[go: up one dir, main page]

CN114553636A - A method and system for actively accessing a local area network through a relay LNS - Google Patents

A method and system for actively accessing a local area network through a relay LNS Download PDF

Info

Publication number
CN114553636A
CN114553636A CN202210154492.4A CN202210154492A CN114553636A CN 114553636 A CN114553636 A CN 114553636A CN 202210154492 A CN202210154492 A CN 202210154492A CN 114553636 A CN114553636 A CN 114553636A
Authority
CN
China
Prior art keywords
lns
relay
area network
local area
l2tp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210154492.4A
Other languages
Chinese (zh)
Other versions
CN114553636B (en
Inventor
袁磊
张德浩
李振方
解德义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Second Machine Tool Group Dezhou Industrial Park Co ltd
Original Assignee
Shandong Metalist Heavy Machinery Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Metalist Heavy Machinery Co ltd filed Critical Shandong Metalist Heavy Machinery Co ltd
Priority to CN202210154492.4A priority Critical patent/CN114553636B/en
Publication of CN114553636A publication Critical patent/CN114553636A/en
Application granted granted Critical
Publication of CN114553636B publication Critical patent/CN114553636B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method and a system for actively accessing a local area network through a relay LNS, wherein the method comprises the following steps: configuring first information communicated with a remote terminal on a relay LNS, configuring first static routing information communicated with a local area network by the remote terminal, generating a host routing communicated with the remote terminal by the relay LNS, and acquiring a first static routing from the remote terminal to the local area network; configuring second information communicated with the L2TP access concentrator on the relay LNS, and configuring second static routing information from the relay LNS to the local area network; and the L2TP access concentrator is accessed into the local area network, and the L2TP access concentrator establishes communication connection with the relay LNS through automatic dialing, so that the remote terminal can actively access the local area network through the relay LNS. Based on the method, the invention also provides a system for actively accessing the local area network through the relay LNS, and the invention gets rid of the function and authority limitation of the existing gateway and flexibly solves the problem of actively accessing the local area network.

Description

一种通过中继LNS主动访问局域网的方法和系统A method and system for actively accessing a local area network through a relay LNS

技术领域technical field

本发明属于通信技术领域,特别涉及一种通过中继LNS主动访问局域网的方法和系统。The invention belongs to the technical field of communication, and in particular relates to a method and system for actively accessing a local area network through a relay LNS.

背景技术Background technique

日常工作中经常需要远程调试、控制局域网设备;局域网一般通过NAT网关接入Internet,虽然NAT网关将局域网接入了Internet,却使局域网失去了端到端特性,造成远程用户无法主动访问局域网。其中NAT网关即网络地址转换设备。In daily work, it is often necessary to remotely debug and control LAN devices. The LAN is usually connected to the Internet through a NAT gateway. Although the NAT gateway connects the LAN to the Internet, it loses the end-to-end feature of the LAN and prevents remote users from actively accessing the LAN. The NAT gateway is a network address translation device.

如图1为现有技术中传统组网连接示意图,可通过NAT网关提供的VPN、NAT Server等功能远程主动访问局域网,但此方式受限于网关是否具备、开放上述功能;购买第三方远程服务,同样能实现远程访问,但会造成一定成本压力。其中,VPN为使企业能在价格低廉的共享基础设施上以与专用网络提供的相同策略建立一种安全的WAN(广域网)业务。Figure 1 is a schematic diagram of traditional networking connections in the prior art. You can actively access the local area network remotely through functions such as VPN and NAT Server provided by the NAT gateway, but this method is limited by whether the gateway has and opens the above functions; purchase third-party remote services , it can also achieve remote access, but it will cause certain cost pressure. Among them, VPN is to enable enterprises to establish a secure WAN (Wide Area Network) service on an inexpensive shared infrastructure with the same strategy as that provided by private networks.

发明内容SUMMARY OF THE INVENTION

为了解决上述技术问题,本发明提出了一种通过中继LNS主动访问局域网的方法和系统。通过L2TP网络服务器,提供了一种配置简单、调整灵活、移植性强、性价比高的远程访问技术方案,实现了主动访问局域网。In order to solve the above technical problems, the present invention proposes a method and system for actively accessing a local area network through a relay LNS. Through the L2TP network server, a remote access technical solution with simple configuration, flexible adjustment, strong portability and high cost performance is provided, which realizes active access to the local area network.

