| VPN (Virtual Private Network) can build a virtual private channel to transfer information between two hosts without disturbing and wiretapping.VPN can make the information safely with low cost.The clients can join in the local ISP and connect the worldwide Intranet via ISP backbone network to reach the effect of LAN (Local Area Network).The traditional way of building channel is knowing the IP address of the remote host in advance and then doing IKE negotiation.The traditional way restricts the flexibility of building tunnel,therefore, we improve it based on the traditional VPN,we introduce a new concept: Opportunistic Encryption, and implement a new VPN which based on it.Opportunistic Encryption (OE) is a new mechanism which based on the IPSec protocol.The hosts of both sides can communicate safely without prearrangement.As a standard,OE makes the method of building tunnel easily between two hosts.OE increases the flexibility of building tunnel.Compared with the traditional method ,OE is an innovation. So the research about it in our article has some help to the development of VPN.First,the article introduces VPN and IPSec protocol,including the concept of VPN and the key technology of IPSec protocol. Second the article analyses the OE mechanism, including application of DNS server and advantage of the DNSSEC. At last, we construct the VPN gateway which based on OE, including the implement of IPSec kernel module , the construction of DNS server,and appending the function of NAT. |
PDF Full Text Request