| With expanding of Internet applications in commerce, security of Internet becomes more and more important. For enterprises, physical private network is secure, but it is expensive. The technology of Virtual Private Network (VPN) is the major way to solve the contradiction of security and expenditure. In this paper, we introduce security technologies used in VPN, such as tunneling protocol, encryption, authentication and so on, and explain the architecture of VPN based on the protocol of IP Security (IPSec). After these, we propose the realization of IPSec VPN. In the realization, we discuss the design of implementing the transaction of IPSec with the protocol switching table and the NetFilter mechanism in Linux, implementing Security Association Database (SAD) with Hash table and implementing Security Policy Database (SPD) with the structure of Radix tree. We also discuss the architecture and key technologies in detail. Finally, we analyze many problems in existing IPSec VPN and bring up a model of Expanding Virtual Private Network (EVPN). |
PDF Full Text Request