Research And Implementation Of VPN Based On IPSec

With the development of E-Government, E-Business, E-Finance, we have entered an information era, which is based on the Internet. With the development of enterprises and organizations, it's not fit for them to set up the networks by high investments, high consumption and in return by low value in use. VPNs technologies were developed in that time, which make full use of the benefits of conventional networks and the structure of Internet. VPNs, which completely change the situations and fit for the need of enterprises and organizations, are the trend of networks development. But we should give attention to the security of VPNs. If the hackers sniff, alter or fake the unprotected data while transferring through public networks, it may cause incalculable loss.With much concern to networks security, Internet Engineering Task Force (IETF) provided the IP security guarantee for transferring sensitive information in an unprotected network in Nov., 1998. IPSec provides these security services at the IP layer. It protects and authenticates IP packets transferring between IPSec devices. With IPSec, data needn't worry about being sniffed, altered or faked while transferring through Internet. IPSec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. IPSec makes the Virtual Private Networks (VPNs) available.In this paper, we introduce security technologiesused in VPN, such as tunneling protocol, encryption, and authentication and so on, and explainthe architecture of VPN based on the protocol of IP Security (IPSec). After these, we propose the realization of IPSec VPN. In the realization, we discuss the design of implementing the transaction of IPSec with the protocol switching table and the NetFilter mechanism in Linux, implementing Security Association Database (SAD) with Hash table and implementing Security Policy Database (SPD) with the structure of Radix tree. We also discuss the architecture and key technologies in detail. Finally, we use an example to test this syatem.