为实现上述目的,本发明采用以下技术方案:To achieve the above object, the present invention adopts the following technical solutions:

一种通过中继LNS主动访问局域网的方法,包括以下步骤:A method for actively accessing a local area network through a relay LNS, comprising the following steps:

在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息,中继LNS生成与远程终端通信的主机路由,且远程终端获得至局域网的第一静态路由;First information for communicating with the remote terminal is configured on the relay LNS, and first static routing information for the remote terminal communicating with the local area network is configured, the relay LNS generates the host route for communicating with the remote terminal, and the remote terminal obtains the first information to the local area network. static routing;

在中继LNS上配置与L2TP访问集中器通信的第二信息,配置中继LNS至局域网的第二静态路由信息;Configure the second information communicated with the L2TP access concentrator on the relay LNS, and configure the second static route information from the relay LNS to the local area network;

将L2TP访问集中器接入局域网,所述L2TP访问集中器通过自动拨号与中继LNS建立通信连接,实现远程终端通过中继LNS主动访问局域网。The L2TP access concentrator is connected to the local area network, and the L2TP access concentrator establishes a communication connection with the relay LNS through automatic dialing, so that the remote terminal can actively access the local area network through the relay LNS.

进一步的,所述第一信息包括第一VT接口、IP地址池、L2TP隧道名称和拨号账号。Further, the first information includes the first VT interface, the IP address pool, the L2TP tunnel name and the dial-up account.

进一步的,所述生成中继LNS与远程终端通信的主机路由,且远程终端获得至局域网的第一静态路由的过程包括:在配置完第一信息和第一静态路由信息之后,远程终端通过拨号创建L2TP隧道,在所述L2TP隧道建立成功之后,远程终端获得至局域网的第一静态路由,同时中继LNS生成与远程终端通信的主机路由。Further, the process of generating the host route that relays the communication between the LNS and the remote terminal, and the process that the remote terminal obtains the first static route to the local area network includes: after configuring the first information and the first static route information, the remote terminal dials An L2TP tunnel is created, and after the L2TP tunnel is successfully established, the remote terminal obtains the first static route to the local area network, and at the same time, the relay LNS generates a host route for communicating with the remote terminal.

进一步的,所述在中继LNS上配置与L2TP访问集中器通信的第二信息包括:在中继LNS上为接入L2TP访问集中器配置第二VT接口,且为L2TP访问集中器上的第三VT接口分配一个固定IP地址;利用主机路由配置源NAT策略,将访问局域网流量源IP转换为中继LNS上为L2TP访问集中器配置的第二VT接口地址。Further, configuring the second information on the relay LNS to communicate with the L2TP access concentrator includes: configuring a second VT interface on the relay LNS for accessing the L2TP access concentrator, and configuring the second VT interface on the relay LNS for accessing the L2TP access concentrator. A fixed IP address is assigned to the three VT interfaces; the source NAT policy is configured with host routing to convert the source IP of the access LAN traffic to the address of the second VT interface configured for the L2TP access concentrator on the relay LNS.

进一步的,所述配置中继LNS至局域网的第二静态路由信息包括:下一跳为L2TP访问集中器上的第三VT接口地址。Further, the configuring the second static route information for relaying the LNS to the local area network includes: the next hop is the address of the third VT interface on the L2TP access concentrator.

进一步的,所述将L2TP访问集中器接入局域网,L2TP访问集中器通过自动拨号与中继LNS建立通信连接的过程为:Further, the process of connecting the L2TP access concentrator to the local area network, and the L2TP access concentrator establishing a communication connection with the relay LNS through automatic dialing is as follows:

在L2TP访问集中器上配置第三VT接口、LNS服务器地址,将L2TP访问集中器配置为自动拨号,自动与中继LNS建立L2tp隧道;Configure the third VT interface and the LNS server address on the L2TP access concentrator, configure the L2TP access concentrator as automatic dialing, and automatically establish an L2tp tunnel with the relay LNS;

为L2TP访问集中器出接口配置与局域网终端同网段的地址;Configure an address on the same network segment as the LAN terminal for the outgoing interface of the L2TP access concentrator;

配置L2TP访问集中器到达局域网的路由,下一跳为L2TP访问集中器出接口的网关地址;并配置到中继LNS的回程路由;Configure the route from the L2TP access concentrator to the LAN, the next hop is the gateway address of the outgoing interface of the L2TP access concentrator; and configure the backhaul route to the relay LNS;

配置源NAT策略,将访问局域网流量源IP转换为L2TP访问集中器的出接口地址。Configure a source NAT policy to translate the source IP address of the access LAN traffic to the outgoing interface address of the L2TP access concentrator.

