CN103391234A - Method for realizing multi-user fixed port mapping and PPTP VPN server side - Google Patents
Method for realizing multi-user fixed port mapping and PPTP VPN server side Download PDFInfo
- Publication number
- CN103391234A CN103391234A CN2013103313107A CN201310331310A CN103391234A CN 103391234 A CN103391234 A CN 103391234A CN 2013103313107 A CN2013103313107 A CN 2013103313107A CN 201310331310 A CN201310331310 A CN 201310331310A CN 103391234 A CN103391234 A CN 103391234A
- Authority
- CN
- China
- Prior art keywords
- client
- user
- user data
- vpn
- data package
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for realizing multi-user fixed port mapping. The method comprises the following steps: S101, starting PPPD process after the link control data packet, which is sent by a client and contains a user requested IP, is received; performing authentication for the login information of the client; when the authentication is successful, creating and maintaining the communication tunnel between the PPTP VPN server and the client; S102, performing decoding and decompression for user data packet after the user data packet sent by the authenticated client through the communication tunnel is received; S103, replacing the VPN IP in the user decoded and decompressed data packet with the local server IP; mapping the user data packet to the preset NAT port according to the rule chain; then sending the data packet to the physical network card. The invention further discloses a PPTP VPN server side for realizing multi-user fixed port mapping.
Description
Technical field
The present invention relates to a kind of method and PPTP VPN service end of the multi-user's of realization fixed port mapping.
Background technology
PPTP(Point to Point Tunneling Protocol, Point to Point Tunnel Protocol) be the network technology of a kind of support multi-protocols VPN (virtual private network) (Virtual Private Network, VPN), it is operated in the second layer.By this agreement, the long-distance user can be equipped with the system safety visited company network of point-to-point protocol by Microsoft Windows nt workstation, Windows xp, Windows2000 and windows2003, windows7 operating system and other, and can dial and be connected into local ISP, by the Internet secure link to company's network.
The basic process of tunneling technique is the interface at source local area network (LAN) and public network, data (can be data link layer or the network layer data in the ISO/OSI seven layer model) are encapsulated in a kind of data format that can transmit on public network as load, at the interface of purpose local area network (LAN) and public network, load is taken out in the data decapsulation.
When packed packet transmits on the internet the logical path of process be called as " tunnel ".The vpn tunneling agreement has 4 kinds at present: PPTP PPTP, Level 2 Tunnel Protocol L2TP, network layer tunnel protocol IPSec and SOCKS v5.
Stability and the fail safe of building VPN with PPTP are also more intense, are also to compare now the vpn server of main flow.It is a kind of new enhancement mode security protocol of developing on the basis of ppp protocol, supports the multi-protocols VPN(Virtual Private Network), can pass through the methods such as password authentication protocol (PAP), EAP (EAP) and strengthen fail safe.
PPTP uses a TCP to connect tunnel is safeguarded, uses generic route encapsulation (GRE) technology to become data encapsulation the PPP information hardwood to transmit by tunnel.Can the load data in encapsulation PPP hardwood be encrypted or compress.Data send out and encrypt from physical network card, and data only have on the vpn server, just meeting is decrypted.
PPTP VPN provides safe and reliable transfer of data for us.But we must forward by data forwarding module when building vpn server under the linux server, and data could arrive destination like this.Data retransmission is exactly the operation of a nat port mapping, NAT(Network Address Translation, network address translation) belong to access wide area network (WAN) technology, be a kind of be the switch technology of legitimate ip address with privately owned (reservation) address spaces, it is widely used in all kinds Internet access way and various types of network.We can be by checking/proc/net/ip_conntrack file VPN port mapping relation.Webpage of access after client 200 connects vpn server, go again to check that VPN port mapping relation can find, open a webpage and just likely produce tens port mapping relations, namely we access a webpage just likely has tens ports occupied.Supposing that a client 200 is held the words of tens webpages simultaneously just likely can occupied more than 100 port.Just likely cause some client normally not surfed the Net in the situation that client 200 quantity are many.
The flow process of lower PPTP VPN data packet transmission is described now:
Seeing also Fig. 1, is PPTP VPN data flow diagram.At first the data that client 200 is sent encrypt via client 200, then by tunnel transmission, are sent to server.In the time of encrypted packets that the client 200 that receives when server is sent, by packet catcher, can know that the source IP address of packet is VPN IP, be namely 10.10.10.X(or other).These addresses recognize on public network less than.
