CN103379009A - SSL VPN communication method based on data link layers - Google Patents
SSL VPN communication method based on data link layers Download PDFInfo
- Publication number
- CN103379009A CN103379009A CN2012101171713A CN201210117171A CN103379009A CN 103379009 A CN103379009 A CN 103379009A CN 2012101171713 A CN2012101171713 A CN 2012101171713A CN 201210117171 A CN201210117171 A CN 201210117171A CN 103379009 A CN103379009 A CN 103379009A
- Authority
- CN
- China
- Prior art keywords
- client
- ssl vpn
- data
- gateway
- service end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an SSL VPN communication method based on data link layers. The SSL VPN communication method based on the data link layers aims to overcome defects in the prior art. According to the method, data, sent to assigned destinations, of all data link layers are packaged and transmitted, and data transmission based on the data link layers is achieved. The communication method comprises the following steps that A, a connecting request is initiated to the gateway of a server by a client; B, after the connecting request is received by the gateway of the server, standard SSL verification is conducted on the client by the gateway of the server; C, an encrypted SSL VPN safety channel is built between the client and the network of the server; D, when data are transmitted between the network of the server and the client, data, needing transmitting to the client, sent by an SSL VPN gateway packaging exchange machine of a sending terminal are transmitted to a receiving terminal through the SSL VPN channel.
Description
Technical field
The present invention relates to a kind of network data communication method, particularly a kind of communication means based on the SSL VPN technologies.
Background technology
Along with popularizing of Internet network technology, virtual private network (the Virtual Private Network) prominent position of technology in network Development manifests all the more.In recent years for more flexible safety provide the VPN service to the user, increasing user selection uses SSL VPN.SSL VPN is take the VPN technologies of HTTPS as the basis, also comprises the application program of supporting SSL, for example: Email client, such as Microsoft Outlook or Eudora.The authentication based on certificate, data encryption and message integrity authentication mechanism that it utilizes ssl protocol to provide are for user's remote access company's internal network provides safety assurance.SSLVPN often is termed " without client ", because the most computer when shipment, has all been installed the Web browser of supporting HTTP and HTTPS.
Common SSL VPN encapsulates IP or the agreement more than the IP layer with SSL, such as UDP, and TCP, therefore HTTP etc. can only transmit the above data of IP or IP layer.Because it supports the agreement that the IP layer is above, can't support the IP layer following such as IPX, NetBT, AppleTalk, Nbf, NWlink, PPP, PPPoE, the agreements such as MPLS.
Summary of the invention
The objective of the invention is for overcoming the weak point of prior art, the SSL VPN connected mode that provides a kind of based on data link layer to communicate, by sending to the transmission of all packing of the data of all data link layers of named place of destination, the data that realized the based on data link layer penetrate, thereby solved the demand of setting up the full protocol communication of overall network between irrealizable two sub-networks of traditional SSLVPN and IPSec VPN, such as, the WINS agreement, the VoIP agreement, the penetrating of DHCP agreement etc.
The present invention proposes following technical scheme:
A kind of SSL VPN traffic method of based on data link layer realizes that based on the service end network that connects by wide area network and client described service end network comprises the SSL vpn gateway, and switch and terminal equipment is characterized in that may further comprise the steps:
The A client is initiated connection request to the service end gateway;
B service end gateway carries out standard SSL checking to client after receiving connection request;
Set up SSL VPN encryption safe passage between C client and the service end network;
When sending data between D service end network and the client, the SSL vpn gateway of transmitting terminal encapsulation switch transmit all need to be sent to the data of client, and be sent to receiving terminal by SSL VPN passage;
The data with receiving of E receiving terminal unpack, and transmit to local terminal.
As a kind of preferred, the proof procedure of described step B comprises:
The SSL vpn gateway of B1 service end carries out authentication to described connection request;
The SSL vpn gateway of B2 service end carries out password authentification or PKI certification authentication to described connection request.
As a kind of preferred, described client is local area network (LAN), and described local area network (LAN) comprises the SSL vpn gateway, switch and PC.
As a kind of preferred, described step D comprises: the eth1 mouth of the SSL vpn gateway of transmitting terminal receive that our switch transmits all need to be sent to the data of receiving terminal, after these data are encapsulated, be sent to the eth0 mouth of receiving terminal SSL vpn gateway by ssl tunneling from the eth0 mouth; Described step e comprises: receiving terminal SSL vpn gateway is delivered to this end switch by the eth1 oral instructions after the data that receive are unpacked.
