Flexible automated connection to virtual private networks

Abstract

A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.

Description

RELATED APPLICATIONS [0001] The present application is related to concurrently filed non-provisional application by the applicants of the present application, which related application is entitled System for Automated Connection to Virtual Private Networks, and is assigned to the assignee of the present invention, and which related application is hereby incorporated by reference as if set forth in its entirety herein. FIELD OF THE INVENTION [0002] The present invention relates to data networks, and, more particularly, to automated access to data networks. Still more particularly, the present invention relates to flexible automated access to virtual private networks based on selectable access criteria. BACKGROUND OF THE INVENTION [0003] Recent years have witnessed a surge in popularity of the Internet. Access and increased use by home users, small businesses, large corporations, universities and government agencies continues to increase at a rapid rate. [0004] Generally speaking, the...

AI Technical Summary

Benefits of technology

[0027] Advantageously, illustrative embodiments of the present inventive network interface unit present a uniform graphical user interface (GUI) for pre-specifying desired types of connections, ISP information and target VPNs. Moreover, using other aspects of the GUI, a user's client machine is quickly and efficiently configured to establish the desired secure tunnel to the target VPN, with the user experiencing a uniform interface for a variety of access circumstances..

[0028] It proves advantageous in some illustrative embo

Problems solved by technology

The two keys are formed such that it is not feasible to generate the decryption key from the encryption key.

Many of the integrity and privacy safeguards long employed in private networks have not always been available in networks involving at least some public network links.

Existing systems that connect local-area networks (LANs) fail to provide a tunnel that can perform authorization for a node that must dynamically allocate its network layer address.

This is especially problematic for a user wishing to establish a tunnel in a mobile computing environment for which an ISP allocates a dynamic IP address.

Despite growing experience with connecting computers or local networks to other networks, including the Internet, many users experience difficulties in establishing reliable, secure connections under a variety of circumstances.

Such difficulties arise, in part, because many configuration variables must be taken into accoun

Images