Seeing also Fig. 2, is data retransmission processing module flow chart of data processing.When packet process kernel server module, kernel module is controlled packet to link and is given control processing data packets resume module, and user data package is processed by the user data packet handing module.The user data packet handing module, packet deciphering and decompression processing, is then transferred to data forwarding module and is processed.At first data forwarding module is processed and can be detected, and the filtering data bag, fall the Packet Filtering that does not meet filtering rule.Then, data forwarding module can replace with the source address (10.10.10.X) of packet the inside the IP address of home server, is port mapping the port of Random assignment.Like this, will be abused in multi-user's situation lower port.When taking a plurality of port, a client 200 just likely cause Internet resources to be taken by a client 200.
Summary of the invention
For addressing the above problem, the technical scheme that the present invention adopts is:
A kind of PPTP VPN service end of the multi-user's of realization fixed port mapping is provided, comprises link control module, user data packet handing module, data forwarding module and authentication module; Described link control module is used for the user asks IP when comprising of receiving that client sends link control packet after startup PPPD process, and after the log-on message authentication success of described authentication module to client, set up and safeguard the communication tunnel of PPTP VPN service end and client; Described user data packet handing module is used for, after the user data package of the client that receives authentication success by described communication tunnel transmission, user data package to be decrypted decompress(ion), and the packet that then will decipher after decompress(ion) is transferred to data forwarding module; The VPN IP that described data forwarding module is used for decipher the user data package of decompress(ion) replaces with home server IP, user data package is mapped to the nat port of presetting on home server according to rule chain, then with Packet Generation to physical network card.
Another technical solution used in the present invention is:
A kind of method of the multi-user's of realization fixed port mapping is provided, comprise step: S101, the link that the user asks IP when comprising of receiving that client sends start the PPPD process after controlling packet, after the log-on message of client is authenticated and works as authentication success, set up and safeguard the communication tunnel of PPTP VPN service end and client; S102, after the user data package that the client that receives authentication success sends by described communication tunnel, user data package is decrypted decompress(ion); S103, the VPNIP that will decipher in the user data package of decompress(ion) replace with home server IP, and user data package is mapped to nat port default on home server according to rule chain, then with Packet Generation to physical network card.
A kind of method and PPTP VPN service end that realizes the mapping of multi-user's fixed port of the present invention, when user data package is filtered through data forwarding module for the first time, data forwarding module can look for article one to meet the rule chain of this packet in filtering rule chained list the inside, then record this rule chain, the similar packet of this connection is all walked same rule chain later, can not remove the rule searching chain again.So just can avoid each packet to go to table look-up, produce unnecessary time delay.Compared to prior art, technical scheme of the present invention can prevent client abuse Service-Port, to a certain degree realizing the server network resource-sharing, in addition, directly the packet decision data bag of monitoring service implements reason network interface card is sent port, by inquiring about between this port place ports zone, just can learn the VPN IP that packet sends.
Description of drawings
Fig. 1 is PPTP VPN data flow diagram;
Fig. 2 is data retransmission processing module flow chart of data processing;
Fig. 3 is the functional block diagram of a kind of PPTP VPN service end of the multi-user's of realization fixed port mapping in an embodiment of the present invention;
Fig. 4 is the schematic diagram of rule chain in the filtering rule chained list;
Fig. 5 is the flowchart of a kind of method of the multi-user's of realization fixed port mapping in an embodiment of the present invention.
The main element symbol description
PPTP VPN service end 100, link control module 10, user data packet handing module 20, data forwarding module 30, authentication module 40, client 200, PPPD thread promoter module 11, IP distribution sub module 12, Microsoft Loopback Adapter submodule 13, submodule 31, NAT mapping submodule 32 are selected in rule chain.
Embodiment
By describing technology contents of the present invention, structural feature in detail, being realized purpose and effect, below in conjunction with execution mode and coordinate accompanying drawing to be explained in detail.
