The Research and Implementation of IPSecVPN Based on Linux
In this paper, according to the current development of computer network security and user request, together with the characteristics of Linux, it describes the architecture of IPSec VPN on Linux. By analyzing the IPSec protocol, Internet key exchange protocol and some algorithms about network authentication and encryption, it compares the structure and function of AH&ESP protocol and gives some idea about ESP protocol that can adopt tunnel mode in some application; It also studies the Linux source code about network and IPSec VPN interface module with the help of open software Frees Wan. Meanwhile, it also analyzes the dealing process of data packets through the VPN gateway, specifies the processing module and the function designing model of the gateway. According to the different running environment, the model can be divided into three modules: kernel IPSec module, IKE module ,and PFKEY module. The IPSec module which deals with IP packets for security running in the kernel is the core function of the gateway. The IKE module that is respondible for the consultating of safe union and generates the SA which dealing with the data packets runs in the user space. The PFKEY module implements the pfkey2 protocol, finishes SA communication between the above two modules, while providing the API to the program and administrator to implement the information exchange and function operation between PFKEY module and kernel IPSec module.
Virtual PrivateNet IPSec Protocol Internet Security key exchange
Gang Du Sen lin Li Zhonghua Zhan
Information Engineering School, China Geosciences University (Beijing), Beijing P. R. China, 100083
国际会议
北京
英文
500-504
2007-08-18(万方平台首次上网日期,不代表论文的发表时间)