【作者】 张艳丽；

【导师】 宗平；

【作者基本信息】 河海大学 ， 计算机应用技术， 2003， 硕士

【摘要】 虚拟专用网(VPN)是采用隧道技术以及加密、身份认证等方法，在公共网络上构建企业网络的技术。说VPN是虚拟的网，因为它没有固定的物理连接，使用的是公共网络。说VPN是专用的网，因为它使用路由将Internet通信隔离开来，并使用加密保证通信的安全。于是，企业网络想连接到哪里都可以，不仅使保密性、安全性、管理性的问题容易解决了，还降低了网络的使用成本。事实上，VPN技术也可以应用于专用网内。将VPN技术应用于校园网，可以突破校园专用网的地域性限制或优化校园网的管理和应用。本文在介绍TCP/IP协议、加密技术等与VPN相关知识的基础上，较详细论述了IPsec协议和VPN的两个主要协议：点到点隧道协议(PPTP)和层2隧道协议(L2TP)。然后，本文结合校园网的具体网络结构和使用情况提出了一个基于校园网的VPN实现方案，根据这个方案不仅可以利用VPN技术建立两个校区之间的虚拟专用网络连接，可以将校园专用网内资源被访问的区域范围扩展到任何连接Internet的地方，还可以优化专用网内部的资源管理。最后，文章根据提出的方案给出了一个利用Windows操作系统的路由和远程访问服务(RRAS)建立VPN访问服务器的实例，并通过运行Windows 2000系统的“网络监视器”对访问该VPN服务器的过程进行了监视和分析，对VPN通信的安全性进行了检验，在一定程度上验证了本文提出的方案的有效性。更多还原

【Abstract】 VPN is the technology of building a intranet based on the public network with the support of Tunneling technology, Encapsulation and Authentication methods. A VPN is virtual in that it has no corresponding physical network but rather shares physical circuits with other traffic. A VPN is private in that it isolates Internet traffic with routing and secures it with encryption. That is to say, it is realizable to connect the intranet to anywhere. Not only the problem of privacy protection, safety property and manageability can be smoothed out, but also the cost of the network can be brought down. In fact, the technology of VPN can also be used in the private net. Being applied to CAN, VPN can break the regional limit of the CAN or give better administration ways and means of the CAN. After introducing the correlative knowledge of VPN, such as TCP/IP protocols, Encryption technology and so on, the article discusses in detail the IPsec protocol and the two main protocols of VPN: PPTP and L2TP. And then, according to the actual network structure and application situation, the article comes up with an implement plan of VPN based on CAN. With the plan, not only a virtual private network will be build between the two campus areas, the regional area of accessing the servers in the private CAN will be extended to wherever can connect to the Internet, but also the administration of the resource in the private CAN will be more easy and more reasonable. At last, the article gives a sample of building a VPN server with the RRAS of Windows 2000 OS based on the given plan. The procedure of accessing to the VPN server is monitored with the help of the "Microsoft Network Monitor" . The analysis based on the monitoring result provides the safety property of the VPN communication, and verifies the availability of the plan to some extent.更多还原