Seeing also Fig. 3, is the functional block diagram of a kind of PPTPVPN service end of the multi-user's of realization fixed port mapping in an embodiment of the present invention.This PPTP VPN service end 100 that realizes the mapping of multi-user's fixed port comprises link control module 10, user data packet handing module 20, data forwarding module 30 and authentication module 40.Described PPTP VPN service end 100 is deployed in the linux server.
Described link control module 10 is used for the user asks IP when comprising of receiving that client 200 sends link control packet after startup PPPD process, and after the log-on message authentication success of 40 pairs of clients 200 of described authentication module, set up and safeguard the communication tunnel of PPTP VPN service end and client 200.
Particularly, described link control module 10 comprises PPPD thread promoter module 11, IP distribution sub module 12, Microsoft Loopback Adapter submodule 13.
Described PPPD thread promoter module 11 is used for after the link that receives the client transmission is controlled packet, and the log-on message that starts PPPD process and 40 pairs of clients 200 of notification authentication module authenticates.
In the present embodiment, described authentication module 40 adopts the Radius authentication, is used for by PPPD process transfer radius client to radius service end request cipher authentication.
Described IP distribution sub module 12 is used for after the log-on message authentication success of 40 pairs of clients 200 of described authentication module, from the inside, IP pond, distributes a VPN IP who is not used to client 200, then asks IP to send the PPPD process to VPNIP and user.
Described Microsoft Loopback Adapter submodule 13 be used for creating one with the communication tunnel of the unique corresponding Microsoft Loopback Adapter of VPN IP as PPTP VPN service end 100 and client 200.
Described user data packet handing module 20 is used for, after the user data package of the client 200 that receives authentication success by described communication tunnel transmission, user data package is decrypted decompress(ion), and the packet that then will decipher after decompress(ion) is transferred to data forwarding module 30.
The VPN IP that described data forwarding module 30 is used for decipher the user data package of decompress(ion) replaces with home server IP, user data package is mapped to the nat port of presetting on home server according to rule chain, then with Packet Generation to physical network card.
Particularly, described data forwarding module 30 comprises the selected submodule 31 of rule chain and NAT mapping submodule 32.
The selected submodule 31 of described rule chain is used for when receiving user data package for the first time, in the filtering rule chained list inquiry and record queries to the rule chain that protocol type is consistent that realizes of article one and user data package.
Described NAT mapping submodule 32 replaces with home server IP for the VPN IP of the user data package that will decipher decompress(ion), user data package is mapped to nat port default on home server according to the rule chain of corresponding record, then with Packet Generation to physical network card.
Exist in whole process, it is optimal adding a fixed port mapping at data forwarding module 30.At first, we find user's authentication state and the state of user's going on line or off line easily in data forwarding module 30.Secondly, all clients all share a PPTPD process, it is a corresponding Microsoft Loopback Adapter and corresponding unique PPPD process that each client connects, and could determine the VPN IP of corresponding client in PPPD process the inside, just can not get muddled during deal with data.
Seeing also Fig. 4, is the schematic diagram of rule chain in the filtering rule chained list.
Article one and the second rule chain represent the tcp of VPN IP10.10.10.1 and udp data-mapping are gone out to the port of the 1000-1050 of NAT on home server.192.168.119.157 be the IP of home server.Particularly, after client is by authentication, be mainly to realize the fixed port mapping of article one rule chain and second rule chain by carrying out following two system commands:
iptables-t?nat-I?POSTROUTING-p?udp-s10.10.10.1-j?SNAT--to-source192.168..119.157:1000-1050;
iptables-t?nat-I?POSTROUTING-p?tcp-s10.10.10.1-j?SNAT--to-source192.168..119.157:1000-1050。
Here only shone upon the data of tcp and the udp of ipv4, other agreements, for example, the data of icmp etc., adopt the 3rd rule chain.Further,, if want to add other protocol port mappings, can make the tcp agreement into other agreement, then insert a rule chain and get final product.
The 3rd rule chain represent all data of the 10.10.10 network segment all NAT be mapped to server physical network card eth0 and go out.
Mainly to realize as next system command by carrying out:
iptables-t?nat-A?POSTROUTING-s10.10.10.0/24-o?eth0-j?MASQUERADE。
This rule chain can not conflict mutually with the rule chain of fixed port mapping.For example, when client produces the packet of a ping, because the ping packet is realized with the icmp agreement, so use the 3rd rule chain., so the parameters of data forwarding module can only can not be used " A " with " I ", so just can guarantee that the rule chain of finding at first is the rule chain of dynamic port mapping.
