基于oe机制的vpn网关设计与实现-计算机应用技术专业论文.docxVIP

ABSTRACTVPN(Virtual ABSTRACT VPN(Virtual Private Network)can build a virtual private channel to transfer information between two hosts without disturbing and wiretapping．VPN can make the information safely with low cost．The clients can join in the 10cal ISP and connect the worldwide Intranet via ISP backbone network to reach the effect of LAN(Local Area Network)． The traditional Way of building channeliS knowing the IP address of the remote host in advance and then doing IKE negotiation．The traditional way restricts the flexibility of building tunnel，therefore，we improve it based on the traditional VPN．we introduce a new concept： Opportunistic Encryption，and implement a new VPN which based on it． Opportunistic Encryption(OE)is a new mechanism which based on the IPSec protoc01．The hosts of both sides can communicate safely without prearrangement．As a standard，OE makes the method of building tunnel easily between two hosts．0E increases the flexibility of building tunnel．Compared with the traditional method．OE iS an innovation．So the research about it in our article has some help to the development of VPN． First，the article introduces VPN and IPSec protocol，including the concept of VPN and the key technology of IPSec protoc01．Second the article analyses the 0E mechanism，including application of DNS server and advantage of the DNSSEC．At last，we construct the VPN gateway which based on OE，including the implement of IPSec kemel module， the construction of DNS server,and appending the function of NAT． Key Words：VPN，Opportunistic Encryption，DNSSEC，IKE，IPSec 基于0E机制的VPN网关设计与实现第一章绪 基于0E机制的VPN网关设计与实现 第一章绪 论 全球信息化建设都处于一个高速发展的阶段，信息孤岛和信息共 享安全是信息化建设过程中两个比较突出的问题，传统的专线方式， 其高昂的建造费用和每月产生的运营费用，使得大量企事业单位望而 却步，加之，国内的IP资源有限，于是，VPN技术成为性价比最高的 解决方案。 1．1 VPN基本概念 VPN(Virtual Private Network)，即虚拟专用网 。它是在Intemet 网络中建立一条虚拟的专用通道，让两个远距离的网络客户能在一个 专用的网络通道中相互传递资料而不会被外界干扰或窃听，从而保证 了资料的安全，却不必支付高昂的专线费用。客户只需连入所在地的 ISP，就完全可以通过ISP骨干网，在Intemet公网上把遍布全球的企 业内部网络连接起来。 所谓虚拟，是指用户不再需要拥有实际的长途数据线路，而是使 用Intemet公众数据网络的