| As the interior structure of enterprises have been dispersed gradually, new problems the module of network applications and services face to is how to deliver the flexibility of"anywhere"access without being intrusive on the end-user. VPN has been designed for this problem. A new technique in this field is SSL VPN, which provides seamless access for remote users to private resources with the secure specialty of SSL protocol and the find-grained access control policy combined.Traditional SSL-VPN resolution is based on application data forwarding, while non-Web application protocol can't be supported ideally. In order to solve the limitation, SSL VPN system based on Ethernet frame forwarding is designed and implemented. In this system, virtual network devices install for get Ethernet frame. One virtual LAN is established because the Ethernet frame transmits between client and interior LAN. This system can support all applications and services based on IP, and communications between clients.The server is key part of the SSL VPN. Its main fuction is controlling safe connections of clients and forwarding system Ethernet frame. The first task is designing safe connection between system clients and server. We establish safe tunnel between clients and server using SSL protocol, and compare the characteristics of single-tunnel and multi-tunnel mode under Ethernet frame forwarding, select single-tunnel mode for the system connection mode.Then, we research the Ethernet frame forwarding mode of the system server. Routing forwarding mode has been selected through comparing three modes: NAT, routing and bridge forwarding mode.At last, a improve project of asymmetric encryption implement is put forward. It can support distributed decryption/digital signature when the system runs, and enhance safe performance of all system.Through testing, the server of SSL VPN system implementes the target of safe connection between all clients and interior LAN, and has good performance on rapidity. |
PDF Full Text Request