As a kind of improvement, described local area network (LAN) quantity is at least one group.
As a kind of preferred, described client is terminal equipment.
As a kind of preferred, further comprising the steps of before the described steps A:
A embeds a client application at the portal site place of service end SSL vpn gateway;
The b client rs PC is by browser access service end SSL vpn gateway;
C download client application program is moved this client application SSL VPN Client Agent program namely is installed in client rs PC in client rs PC.
As a kind of preferred, described step D is:
When the service end network transmits data to client, the eth1 mouth of the SSL vpn gateway of service end receive that our switch transmits all need to be sent to the data of receiving terminal, after these data are encapsulated, be sent to client NIC from the eth0 mouth by ssl tunneling;
When client during to the service end network transmission data, the SSL VPN Client Agent program of client is sent to the eth0 mouth of the SSL vpn gateway of service end service end with all data encapsulation packings that will be sent to the service end network through ssl tunneling by network interface card;
Described step e is: when the service end network transmitted data to client, the SSL VPN Client Agent program of client unpacked the data that receive; When client during to the service end network transmission data, service end SSL vpn gateway is delivered to this end switch by the eth1 oral instructions after the data that receive are unpacked.
As a kind of preferred, described terminal equipment is PC, mobile phone or PDA.
By the invention provides technical scheme, for now SSL vpn gateway or application program have increased communication function based on link layer, so that SSL VPN can support the software of usage data link layer protocol, thereby make a plurality of sub-networks be merged into a large network.The initiating communication request can move any agreement just as transparent the local area network (LAN) intercommunication between the sub-network between sub-network, comprises WINS, icmp, DNS, DHCP, the LAN protocol that the data link layers such as VoIP are above, large local area network (LAN) of composition that can be real.
Description of drawings
Fig. 1 is network connection schematic diagram among the embodiment one;
Fig. 2 is the flow chart of steps of communication means provided by the invention;
Fig. 3 is the mutual data flow figure during access between the PC among the embodiment one;
Fig. 4 is client network expander graphs among the embodiment one;
Fig. 5 is network connection schematic diagram among the embodiment two;
Fig. 6 is the mutual data flow figure during access between the PC among the embodiment two;
Specific implementation method
Below in conjunction with Figure of description the specific embodiment of the present invention is described in further detail.
The first embodiment:
Two groups of local area network (LAN) A as shown in Figure 1 and B are equipped with the SSL vpn gateway in A network and the B network.The A network comprises SSL vpn gateway A, switch A and several PC, and wherein the eth0 mouth of SSL vpn gateway A is connected with INTERNET, and the eth1 mouth is connected with switch A, and PC is connected with switch A 2; The B network comprises the SSL vpn gateway B that connects by netting twine, switch b and number station terminal equipment, and the eth0 mouth of gateway B is connected with INTERNET, and the eth1 mouth is connected with switch b, and terminal equipment is connected with switch b.In this example gateway A is configured to service end, gateway B is configured to client.In this example, adopt PC as terminal equipment, except PC, terminal equipment also can adopt mobile phone, and PDA etc. can realize the terminal equipment of long-range access.
It is equality that VPN sets up both sides, initiates request to gateway B equipment from gateway A and sets up the tunnel or initiate request to gateway A equipment from gateway B equipment that to set up the tunnel all be equality.
As shown in Figure 2, Client-SSL vpn gateway B initiatively sends connection request to service end SSL vpn gateway A.
Service end is carried out standard SSL checking to client after receiving connection request, and verification step is as follows:
(1) service end SSL vpn gateway A at first carries out authentication to Client-SSL VPN gateway B, and checking is not by then sending error message to gateway B;
(2) authentication by after can also carry out password authentification or PKI certification authentication, checking is by then sending error message to Client-SSL vpn gateway B.Verification mode can arrange at the service end SSL VPN gateway A configuration page.The built-in CA of service end can generate the PKI certificate, also can use third party's root certificate.The certificate that server is issued or third party's certificate should import among the Client-SSL vpn gateway B in advance.
After above-mentioned checking is passed through, set up SSL VPN encryption safe passage between A network and the B network.
When A network during to the B network transmission data, switch A is sent to the eth1 mouth of gateway A with our data, all eth0 mouths that will be sent to the whole packing encapsulation of data of B network and be sent to Client-SSL vpn gateway B from the eth0 mouth by the ssl tunneling that establishes that gateway A is sent switch A.Because switch is positioned at data link layer, the data that all data of gateway desampler are data link layer all receive and the packing transmission, thereby the data that realized the based on data link layer penetrate.The fail safe that transmits in order to increase data, the process of described data packing is preferably through default algorithm and encapsulates.Gateway B after receiving packet by the eth0 mouth unpacks it, and that this process is preferably used is default, carry out with packing algorithm respective algorithms, and the data communication device after gateway B will unpack is crossed the eth1 oral instructions and delivered to our switch b.
The B network is during to the A network transmission data, switch b is sent to our data in the eth1 mouth of gateway B, gateway B sends the whole packing encapsulation of all data that send to the B network with switch b and is sent to the eth0 mouth of gateway A from the eth0 mouth by the ssl tunneling that establishes, the fail safe that transmits in order to increase data, the process of described data packing is preferably through default algorithm and encapsulates.Gateway A after receiving packet by the eth0 mouth unpacks it, and that this process is preferably used is default, carry out with packing algorithm respective algorithms, and the data communication device after gateway A will unpack is crossed the eth1 oral instructions and delivered to our switch A.
For the eth1 mouth of the SSL vpn gateway that guarantees A network and B network can receive all data that our switch sends, the eth1 mouth should be made as promiscuous mode.
Specifically, when between two local area network (LAN)s mutually during access, when for example the PC1 in the A network will access PC3 in the B network, normally know machine name, domain name or the IP address of PC3, as shown in Figure 3, concrete data transfer procedure is as follows:
At first resolve machine name or domain name:
If know PC3 domain name or machine name, PC1 can be sent to name server on the A network to the access request of PC3, also can issue the name server on the B network simultaneously.Detailed process is as follows: this DNS request can send on the eth1 mouth of gateway A through the switch A of A network, because the eth1 mouth of gateway A is arranged to promiscuous mode, therefore gateway A can receive the DNS request and to its packing, send to immediately the eth0 mouth of gateway B by the ssl tunneling that has established.Gateway B receives the name server that this request is sent to after this DNS request client network, and the client domain name server receives after the above-mentioned DNS request its parsing, and sends a DNS back to and reply, and this is replied and is sent on the client network.Because the eth1 mouth of gateway B also is set to promiscuous mode, so the eth1 mouth of gateway B3 can receive this and replys and to its packing, then send to the eth1 mouth of gateway A by ssl tunneling.After gateway A receives and replys, this is replied send on the service end network, after the PC1 in the service end network receives that this DNS replys, namely know the IP address information of PC3.
PC1 accesses PC3 by the IP of PC3 subsequently:
When the IP address of PC1 and PC3 was in the same network segment, PC1 also need resolve first the MAC Address of PC3.Detailed process is as follows: PC1 sends the ARP request to network A first, similar with the request of dns resolution, this ARP request is caught and is packed by the eth1 mouth of gateway A and sends to gateway B, unpack after the eth0 mouth of gateway B receives request, and send on the B network, after PC3 receives, can send arp reply, reply to be caught and pack by the eth1 mouth of gateway B and send to gateway A, the eth0 of gateway A will be dealt on the A network by the eth1 mouth after will replying and unpacking, and PC1 has obtained the MAC Address of PC3 thus.
Can mutually send communication data between PC1 and the PC3 subsequently:
When PC1 sent communication data to PC3, these data are received by the eth1 mouth of gateway A and packing sends to gateway B, unpack after the eth0 mouth of gateway B receives packet, and send on the B network, and PC3 can receive the communication data from PC1.
When PC3 sent communication data to PC1, these data are received by the eth1 mouth of gateway B and packing sends to gateway A, unpack after the eth0 mouth of gateway A receives packet, and send on the B network, and PC3 can receive the communication data from PC1.
In order further to strengthen Information Security, the SSL vpn gateway preferably carries out through default algorithm when carrying out the data packing and unpacking.
The communication means that the application of the invention provides, so that the data of data link layer can transmit completely between A network and the B network, because local area network (LAN) is operated in the data link layer, therefore can realize penetrating of any agreement in the local area network (LAN), the netting twine that is equivalent to have a stealth is connected to the eth1 mouth of SSL vpn gateway equipment of B network (among Fig. 1 from the eth1 mouth of the SSL vpn gateway equipment of A network, this stealth netting twine with dashed lines marks) so that the PC3 initiating communication request of the PC1 in the A network in the B network just as in the A network internal with transparent PC3 communicates by letter.