进一步的,所述实现远程终端通过中继LNS主动访问局域网包括:Further, the implementing that the remote terminal actively accesses the local area network through the relay LNS includes:

L2TP访问集中器与中继LNS之间自动建立L2TP隧道,这样远程终端不仅能主动访问局域网终端,并与局域网终端有相同的访问权限。The L2TP tunnel is automatically established between the L2TP access concentrator and the relay LNS, so that the remote terminal can not only actively access the LAN terminal, but also have the same access authority as the LAN terminal.

本发明还提出了一种通过中继LNS主动访问局域网的系统,所述系统包括第一配置模块、第二配置模块和连接模块;The present invention also provides a system for actively accessing the local area network through the relay LNS, the system includes a first configuration module, a second configuration module and a connection module;

所述第一配置模块用于在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息,中继LNS生成与远程终端通信的主机路由,且远程终端获得至局域网的第一静态路由;The first configuration module is used to configure the first information for communication with the remote terminal on the relay LNS, and configure the first static routing information for the communication between the remote terminal and the local area network, the relay LNS generates the host route for communication with the remote terminal, and The remote terminal obtains the first static route to the local area network;

所述第二配置模块用于在中继LNS上配置与L2TP访问集中器通信的第二信息,配置中继LNS至局域网的第二静态路由信息;The second configuration module is configured to configure second information communicated with the L2TP access concentrator on the relay LNS, and configure second static routing information from the relay LNS to the local area network;

所述连接模块用于将L2TP访问集中器接入局域网,所述L2TP访问集中器通过自动拨号与中继LNS建立通信连接,实现远程终端通过中继LNS主动访问局域网。The connection module is used to connect the L2TP access concentrator to the local area network, and the L2TP access concentrator establishes a communication connection with the relay LNS through automatic dialing, so that the remote terminal can actively access the local area network through the relay LNS.

进一步的,所述第一配置模块实现的详细过程包括:在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息,在配置完成之后,远程终端通过拨号创建L2TP隧道,在所述L2TP隧道建立成功之后,远程终端获得至局域网的第一静态路由,同时中继LNS生成与远程终端通信的主机路由。Further, the detailed process implemented by the first configuration module includes: configuring the first information on the relay LNS to communicate with the remote terminal, and configuring the first static routing information for the remote terminal to communicate with the local area network. The terminal creates an L2TP tunnel by dialing up, and after the L2TP tunnel is successfully established, the remote terminal obtains the first static route to the local area network, and at the same time, the relay LNS generates a host route for communicating with the remote terminal.

进一步的,所述连接模块实现的详细过程包括:Further, the detailed process implemented by the connection module includes:

在L2TP访问集中器上配置第三VT接口、LNS服务器地址,将L2TP访问集中器配置为自动拨号,自动与中继LNS建立L2tp隧道;Configure the third VT interface and the LNS server address on the L2TP access concentrator, configure the L2TP access concentrator as automatic dialing, and automatically establish an L2tp tunnel with the relay LNS;

为L2TP访问集中器出接口配置与局域网终端同网段的地址;Configure an address on the same network segment as the LAN terminal for the outgoing interface of the L2TP access concentrator;

配置L2TP访问集中器到达局域网的路由,下一跳为L2TP访问集中器出接口的网关地址;并配置到中继LNS的回程路由;Configure the route from the L2TP access concentrator to the LAN, the next hop is the gateway address of the outgoing interface of the L2TP access concentrator; and configure the backhaul route to the relay LNS;

配置源NAT策略,将访问局域网流量源IP转换为L2TP访问集中器的出接口地址;Configure the source NAT policy to convert the source IP of the access LAN traffic to the outgoing interface address of the L2TP access concentrator;

L2TP访问集中器与中继LNS之间自动建立L2TP隧道,这样远程终端不仅能主动访问局域网终端,并与局域网终端有相同的访问权限。The L2TP tunnel is automatically established between the L2TP access concentrator and the relay LNS, so that the remote terminal can not only actively access the LAN terminal, but also have the same access authority as the LAN terminal.

发明内容中提供的效果仅仅是实施例的效果,而不是发明所有的全部效果,上述技术方案中的一个技术方案具有如下优点或有益效果:The effects provided in the summary of the invention are only the effects of the embodiments, rather than all the effects of the invention. One of the above technical solutions has the following advantages or beneficial effects:

本发明提出了一种通过中继LNS主动访问局域网的方法和系统,该方法包括:在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息,中继LNS生成与远程终端通信的主机路由,且远程终端获得至局域网的第一静态路由;在中继LNS上配置与L2TP访问集中器通信的第二信息,配置中继LNS至局域网的第二静态路由信息;将L2TP访问集中器接入局域网,L2TP访问集中器通过自动拨号与中继LNS建立通信连接,实现远程终端通过中继LNS主动访问局域网。基于一种通过中继LNS主动访问局域网的方法,还提出了一种通过中继LNS主动访问局域网的系统。本发明通过中继LNS,摆脱了现有网关功能、权限限制,灵活解决了主动访问局域网的问题,而且满足了远程调试、控制要求。本发明的实现过程配置简单、且移植性强。The present invention provides a method and system for actively accessing a local area network through a relay LNS. The method includes: configuring first information on the relay LNS to communicate with a remote terminal, and configuring first static routing information for the remote terminal to communicate with the local area network , the relay LNS generates the host route to communicate with the remote terminal, and the remote terminal obtains the first static route to the local area network; configure the second information communicated with the L2TP access concentrator on the relay LNS, configure the first static route from the relay LNS to the local area network Two static routing information; connect the L2TP access concentrator to the local area network, and the L2TP access concentrator establishes a communication connection with the relay LNS through automatic dialing, so that the remote terminal can actively access the local area network through the relay LNS. Based on a method of actively accessing the local area network through the relay LNS, a system for actively accessing the local area network through the relay LNS is also proposed. By relaying the LNS, the present invention gets rid of the existing gateway function and authority limitation, flexibly solves the problem of actively accessing the local area network, and satisfies the remote debugging and control requirements. The implementation process of the present invention is simple in configuration and strong in portability.

附图说明Description of drawings

如图1为现有技术中传统组网连接示意图;Figure 1 is a schematic diagram of traditional networking connection in the prior art;

如图2为本发明实施例1一种通过中继LNS主动访问局域网的方法流程;FIG. 2 is a flow chart of a method for actively accessing a local area network through a relay LNS according to Embodiment 1 of the present invention;

如图3为本发明实施例1实现通过中继LNS主动访问局域网方法的装置示意图;FIG. 3 is a schematic diagram of an apparatus for implementing a method for actively accessing a local area network through a relay LNS according to Embodiment 1 of the present invention;

如图4为本发明实施例2一种通过中继LNS主动访问局域网的系统示意图。FIG. 4 is a schematic diagram of a system for actively accessing a local area network through a relay LNS according to Embodiment 2 of the present invention.

具体实施方式Detailed ways

为能清楚说明本方案的技术特点,下面通过具体实施方式,并结合其附图,对本发明进行详细阐述。下文的公开提供了许多不同的实施例或例子用来实现本发明的不同结构。为了简化本发明的公开,下文中对特定例子的部件和设置进行描述。此外,本发明可以在不同例子中重复参考数字和/或字母。这种重复是为了简化和清楚的目的,其本身不指示所讨论各种实施例和/或设置之间的关系。应当注意,在附图中所图示的部件不一定按比例绘制。本发明省略了对公知组件和处理技术及工艺的描述以避免不必要地限制本发明。In order to clearly illustrate the technical features of the solution, the present invention will be described in detail below through specific embodiments and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the invention. In order to simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and/or arrangements discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted from the present invention to avoid unnecessarily limiting the present invention.

实施例1Example 1

本发明实施例1提出了一种通过中继LNS主动访问局域网的方法,通过中继LNS,摆脱了现有网关功能、权限限制,灵活解决了主动访问局域网的问题。Embodiment 1 of the present invention proposes a method for actively accessing a local area network through a relay LNS. By relaying the LNS, the existing gateway function and authority restrictions are eliminated, and the problem of actively accessing the local area network is flexibly solved.

在本申请中:中继LNS:表示L2TP网络服务器(L2TP Network Server)。In this application: Relay LNS: represents an L2TP Network Server (L2TP Network Server).

LAC即为L2TP访问集中器(L2TP Access Concentrator)。The LAC is the L2TP Access Concentrator (L2TP Access Concentrator).

该方法的具体步骤包括:The specific steps of the method include:

在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息,中继LNS生成与远程终端通信的主机路由,且远程终端获得至局域网的第一静态路由;First information for communicating with the remote terminal is configured on the relay LNS, and first static routing information for the remote terminal communicating with the local area network is configured, the relay LNS generates the host route for communicating with the remote terminal, and the remote terminal obtains the first information to the local area network. static routing;

在中继LNS上配置与L2TP访问集中器通信的第二信息,配置中继LNS至局域网的第二静态路由信息;Configure the second information communicated with the L2TP access concentrator on the relay LNS, and configure the second static route information from the relay LNS to the local area network;

将L2TP访问集中器接入局域网,L2TP访问集中器通过自动拨号与中继LNS建立通信连接,实现远程终端通过中继LNS主动访问局域网。The L2TP access concentrator is connected to the local area network, and the L2TP access concentrator establishes a communication connection with the relay LNS through automatic dialing, so that the remote terminal can actively access the local area network through the relay LNS.

如图2为本发明实施例1一种通过中继LNS主动访问局域网的方法流程图;FIG. 2 is a flowchart of a method for actively accessing a local area network through a relay LNS according to Embodiment 1 of the present invention;

在步骤S200中,开始处理该流程。In step S200, the flow of processing is started.

在步骤S210中,在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息;In step S210, configure the first information for communicating with the remote terminal on the relay LNS, and configure the first static routing information for the communication between the remote terminal and the local area network;

第一信息包括第一VT接口、IP地址池、L2TP隧道名称和拨号账号。The first information includes the first VT interface, the IP address pool, the L2TP tunnel name and the dial-up account.

在配置完第一信息和第一静态路由信息之后,远程终端通过拨号创建L2TP隧道,在所述L2TP隧道建立成功之后,远程终端获得至局域网的第一静态路由,同时中继LNS生成与远程终端通信的主机路由。After configuring the first information and the first static route information, the remote terminal creates an L2TP tunnel through dialing. After the L2TP tunnel is successfully established, the remote terminal obtains the first static route to the local area network, and at the same time relays the LNS generation and the remote terminal. Host routing for communication.

在步骤S220中,远程终端拨号,在远程终端和中继LNS生成之间建立L2TP隧道。L2TP隧道建立成功之后,远程终端获得至局域网的第一静态路由,同时中继LNS生成与远程终端通信的主机路由。In step S220, the remote terminal dials up, and an L2TP tunnel is established between the remote terminal and the relay LNS generation. After the L2TP tunnel is successfully established, the remote terminal obtains the first static route to the local area network, and at the same time, the relay LNS generates a host route for communicating with the remote terminal.

在步骤S230中,在中继LNS上配置与L2TP访问集中器通信的第二信息,配置中继LNS至局域网的第二静态路由信息。In step S230, second information for communicating with the L2TP access concentrator is configured on the relay LNS, and second static routing information from the relay LNS to the local area network is configured.

在中继LNS上为接入L2TP访问集中器配置第二VT接口,且为L2TP访问集中器上的第三VT接口分配一个固定IP地址;利用主机路由配置源NAT策略,将访问局域网流量源IP转换为中继LNS上为L2TP访问集中器配置的第二VT接口地址;下一跳为L2TP访问集中器上的第三VT接口地址。Configure the second VT interface on the relay LNS for accessing the L2TP access concentrator, and assign a fixed IP address to the third VT interface on the L2TP access concentrator. Converted to the address of the second VT interface configured for the L2TP access concentrator on the relay LNS; the next hop is the address of the third VT interface on the L2TP access concentrator.

在步骤S240中,将L2TP访问集中器接入局域网,L2TP访问集中器通过自动拨号与中继LNS建立通信连接。In step S240, the L2TP access concentrator is connected to the local area network, and the L2TP access concentrator establishes a communication connection with the relay LNS through automatic dialing.

