Research And Implementation Of IPSec VPN Server Software Based On State Cryptography Digital Certificate Authentication

In recent years, the Internet penetrates to different walks of life with its development. However, it is accompanied by network security, which becomes increasingly serious. The security of information and network becomes an essential problem with increasing attention. Although private network can ensure the security and reliability of data transmission, it has high costs of implementation and maintenance. Thus virtual private network(VPN) technology was born at the right moment and spread rapidly. And the most widely used of it is the IPSec VPN at present. Our State Encryption Administration work out the national standard of IPSec VPN specification based on the international RFC standard, including IPSec VPN Gateway Product Specification and IPSec VPN Technical Specification.This thesis researches the national standard IPSec VPN specification(2014 version) and the international RFC standard, compares to their differences, modifies Openswan, which is an open source software of VPN server, and finally implements IPSec VPN server based on state cryptography digital certificate authentication. The main work of this paper are as follows:1. The concepts and technical principles of IPSec, digital certificate authentication technology and digital certificate of state encryption have been researched.2. The architecture of the IPSec VPN has been designed based on the open source software of VPN server Openswan, including the negotiation process of IKE and the realization of digital certificate authentication in IKE.3. The differences between the state encryption standard IKE protocol and the international RFC standard IKEv1 protocol has been found. The software Openswan was modified and finally the software of IPSec VPN server based on state cryptography digital certificate authentication was implemented. The work can primarily be divied into two parts, the application layer and the kernel layer, and the application layer development is the focus of this paper.4. The software has been tested exhaustively,, including functional testing and performance testing. The result of functional testing shows that the software is in line with state encryption standard, and the result of performance testing shows that the software has a good speed of encryption and can be running for a long time without an error.The software of IPSec VPN server uses digital certificate authentication, with a high seccurity. The process of its negotiation is completely in line with the process of state encryption standard. And it uses standard algorithms provieded by the handware encryption card. It has a fast speed of encryption and transmission, and can be running for a long time without an error. And it has high practical value.