As shown in Figure 4, aforementioned B network can expand to the C network of same structure, D network, E network etc., different according to unit type and throughput can be set up catenet interconnected between the local area network (LAN) of different scales, can move any agreement between this network, comprise WINS, icmp, DNS, DHCP, the LAN protocol more than 2 layers such as VoIP, large-scale local area network (LAN) of composition that can be real.
Embodiment two:
As shown in Figure 5, the A network is for comprising SSL vpn gateway A, the local area network (LAN) of switch A and several PC, and wherein the eth0 mouth of gateway A is connected with INTERNET, and the eth1 mouth is connected with switch A, and PC is connected with switch A.One station terminal equipment is connected to A network eth0 mouth by the Internet, and here terminal equipment is client, and in this example, terminal equipment is PC.
In this example, the portal site place of gateway A embeds a client application, and client rs PC 5 enters its portal site during by the browser access gateway A, and the download link of client application is provided on the portal site.Click this link, get final product the download client application program in client rs PC, move this client application SSL VPN Client Agent program can be installed in client rs PC.
When client rs PC need to be passed through browser access A network, client sent connection request to SSL vpn gateway A; Gateway A is carried out standard SSL checking to client after receiving connection request:
(1) gateway A is at first carried out authentication to client, and checking is not by then sending error message to client;
(2) authentication by after carry out password authentification or PKI certification authentication, checking is by then sending error message to client.Verification mode can arrange at the service end SSL VPN gateway A configuration page.The built-in CA of service end can generate the PKI certificate, also can use third party's root certificate.
After checking is passed through, set up SSL VPN encryption safe passage by browser between client rs PC and the gateway A.
When the A network transmits data to client rs PC, the service end switch A is sent to all data of we in the eth1 mouth of gateway A, wherein the eth1 mouth is made as promiscuous mode, and all data packing that gateway A will receive also is sent to network interface card on the client rs PC from the eth0 mouth through ssl tunneling.After the network interface card of client rs PC received packet, SSL VPN Client Agent program unpacked it.
Client rs PC is during to the A network transmission data, and Client-SSL VPN Client Agent program by network interface card, is sent to the eth0 mouth of gateway A with all data packings of we through ssl tunneling; Gateway A is separated package operation to packet, and delivers to we by the eth1 oral instructions.
For guaranteeing data security property, above-mentioned packing and the process that unpacks should be carried out through predefined algorithm.
Specifically, when PC1 will access PC3, basic identical with embodiment one as shown in Figure 6, distinctive points was that client does not have switch, and the function of a kind of gateway B of embodiment is born by the SSL VPN Client Agent program among the PC3.
Client rs PC and other computers in the A network have the authority of identical access A network, and any LAN protocol can both move, the netting twine that is equivalent to have a stealth is connected to the eth1 mouth (among Fig. 5, this stealth netting twine with dashed lines marks) of the SSL vpn gateway equipment of B network from the eth1 mouth of the SSL vpn gateway equipment of A network.
PC by the Internet access A network can be many, and in the present embodiment, except PC, client also can adopt mobile phone, and PDA etc. can realize the terminal equipment of long-range access.When the customer end adopted mobile phone, client can be passed through the mobile radio networks such as GSM, CDMA and be connected with INTERNET.
Claims (9)
1. the SSL VPN traffic method of a based on data link layer realizes that based on the service end network that connects by wide area network and client described service end network comprises the SSL vpn gateway, and switch and terminal equipment is characterized in that may further comprise the steps:
The A client is initiated connection request to the service end gateway;
B service end gateway carries out standard SSL checking to client after receiving connection request;
Set up SSL VPN encryption safe passage between C client and the service end network;
When sending data between D service end network and the client, the SSL vpn gateway of transmitting terminal encapsulation switch transmit all need to be sent to the data of client, and be sent to receiving terminal by SSL VPN passage;
The data with receiving of E receiving terminal unpack, and transmit to local terminal.
2. the SSL VPN traffic method of based on data link layer according to claim 1, it is characterized in that: the proof procedure of described step B comprises:
The SSL vpn gateway of B1 service end carries out authentication to described connection request;
The SSL vpn gateway of B2 service end carries out password authentification or PKI certification authentication to described connection request.