在L2TP访问集中器上配置第三VT接口、LNS服务器地址,将L2TP访问集中器配置为自动拨号,自动与中继LNS建立L2tp隧道;Configure the third VT interface and the LNS server address on the L2TP access concentrator, configure the L2TP access concentrator as automatic dialing, and automatically establish an L2tp tunnel with the relay LNS;

为L2TP访问集中器出接口配置与局域网终端同网段的地址;Configure an address on the same network segment as the LAN terminal for the outgoing interface of the L2TP access concentrator;

配置L2TP访问集中器到达局域网的路由,下一跳为L2TP访问集中器出接口的网关地址;并配置到中继LNS的回程路由;Configure the route from the L2TP access concentrator to the LAN, the next hop is the gateway address of the outgoing interface of the L2TP access concentrator; and configure the backhaul route to the relay LNS;

配置源NAT策略,将访问局域网流量源IP转换为L2TP访问集中器的出接口地址。Configure a source NAT policy to translate the source IP address of the access LAN traffic to the outgoing interface address of the L2TP access concentrator.

在步骤S250中,L2TP访问集中器与中继LNS之间自动建立L2TP隧道,这样远程终端不仅能主动访问局域网终端,并与局域网终端有相同的访问权限。此时远程终端相当于局域网中的一台终端设备了。In step S250, an L2TP tunnel is automatically established between the L2TP access concentrator and the relay LNS, so that the remote terminal can not only actively access the local area network terminal, but also have the same access authority as the local area network terminal. At this point, the remote terminal is equivalent to a terminal device in the local area network.

为实现本发明实施例1提出的一种通过中继LNS主动访问局域网的方法,如图3为实现本方法的装置连接示意图。该装置包括中继LNS和L2TP访问集中器;In order to implement a method for actively accessing a local area network through a relay LNS proposed in Embodiment 1 of the present invention, FIG. 3 is a schematic diagram of the connection of devices implementing this method. The device includes a relay LNS and an L2TP access concentrator;

中继LNS利用网络建立远程终端通信的主机路由,以及建立与局域网的第二静态路由;且使远程终端获得至局域网的第一静态路由;The relay LNS uses the network to establish a host route for remote terminal communication, and establishes a second static route with the local area network; and enables the remote terminal to obtain the first static route to the local area network;

L2TP访问集中器安装在局域网内,通过局域网内的NAT网关,接入互联网,用于与中继LNS自动建立L2tp隧道;The L2TP access concentrator is installed in the local area network, and is connected to the Internet through the NAT gateway in the local area network to automatically establish an L2tp tunnel with the relay LNS;

NAT网关下面连接一个局域网,本申请中是将L2tp访问集中器,安装在局域网中;然后通过配置使L2tp访问集中器与中继LNS自动建立L2tp隧道;然后再利用NAT转换,使远程终端像接在局域网里一样,可以自由访问局域网终端了,这样远程终端可以在NAT网关不开放、不具备NAT Server、VPN的情况下,借助中继LNS建立的隧道,远程访问局域网终端了。A local area network is connected under the NAT gateway. In this application, the L2tp access concentrator is installed in the local area network; then the L2tp access concentrator and the relay LNS are configured to automatically establish an L2tp tunnel; As in the local area network, you can freely access the local area network terminal, so that the remote terminal can use the tunnel established by the relay LNS to remotely access the local area network terminal when the NAT gateway is not open, and the NAT server and VPN are not available.

本发明实施例1提出了一种通过中继LNS主动访问局域网的方法,通过中继LNS,摆脱了现有网关功能、权限限制,灵活解决了主动访问局域网的问题,满足了远程调试、控制要求。Embodiment 1 of the present invention proposes a method for actively accessing a local area network through a relay LNS. By relaying the LNS, the existing gateway function and authority restrictions are eliminated, the problem of actively accessing the local area network is flexibly solved, and the requirements for remote debugging and control are satisfied. .

实施例2Example 2

基于本发明实施例1提出的一种通过中继LNS主动访问局域网的系统,如图4为本发明实施例2一种通过中继LNS主动访问局域网的系统示意图;该系统包括:第一配置模块、第二配置模块和连接模块;Based on a system for actively accessing a local area network through a relay LNS proposed in Embodiment 1 of the present invention, FIG. 4 is a schematic diagram of a system for actively accessing a local area network through a relay LNS in Embodiment 2 of the present invention; the system includes: a first configuration module , a second configuration module and a connection module;

第一配置模块用于在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息,中继LNS生成与远程终端通信的主机路由,且远程终端获得至局域网的第一静态路由;The first configuration module is used to configure the first information for communication with the remote terminal on the relay LNS, and configure the first static routing information for the communication between the remote terminal and the local area network, the relay LNS generates the host route for communication with the remote terminal, and the remote terminal Obtain the first static route to the local area network;

