| With the fast growth and even internationalization of many enterprises, more and more branches come out; a safe connectivity has to be set up between offices, headquarters and customers. People concerns most to how to ensure a secure network with flexibility with information shared between their own offices. With the development of network technology, VPN (Virtual Private Network) brings much more benefits to the enterprises, which have their branches in different locations, by setting up private data connectivity through the public network to share necessary information under secure, and cost-efficiency.CIPE(Crypto IP Encapsulation)is a kind of secure transmission technology through encapsulated IP pockets. It much likes the tunnel transmission and point-to-point transmission technology of NAT gateways, it can be applied to much more areas of VPN, which makes more developing of CIPE, and makes our study more valuable.Nowadays, there is not much specific software development on CIPE in IPv6, which makes it important and necessary for the study of CIPE in IPv6 network. In this paper, a VPN system will be presented by CIPE technology in IPv6 network.This paper shows a typical CIPE structure, which is composed of organization networks, CIPE gateways, and CIPE address management centers. Organization network is the real user of CIPE network, for which, CIPE provides a secured transmission channel to the organizations located in different areas. All the designs are focus on CIPE gateways, which play important role during CIPE transmission, and also is central for the networks. CIPE address management centre is responsible for address management of the virtual ones of network nodes and CIPE gateways'in the whole CIPE network. When a user logs in CIPE network, the management center will assign a virtual network address and a relative CIPE gateway to him, records his IP addresses both internet &intranet and related CIPE gateway's as while. While the packet transporting between CIPE terminals is captured by CIPE gateway, the gateway will judge it by checking theaddress management center. If yes, encapsulates it. CIPE gateway gets the correspondent CIPE gateway address relative to the virtual network address of the destination of the packet through address management centre, and then sends it to the gateway. The remote CIPE gateway receives the packet, and then it will ask the management center to validate if it comes from a CIPE gateway. If yes, it is uncapsulated, and then we will find the packet that transmitted through CIPE virtual network.In this paper, based on the basic process of CIPE, the function modules of CIPE gateway are detailed designed as address management module, packets capture module, packets encapsulating module, packets uncapsulating module. It gives the CIPE gateway program, and implements the uncapsulation, analyzse, encapsulation, and sending of the packet through CIPE gateway.In this paper, the tools of Linux, Libipq API of Netfilter is used for the design of packet capture program, and Libnet is for the CIPE packet sending, which meets the requirement of the absolutely control of packets of CIPE gateway, and fuly filtrate the packets. The gateway program, which is CIPE-based in IPv6 environment, implements the basic process of CIPE transmission.Meanwhile, Authentication is an important part of network security, which has almost been a part of all the operation systems, which has played an important role to VPN security. As the important part of VPN security technology, the moving of office staffs will try more to the security mechanism more than the users just located in its local area network. Authentication makes sure individual identification, which is the essential method to ensure the system security.The authentication server should be set up in its local area network, and connects to the VPN gateway. When a user trys to access the enterprise network remotely, they have to be validated successfully, and then they can share the resource of the VPN networks. The authentication center listens to the ports of the gateways, when they accept the validation information, they will call related protocols to get them,and then ask DB center for query, and return the results to the gateway.Here, based on IPv6, it shows a detailed study of the basic principle ofauthentication system of moving user, and implemented the system through socket network programming, and MySQL with its features of fast, strong and ease. |
PDF Full Text Request