Design And Implementation Of State Cryptography IPsec VPN Server Software Based On Openswan

In recent years, with the tendency that the Internet has more and more associated with the people’s life, the network security problems appear. As one of the most important security protection measure, IPsec VPN technologies are widely used around the network area. However, these technologies from protocols to encryption algorithms all are designed by foreign organizations. For the sake of meeting our country’s own security requirement, State Cryptography Administration authorized a series of cryptographic algorithms based on State Standard. In the meanwhile, a lot of IPsec VPN technologies based on State Standard were released to the market. The work of this paper is a deep study and implementation of IPsec VPN technologies, under the State Standard IPsec VPN Technology Specification. The main achievement of this paper is as follow:1. System architecture, cryptographic algorithms system and IKE negotiation process of open source IPsec VPN server Openswan, have been researched.2. Open source IPsec VPN server Openswan has been improved, cryptographic algorithms of State standard was add to it, and the IKE negotiation process of Openswan was rebuilt, which made it meet the IKE negotiation process of IPsec VPTechnology Specification.3. NETKEY module, implementation of Linux kernel’s IPsec, has been researched, and algorithm set supported by implementation of Linux kernel’s IPsec has been extended, which make it be able to support cryptographic algorithms of State standard.4. Linux kernel’s crypto framework and the method of adding new cryptographic algorithm to it, have been studied. By registering cryptographic algorithms of State standard to Linux kernel’s crypto framework, other modules of Linux kernel can call the cryptographic algorithms of State standard to work on the appropriate moment. There are three methods of registering cryptographic algorithm to the Linux kernel’s crypto framework. They are cipher, blkcipher and ablkcipher. All of these methods are attempted in this paper and ablkcipher was chosen eventually, when implementing the State Cryptography IPsec VPN server system.5. On the base of research result above, a State Cryptography IPsec VPN server system under the IPsec VPN Technology Specification was implemented. Good testing results were achieved when testing this system.