[dev] 啥是Virtual Private Network

 

先来读wiki：https://en.wikipedia.org/wiki/Virtual_private_network

摘要：

VPNs can be either remote-access (connecting a computer to a network) or site-to-site (connecting two networks). 

VPN systems may be classified by:

the tunneling protocol used to tunnel the traffic
the tunnel's termination point location, e.g., on the customer edge or network-provider edge
the type of topology of connections, such as site-to-site or network-to-network
the levels of security provided
the OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity
the number of simultaneous connections.

 

类型：

分类1：

　　customer provisioned VPN

　　provider provisioned VPN　　

　　　　C / CE / PE / P

分类2：

　　remote-access

　　site to site

 

VPN安全模块提供：

1.  传输加密

2.  终端验证

User-created remote-access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods. 
Network-to-network tunnels often use passwords or digital certificates. 
They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.

3. 信息效验，防篡改。

 

VPN协议：

1. IPsec

2. SSL/TLS

3. DTLS

4 MPPE

5. SSTP

6. MPVPN

7. SSH VPN.

 

其他：

hub and spoke: 

　　http://support.huawei.com/hedex/pages/EDOC1000032882DZC11191/03/EDOC1000032882DZC11191/03/resources/help/SemiXML(esight_V2R3C10_cd)/hlp/mplsvpn/itec_help_mplsvpn0036.html

什么是IPSec：

　　https://zh.wikipedia.org/wiki/IPsec

strongswan：IPsec的一个实现

　　https://www.strongswan.org/