摘要： 在分析传统SSL VPN不足的基础上，该文通过融合SSL VPN和IPSec VPN的设计思想，提出并实现了一种改进的SSL VPN系统。核心设计思想是采用虚拟设备驱动技术在Socket层进行数据包拦截，然后通过SSL加密隧道发送至隧道另一端，对方接收后进行解密和还原。与传统的SSL VPN系统相比，该系统具有更强的灵活性和适应性。改进的SSL VPN系统对于SSL VPN的发展和推广有着重要意义。

关键词: SSL, 虚拟专用网, 虚拟设备驱动

Abstract: This paper presents an improved SSL VPN system. The system hooks data packets from virtual device driver at socket layer and sends them though an encrypted SSL tunnel to the peer who will perform decryption and reconstruction of the packets. The system is more flexible and adaptable compared to traditional SSL VPN system.

Key words: SSL, Virtual private network(VPN), Virtual device driver