Study On The IPSec VPN Syestem Based On Linux

In the modem information age, network has been used more and more widely even in the home environment. Network has become an important means for people to exchange information. The network information security is very critical for the wide application of network.VPN (Virtual Private Network) is a virtual private local network to realize security and reduce cost through secure channels over the existed public communication channels, such as Internet. VPN implements the network security in IP (Internet Protocol) layer. The advantage of which is that VPN is transparent for the application protocol layers above IP, so the special secure mechanism is not needed. A secure channel is established between two VPN equipments within the protected subnet. Information is transparent when the hosts in the same subnet communicate and VPN protection is applies to ensure the security and integrality when the host communicates with the other host out of the subnet.This paper aims at further research on VPN, a currently popular information security technique based on the IP security protocol architecture (IPSec), and its implementation. Some items will be discussed here. The research work mentioned in this paper is mainly about:1. Research on VPN techniqueDefine of VPN, categories of VPN, key technologies of VPN, mainly studied the tunnel protocols.2. Research on IPSec architectureThe structure, function and implementation of IPSec;the analysis on the two security protocol of IPSec - AH and ESP, including security function, packet format, application mode and processing operations of each;mainly of the Security Association (SA) and its two modes: transport and tunnel, the instrument on organizing and managing SAs - Security Association Database (SAD), and that on managing security policies - Security Policy Database (SPD).3. Implementation of IPSec VPNDetailed analyses on an implementation of IPSec, which is based on Linux.4. Construction and test of VPN systemBased on the further research on IPSec, the capability test environment is designed. Finally, tests on the VPN system are performed, including function test and capability test.