How VPN works

. Usually ,VPN The gateway adopts dual network card structure , The external network card uses the public network IP Access Internet.

2. Network one ( Suppose it's a public network internet) Terminal A Visit network 2 ( Suppose it's the company intranet ) Terminal B, The destination address of the access packet is terminal B Internal IP Address .

3. The Internet is one of them VPN The gateway receives the terminal A Check the destination address of the sent access packet , If the destination address belongs to network two , Then encapsulate the packet , The way of encapsulation depends on the VPN Different technologies are different , meanwhile VPN The gateway will construct a new VPN Data packets , And the original package after encapsulation is regarded as VPN The load of the packet ,VPN The destination address of the packet is network 2 VPN The external address of the gateway .

4. The Internet is one of them VPN The gateway will VPN The packet is sent to Internet, because VPN The destination address of the packet is network 2 VPN The external address of the gateway , So the packet will be Internet The route in is correctly sent to network two VPN gateway   Network two's VPN The gateway checks the received packets , If it is found that the packet is from network one VPN From the gateway , It can be determined that the packet is VPN Data packets , And unpack the data package . The process of unpacking is to first VPN Packet header stripping , And then reverse the packet processing to restore the original packet .

5. Network two's VPN The gateway sends the restored original data packet to the target terminal B, Because the destination address of the original packet is the terminal B Of IP, So the packet can be correctly sent to the terminal B. At terminal B It seems , The packets it receives are the same as the packets it receives from the terminal A It's the same as the one sent directly .

6. From the terminal B Return to terminal A The process of packet processing is the same as above , In this way, the terminals in the two networks can communicate with each other .   From the above description, it can be found that , stay VPN When the gateway processes packets , There are two parameters for VPN Communication is very important ： The destination address of the original packet （VPN Destination address ） And remote VPN default gateway . according to VPN Destination address ,VPN The gateway can determine which packets are processed VPN Handle , For packets that do not need to be processed, they can be directly forwarded to the superior route ; long-range VPN The gateway address specifies the processed VPN The destination address of the packet , namely VPN The other end of the tunnel VPN default gateway . Because network communication is bidirectional , It's going on VPN Communication time , At both ends of the tunnel VPN Gateways have to know VPN The destination address and the corresponding remote VPN default gateway .