Based On Ipsec, Windows Vpn Client System

This paper discussed mainly on the research and fulfillment of the VPN client system based on IPSec. VPN-Virtual Private Network is a data communication network technology that was built in public network depend on Internet service provider and other network service provider.IPSec (Internet protocol security) is a IETF standard network security protocol to provide transparent security service for IP network communication, to protect TCP/IP communication from wiretapping and juggle, to withstand the attack of networks, to maintain facility at the same time, and provide strong security guarantee for the implement of VPN client system.IPSec protocol is made up of security protocol (including AH protocol and ESP protocol) , key management protocol(IKE protocol) and authentication and encryption algorithm. ESP is a protocol header that insert into IP packet in order to provide confidence , data source verification, deny of replay and data completion security service. Authentication Header protocol provide data completion, data source status verification and some selectable and limited deny of replay service. IKE is automation key management protocol of IPSec, it was built on the framework that was defined by Internet Security Association and Internet Security Association and Key Management Protocol, it defined its unique technology of producing verification and encryption material and negotiation shared policy.IPSec back up transport mode and tunnel mode. The transport mode mainly provides protection to upper protocol, that is protect the IPpacket payload, usually used in the point to point communication between two hosts. The tunnel mode provides protection to the whole IP packet, that is encapsulate the whole IP packet (including the header and payload), and transport it as a new IP packet payload.For the present, most of the computers use Windows Operation System, and so, we use Windows IPSec driver to insure data encryption transport and authentication. We use NDIS technology to insert our module into the network layer and data chain layer to achieve IPSec. NDIS is a network driver interface specification, it takes network hardware as an abstract network driver program. It used the lower driver program to manage hardware as an abstract upper driver program, and maintaining the status information and parameters of network driver program.This paper' s IPSec VPN client system included IPSec driver policy management module and Internet Key Exchange module. IPSec driver module fulfilled the enquiry of security policy(whether dispose the IP packet with IPSec or not), IP packets' encryption/decryption, packets' encapsulation/decapsulation and so on;policy management module fulfill the management of security association database and security policy database, and sponsor key exchange through IKE module;Internet Key Exchange module fulfill the building^ negotiating> updating and deleting of security association.