Shulou(Shulou.com)06/02 Report--

I haven't written a blog for a long time, yes, I was dragged to do outsourcing again, not much BB, directly on practical information. Maybe you need an interview.

Openvxn is different from traditional vxn, it works in IP layer. OpenVxN is an open source VxN software based on SSL. It realizes the purpose of using SSL to ensure the security of network communication, and avoids the deficiency that traditional SSL VxN only provides simple Web applications. It supports a variety of application protocols, Windows,Linux,BSD,MAC OS and other multi-platform characteristics.

Environment description

An is the client 192.168.1.2

B for server 10.0.0.2, push "redirect-gateway def1 bypass-dhcp" has been added to the configuration file to send all client traffic to openvxn. Disadvantages: it needs to be implemented with the configuration redirect-gateway def1 on the client, but if sometimes the client needs normal Internet access, it may be affected.

After dialing, the corresponding virtual network card tun/tap is generated according to the tun/tap specified in the configuration ovxn. The function of the virtual network card is that the openvxn program can quickly interact with the data packet through the tun/tap virtual device.

Here are the principles of sending and receiving

Send:

A goes to an address of B, which is assumed to be 10.0.0.3. After dialing, A gets a route to the 10.0.0.0max 8 network segment, that is, to the next hop of the 10.0.0.0max 8 network segment. Theoretically, A does two things. The first point is that A determines whether the destination IP address of the packet belongs to its own network segment, or to other addresses in the routing table. Then forward it according to the routing table. The second point is that A determines that it is destined for the server network segment, sends all the packets to the tun/tap network card, and then notifies the openvxn application through the network card to call the write function and ssl encryption and encapsulation, and takes the real destination ip address (for example, the destination address is 10.0.0.3) and the data packet as data, and sets the destination ip address as the external network ip address of the openvxn server on the outermost, and then forwards it to the external network card eth2 or eth0. It is sent to the server via internet.

Receive:

After receiving the data packet, the openvxn server determines that it is the vxn data packet according to the outside encryption algorithm, and sends it to the tun/tap network card again. The tun/tap network card notifies the openvxn application program, calls the read function and ssl to decrypt the data and peel off the packet header, and exposes the actual target ip address. At this time, the packet goes to the determined target 10.0.0.3 address according to the routing table of the vxn server.

Flow chart of tun mode under openvxn:

Reference: https://www.jianshu.com/p/09f9375b7fa7

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.