解决方案
SSLVPN 是以 SSL 协议为安全基础的 VPN 远程接入技术,移动办公人员 (在ssL VPN中被称为远程用户) 使用 SSL VPN 可以安全、方便的接入企业内网,访问企业内网资源,提高工作效率。
原理简述
我们未深入研究,但是根据我们的理解:SSL VPN 更像是个代理服务(远程用户终端上无需安装额外的客户端软件,直接使用Web浏览器就可以安全),而传统 VPN 能够直接接入企业网络。
特性特征
SSLVPN 采用 B/S 架构设计,远程用户终端上无需安装额外的客户端软件,直接使用Web浏览器就可以安全、快捷的访问企业内网资源。
可以根据远程用户访问内网资源类型的不同,对其访问权限进行高细粒度控制。
支持灵活的身份验证机制。
主机检查策略可以检查远程用户终端的操作系统、端口、进程以及杀毒软件等是否符合安全要求,并且还具备防跳转、防截屏的能力,消除了潜藏在远程用户终端上的安全隐患。
OpenVPN
Most SSL-based VPNs use the same network protocol as is used for secure website (HTTPS), while OpenVPN uses a custom format for encrypting and signing data traffic. This is the main reason why OpenVPN is listed as a separate VPN category.
OpenVPN is often called an SSL-based VPN, as it uses the SSL/TLS protocol to secure the connection. However, OpenVPN also uses HMAC in combination with a digest (or hashing) algorithm for ensuring the integrity of the packets delivered. It can be configured to use pre-shared keys as well as X.509 certificates. These features are not typically offered by other SSL-based VPNs.
The OpenVPN protocol is not defined in an RFC standard, but the protocol is publicly available because OpenVPN is a piece of open source software.
相关链接
VPN三种协议PPTP、L2TP、OpenVPN对比
OpenVPN项目首页
基于Docker搭建企业级Openvpn专有网络
参考文献