3. the SSL VPN traffic method of based on data link layer according to claim 1 and 2, it is characterized in that: described client is local area network (LAN), and described local area network (LAN) comprises the SSL vpn gateway, switch and PC.
4. the SSL VPN traffic method of based on data link layer according to claim 3 is characterized in that:
Described step D comprises: the eth1 mouth of the SSL vpn gateway of transmitting terminal receive that our switch transmits all need to be sent to the data of receiving terminal, after these data are encapsulated, be sent to the eth0 mouth of receiving terminal SSL vpn gateway by ssl tunneling from the eth0 mouth;
Described step e comprises: receiving terminal SSL vpn gateway is delivered to this end switch by the eth1 oral instructions after the data that receive are unpacked.
5. the SSL VPN traffic method of based on data link layer according to claim 3, it is characterized in that: described local area network (LAN) quantity is at least one group.
6. the SSL VPN traffic method of based on data link layer according to claim 1 and 2, it is characterized in that: described client is terminal equipment.
7. the SSL VPN traffic method of based on data link layer according to claim 6 is characterized in that: further comprising the steps of before the described steps A:
A embeds a client application at the portal site place of service end SSL vpn gateway;
The b client rs PC is by browser access service end SSL vpn gateway;
C download client application program is moved this client application SSL VPN Client Agent program namely is installed in client rs PC in client rs PC.
8. the SSL VPN traffic method of based on data link layer according to claim 6, it is characterized in that: described step D is:
When the service end network transmits data to client, the eth1 mouth of the SSL vpn gateway of service end receive that our switch transmits all need to be sent to the data of receiving terminal, after these data are encapsulated, be sent to client NIC from the eth0 mouth by ssl tunneling;
When client during to the service end network transmission data, the SSL VPN Client Agent program of client is sent to the eth0 mouth of the SSL vpn gateway of service end service end with all data encapsulation packings that will be sent to the service end network through ssl tunneling by network interface card;
Described step e is: when the service end network transmitted data to client, the SSL VPN Client Agent program of client unpacked the data that receive; When client during to the service end network transmission data, service end SSL vpn gateway is delivered to this end switch by the eth1 oral instructions after the data that receive are unpacked.
9. the SSL VPN traffic method of based on data link layer according to claim 6, it is characterized in that: described terminal equipment is PC, mobile phone or PDA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210117171.3A CN103379009B (en) | 2012-04-20 | 2012-04-20 | SSL VPN communication method based on data link layers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210117171.3A CN103379009B (en) | 2012-04-20 | 2012-04-20 | SSL VPN communication method based on data link layers |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103379009A true CN103379009A (en) | 2013-10-30 |
| CN103379009B CN103379009B (en) | 2017-02-15 |
Family
ID=49463586
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210117171.3A Active CN103379009B (en) | 2012-04-20 | 2012-04-20 | SSL VPN communication method based on data link layers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103379009B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
| CN104506480A (en) * | 2014-06-27 | 2015-04-08 | 深圳市永达电子股份有限公司 | Cross-domain access control method and system based on marking and auditing combination |
| CN104780229A (en) * | 2014-01-09 | 2015-07-15 | 东莞市微云系统科技有限公司 | Method of setting cloud server IP address through cloud terminal, system and cloud system |
| CN106452896A (en) * | 2016-11-01 | 2017-02-22 | 赛尔网络有限公司 | Method and system for realizing virtual special network platform |
| CN106685956A (en) * | 2016-12-27 | 2017-05-17 | 上海斐讯数据通信技术有限公司 | Method and system for router VPN network connection |
| CN106921552A (en) * | 2015-12-25 | 2017-07-04 | 航天信息股份有限公司 | Terminal, gateway and tunnel multiplex system |
| CN107431716A (en) * | 2015-02-06 | 2017-12-01 | 霍尼韦尔国际公司 | For generating the notification subsystem of notice merge, filtered and based on associated safety risk |
