| The application-layer VPN which SSL VPN as the representation has developed rapidly in recent years, but there are some disadvantages that should be improved. Firstly, SSL VPN is based on the SSL protocol, while the SSL is TCP connection. So, the transmission efficiency will be reduced during the VPN application based on UDP as its UDP datagram is be transmitted by TCP connection. Secondly, because all of the communications of data within clients are transmitted by VPN server, the sever load is aggravated. According to the disadvantages of SSL VPN, the article puts forward a new model of application-layer VPN. The following are the mainly research contents.It has been presented a new network architecture system of application-layer VPN which is the combination of cluster P2P and traditional C/S architecture to enable terminals to access the network remotely and communicate securely with each other as peers under the centralized control. It has reduced the servers load effectively and improved the communication efficiency.Adopting the protocol frame of DTLS to resolve the problems of secrecy and reliability. Because DTLS protocol is based on the UDP, this can resolve the problems of delaying during TCP connection transmitting the UDP datagram.Based on DTLS to design and realize the application-layer VPN software. We have put forward the design proposal of network model that is based on the cluster P2P and multilayer frame of C/S and designed the software of VPN client terminal and serve terminal, the data communication of P2P and C/S model, maintenance of communication link and so on. Lastly, we developed the DTLS VPN software.This research is supported by Shanxi key scientific and technological project, and it has been applied on the interconnection of networks between Shanxi environmental monitoring central station and its affiliated environment monitoring stations in 11 cities. |
PDF Full Text Request