Study And Implement Of VPN Gateway Based On IPSec Under Linux

The popularization of Internet brings huge economic benefit for the society. However, the safe problem of information is also increasingly outstanding, the network safety has already become the core problem which people increasingly pay attention to. Various safety guard technologies emerge as the times require, and Virtual Private Network(VPN) technique with its practicability, security,simple and low cost acquired extensive application.The technique of VPN can build the remote private network of the enterprise by using the opposite insecure public network. Making use of special software and hardware facilities and establishing the logical tunnel in share IP net, it carry out a safe point-to-point connection between remote networks. The core of the technique of VPN is tunnel technique that includes IPSec, GRE, L2TP, PPTP etc. VPN based on the IPSec protocol is the most prevalentest. IPSec protocol is a set of related protocols that IETF provides the safety service for IP layer. As the network layer safety protocol, it achieves IP data safety protection , and can provide the transparent safety service for the upper layers.Linux system kenel adopts the Netfilter mechanism .which is a structural bottom frame for expanding various network service after 2.4 version. Using its hook function, we can carry out the extension of new network characteristic.This thesis carries on the research and implement of the IPSec VPN gateway in Linux system. Using hook of Netfilter mechanism as entrance of called process function, to integrate IP with IPSec protocol is realizated by calling IPSec data process module in the IP processing procedure of data. The entry strategy process module of IPSec data is added in the entry processing position of IP data to make sure of drop or accept;the entry processing module of IPSec data is added in the accept position of IP data to dencapsulate and revert the data;the outgoing processing module of IPSec data is added in the outgoing and forward position of IP data to encrypt, authenticate and encapsulate the data. Because the IPSec...