As we all know, due to the shortage of public IP addresses, we usually use reserved IP addresses as internal IP addresses when establishing a LAN. These reserved IP addresses cannot be routed over the Internet, therefore, normally, we cannot directly access hosts in the LAN through the Internet. To achieve this goal, we need to use VPN tunneling technology.
-Generally, the VPN gateway adopts a dual-network card structure, and the external network card uses a public IP to access the Internet;
-If Terminal A of network 1 needs to access terminal B of Network 2, the destination address of the access packet sent by Terminal A is the IP address (internal IP address) of Terminal B );
-The VPN gateway of network 1 checks the destination address of the access packet sent by Terminal A. If the destination address belongs to the address of Network 2, the packet is encapsulated, the encapsulation method varies according to the VPN technology used. At the same time, the VPN gateway constructs a new data packet (VPN data packet) and uses the encapsulated original data packet as the load of the VPN data packet, the destination address of the VPN packet is the external address of the VPN gateway of Network 2;
-The VPN gateway of network 1 sends the VPN packet to the Internet. Because the destination address of the VPN packet is the external address of the VPN gateway of Network 2, therefore, this packet will be correctly sent to the VPN gateway of Network 2 by routes in the Internet;
-The VPN gateway of Network 2 is connected to the received data packet for inspection. If it is found that the data packet was sent from the VPN gateway of network 1, it can be determined that the data packet is a VPN data packet, and unpackage the data packet. The process of unpacking is to first strip the packet header of the VPN data packet, and then reverse process the load through the VPN technology to restore the original data packet;
-The VPN gateway of Network 2 sends the restored original data packet to the destination terminal. Because the destination address of the original data packet is the IP address of Terminal B, the data packet can be correctly sent to Terminal B. In the view of Terminal B, the packets it receives are the same directly from Terminal;
-The data packet processing process returned from Terminal B to Terminal A is the same as that described above, so that the terminals in the two networks can communicate with each other.
Through the above description, we can find that when the VPN gateway processes data packets, there are two parameters that are very important for VPN tunnel communication: the destination address of the original data packet (VPN destination address) and the remote VPN gateway address. Based on the destination address of the VPN, the VPN gateway can determine which packets need to be processed by the VPN. packets that do not need to be processed can usually be directly forwarded to the superior route; the Remote VPN gateway address specifies the destination address for sending the VPN packet after processing, that is, the VPN gateway address at the other end of the VPN tunnel. Because the network communication is bidirectional, the VPN gateway at both ends of the tunnel must know the VPN destination address and the corresponding remote VPN gateway address.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
