The function of VPN is to establish a private network on the public network for encrypted communication. Generally, the VPN gateway adopts a dual network card structure, and the external network card uses public network IP to access the Internet.
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
How Internet VPN works
1. How Internet VPN works
The function of virtual private network (VPN) is to establish a private network on the
public network for encrypted communication. It is widely used in enterprise network.
VPN gateway realizes remote access by encrypting data packet and converting data
packet target address. VPN can be realized by server, hardware, software and other
means.
VPN belongs to remote access technology. In short, it is to use public network to set
up private network. For example, when an employee of a company is on a business
trip, he wants to access the server resources of the enterprise intranet. This access
belongs to remote access.
How VPN works
Generally, the VPN gateway adopts a dual network card structure, and the external
network card uses public network IP to access the Internet.
Terminal a of network 1 (assumed to be the public Internet) accesses terminal B of
network 2 (assumed to be the corporate intranet), and the destination address of the
access packet sent by it is the internal IP address of terminal B.
When receiving the access data packet sent by terminal a, the VPN gateway of
network 1 checks its target address. If the target address belongs to the address of
network 2, the data packet is encapsulated in different ways according to the VPN
technology adopted. At the same time, the VPN gateway will construct a new VPN
data packet and take the encapsulated original data packet as the load of VPN data
packet, The destination address of VPN packet is the external address of VPN
gateway of network 2.
The VPN gateway of network 1 sends the VPN packet to the Internet. Since the target
address of the VPN packet is the external address of the VPN gateway of network 2,
the packet will be correctly sent to the VPN gateway of network 2 by the route in the
Internet.
The VPN gateway of network 2 checks the received data packet. If it is found that the
data packet is sent from the VPN gateway of network 1, it can determine that the
data packet is a VPN data packet, and unpack the data packet. The unpacking process
is mainly to peel off the packet header of VPN packet, and then reverse process and
restore the packet to the original packet.
The VPN gateway of network 2 sends the restored original data packet to the target
terminal B. since the target address of the original data packet is the IP of terminal B,
the data packet can be correctly sent to terminal B. In the view of terminal B, the
data packets it receives are the same as those sent directly from terminal a.
The packet processing process from terminal B to terminal A is the same as the
above process, so that the terminals in the two networks can communicate with
each other
Through the above description, it can be found that two parameters are very
2. important for VPN communication when the VPN gateway processes data packets:
the target address of the original data packet (VPN target address) and the remote
VPN gateway address. According to the VPN target address, the VPN gateway can
judge which data packets are processed by VPN. Generally, the data packets that do
not need to be processed can be directly forwarded to the superior route; The
remote VPN gateway address specifies the destination address of the processed VPN
packet, that is, the VPN gateway address at the other end of the VPN tunnel. Because
the network communication is bidirectional, during VPN communication, the VPN
gateways at both ends of the tunnel must know the VPN target address and the
corresponding remote VPN gateway address.
Visit E-Lins Technology for more information.