Pass through such scheme, when user data package is filtered through data forwarding module 30 for the first time, data forwarding module 30 can look for article one to meet the rule chain of this packet in filtering rule chained list the inside, then record this rule chain, the similar packet of this connection is all walked same rule chain later, can not remove the rule searching chain again.So just can avoid each packet to go to table look-up, produce unnecessary time delay.
By the mode of this fixed port mapping, all tcp of client and the packet of upd only can be forwarded by data forwarding module from the inside between the ports zone of [1000-1050].The benefit of this mode is: can prevent client abuse Service-Port, to a certain degree realize the server network resource-sharing; Directly the packet decision data bag of monitoring service implements reason network interface card is sent port, by inquiring about between this port place ports zone, just can learn the VPN IP that packet sends.
Below set forth the account form between ports zone.Suppose that the VPN IP network section of distributing is the IP end of 10.10.10.1, at this network segment, i.e. 255 users of 10.10.10.1~10.10.10.255 user can be arranged so, be assumed to be 50 ports of each user assignment, need altogether 255*50+254 totally 13004 ports in this VPN IP network section so.
If n represents last numerical value of VPN IP, the port interval range is:
Interval left end point: 1024+ (n-1) * 50+ (n-1)
Interval right endpoint: 1024+n*50+ (n-1)
If port represents the port of packet process:
n=(port-1024)/51+1
So just can know that packet VPN IP is 10.10.10.n.The efficiency of this account form is higher than directly reading routing table.
Be between the ports zone of the port mapping that can use on the linux server in theory [1~65535], but when in linux server deploy PPTP VPN service end, because lack domain name mapping (DNS) server on the linux server, there will be domain name mapping not problem, especially there will be this problem in server disposing overseas.
By the bind9 service is installed, allowing rule chain all domain names just all to resolve can address this problem instead.But the request of 1024~65535 ports of bind9 acquiescence prison PPTP vpn server, thus VPN theoretical available be between 1024~65535 ports zones.Secondly, we needn't worry the port that is taken by system, because the port of NAT and system port are not same ports, the port of NAT is not bundled in this locality.
Seeing also Fig. 5, is the flowchart of a kind of method of the multi-user's of realization fixed port mapping in an embodiment of the present invention, and the method runs in described PPTP VPN service end 100, and the method comprises the steps:
Step S101, the link that the user asks IP when comprising of receiving that client sends start the PPPD process after controlling packet, after the log-on message of client is authenticated and works as authentication success, set up and safeguard the communication tunnel of PPTPVPN service end and client;
Step S102, after the user data package that the client that receives authentication success sends by described communication tunnel, user data package is decrypted decompress(ion);
Step S103, the VPN IP that will decipher in the user data package of decompress(ion) replace with home server IP, and user data package is mapped to nat port default on home server according to rule chain, then with Packet Generation to physical network card.
Wherein, described " setting up and safeguard the communication tunnel of PPTP VPN service end and client " specifically comprises step:
Step S1011, after the log-on message authentication success to client, distribute a VPN IP who is not used to client from IP pond the inside, then ask IP to send the PPPD process to VPN IP and user;
Step S1012, create one with the communication tunnel of the unique corresponding Microsoft Loopback Adapter of VPN IP as PPTP VPN service end and client.
In the present embodiment, the Radius authentication is adopted in described authentication, by PPPD process transfer radius client, arrives radius service end request cipher authentication.
Wherein, described " user data package is mapped to nat port default on home server according to rule chain " specifically comprises step:
Step S1031, when receiving user data package for the first time, in the filtering rule chained list inquiry and record queries to the rule chain that protocol type is consistent that realizes of article one and user data package;
Step S1032, the VPN IP that will decipher in the user data package of decompress(ion) replace with home server IP, and user data package is mapped to nat port default on home server according to the rule chain of corresponding record.
