[dev] 啥是Virtual Private Network

先来读wiki:https://en.wikipedia.org/wiki/Virtual_private_network

摘要:

VPNs can be either remote-access (connecting a computer to a network) or site-to-site (connecting two networks). 
VPN systems may be classified by:

the tunneling protocol used to tunnel the traffic
the tunnel's termination point location, e.g., on the customer edge or network-provider edge
the type of topology of connections, such as site-to-site or network-to-network
the levels of security provided
the OSI layer they present to the connecting network, such as Layer circuits or Layer network connectivity
the number of simultaneous connections.

类型:

分类1:

  customer provisioned VPN

  provider provisioned VPN  

    C / CE / PE / P

分类2:

  remote-access

  site to site

VPN安全模块提供:

1.  传输加密

2.  终端验证

User-created remote-access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods.
Network-to-network tunnels often use passwords or digital certificates.
They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.

3. 信息效验,防篡改。

VPN协议:

1. IPsec

2. SSL/TLS

3. DTLS

4 MPPE

5. SSTP

6. MPVPN

7. SSH VPN.

其他:

hub and spoke:

  http://support.huawei.com/hedex/pages/EDOC1000032882DZC11191/03/EDOC1000032882DZC11191/03/resources/help/SemiXML(esight_V2R3C10_cd)/hlp/mplsvpn/itec_help_mplsvpn0036.html

什么是IPSec:

  https://zh.wikipedia.org/wiki/IPsec

strongswan:IPsec的一个实现

  https://www.strongswan.org/

上一篇:虚拟私有云(Virtual Private Cloud,专有网络)配置方式总结


下一篇:我在Fackbook的这三年[转]