| CN110022204A (en) * | 2019-03-20 | 2019-07-16 | 中国电子科技集团公司第三十研究所 | Divide the method for enhancing file security communications security based on content truly randomization |
| CN110311894A (en) * | 2019-05-24 | 2019-10-08 | 帷幄匠心科技(杭州)有限公司 | A kind of method that local area network internal dynamic penetrates |
| CN116436731A (en) * | 2023-06-15 | 2023-07-14 | 众信方智(苏州)智能技术有限公司 | Multi-internal network two-layer data stream communication method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007174209A (en) * | 2005-12-21 | 2007-07-05 | Matsushita Electric Works Ltd | Security communication system |
| CN200962603Y (en) * | 2006-07-27 | 2007-10-17 | 公安部第三研究所 | A trustable boundary security gateway |
| CN101242324A (en) * | 2007-02-09 | 2008-08-13 | 联想网御科技(北京)有限公司 | A remote secure access method and system based on SSL protocol |
| US20090164625A1 (en) * | 2007-12-21 | 2009-06-25 | Jonathan Roll | Methods and apparatus for performing non-intrusive network layer performance measurement in communication networks |
| CN101599901A (en) * | 2009-07-15 | 2009-12-09 | 杭州华三通信技术有限公司 | The method of remotely accessing MPLS VPN, system and gateway |
| CN101951378A (en) * | 2010-09-26 | 2011-01-19 | 北京品源亚安科技有限公司 | Protocol stack system structure for SSL VPN and data processing method |
| CN102143088A (en) * | 2011-04-29 | 2011-08-03 | 杭州华三通信技术有限公司 | Method and equipment for forwarding data based on security socket layer (SSL) virtual private network (VPN) |
-
2012
- 2012-04-20 CN CN201210117171.3A patent/CN103379009B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007174209A (en) * | 2005-12-21 | 2007-07-05 | Matsushita Electric Works Ltd | Security communication system |
| CN200962603Y (en) * | 2006-07-27 | 2007-10-17 | 公安部第三研究所 | A trustable boundary security gateway |
| CN101242324A (en) * | 2007-02-09 | 2008-08-13 | 联想网御科技(北京)有限公司 | A remote secure access method and system based on SSL protocol |
| US20090164625A1 (en) * | 2007-12-21 | 2009-06-25 | Jonathan Roll | Methods and apparatus for performing non-intrusive network layer performance measurement in communication networks |
| CN101599901A (en) * | 2009-07-15 | 2009-12-09 | 杭州华三通信技术有限公司 | The method of remotely accessing MPLS VPN, system and gateway |
| CN101951378A (en) * | 2010-09-26 | 2011-01-19 | 北京品源亚安科技有限公司 | Protocol stack system structure for SSL VPN and data processing method |
| CN102143088A (en) * | 2011-04-29 | 2011-08-03 | 杭州华三通信技术有限公司 | Method and equipment for forwarding data based on security socket layer (SSL) virtual private network (VPN) |
Non-Patent Citations (1)
| Title |
|---|
| 马巍娜,张延园: "《基于二层交换技术的改进型SSL VPN的设计与实现》", 《计算机应用》, vol. 27, no. 12, 31 December 2007 (2007-12-31) * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103763356B (en) * | 2014-01-08 | 2017-05-31 | 深圳大学 | A kind of SSL establishment of connection method, apparatus and system |
| CN103763356A (en) * | 2014-01-08 | 2014-04-30 | 深圳大学 | Establishment method, device and system for connection of secure sockets layers |
| CN104780229A (en) * | 2014-01-09 | 2015-07-15 | 东莞市微云系统科技有限公司 | Method of setting cloud server IP address through cloud terminal, system and cloud system |
| CN104506480A (en) * | 2014-06-27 | 2015-04-08 | 深圳市永达电子股份有限公司 | Cross-domain access control method and system based on marking and auditing combination |
| CN104506480B (en) * | 2014-06-27 | 2018-11-23 | 深圳市永达电子信息股份有限公司 | The cross-domain access control method and system combined based on label with audit |
| CN107431716B (en) * | 2015-02-06 | 2020-08-11 | 霍尼韦尔国际公司 | Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications |
| CN107431716A (en) * | 2015-02-06 | 2017-12-01 | 霍尼韦尔国际公司 | For generating the notification subsystem of notice merge, filtered and based on associated safety risk |
| CN106921552A (en) * | 2015-12-25 | 2017-07-04 | 航天信息股份有限公司 | Terminal, gateway and tunnel multiplex system |
| CN106452896A (en) * | 2016-11-01 | 2017-02-22 | 赛尔网络有限公司 | Method and system for realizing virtual special network platform |
| CN106685956A (en) * | 2016-12-27 | 2017-05-17 | 上海斐讯数据通信技术有限公司 | Method and system for router VPN network connection |
| CN106685956B (en) * | 2016-12-27 | 2019-10-11 | 上海斐讯数据通信技术有限公司 | A kind of the VPN network connection method and system of router |
| CN110022204A (en) * | 2019-03-20 | 2019-07-16 | 中国电子科技集团公司第三十研究所 | Divide the method for enhancing file security communications security based on content truly randomization |
