Gateway device for terminating a large volume of VPN connections

摘要

A VPN gateway device is able to assign, manage, and terminate a large volume of connections from apps executing on devices, enabling a large scale per-app VPN mobile environment. When a mobile device user opens an app on a mobile device, a VPN gateway transmits a unique IP address to the app. The gateway also transmits an app federation cookie to the app. The app shares the app federation cookie with a second app. The VPN gateway then assigns the second app the same unique IP address. The gateway then transmits a range of ports to the first app. The app uses a port in the range of ports for data transmission from the device to the VPN gateway. The gateway receives a data transmission from the first app via a VPN and determines that the data transmission originated from the first app based on the source port.

主权项

1. A method of communicating through a virtual private network (VPN) tunnel between a first application (app) on a device and a VPN gateway, the method comprising:
transmitting an internally unique internet protocol (IP) address from the VPN gateway to the first app; transmitting an app federation cookie from the VPN gateway to the first app after determining that the first app is in a federation of wrapped apps on the device; sharing the app federation cookie with a second app in the federation of wrapped apps; assigning the second app the same internally unique IP address; transmitting a first range of ports to the first app, wherein the first app uses a port in the first port range as a source port for data transmission from the first app to the VPN gateway, wherein the first port range comprises a plurality of ports not included in a second port range transmitted to the second app having the same internally unique IP address as the first app; receiving, at the VPN gateway, a data transmission from the first app; and determining, at the VPN gateway, that the data transmission originated from the first app based on the source port.