The Study And Realization Of Vpn Based On The Protocol Of Ip Security On Linux Platform

With the development of E-Government, E-Business, E-Finance, we have entered an information era, which is based on the Internet. With the development of enterprises and organizations, it's not fit for them to set up the networks by high investments, high consumption and in return by low value in use. VPNs technologies were developed at that time.VPNs make full use of the benefits of conventional networks and the structure of Internet. VPNs, which completely change the situations and fit for the need of enterprises and organizations, are the trend of networks development. But we should give attention to the security of VPNs. If the hackers sniff, alter or fake the unprotected data while transferring through public networks, it may cause incalculable loss.According to the problem of the numerous subordinate units and various industries for different uses such as military use,civil use as well as other accessorial industry of The Fourth Academy of China Aerospace, arranging and optimizing network of whole enterprise in order to satisfy the demand of safe communication by network for internet and intranet.This project is an important research task of our academy during "Eleventh Five-Year"plan period.The research and application results of this thesis will provide important reference for the information plan of our academy during"Twelveth Five-Year"plan period.In this thesis,we introduce security technologies used in VPN, such as tunneling protocol, encryption, and authentication and so on, and explain the architecture of VPN based on the protocol of IP Security (IPSec). After these, we propose the realization of IPSec VPN. In the realization, we discuss the design of implementing the transaction of IPSec with the protocol switching table and the NetFilter mechanism in Linux, implementing Security Association Database (SAD) with Hash table and implementing Security Policy Database (SPD) with the structure of Radix tree. We also discuss the architecture and key technologies in detail. Finally, we use an example to test this system.