Forcing all mobile network traffic over a secure tunnel connection

摘要

A process is disclosed in which all network traffic between a mobile device and an untrusted network arriving before the establishment of a VPN tunnel are dropped in response to rules imposed by the mobile device's operating system. Once a VPN tunnel is established all communication from the mobile device is secured, without an intervention on the part of the user of the device. A device supporting such a process is also disclosed.

主权项

1. A method for a mobile device to communicate with a trusted remote host over an untrusted network, the method comprising:
sending and receiving communication packets between the mobile device and the trusted remote host over the untrusted network pursuant to controls of packet filtering at the kernel level of the operating system of the mobile device, sufficient to establish a virtual private network (VPN) connection; establishing, at the mobile device, a VPN connection with the trusted remote host, wherein the mobile device comprises a VPN handler that encrypts outbound network packets and decrypts inbound network packets to securely tunnel the network packets between the mobile device and the trusted remote host; rejecting, in response to controls of packet filtering at the kernel level, packet traffic over the untrusted network not associated with the establishment of the VPN connection, said rejection continuing until the VPN connection is established; following establishment of the VPN connection, receiving all packet traffic over the VPN connection; when the VPN connection disconnects or fails to connect, a browser program creates a set of network rules that enable user intervention which allows establishment of a secure tunnel that proceeds over the untrusted network between the mobile device and the trusted remote host; and wherein the network rules and the packet filtering are iptable rules of a Linux kernel.