The VPN-Firewall Integrated Design And The Development Of Embedded Secure Gateway

After exploring the IPsec framework in the Linux 2.6.10 kernel and tracing the IPsec v2 latest standard RFC4301, this paper has discussed the intergrated design of VPN and firewall. Meanwhile, the 32-bit embedded system developing and Linux kernel porting have also been demonstrated. The paper has designed and implemented an embedded secure gateway prototype based on the HHPPC8245 developing board of Huaheng company. The specific work includes:Analyzing IPsec framework support to packet filter function and exploring the VPN-firewall integrated design;More detailed and deeper Analyzing the IPsec processing logic in Linux 2.6.10, including the transmission of IP packets, the management and realization of IPsec secure policies, the interface between IPsec module and application, etc; Modifying the kernel IPsec process logic; adding packet filter funciton and interface to application;Designing the control platform for the secure policy management and the message communication module based on the Netlink mechanism. The format of Netlink messages has been obtained by hacking the process flowing of kernel IPsec module;Detailed exploring the development of 32-bit embedded system and the architecture of HHPPC8245 developing board of Huaheng company; modifying the related source code of hardware platform and drivers of Linux 2.6.10; porting Linux 2.6.10 to the target board under the cross-compile enviroment built by this author;Implementing an embedded VPN-firewall integrated secure gateway prototype in the target board; testing the prototype sytem for availability and performance; analyzing the test results.The research of this paper is sponsored by the Natural Science Foundation of Jiangsu Provice (project number: BK2004039).