Optimizing connections over virtual private networks
First Claim
1. A system for providing a virtual private network (VPN), the system comprising:
- a routing apparatus on a public network, the routing apparatus configured to accept a first connection with a client on the VPN and a second connection with a VPN gateway behind a firewall in a private network extended by the VPN; and
the VPN gateway configured to establish the second connection with the routing apparatus, receive a set of packets from a host device of the private network, encrypt the set of packets using a shared secret between the client on the public network and the VPN gateway behind the firewall on the private network, insert a destination identifier of the client on the public network, and route the encrypted set of packets having the destination identifier of the client to the routing apparatus via the second connection;
wherein secure access to private resources of the host device behind the firewall of the private network is extended from behind the firewall to the client on the public network and beyond the firewall by the VPN that includes the VPN gateway behind the firewall on the private network and the routing apparatus on the public network;
wherein the VPN is extended to the client by the routing apparatus via the public network without requiring the client to install VPN software;
wherein the transmission of the packets is associated with at least one of;
omitting a three-way handshake between the client and the host device;
bypassing checksums on the sets of packets;
setting a maximum transmission unit (MTU) associated with transmission of the set of packets; and
setting a receive window associated with transmission of the set of packets.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that provides a virtual private network (VPN). The system includes a routing apparatus on a public network. The routing apparatus accepts a first connection with a client on the VPN and a second connection with a gateway in a private network extended by the VPN. Next, the routing apparatus receives a first set of packets from the client over the first connection, wherein the first set of packets is encrypted. The routing apparatus then routes the first set of packets to the gateway. The system also includes the gateway, which establishes the second connection with the routing apparatus. Next, the gateway decrypts the first set of packets and routes the decrypted first set of packets to a host in the private network.
-
Citations
16 Claims
-
1. A system for providing a virtual private network (VPN), the system comprising:
-
a routing apparatus on a public network, the routing apparatus configured to accept a first connection with a client on the VPN and a second connection with a VPN gateway behind a firewall in a private network extended by the VPN; and the VPN gateway configured to establish the second connection with the routing apparatus, receive a set of packets from a host device of the private network, encrypt the set of packets using a shared secret between the client on the public network and the VPN gateway behind the firewall on the private network, insert a destination identifier of the client on the public network, and route the encrypted set of packets having the destination identifier of the client to the routing apparatus via the second connection; wherein secure access to private resources of the host device behind the firewall of the private network is extended from behind the firewall to the client on the public network and beyond the firewall by the VPN that includes the VPN gateway behind the firewall on the private network and the routing apparatus on the public network; wherein the VPN is extended to the client by the routing apparatus via the public network without requiring the client to install VPN software; wherein the transmission of the packets is associated with at least one of; omitting a three-way handshake between the client and the host device; bypassing checksums on the sets of packets; setting a maximum transmission unit (MTU) associated with transmission of the set of packets; and setting a receive window associated with transmission of the set of packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for facilitating use of a virtual private network (VPN), the computer-implemented method comprising:
-
establishing a connection between a routing apparatus on a public network and a VPN gateway behind a firewall in a private network extended by the VPN; receiving, by the VPN gateway, a set of packets from a host device of the private network, encrypting, by the VPN gateway, the set of packets using a shared secret that is unknown to the routing apparatus and shared between a client on the public network and the VPN gateway that is behind the firewall of the private network, and inserting, by the VPN gateway, a destination identifier of the client on the public network; and transmitting, by the VPN gateway, the set of packets having the destination identifier of the client to the routing apparatus; wherein secure access to private resources of the host device behind the firewall of the private network is extended from behind the firewall to the client on the public network and beyond the firewall by the VPN that includes the VPN gateway behind the firewall on the private network and the routing apparatus on the public network; wherein the VPN is extended to the client by the routing apparatus via the public network without requiring the client to install VPN software; wherein the transmission of the set of packets is associated with at least one of; omitting a three-way handshake between the client and the host device; bypassing checksums on the sets of packets; setting a maximum transmission unit (MTU) associated with transmission of the set of packets; and setting a receive window associated with transmission of the set of packets. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating use of a virtual private network (VPN), the method comprising:
-
establishing a connection between a routing apparatus on a public network and a VPN gateway behind a firewall in a private network extended by the VPN; receiving, by the VPN gateway, a set of packets from a host device of the private network, encrypting, by the VPN gateway, the set of packets using a shared secret that is unknown to the routing apparatus and shared between a client on the public network and the VPN gateway that is behind the firewall of the private network, and inserting, by the VPN gateway, a destination identifier of the client on the public network; and transmitting, by the VPN gateway, the set of packets having the destination identifier of the client to the routing apparatus; wherein secure access to private resources of the host device behind the firewall of the private network is extended from behind the firewall to the client on the public network and beyond the firewall by the VPN that includes the VPN gateway behind the firewall on the private network and the routing apparatus on the public network; wherein the VPN is extended to the client by the routing apparatus via the public network without requiring the client to install VPN software; wherein the transmission of the set of packets is associated with at least one of; omitting a three-way handshake between the client and the host device; bypassing checksums on the sets of packets; setting a maximum transmission unit (MTU) associated with transmission of the set of packets; and setting a receive window associated with transmission of the set of packets. - View Dependent Claims (15, 16)
-
Specification