VIRTUAL PRIVATE NETWORK SYSTEM AND NETWORK DEVICE THEREOF
First Claim
1. A virtual private network (VPN) system, comprising:
- a first network device, configured for providing an encrypted connection setup request message, wherein the encrypted connection setup request message comprises an authentication information; and
a second network device, connected to the first network device through an Internet, configured for receiving the encrypted connection setup request message and forwarding the authentication information to an authentication server to perform a first authentication process and determines whether the first network device is authorized,wherein if the first network device is authorized, the second network device and the first network device directly exchange a set of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection between the first network device and the second network device.
1 Assignment
0 Petitions
Accused Products
Abstract
A virtual private network (VPN) system and a network device thereof are provided. The VPN system includes a first network device, a second network device, and an authentication server. The first network device provides an encrypted connection setup request message containing an authentication information to the second network device. The second network device receives the encrypted connection setup request message and forwards the authentication information to the authentication server to perform a first authentication process, so as to determine whether the first network device is authorized. If the first network device is authorized, the first network device and the second network device directly exchange a set of VPN arguments and perform a second authentication process through the exchange of the VPN arguments, so as to establish an IPSec VPN connection between the first network device and the second network device.
38 Citations
23 Claims
-
1. A virtual private network (VPN) system, comprising:
-
a first network device, configured for providing an encrypted connection setup request message, wherein the encrypted connection setup request message comprises an authentication information; and a second network device, connected to the first network device through an Internet, configured for receiving the encrypted connection setup request message and forwarding the authentication information to an authentication server to perform a first authentication process and determines whether the first network device is authorized, wherein if the first network device is authorized, the second network device and the first network device directly exchange a set of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection between the first network device and the second network device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network device, for establishing a VPN connection with another network device, the network device comprising:
-
a network interface, configured for connecting to an Internet; and a memory module, comprising; a connection processing module, coupled to the network interface, configured for receiving an encrypted connection setup request message from a client device and forwarding the encrypted connection setup request message to an authentication server to perform a first authentication process and determine whether the client device is authorized, wherein the encrypted connection setup request message comprises an authentication information; a argument generation module, coupled to the connection processing module, configured for generating a plurality of VPN arguments, wherein the VPN arguments comprise a pre-shared key; and a processor module, coupled to the network interface and the memory module, configured for executing the argument generation module and the connection processing module and controlling the network interface and the memory module, wherein if the client device is authorized, the network device and the client device directly exchange a plurality of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A network device, for establishing a VPN connection with another network device, the network device comprising:
-
a network interface, configured for connecting to an Internet; and a memory module, comprising; a user interface module, coupled to the network interface, configured for receiving an authentication information and a server address from a user, and generating a connection setup request message and sending an encrypted connection setup request message to a server according to the server address, wherein the server forwards the encrypted connection setup request message to an authentication server to perform a first authentication process and determine whether the network device is authorized, wherein the encrypted connection setup request message comprises the authentication information; an encryption module, coupled to the user interface module, configured for encrypting the connection setup request message into the encrypted connection setup request message; a processor module, coupled to the network interface and the memory module, configured for executing the user interface module and the encryption module and controlling the network interface and the memory module, wherein if the network device is authorized, the another network device and the network device directly exchange a plurality of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection between the another network device and the network device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification