פרסום פרויקט
התחבר עם פייסבוק
התחבר עם LinkedIn
The function of virtual private network (VPN) is to establish a private network on the public network for encrypted communication.
The function of virtual private network (VPN) is to establish a private network on the public network for encrypted communication. It is widely used in enterprise network. VPN gateway realizes remote access by encrypting data packet and converting data packet target address. VPN can be realized by server, hardware, software and other means.
VPN belongs to remote access technology. In short, it is to use public network to set up private network. For example, when an employee of a company is on a business trip, he wants to access the server resources of the enterprise intranet. This access belongs to remote access.
How VPN works
Generally, the VPN gateway adopts a dual network card structure, and the external network card uses public network IP to access the Internet.
Terminal a of network 1 (assumed to be the public Internet) accesses terminal B of network 2 (assumed to be the corporate intranet), and the destination address of the access packet sent by it is the internal IP address of terminal B.
When receiving the access data packet sent by terminal a, the VPN gateway of network 1 checks its target address. If the target address belongs to the address of network 2, the data packet is encapsulated in different ways according to the VPN technology adopted. At the same time, the VPN gateway will construct a new VPN data packet and take the encapsulated original data packet as the load of VPN data packet, The destination address of VPN packet is the external address of VPN gateway of network 2.
The VPN gateway of network 1 sends the VPN packet to the Internet. Since the target address of the VPN packet is the external address of the VPN gateway of network 2, the packet will be correctly sent to the VPN gateway of network 2 by the route in the Internet.
The VPN gateway of network 2 checks the received data packet. If it is found that the data packet is sent from the VPN gateway of network 1, it can determine that the data packet is a VPN data packet, and unpack the data packet. The unpacking process is mainly to peel off the packet header of VPN packet, and then reverse process and restore the packet to the original packet.
The VPN gateway of network 2 sends the restored original data packet to the target terminal B. since the target address of the original data packet is the IP of terminal B, the data packet can be correctly sent to terminal B. In the view of terminal B, the data packets it receives are the same as those sent directly from terminal a.
The packet processing process from terminal B to terminal A is the same as the above process, so that the terminals in the two networks can communicate with each other
Through the above description, it can be found that two parameters are very important for VPN communication when the VPN gateway processes data packets: the target address of the original data packet (VPN target address) and the remote VPN gateway address. According to the VPN target address, the VPN gateway can judge which data packets are processed by VPN. Generally, the data packets that do not need to be processed can be directly forwarded to the superior route; The remote VPN gateway address specifies the destination address of the processed VPN packet, that is, the VPN gateway address at the other end of the VPN tunnel. Because the network communication is bidirectional, during VPN communication, the VPN gateways at both ends of the tunnel must know the VPN target address and the corresponding remote VPN gateway address.
Visit E-Lins Technology for more information.