| IPsec VPN gateway is prevalent very much as a network security product which provides integrative network security technologies such as encryption, authentication, and access control. However, with the increase of network application, users advance higher demand for the speed of policy lookup, the adaptability and security of vpn ga- teway in network.In this paper, we have studied stateful packets inspection technology, network address translation technology, virtual private network technology and packet filter technology. And we designed and accomplished a new vpn gateway. The main work of this paper is as follows:1. Summarized the development of IPsec VPN technology. Analyzed and pointed out the ubiquitous problems of the exisiting products.2. Analyzed the frame of process of packet named of netfilter in linux2.6. Analyzed stateful packet inspection and network address translation on basis of netfilter by reading the source code of linux2.6 kernel.3. Put forward the technology of vpn process based on stateful packet inspection, we designed vpn gateway based stateful packet inspection. It improves the speed of the process of packet greatly because policy lookup only relates the times of connection. At the same time, it builds up the security of vpn system. Put forward vpn process which can sustain route and network bridge mode, which can broaden the network application mode. Designed the process of data packet under the control of multiple network cards, which makes closer integration of firwall and VPN.4. Studied the compatibility of IPsec and NAT. Put forward and designed the project of RUDP encapsulation. This project will be applied to vpn gateway based on stateful packet inspection, which makes the deployment of vpn gateway more flexible and the application of vpn gateway more extensive. |
PDF Full Text Request