Based On The Key Technologies Of The Ssl Vpn Analysis And Design

With the development of computer networks, network security becomes more and more important. For the requirements of security, more and more enterprises begin to deploy virtual private network. Nowadays, there are two kinds of VPN (Virtual Private Network), IPSec-based VPN (Internet Protocol Security) and SSL-based VPN (Secure Sockets Layer). Although the IPSec VPN accounts for large market share, the SSL VPN depends on its characteristic of easy-to-use and low cost of deployment and maintenance, and it can meet the most requirements of enterprises on web-based application. In the future, SSL-based VPN will be favored by the business increasingly.SSL VPN is a kind of virtual private network techniques which depend on SSL or TLS (Transport Layer Security) protocol, SSL also called secure sockets layer protocol. It was designed for providing protection of application data by Netscape Communication Company. SSL-based VPN is called Application-Layer VPN, it is divided into two types, proxy-based SSL VPN and tunnel-based SSL VPN. The difference between two types of SSL VPN is implementation techniques, which apply tunnel techniques. Traditional proxy SSL VPN does not apply tunnel techniques, client uses it access VPN server through Web browser with HTTPS (Hypertext Transfer Protocol Secure) protocol, so it is not necessary to setup client software. On the contrary, tunnel SSL VPN base on virtual network interface card techniques to construct security tunnel between client and server to protect application data.This paper first analyses the SSL protocol principle in detail, then studies and discuses the key technology of two different types of SSL VPN in depth, and summarizes the advantages and disadvantages of two types of SSL VPN. Base on the analysis and comparison of the two kinds of SSL VPN, this paper propose a design scheme of proxy-based SSL VPN, the scheme is architecture of SSL VPN server and the detailed function model of SSL VPN server. Traditional proxy-based SSL VPN was accessed through web browser by user from the Internet. As a result, there is insecurity in this situation. This paper proposes to design an ActiveX-based client to change this insecure situation. The ActiveX component can be integrated in web browser conveniently. At last, this paper realizes and tests the two key functional modules based on the open source OpenSSL (the Open Source toolkit for SSL/TLS) toolkit and C++ Builder development tools.