| With the development of network technique, more and more enterprises possess their own embranchments. Thus the way to implement secure communication between them becomes more and more important. Virtual Private Network(VPN), which is based on IPsec protocol, provides an effective method for the problem on WAN. However, most current IPsec implementations are based on IPv4 that have high overheads and NAT-traversal problem at present. In order to solve the problems radically, we need IPv6. Because under this protocol, we will have high routing velocity, simple implementation of IPsec, huge address space and no more NAT problem.This paper firstly introduces VPN technique, analyses IPsec protocol suite, researches IPv6 protocol, points out the advantages compared to IPv4, and discusses the feasibility of IPsec in IPv6. Then deeply analyses the IPsec module NETKEY in Linux kernel, summerizes the framework of implementation and the key technique that supports IPv6. Then this paper deeply analyses the open source software Openswan in source code level, discusses its kernel module KLIPS and user module Pluto, makes detailed notes for its main functions, summerizes the main framework in the end, and compares the advantages and disadvantages between KLIPS and NETKEY.After the thorough academic analysis, this paper proposes the overall scheme for implementing IPv6 IPsec VPN: makes use of Openswan's virtual interface mechanism, integrates the IPv6 method in NETKEY and implements IPv6 IPsec VPN. This paper cutouts redundant code of Openswan, deletes NAT-T module, transplants IPv4 to IPv6 in both function interfaces and data sturctures, realizes modules in IPv6, such as Virtual Interface, Input, Output, SPD, SAD, ESP, IKEv1 and PF_KEYv2, finally accomplishes IPv6 VPN named v6swan. After installing v6swan on Linux and making simulation test in our school's IPv6 network, test data proves that v6swan scheme is feasible. |
PDF Full Text Request