The Research On A VPN Scheme Using L2TP And Its Group-trust Delivery Model

VPN provides a secure and reliable access to internet, and ensures that the communications under public infrastructure is not sacrificing the security of data. More and more business are managed via VPN, global enterprise bring the great potential of VPN development. Its implement depends on tunneling mechanism, L2TP tunneling integrates the virtues of L2F and PPTP. The identity-authentication mechanism and key management of L2TP adopt the way of simple point to point tunneling validate and pre-shared secret, at all it can't extend .The L2TP lacks of the corresponding compartmentalizeof trust-relation and level, it can't offer enough protection of privacy.This paper analyses the solution of VPN, describing the working course of L2TP. Then it places emphasis on the Kara's Meet-In-The-middle scheme that solve the NAT problem. Due to the limitation of the L2TP disconnection, it expatiate the assault ways that include StopCCN, PPP LCP and so on. Based on the retransmission mechanism,the L2TP adjusting algorithm is mended. The scheme reduce the tunneling time and making its transmission more flowing.It can provide better QoS requirement.For that L2TP needs a tunneling protecting mechanism which not depends on IPsec, this paper first using digital certificate spread VPN under L2TP, and propose a scheme using CA plus symmetrical L2TP routers. It solves the problem that multiple calls in a L2TP tunnel are independently secure. It modify the protocol framework and the IKE key negotiation. To solve the trust problem in VPN, this paper formalizes the Group-trust model using L2TP scheme and establishes the four security principle.It advances the conception of SSM, and design the trust-delivery process that safely transmitted the static security-level and trust-degree to each node in the VPN model, any node can validate the trust-relation between L2TP router. It found an authentic VPN framework, and compare the scheme's security capability with other solutions.After considering the feature of the Netfliter of Linux , we design the architecture of the L2TP router .It detailedly depict the function of each component and their collaboration ways.At last it compare the router's performance which involves scalability, bandwidth utilization and latency with other open source VPN solutions,and analyses the feature of the scheme.