发明名称 |
Method and system for VPN isolation using network namespaces |
摘要 |
One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. |
申请公布号 |
US9253309(B2) |
申请公布日期 |
2016.02.02 |
申请号 |
US201414513783 |
申请日期 |
2014.10.14 |
申请人 |
VMWARE, INC. |
发明人 |
Fainkichen Alexander;Newell Craig |
分类号 |
G06F21/00;H04M1/725;C09J7/04;B32B37/16;H04W12/06;H04W12/08;H04W4/00;H04L29/06;G06F9/445;G06F9/455;G06F3/0482;G06F3/0484 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
1. A computer executable method for providing exclusive access to a virtual private network (VPN) connection to an authorized application, comprising:
creating a unique network namespace of a host system; placing a virtual device associated with the VPN connection into the unique network namespace; placing at least one socket for the authorized application into the unique network namespace; and precluding all unauthorized applications on the host system from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. |
地址 |
Palo Alto CA US |