Re-posted article: Create a LAN on the Internet: VPN technology details!

Lan construction over the Internet: VPN technology details

Today, the Internet has formed a giant Network to establish global communication. Today, traditional Web browsing, sending and receiving e-mails, and online games are only the initial stages of the network society. VPN is a new trend in the future, which will have a powerful impact on the network. It puts forward the concept of a virtual private network, which fully integrates LAN and Internet, connects different designated LAN, and ensures security and data integrity. The most important thing is that the cost is not high, so it will be a new trend of inter-enterprise/internal network connections.

What is VPN?

VPN, virtual private network (VPC), which uses a public network such as the Internet to build an enterprise's private network. When necessary, the VPN occupies a portion of the bandwidth from the public network and is used as a private network. When the VPN communication ends, the bandwidth is returned to the public network. VPN does not require users to establish remote physical connections, but implements wide-area connections through the public network provided by the service provider.

VPN uses tunneling technology to achieve secure data transmission. Tunneling is a way to transmit data between networks by using the infrastructure of an interconnected network. The data (or load) transmitted by tunnel can be the data volume (which is incorrect) or package of different protocols. The tunnel protocol re-encapsulates the data packages or packages of these other protocols in the new header for sending. The new header provides routing information so that encapsulated load data can be transmitted through the interconnected network.

The encapsulated data packets are routed between the two endpoints of the tunnel through the public network. The logical path of the encapsulated data packet transmitted over the public network is called a tunnel. Once the network endpoint is reached, the data will be unwrapped and forwarded to the final destination. Note: tunneling refers to the entire process, including data encapsulation, transmission, and settlement.

Currently, common VPN tunnel protocols include:

1. Point-to-Point Tunneling Protocol (PPTP)
The PPTP protocol allows encryption of IP, IPX, or netbeui data streams, which are encapsulated in IP headers and sent through enterprise IP addresses or public networks.

2. layer-3 Tunneling Protocol (L2TP)
The L2TP protocol allows encryption of IP, IPX, or netbeui data streams, and then transmission over any network that supports point-to-point data transmission, such as IP, X.25, RST relay, or ATM.

3. Secure IP (IPSec) tunnel mode
The IPSec tunneling mode allows you to encrypt IP load data and encapsulate the data in IP headers to be sent over an enterprise IP network or a public IP network such as the Internet.

IPEC is an end-to-end mechanism designed by IETF to ensure data security based on IP communication. IPSec supports data encryption and ensures data integrity. According to IETF regulations, when data encryption is not adopted, IPSec uses the Authentication Header (AH) to provide source authentication to ensure data integrity. IPSec uses the encapsulated Security load (ESP) provide source verification together with encryption to ensure data integrity. Under the IPSec protocol, only the sender and receiver know the secret key. If the verification data is valid, the receiver can know that the data comes from the sender and is not damaged during transmission.

Based on security considerations, IPSec has the highest security level and has gradually become a widely used VPN security standard.

VPN application requirements in the OA Automation System:

The OA Office Automation System is an important aspect of Enterprise Informatization developed for the company's daily office affairs. It realizes the transfer of information within the company, this includes document drafting, circulation, approval, archiving, and other aspects of the enterprise, implementing all aspects of the enterprise's daily operations. The process of circulation is accompanied by the company's capital flow and logistics. It can be said that the OA system plays an increasingly important role in improving the overall operational efficiency of enterprises. From the development of the OA system, most OA systems currently use Microsoft-based exchange and IBM-based Lotus mail system platforms, using text processing software, this module implements drafting, approval, transfer, announcement, archiving, and other processes of documents, and builds an information system based on the C/S or B/S architecture through the background database. The OA system has the characteristics of process transfer. It must pass the approval of each link before it can be transferred to the next link. However, if the company's leadership or other department leaders are on a business trip or going out to the public, the OA system will not be able to flow normally, affecting the company's daily operations. On the other hand, some group companies and their subsidiaries need to upload the relevant policy documents to the company, and they need to transfer the company's information in a timely manner. At present, it is far from enough to meet the needs of modern office, and the OA system can exert the advantages of high efficiency.

It can be seen that the OA system needs to use modern network and communication technologies to transmit real-time and information flows. For the remote interconnection of the OA system, Guangzhou Baihua Data Network Co., Ltd. has launched an IPsec-based VPN interconnection solution, VPN, as a new wide area network technology, can realize the interconnection anytime and anywhere without the restriction of the region, and support the VPN mode of LAN-TO-LAN and PC-TO-LAN in the application. The former is mainly to solve the interconnection between the branch office and the office Office's OA system. Through VPN, files within the company can be securely transmitted. The PC-TO-LAN is mainly to solve the problem of mobile office, go out of the leadership, can through the IPsec client software dial into the headquarters network, establish a safe VPN tunnel, login OA system, the approval, recording, and remote mobile office of documents can be implemented under the configured permissions, which solves the shortcomings of the previous leaders' business trips and delays the approval of documents by the leaders, greatly improve the efficiency of enterprises.