A kind of method and PPTP VPN service end that realizes the mapping of multi-user's fixed port of the present invention, when user data package is filtered through data forwarding module for the first time, data forwarding module can look for article one to meet the rule chain of this packet in filtering rule chained list the inside, then record this rule chain, the similar packet of this connection is all walked same rule chain later, can not remove the rule searching chain again.So just can avoid each packet to go to table look-up, produce unnecessary time delay.Compared to prior art, technical scheme of the present invention can prevent client abuse Service-Port, to a certain degree realizing the server network resource-sharing, in addition, directly the packet decision data bag of monitoring service implements reason network interface card is sent port, by inquiring about between this port place ports zone, just can learn the VPN IP that packet sends.
The foregoing is only embodiments of the invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; or directly or indirectly be used in other relevant technical fields, all in like manner be included in scope of patent protection of the present invention.
Claims (8)
1. a PPTP VPN service end that realizes the mapping of multi-user's fixed port, is characterized in that, comprises link control module, user data packet handing module, data forwarding module and authentication module;
Described link control module is used for the user asks IP when comprising of receiving that client sends link control packet after startup PPPD process, and after the log-on message authentication success of described authentication module to client, set up and safeguard the communication tunnel of PPTP VPN service end and client 200;
Described user data packet handing module is used for, after the user data package of the client that receives authentication success by described communication tunnel transmission, user data package to be decrypted decompress(ion), and the packet that then will decipher after decompress(ion) is transferred to data forwarding module;
The VPN IP that described data forwarding module is used for decipher the user data package of decompress(ion) replaces with home server IP, user data package is mapped to the nat port of presetting on home server according to rule chain, then with Packet Generation to physical network card.
2. a kind of PPTP VPN service end that realizes the mapping of multi-user's fixed port according to claim 1, is characterized in that, described link control module comprises:
PPPD thread promoter module, be used for after the link that receives the client transmission is controlled packet, and startup PPPD process and notification authentication module authenticate the log-on message of client;
The IP distribution sub module, be used for after the log-on message authentication success of described authentication module to client, from the inside, IP pond, distributes a VPN IP who is not used to client, then asks IP to send the PPPD process to VPN IP and user;
The Microsoft Loopback Adapter submodule, be used for to create one with the communication tunnel of the unique corresponding Microsoft Loopback Adapter of VPN IP as PPTPVPN service end and client.
3. a kind of PPTP VPN service end that realizes the mapping of multi-user's fixed port according to claim 2, is characterized in that, described authentication module adopts the Radius authentication, by PPPD process transfer radius client, arrives radius service end request cipher authentication.
4. a kind of PPTP VPN service end that realizes the mapping of multi-user's fixed port according to claim 2, is characterized in that, described data forwarding module comprises:
Submodule is selected in rule chain, be used for when receiving user data package for the first time, in the filtering rule chained list inquiry and record queries to the rule chain that protocol type is consistent that realizes of article one and user data package;
The NAT mapping submodule, VPN IP for the user data package that will decipher decompress(ion) replaces with home server IP, user data package is mapped to nat port default on home server according to the rule chain of corresponding record, then with Packet Generation to physical network card.
5. a method that realizes the mapping of multi-user's fixed port, is characterized in that, comprises step:
S101, the link that the user asks IP when comprising of receiving that client sends start the PPPD process after controlling packet, after the log-on message of client is authenticated and works as authentication success, set up and safeguard the communication tunnel of PPTPVPN service end and client;
S102, after the user data package that the client that receives authentication success sends by described communication tunnel, user data package is decrypted decompress(ion);
S103, the VPN IP that will decipher in the user data package of decompress(ion) replace with home server IP, and user data package is mapped to nat port default on home server according to rule chain, then with Packet Generation to physical network card.
6. a kind of method that realizes the mapping of multi-user's fixed port according to claim 5, is characterized in that, described " setting up and safeguard the communication tunnel of PPTP VPN service end and client " specifically comprises step:
After the log-on message authentication success to client, distribute a VPNIP who is not used to client from the inside, IP pond, then ask IP to send the PPPD process to VPN IP and user;
Create one with the communication tunnel of the unique corresponding Microsoft Loopback Adapter of VPN IP as PPTP VPN service end and client.
7. a kind of method that realizes the mapping of multi-user's fixed port according to claim 6, is characterized in that, the Radius authentication is adopted in described authentication, by PPPD process transfer radius client, arrives radius service end request cipher authentication.
8. a kind of method that realizes the mapping of multi-user's fixed port according to claim 6, is characterized in that, described " user data package is mapped to nat port default on home server according to rule chain " specifically comprises step:
When receiving user data package for the first time, in the filtering rule chained list inquiry and record queries to the rule chain that protocol type is consistent that realizes of article one and user data package;
VPN IP in the user data package of deciphering decompress(ion) is replaced with home server IP, user data package is mapped to nat port default on home server according to the rule chain of corresponding record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103313107A CN103391234A (en) | 2013-08-01 | 2013-08-01 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103313107A CN103391234A (en) | 2013-08-01 | 2013-08-01 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103391234A true CN103391234A (en) | 2013-11-13 |
Family
ID=49535397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103313107A Pending CN103391234A (en) | 2013-08-01 | 2013-08-01 | Method for realizing multi-user fixed port mapping and PPTP VPN server side |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103391234A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104159231A (en) * | 2014-08-19 | 2014-11-19 | 北京奇虎科技有限公司 | Method for optimizing background flow of client, and client |
| WO2015070422A1 (en) * | 2013-11-14 | 2015-05-21 | 华为终端有限公司 | Method and equipment for establishing a data traffic link |
| CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
| CN106375128A (en) * | 2016-09-14 | 2017-02-01 | 网宿科技股份有限公司 | Acceleration access method, device and equipment based on PPTP VPN (point to point tunneling protocol virtual private network) |
| CN109005179A (en) * | 2018-08-10 | 2018-12-14 | 常州中价之星软件技术有限公司 | Network security tunnel establishing method based on port controlling |
| CN110311894A (en) * | 2019-05-24 | 2019-10-08 | 帷幄匠心科技(杭州)有限公司 | A kind of method that local area network internal dynamic penetrates |
| CN110445858A (en) * | 2019-08-02 | 2019-11-12 | 深圳震有科技股份有限公司 | Server-side connects client approach and device, equipment, medium simultaneously |
| CN111371723A (en) * | 2018-12-07 | 2020-07-03 | 网宿科技股份有限公司 | Method and device for realizing PPTP VPN network isolation under DPDK framework |
| CN116232992A (en) * | 2022-12-16 | 2023-06-06 | 中国联合网络通信集团有限公司 | Data forwarding method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7117530B1 (en) * | 1999-12-07 | 2006-10-03 | Watchguard Technologies, Inc. | Tunnel designation system for virtual private networks |
| CN102647327A (en) * | 2012-04-28 | 2012-08-22 | 深圳市共进电子股份有限公司 | Virtual private network (VPN) connection method based on point to point tunneling protocol (PPTP) |
-
2013
- 2013-08-01 CN CN2013103313107A patent/CN103391234A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7117530B1 (en) * | 1999-12-07 | 2006-10-03 | Watchguard Technologies, Inc. | Tunnel designation system for virtual private networks |
| CN102647327A (en) * | 2012-04-28 | 2012-08-22 | 深圳市共进电子股份有限公司 | Virtual private network (VPN) connection method based on point to point tunneling protocol (PPTP) |
Non-Patent Citations (3)
| Title |
|---|
| K. HAMZEH;G. PALL;W. VERTHEIN;J. TAARUD;W. LITTLE;G. ZORN: "Point-to-Point Tunneling Protocol (PPTP)", 《IETF NETWORK WORKING GROUP REQUEST FOR COMMENTS: 2637》, 31 July 1999 (1999-07-31) * |
| 张小银: "基于Linux环境下VPN系统的研究与实现", 《微计算机信息》, vol. 27, no. 1, 5 January 2011 (2011-01-05), pages 3 - 4 * |
| 谢大吉: "基于PPTP的VPN技术研究", 《四川文理学院学报》, vol. 21, no. 2, 31 March 2011 (2011-03-31), pages 1 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015070422A1 (en) * | 2013-11-14 | 2015-05-21 | 华为终端有限公司 | Method and equipment for establishing a data traffic link |
| CN104159231A (en) * | 2014-08-19 | 2014-11-19 | 北京奇虎科技有限公司 | Method for optimizing background flow of client, and client |
| CN105933198B (en) * | 2016-04-21 | 2020-01-14 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
| CN105933198A (en) * | 2016-04-21 | 2016-09-07 | 浙江宇视科技有限公司 | Device for establishing direct connection VPN tunnel |
