| VPN (Virtual Private Network) is a logical private network built by the technologies of tunneling and encrypting to ensure the data be exchanged in security through an non-secure network. There are two main application modes of VPN, the Road Warrior mode and the Net-to-Net mode. In the former mode the VPN access service for nomanic personal users is provided and in the latter the VPN tunnels are established between the gateways of distributed subnets.This thesis presents how to implement a VPN Gateway to support the both two modes. Firstly, the two VPN architectures based on IP and MPLS are introduced and compared. There are three vital protocols for IP VPN , which are PPTP, L2TP and IPSec. PPTP and L2TP are used in the Road Warrior mode mostly, while IPSec is mostly used in the Net-to-Net mode. The analyses and implementation methods in Linux of these three protocols are given; meanwhile the ways to cooperate with Window OS are also introduced. In the next, to resolve the problem that it is hard to configure and manage a lager-scale VPN based on IPSec, a dynamic hub-and~spoke VPN system was defined, in which the VPN hub exchanges messages with subnet gateways to support the gateways to join/quit VPN dynamically and the notion of "group" is introduced to provide access-control for all subnets, and the way to implement it in Linux OS is also given. Finally, the summary and the introduction of development of VPN technology finish this thesis. |
PDF Full Text Request