1 Introduction
With the enlargement of the scale of university running, the new (sub) campus spread to the wireless network construction and management put forward higher requirements. VPN technology can not only build a unified wireless network management platform, but also improve the security of wireless campus network.
2 VPN Overview
VPN (Virtual private network) is the use of tunneling technology and encryption, identity authentication and other methods to build a private network on the public network, data through a secure "encrypted pipeline" in the public network spread. A VPN is not a proprietary closed line for a unit or a closed line leased by a network service provider. The VPN has the special line data transmission function, according to the user's identity and the authority, directly will user access should contact information.
By adopting the "tunneling" technology, VPN uses the IPSec standard established by the IETF to form a secure, confidential and smooth dedicated link in the public network.
At present, VPN mainly uses 4 technology to guarantee security, namely: tunneling Technology (tunneling), encryption and decryption technology (encryption&decryption), Key management technology (key Management), user and Equipment identity authentication technology ( Authentication). At present, many colleges and universities are far away from the campus, the use of physical circuits for network interconnection cost is high, the use of VPN technology to build a unified network management Wireless Campus network is a low-cost and safe method.
3 VPN Key Technology
3.1 Tunnel Technology
Tunnel (tunneling) technology is a key technology to build a VPN, in the public network to establish a data channel (tunnel), the main use of Network Tunneling Protocol, so that packets in this tunnel transmission. There are two types of tunneling protocols: The second-level tunneling protocol, which is used to transmit two-layer network protocols; Third-tier tunneling protocol for transmission of a third-tier network protocol. The third Layer Tunneling protocol mainly includes the GRE (Gre,generic Routing encapsulation,rfc1701) protocol [2] and the IETF IPSec protocol.
3.1.1 Second-tier tunneling protocol
The second Layer Tunneling Protocol encapsulates various network protocols into PPP, and then wraps the whole data into the tunneling protocol, and the data packets formed by the Double-layer encapsulation method are transmitted by the second Layer protocol.
The second-tier tunneling Protocol has L2F (layer2forwarding, two-layer forwarding protocol), PPTP (point to Point Tunneling Protocol, Point-to-Point Tunneling Protocol), L2TP (Layer 2TunnelingProtocol, Two-tier tunneling protocol). The L2TP protocol is the current IETF standard, which is formed by the IETF Fusion PPTP and L2F.
3.1.2 GRE
The third Layer Tunneling protocol is to load all kinds of network protocols into the tunneling Protocol, and the data packets formed depend on the third layer protocol for transmission.
Generic Routing Encapsulation Gre[3] (Generic Routing encapsulation) encapsulates data from certain network layer protocols, such as IP, IPX, enabling encapsulated packets to be transmitted in another network layer protocol. The GRE is the third Layer Tunneling protocol of VPN, and the Tunnel (tunneling) technology is adopted between the protocol layers.
Tunnel is a virtual point-to-point connection that provides a path through which encapsulated packets can be transmitted on this path, and packages are encapsulated and encapsulated in a tunnel at both ends. When the router receives an original data message (Payload) that needs to be encapsulated and routed, it is encapsulated in the GRE message by the GRE and then encapsulated in the IP protocol, where the IP layer is responsible for forwarding the message.
GRE can mainly provide the following services:
① Multi-Protocol, multi-service local network transmission through a single backbone network;
② expands the range of applications including the step-hop Limit Protocol (RIP);
③ connect the subnets that cannot be contiguous to build a VPN.