Method and system for VPN isolation using network namespaces
First Claim
1. A computer executable method for providing exclusive access to a virtual private network (VPN) connection to an authorized application, comprising:
- creating a unique network namespace of a host system;
placing a virtual device associated with the VPN connection into the unique network namespace;
placing at least one socket for the authorized application into the unique network namespace; and
precluding all unauthorized applications on the host system from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application.
-
Citations
20 Claims
-
1. A computer executable method for providing exclusive access to a virtual private network (VPN) connection to an authorized application, comprising:
-
creating a unique network namespace of a host system; placing a virtual device associated with the VPN connection into the unique network namespace; placing at least one socket for the authorized application into the unique network namespace; and precluding all unauthorized applications on the host system from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer readable non-transitory storage medium storing instructions which when executed by a computer cause the computer to perform a method, the method comprising:
-
creating a unique network namespace of a host system on the computer; placing a virtual device associated with the VPN connection into the unique network namespace; placing at least one socket for the authorized application into the unique network namespace; and precluding all unauthorized applications on the host system from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computing system for providing exclusive access to a virtual private network (VPN) connection to an authorized application, comprising:
-
a network namespace creation mechanism configured to create a unique network namespace of a host system; a connectivity service configured to place a virtual device associated with the VPN connection into the unique network namespace; and a socket management mechanism configured to place at least one socket for the authorized application into the unique network namespace; wherein all unauthorized applications on the host system are precluded from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. - View Dependent Claims (17, 18, 19, 20)
-
Specification