Implementation of VPN-based dual-line access in XP vro

Based on the Implementation of VPN dual-line access in the XP soft router, we are very interested in the problem of VPN dual-line access. Before giving you a detailed description of how to implement VPN dual-line access, let's first understand the basic process of access cracking and then compare the advantages and disadvantages of the following methods.

Flexible multi-channel VPN dual-line access through soft Routing

As we all know, hardware routers and software routers can be used to achieve dual-line routing (ROS in Linux and Policy Routing in Windows), while hardware routers themselves are dedicated, so the cost is considered, its cpu is mostly 8-bit or 16-bit, and its cache is also several megabytes to dozens of megabytes.

The stability and performance of software routers, especially Windows 2003 soft routes, as long as they do a good job in anti-virus, hardware stability, and attack protection, are definitely not mentioned, especially their ability to process routing requests from large Internet cafes, it is much higher than Linux. VPN dual-line access Routing Server: It is set up in a dual-line environment to provide a local LAN dual-line single gateway for Internet access, and to provide remote VPN dialing with an Internet connection and an IPsec connection tunnel server.

Remote VPN Dial-Up Policy Routing: A Remote VPN dial-up machine uses a local gateway to access the Internet, and uses a policy route to borrow lines to achieve shared Internet access in the local LAN. These functions are more flexible than hardware VPN routers, and more suitable for using soft routes.

In addition, generally, the number of lines processed and the number of remote connections are limited when the hardware VPN dual-line access is implemented. For soft routes, as long as the machine can have N NICs, can realize the N-1 route too much also does not use), the number of connected users can be much larger than the limit of the hardware router.

How can I achieve dual-line VPN dual-line access through soft routing?

The following describes the implementation of each soft route in Windows2003: Dual-network routing: It is relatively simple to implement. Three NICs are used, each of which occupies one network card and the other is used as an intranet interface. NAT is used first, and the Internet, such as the Netcom interface, is used as the Internet egress.

Set the IP address, DNS, and gateway of the Netcom interface, set only the IP address and DNS for the Intranet interface, and then set the telecom interface to multiple NAT (over loading NAT), so that there are two internet outlets, in this case, you also need to set a policy route by adding a static route table and a telecom route table to allow China Telecom to go through the telecom interface. China Telecom can go through the Netcom interface and only add China Telecom. In this way, the dual-network routing is implemented.

VPN dual-network routing: Based on the above method, you only need to establish a NAT route with a VPN, then assign the user name and password to the remote VPN, and specify whether the remote IP address uses a dynamic or static IP address, A dynamic range should be provided. It is best to keep the subnet away from the subnet of the remote network. You can use 10.0.X.X or 192.168.X.X. do not duplicate the network hosts next to it. Static IP addresses are used to prevent multiple logins with the same user name. Achieve dual-line routing. It also uses three NICs.

Remote VPN dual-line access Dial-Up Policy Routing: it is used to establish a tunnel with the VPN Server and send requests from other first-line networks of a single-line Internet cafe to the VPN Server through the tunnel, dual-line access to the Internet through the VPN Server line, also achieve dual-line policy routing. NAT is also used to provide Internet access for machines on the local LAN. Two NICs are used. NAT settings are similar to the setting method of a Single-network NAT soft route, and there is a policy route and VPN dial-up connection.