Use of virtual network interfaces and a websocket based transport mechanism to realize secure node-to-site and site-to-site virtual private network solutions

摘要

Techniques are provided herein for enabling a virtual private network (VPN) using a bidirectional, full duplex transport channel configured to send and receive application layer data packets. At a source network device that hosts a VPN client, the VPN client is configured with a bidirectional, full duplex transport channel that is configured to send and receive Open Systems Interconnection application layer data packets. The VPN client is also configured with a virtual network interface that operates to virtually link the VPN client with the transport channel.

主权项

1. A method comprising:
at a source network device that hosts a virtual private network client, configuring, via a processor, the virtual private network client to interface with a bidirectional, full duplex, Open Systems Interconnection application layer communications transport channel, wherein the transport channel is configured to send and receive Open Systems Interconnection application layer protocol packets; configuring, via the processor, the virtual private network client with a virtual network interface that operates to virtually link the virtual private network client with the transport channel; encapsulating, at the Open Systems Interconnection application layer level, the Open Systems Interconnection application layer packets with virtual private network encapsulation; and sending the encapsulated application layer protocol packets over the transport channel via the virtual network interface.