Design And Realization Of VPN Gateway Based On IPSec

Along with the rapid development of computer networks, security problems have threatened the so-called "net economy" .How to protect the security of the Internet, especially the security of the information transported through it, has become the focus people concerned. Therefore, the research of net information security is practical and valuable.The availability and inexpensive access of the Internet, has resulted in an increasing demand for Virtual Private Network (VPN) solutions. VPNs provide the means to conduct secure communication of private information on the open and rather insecure Internet. Currently, there are a handful of VPN protocols rising to the surface in the industry-namely L2TP, IPSec, and SOCKS 5.IPSec is actually a suite of protocols .The suite includes the Authentication Header(AH), which addresses authentication for IP traffic, the Encapsulating Security Payload (ESP), which defines encryption for IP data, the Internet Key Exchange(IKE),which facilitates the transfer of IPSec security associations (SAs).The Authentication Header ensures that the packet has not been altered or tampered with during transmission. ESP is the protocol that handles encryption of IP data at the packet level. It uses symmetric and cryptographic algorithms like Data Encryption Standard (DES), and triples DES to encrypt the payload .Together, the IPSec ESP and AH protocols provide privacy, integrity, and authentication of IP packets.This thesis first analyzes the Virtual Private Network technologies and IPSec protocols and then designs the IPSec VPN gateway. This gateway consists of the IKE managing interface, IKE dynamic managing module, strategy database, IPSec management module, SPD and SAD, encryption and identification algorithm module. IKE managing interface provides the function of manual strategy modification. IKE. dynamic managing module takes charge of the automatic creation of security alliance and the maintenance of the security alliance database, ensuring communication security. The strategy database stores the security strategies. IPSec managementmodule handles the data package according to the security strategy which it finds. Algorithm module contains the encryption and identification algorithms required by the system. SPD and SAD are the concrete mappings of the strategy database in kernel.The last, in the 5th chapter the thesis introduces the key technology and function used to realize the VPN gateway and builds a tunnel example with VPN gateway supposing the security strategy is already known.