol of TCP/IP, but also solved the security problem carrying on the remote access in the network.