| The realization of dynamic key exchange is based on the IKE (Internet Key Exchange) protocol, which is a hybrid protocol and defines the methods with which the two sides of the communication processes authenticate, negotiate encryption algorithms and generate shared session key. This paper has made thorough analysis on the dynamic key exchange technology in the design of VPN security gateway using IPSec protocol and has discussed the designing and implementing methods of the IKE protocol on VPN platform. All contents throughout this paper are based on a practical VPN project this author participates in.In the beginning, the paper discusses the project framework and outlines the system modules design. It then introduces three kinds of message communication mechanism involved by IKE modules and explains three different communication methods used by the management message, the network message and the kernel message in this system. The paper analyses various IKE ISAKMP message formats and accounts for the detailed design on every message during two stages of the negotiation in IKE, and gives out whole implementation. The PF_KEY triggering and message exchange mechanisms between IKE module and Linux kernel are also presented here. In the end, the paper has made discussion to the prospect of this system and gives out its further design thoughts. |
PDF Full Text Request