计算机工程 ›› 2008, Vol. 34 ›› Issue (20): 109-111.doi: 10.3969/j.issn.1000-3428.2008.20.040

• 网络通信 • 上一篇    下一篇

基于Linux的XFRM框架下IPSec VPN的研究

阚 闯,栾 新,戚玮玮   

  1. (中国海洋大学信息科学与工程学院,青岛 266100)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-10-20 发布日期:2008-10-20

Research on IPSec VPN Under Framework of XFRM Based on Linux

KAN Chuang, LUAN Xin, QI Wei-wei   

  1. (Institute of Information Science and Engineering, Ocean University of China, Qingdao 266100)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-10-20 Published:2008-10-20

摘要: 针对现有 IPSec VPN 系统在效率和可靠性方面存在的问题,提出并改进了一种基于Linux最新内核平台的 IPSec VPN网关系统。给出Linux 的XFRM 框架结构和函数调用结构的表述,其中包括XFRM框架模块与内核中IPSec进入外出处理的交互结合和VPN 网关安全隧道的构建,利用 XFRM 框架实现 IP 层处理和IPSec 处理。对新系统进行了仿真实现与性能评价,结果表明,它是可行和有效的。

关键词: 虚拟专用网, IPSec协议, XFRM框架结构, PF_key协议

Abstract: On the basis of the efficiency and reliability feature of existing IPSec VPN systems, the architecture of an IPSec VPN gateway system on Linux newest kernel platform is presented and improved. The corresponding Linux XFRM structure and function call structural description are introduced, including XFRM framework interaction with IPSec module handling in the kernel and the VPN gateway security tunnel construction. This system uses Linux XFRM frame to combine IP process and IPSec process. Simulation results show that the new system is both feasible and effective.

Key words: Virtual Private Network(VPN), IPSec protocol, XFRM framework, PF_key protocol

中图分类号: