Establishing an IPsec (internet protocol security) VPN (virtual private network) tunnel

摘要

Systems, methods and apparatuses of establishing an IPsec (Internet Protocol Security) VPN (Virtual Private Network) tunnel are disclosed. One method includes receiving, by a wireless mesh network access point, a user configuration, wherein the user configuration includes a type of traffic, determining an internal interface of the wireless mesh network access node based on the type of traffic, dynamically determining a local endpoint address for the IPsec VPN tunnel based on the selected internal interface, and establishing the IPsec VPN tunnel through the selected internal interface of the wireless mesh network access node.

主权项

1. A method of establishing an IPsec (Internet Protocol Security) VPN (Virtual Private Network) tunnel, comprising:
receiving, by an access node of a wireless mesh network, a user configuration, wherein the user configuration includes a type of traffic; determining an internal interface of the access node based on the type of traffic from at least one physical interface or at least one logical interface, wherein if the type of traffic includes IP traffic, then one of the at least one physical interface is selected, and if the type of traffic includes non-IP traffic, then one of the at least one logical interface is selected, wherein determining at least one logical interface for non-IP traffic includes creating the at least one logical interface with an IP address for encapsulating non-IP packets into IP packets, and communicating the IP address to a remote VPN device; dynamically determining a local endpoint address for the IPsec VPN tunnel based on whether the selected internal interface is the one of the at least one physical interfaces, the one of the at least one logical interfaces, and whether another IPSec VPN tunnel is already utilizing the selected internal interface; establishing the IPsec VPN tunnel through the selected internal interface of the wireless mesh network access node using the selected local endpoint address; and de-advertising a route for the IP address in the wireless mesh network if the IP address was previously advertised, thereby preventing the IP address from being accessed directly without going through the IPsec VPN tunnel.