| VPN is the product of rapid development of network technology and the great demand of communications. Because of the progress of the Internet and its spreading application ranges, more and more departments prefer building their own virtual private network based on low-cost public communication facilities than setting up expensive dedicated physical connection constructions, to achieve the aim of safe inner data transmission. Due to the huge input on the laying of special equipments and the long-term building cycle, we, especially the domestic government and large companies need a kind of safe and low-cost far-range virtual network technical support that suits national conditions. Setting up dedicated physical network equipment is bound to create enormous waste of resources and difficulties in integrating and upgrading in the future, while using domestic public line network to establish a standardized model of virtual private network can solve the problem, and what just to do is to find a suitable model framework and add several VPN servers to it.In this paper, a sub remote login VPN model is established on the basis of the optimization and combination of existing technology. According to the characteristics of actual remote connection, the main communication process is analysed and designed as follows: 1. Establish connection between remote access site and the internal LAN Gateway concentrators, that is, the process of establishing connection and service response to the request between a variety of remote user's terminal equipment and ISP Gateway A. This part requires the client program to be simple to install and operate, easy to upgrade the maintenance, and able to provide flow control services. 2. Gateway concentrator connected to the remote target server through the WAN networking. This part requires a good safety performance, to prevent the theft of private data.3. Effectively send encrypted data by the possible NAT/PAT. The gateway access concentrator is the key equipment to the three parts of the communication process, which links the terminal in both directions, ensures the data packet format conversion; makes sure the safety between the two sides and the NAT/PAT pass through. The function will be basically divided into two parts: Use gateway as the main equipment to transit services, optimize L2TP connection between the gateway and users' part in LAN, realize flow control as well as convenient and effective user authentication; make IPSec connection between the gateway and the target server to ensure data security. The design of the overall framework uses transition of the L2TP to IPSec, instead of the currently popular L2TP and IPSec packet mode transfering in the entire pathway, and the purpose is to enable the client-side to use the virtual private network easily without considering complex issues such as the configuration of IPSec, optimize the unnecessary excessive header and take full advantage of the bandwidth. This paper uses the condition-concerned method to realize thin-client VPN telnet connection, and to improve the efficiency of message transmission to the greatest degree on the premise of safety.Now research on network simulation has been more mature, structuring virtual reality environment by applying network simulation software in the computer is used to reflect the actual network connection, and make related improvements to a series of performance charts in the transmission, is an effective way to improve the reliability and accuracy of network planning and design, and reduce the risk of network investment as well as the unnecessary spending. We did the relevant experiments with the more mature OPNET Modeler and then made a comparison with the experimental program and the telnet VPN which only used the IPSec, in order to analyse and prove the feasibility and significance of reality of our design. Besides we did a separate test on the module of the Gateway access concentrator as the key equipment, and a performance test on the agreement conversion part to prove the maximum load tobear. |
PDF Full Text Request