【作者】 赵宁；

【导师】 马跃；

【作者基本信息】 北京邮电大学 ， 计算机科学与技术， 2008， 硕士

【摘要】 目前,使用IPSec协议建立的虚拟专用网(VPN)已经成为企业最常用的虚拟专用网解决方案,用于解决分布在不同地理位置的子公司或部门之间通信的安全性和完整性问题。但是传统的IPSec VPN存在过于依赖手工配置的静态隧道、不支持隧道动态获取IP地址等问题,因此随着企业规模的扩大,尤其在拥有众多部门的企业中,传统VPN面临更加严重的问题。为了解决这些问题,基于传统的VPN模型,我提出了动态多点VPN模型。本文主要阐述了路由器上IPSec与SSH协议的实现。在研究和分析了VPN相关技术的基础上提出了路由器上的动态多点VPN模型,实现了IPSec隧道的动态建立和保护应用层数据的SSH隧道。论文主要突出了对IPSec与SSH技术的理解、实现和改进。本人在VLRT路由器上实现了由改进后,带有下一跳服务器(NHS)子模块的IPSec和SSH组成的VPN模型,实现了LAN-TO-LAN VPN和SITE-TO-LAN隧道的动态建立。为隧道中的数据提供完整性和安全性保障,并提供对接入用户认证的功能。在此基础上,对项目产品进行了详细的测试和分析,并且提出对IPSec隧道的动态建立和SSH协商过程改进的想法和见解。更多还原

【Abstract】 Nowadays, corporations build the Virtual Private Network (VPN) in order to provide the security and integrity for the communication between different departments of them. The most popular way is by using IPSec to do this. However, the traditional IPSec VPN depends on the static tunnel too much, which is configurated by manually, at the same time, the traditional IPSec VPN don’t provide the service which is to configurate IP address dynamically. With the development of corporation, the traditional VPN faces a lot of problems, especially in the corporation which has a lot of departments. In order to resolve these problems, I have put forward Dynamic Multipoint VPN to build the IPSec tunnel dynamically.In this article, I have describe the process of developing the IPSec and SSH protocols in routers. I have put forward the dynamic multi-point VPN module as well as developed establishment of IPSec tunnel and SSH tunnel after I study and analysis the VPN technology. I am focus on the process of comprehending, developing and improving the IPSec and SSH technology in this article.I have developed the dynamic multipoint VPN function module on routers, which includes IPSec module with a new NHS module and SSH module. At the same time I have established the tunnel between LAN-TO LAN and SITE-TO-LAN dynamically. By doing this, I make it more integrate and safe to transfer data by using the tunnel. Besides, I developed the authentication function of access client. After this, I have tested and analyzed the software in detail. At last, I have put forward some ideas of improving both dynamic establishment of IPSec and negotiation process of SSH to make the software more efficiently.更多还原