Research And Implementation Of VPN Proxy Gateway Based On IPsec Protocol

With the rapid developmet of the Internet which began in the1990s, and the NSFnet building and development,the numbers of network nodes and users are increasing rapidly. Internet development rapidly around the world, meanwhile many countries in the world have access to the Internet, all of these result in the rapid growth of traffic on the network. There is a wealth of information resources on the Internet,some privacy-sensitive informations have been leaked and steal,however some malicious informations, but can not be filtered.IPsec VPN system established an encrypted traffic at both ends of the communication channel, so it is a new subject to detect the malicious traffic and the classified content traffic under the channel. This paper has research the subject and propose a solution to realize the IPsec protocol proxy gateway, and achieve a lightweight system, which contribute to IPsec traffic monitoring and transparent transmission.This paper first introduces the classification of VPN and the characteristics and development process of IPsec VPN, menawhile illustrate the tools of IPsec VPN under Linux. Then, this paper give a detailed analysis of protocols and part of the IPsec protocol suite, including Internet Keyexchange Protocol (IKE), Authentication Header (AH protocol), Encapsulating Security Payload (ESP protocols), Security Association, Security Policy. Then, the thesis designed the frameowrk of the proxy gateway system based on the IPsec protocol, divided into functional modules, designed and realized the modules. The system bottleneck problems that impacts the system performace have been found through testing and analysising. In order to improve the perfomace, the theis propose two new technical solutions, one is the parallel protocol stack technology, another is to design a new User-space Cryptographic API. Compared with the API based on Netlink, it can be found that the API based on system call which is more flexibility and can be customized, compered with the realization of encryption algorithm logic in the usr-space, the API shows its efficiency. Then, the thesis focuses on the design.And concrete realization of the IPsec VPN proxy gateway system under the Linux paltform. Finally, though simulation and testing under the Linux platform, the thesis illustrate the test result and analysis it.Under the background of the actual project requirement, the lightweight VPN Proxy Gateway system based on the IPsec protocol will be of practical significance for enterprise-class systems research and implementation. In addition, the User-space Cryptographic API Under Linux this paper propsed, which can be easily applied to other network security products developed under the Linux platform, so that it can easily use the the mature kernel space Crypto API architecture, can improve development efficiency and functionality customized to the specific functional requirements.