| This paper adopts Linux open source as development roof to construct Virtual Private Gateway (VPN) by using IPSec protocols in network layer based on special network stacks and integrate VPN gateway into firewall system. C language is used for programming development.In this thesis, on the reference to RFC documents of IPSec protocols, several security service modes are analyzed in compare and it is decided to implement security service of ESP tunnel mode which primarily includes Internet Key Exchange (IKE), security service protocol and security policy, etc. Then through analyzing free software-FreeS/WAN which implements IPSec protocols in Linux network stacks, grasp the detailed contents should be considered and solved during IPSec protocol implementation. Based on above research and processing flow of Linux network stacks, construct IPSec module on special network stacks to implement security service of ESP tunnel mode. At last as for the incompatibility between Network Address Translation (NAT) with IPSec, deploy UDP encapsulation measure to well traversing NAT, and then propose to introduce IPComp to optimize network performance.What this system adopts and uses for reference are Linux open source and free software, and the RFC documents referenced are also standard open published, so that its implementation is of lower development cost and better transplantation. Besides, adding the resolution of incompatibility between IPSec with NAT and the consideration of IPComp, this VPN gateway well implements the final aim to provide efficient resolution for private network of corporations to access to Internet in security and practicality.
|
PDF Full Text Request