| CN110022204B (en) * | 2019-03-20 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Method for enhancing security of file secret communication based on content true randomization segmentation |
| CN110311894A (en) * | 2019-05-24 | 2019-10-08 | 帷幄匠心科技(杭州)有限公司 | A kind of method that local area network internal dynamic penetrates |
| CN116436731A (en) * | 2023-06-15 | 2023-07-14 | 众信方智(苏州)智能技术有限公司 | Multi-internal network two-layer data stream communication method |
| CN116436731B (en) * | 2023-06-15 | 2023-09-05 | 众信方智(苏州)智能技术有限公司 | Multi-internal network two-layer data stream communication method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103379009B (en) | 2017-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103379009B (en) | SSL VPN communication method based on data link layers | |
| CN102801695B (en) | Virtual private network (VPN) communication equipment and data pack transmission method thereof | |
| US9231918B2 (en) | Use of virtual network interfaces and a websocket based transport mechanism to realize secure node-to-site and site-to-site virtual private network solutions | |
| JP2018023155A (en) | Transmission of data frame over communication network using incompatible network routing protocol | |
| ES2634690T3 (en) | Method, device and system to control access to a user terminal | |
| CN106376003A (en) | Method and device for detecting wireless local area network connection and wireless local area network data transmission | |
| US11388590B2 (en) | Cryptographic security in multi-access point networks | |
| CN207766561U (en) | A kind of system of control terminal and equipment access network | |
| CN101827031A (en) | Method and device for packet transmission in user datagram protocol UDP tunnel | |
| CN104993993B (en) | A kind of message processing method, equipment and system | |
| WO2014079335A1 (en) | Ip packet processing method, apparatus and network system | |
| CN103391234A (en) | Method for realizing multi-user fixed port mapping and PPTP VPN server side | |
| CN103856581B (en) | A kind of translation encapsulation adaptive approach of user side equipment | |
| CN111147451A (en) | Service system security access method, device and system based on cloud platform | |
| CN104426735B (en) | A kind of method and device for establishing Virtual Private Network connection | |
| CN107786536B (en) | TCP reverse port penetration method and system thereof | |
| CN104254062B (en) | A kind of direct connected link communication means and relevant device, system | |
| CN109246016A (en) | Message processing method and device across VXLAN | |
| CN102202108A (en) | Method, device and system for realizing NAT (network address translation) traverse of IPSEC (Internet protocol security) in AH (authentication header) mode | |
| CN103001844A (en) | IPv6 (internet protocol version 6) network system and data transmission method thereof | |
| CN104113889B (en) | The method and device that a kind of connection based on return path is set up | |
| CN105591929B (en) | Lightweight dual stack group authentication method off the net and device | |
| CN109587204B (en) | Method and device for accessing public network and electronic equipment | |
| CN106506718B (en) | IVI transition method and network system based on the pure IPv6 network of multiple NAT | |
| CN105450556B (en) | Information transferring method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: SSL VPN communication method based on data link layers Effective date of registration: 20180917 Granted publication date: 20170215 Pledgee: Bank of Nanjing, Limited by Share Ltd, Nanjing branch Pledgor: Nanjing Enlink Network Technology Co., Ltd. Registration number: 2018320000192 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20200408 Granted publication date: 20170215 Pledgee: Bank of Nanjing, Limited by Share Ltd, Nanjing branch Pledgor: NANJING ENLINK NETWORK TECHNOLOGY Co.,Ltd. Registration number: 2018320000192 |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200420 Address after: Room 401, floor 4, Yougu incubator, No. 12, mozhou East Road, moling street, Jiangning District, Nanjing City, Jiangsu Province Patentee after: JIANGSU YIANLIAN NETWORK TECHNOLOGY Co.,Ltd. Address before: 108, room 210039, building 01A, 10 Internet software park, Dajiang Road, Yuhua Economic Development Zone, Jiangsu, Nanjing Patentee before: NANJING ENLINK NETWORK TECHNOLOGY Co.,Ltd. |