A Multi-level Security Network Based On Openvpn And Smart Card Design

VPN technology is a virtual private channel technology which uses the cryptogram principle in the establishment of open public networks.OpenVPN is a typical SSL VPN based on tunnel, which adopts SSL/TLS protocol to negotiate tunnel encryption keys, encapsulates tunnel data by simulating ESP protocol, encrypts tunnel data by utilizing OpenSSL crypto library, extends intranet by using TUN/TAP or TAP-Win32 driver. Using and improving OpenVPN to build a virtual private network, ensuring the safety of communication is the most important contents researched in the paper.The paper design a kind of solution of network security system which supports multiple nodes accessing based on the smart card authentication. Studies SLL/TLS protocol, ESP protocol, then clarifies the principle of OpenVPN by analyzing key negotiation, data encapsulation and data flow at first. And further analyzes the security of OpenVPN, and points out security flaws of exchanging directly certification by both communication sides, and improves the handshaking process of OpenVPN aiming at the flaws, so it can solve security problem in theory. The second, it designs a user's information management server using SQL Server as the running platform In the paper. Users' Information server manages the identity information centrally, introduces many kinds of security mechanisms, and provides authentication, authorization and audit services. The third, to resolve the problem of lacking certification management in OpenVPN, this paper introduces a PKI process model. Designs a Key-Generation software which can simplify the process of generating the key by compile the source of OpenSSL, At the same time also integrated the function of reader and writer to the smart card.The paper masters the using of official compiling tool MinGW Developer Studio in the foundation of its own practice, and attempts to adopt more universal tool VC6.0 to compile OpenVPN. VC compiling will lead to decrease the transmission performance in use.In one word, the method that uses smart card to authenticate has a relatively larger effect on improving the availability and security of OpenVPN.