Data transmission method, system, and apparatus

摘要

A data transmission method is applied in a virtual private network (VPN) and includes: querying, by an initiating client, a VPN server for external network Internet Protocol (IP) addresses of the initiating client and a responding client; performing, by the initiating client, key negotiation with the responding client through the VPN server; after the key negotiation is completed, writing, by the initiating client, the external network IP address of the initiating client into a source address field of a to-be-sent User Datagram Protocol (UDP) packet, writing the external network IP address of the responding client into a destination address field of the to-be-sent UDP packet, and encrypting the to-be-sent UDP packet according to a key obtained through the negotiation; and sending, by the initiating client, an encrypted UDP packet to the responding client, and performing packet interaction with the responding client directly.

主权项

1. A data transmission method implmented by an initiating client and applied in a virtual private network (VPN), comprising:
querying a VPN server for external network Internet Protocol (IP) addresses of the initiating client and a responding client; performing key negotiation with the responding client through the VPN server; writing the external network IP address of the initiating client into a source address field of a user datagram protocol (UDP) packet after the key negotiation is completed, wherein the UDP packet is generated by the initiating client; writing the external network IP address of the responding client into a destination address field of the UDP packet; encrypting the UDP packet according to a key obtained through the key negotiation to obtain an encrypted UDP packet; sending, the encrypted UDP packet to the responding client; and performing packet interaction with the responding client directly, wherein performing the key negotiation with the responding client through the VPN server comprises:
sending a probe message to the responding client through the VPN server;receiving a certification request message that is sent from the responding client and that is forwarded by the VPN server, wherein the certification request message is sent by the responding client after the probe message is received, and wherein the certification request message carries a public key of the responding client;extracting the public key of the responding client from the certification request message as the key obtained through on the key negotiation;performing identity certification on the public key of the responding client through a third-party certification server;sending a certification verification message to the responding client through the VPN server after the certification succeeds, wherein the certification verification message carries a public key of the initiating client;sending a negotiation finish message to the responding client through the VAN server;determining that the key negotiation is completed after receiving a negotiation finish acknowledgment message that is from the responding client and is forwarded by the VPN server; anddetermining that the key negotiation fails when the initiating client does not receive the certification verification message or the key negotiation finish acknowledgment message.