The Research and Implementation of IPsec VPN
|School||Beijing University of Posts and Telecommunications|
|Keywords||IPsec VPN SA IKE Transport mode Tunnel mode|
With the rapid development of network technology, VPN(virtual private network), as a new type of remote network access technology, has got the widespread concern by enterprise users in the past two years. As the most important tunnel technology, IPsec VPN is now regarded as the safest, most widely used one.Internet’s rapid development makes it increasingly move the focus of technology from the network availability, information accessibility to the network security, applications simplicity. IP-based VPN technology is fast becoming the basis of the new generation web services, and many service providers have launched a variety of VPN-based business. Accordingly, Internet security issues also get more and more attentions. Internet is an open packet switching network built on TCP/IP protocol. The lack of security considerations when it was designed have led to the current Internet security seriously inadequate. IP packets are almost always transmitted without of encryption, and are very vulnerable to eavesdropping, tampering and other attacks. In the variety of network security solutions, IPsec protocol, which was launched by IETF in 1998, has a unique advantage, and occupies an important foundation of the status. IPsec protocol is the most extensive used one in the VPN development, and may become the standard of IP VPN in the future.Based on IPv4, IPv6 and IPv4/IPv6 transition environment, after doing in-depth study on IPsec VPN, this dissertatio puts forward realization schemes of IPsec VPN in the variety of environments. With the help of the well-known open source software IPsec-tools, Openswan and Linux 2.6 kernel’s built-in IPsec, and the use of virtual machine software to simulate the real Internet, we tested almost all the schemes. We hope that this essay can play a guiding role in the research and implementation of IPsec VPN.The following are the main tasks which are accomplished in this paper:1. Make a detailed summary on the protocol and principle of IPsec VPN, by reading the IPsec-related RFCs.2. Resolve the well-known IPsec VPN open source softwares’ working principle, by analyzing the Linux kernel IPsec realization.3. Put forward IPsec VPN solutions in IPv4, IPv6 environment, as well as in 6to4 and NAT-PT, including manual mode and IKE automatic mode.4. Test and complete a detailed test report.IPv6 calls for the enforcement of IPsec, so the promotion of IPv6 network will lead to the rapid development of IPsec VPN. IPsec VPN will also get better and better combination with other kinds of VPNs, and provide us the best IP security solutions.