| CN106375128A (en) * | 2016-09-14 | 2017-02-01 | 网宿科技股份有限公司 | Acceleration access method, device and equipment based on PPTP VPN (point to point tunneling protocol virtual private network) |
| WO2018049725A1 (en) * | 2016-09-14 | 2018-03-22 | 网宿科技股份有限公司 | Pptp vpn-based accelerated access method, apparatus and device |
| CN106375128B (en) * | 2016-09-14 | 2019-07-02 | 网宿科技股份有限公司 | Acceleration access method, device and equipment based on PPTP VPN |
| US10680851B2 (en) | 2016-09-14 | 2020-06-09 | Wangsu Science & Technology Co., Ltd. | Method, apparatus, and device for PPTP VPN based access acceleration |
| CN109005179B (en) * | 2018-08-10 | 2020-11-06 | 常州中价之星软件技术有限公司 | Network security tunnel establishment method based on port control |
| CN109005179A (en) * | 2018-08-10 | 2018-12-14 | 常州中价之星软件技术有限公司 | Network security tunnel establishing method based on port controlling |
| CN111371723A (en) * | 2018-12-07 | 2020-07-03 | 网宿科技股份有限公司 | Method and device for realizing PPTP VPN network isolation under DPDK framework |
| CN111371723B (en) * | 2018-12-07 | 2022-06-17 | 网宿科技股份有限公司 | Method and device for realizing PPTP VPN network isolation under DPDK framework |
| CN110311894A (en) * | 2019-05-24 | 2019-10-08 | 帷幄匠心科技(杭州)有限公司 | A kind of method that local area network internal dynamic penetrates |
| CN110445858A (en) * | 2019-08-02 | 2019-11-12 | 深圳震有科技股份有限公司 | Server-side connects client approach and device, equipment, medium simultaneously |
| CN110445858B (en) * | 2019-08-02 | 2022-02-01 | 深圳震有科技股份有限公司 | Method, device, equipment and medium for simultaneously connecting server with client |
| CN116232992A (en) * | 2022-12-16 | 2023-06-06 | 中国联合网络通信集团有限公司 | Data forwarding method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103391234A (en) | Method for realizing multi-user fixed port mapping and PPTP VPN server side | |
| CN107995052B (en) | Method and apparatus for common control protocol for wired and wireless nodes | |
| US8363650B2 (en) | Method and systems for routing packets from a gateway to an endpoint | |
| JP4727125B2 (en) | Secure dual channel communication system and method through a firewall | |
| JP4852502B2 (en) | Access server and connection restriction method | |
| US20160226815A1 (en) | System and method for communicating in an ssl vpn | |
| US20070248085A1 (en) | Method and apparatus for managing hardware address resolution | |
| JP2009111437A (en) | Network system | |
| CN101138218A (en) | Security protocols on incompatible transports | |
| CN101902482B (en) | Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration | |
| WO2014028614A2 (en) | Ip address allocation | |
| US8978126B2 (en) | Method and system for TCP turn operation behind a restrictive firewall | |
| CN104993993B (en) | A kind of message processing method, equipment and system | |
| CN112039905B (en) | Reverse connection-based network communication method and device, electronic equipment and medium | |
| WO2009143729A1 (en) | Method, system and apparatus for realizing dhcp user service wholesale | |
| CN102088438B (en) | Method for solving address conflict of Internet protocol security (IPSec) Client and IPSec Client | |
| US20150319134A1 (en) | Method And Apparatus For Accessing Demilitarized Zone Host On Local Area Network | |
| WO2016009106A1 (en) | Access to a node | |
| CN104426735B (en) | A kind of method and device for establishing Virtual Private Network connection | |
| WO2016066027A1 (en) | Media transmission method and device | |
| CN103763301A (en) | System employing ppp protocol packaging-based IPsec frame structure and method | |
| CA2884382C (en) | Method and system for tcp turn operation behind a restrictive firewall | |
| CN103067411A (en) | Method and device for preventing DoS (denial of service) attack in DS-Lite (dual stack-Lite) networking | |
| US10805260B2 (en) | Method for transmitting at least one IP data packet, related system and computer program product | |
| JP4630296B2 (en) | Gateway device and authentication processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131113 |