第二配置模块用于在中继LNS上配置与L2TP访问集中器通信的第二信息,配置中继LNS至局域网的第二静态路由信息;The second configuration module is configured to configure the second information communicated with the L2TP access concentrator on the relay LNS, and configure the second static routing information from the relay LNS to the local area network;

连接模块用于将L2TP访问集中器接入局域网,所述L2TP访问集中器通过自动拨号与中继LNS建立通信连接,实现远程终端通过中继LNS主动访问局域网。The connection module is used to connect the L2TP access concentrator to the local area network, and the L2TP access concentrator establishes a communication connection with the relay LNS through automatic dialing, so that the remote terminal can actively access the local area network through the relay LNS.

第一配置模块实现的详细过程包括:在中继LNS上配置与远程终端通信的第一信息,以及配置远程终端与局域网通信的第一静态路由信息,在配置完成之后,远程终端通过拨号创建L2TP隧道,在所述L2TP隧道建立成功之后,远程终端获得至局域网的第一静态路由,同时中继LNS生成与远程终端通信的主机路由。The detailed process implemented by the first configuration module includes: configuring the first information for communication with the remote terminal on the relay LNS, and configuring the first static routing information for the communication between the remote terminal and the local area network, after the configuration is completed, the remote terminal creates L2TP by dialing Tunnel, after the L2TP tunnel is successfully established, the remote terminal obtains the first static route to the local area network, and at the same time the relay LNS generates a host route for communicating with the remote terminal.

第二配置模块实现的详细过程包括:在中继LNS上为接入L2TP访问集中器配置第二VT接口,且为L2TP访问集中器上的第三VT接口分配一个固定IP地址;利用主机路由配置源NAT策略,将访问局域网流量源IP转换为中继LNS上为L2TP访问集中器配置的第二VT接口地址。下一跳为L2TP访问集中器上的第三VT接口地址。The detailed process implemented by the second configuration module includes: configuring a second VT interface on the relay LNS for accessing the L2TP access concentrator, and assigning a fixed IP address to the third VT interface on the L2TP access concentrator; using host routing to configure The source NAT policy translates the source IP of the access LAN traffic into the address of the second VT interface configured for the L2TP access concentrator on the relay LNS. The next hop is the address of the third VT interface on the L2TP access concentrator.

连接模块实现的详细过程包括:The detailed process of connection module implementation includes:

在L2TP访问集中器上配置第三VT接口、LNS服务器地址,将L2TP访问集中器配置为自动拨号,自动与中继LNS建立L2tp隧道;Configure the third VT interface and the LNS server address on the L2TP access concentrator, configure the L2TP access concentrator as automatic dialing, and automatically establish an L2tp tunnel with the relay LNS;

为L2TP访问集中器出接口配置与局域网终端同网段的地址;Configure an address on the same network segment as the LAN terminal for the outgoing interface of the L2TP access concentrator;

配置L2TP访问集中器到达局域网的路由,下一跳为L2TP访问集中器出接口的网关地址;并配置到中继LNS的回程路由;Configure the route from the L2TP access concentrator to the LAN, the next hop is the gateway address of the outgoing interface of the L2TP access concentrator; and configure the backhaul route to the relay LNS;

配置源NAT策略,将访问局域网流量源IP转换为L2TP访问集中器的出接口地址;Configure the source NAT policy to convert the source IP of the access LAN traffic to the outgoing interface address of the L2TP access concentrator;

L2TP访问集中器与中继LNS之间自动建立L2TP隧道,这样远程终端不仅能主动访问局域网终端,并与局域网终端有相同的访问权限。The L2TP tunnel is automatically established between the L2TP access concentrator and the relay LNS, so that the remote terminal can not only actively access the LAN terminal, but also have the same access authority as the LAN terminal.

本发明实施例2提出了一种通过中继LNS主动访问局域网的系统,通过虚拟系统实现方法的全部过程,本发明实施例2通过中继LNS,摆脱了现有网关功能、权限限制,灵活解决了主动访问局域网的问题,满足了远程调试、控制要求,该系统配置简单且移植性强。The second embodiment of the present invention proposes a system for actively accessing a local area network through a relay LNS, and implements the entire process of the method through a virtual system. It solves the problem of active access to the local area network, and meets the requirements of remote debugging and control. The system has simple configuration and strong portability.

需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。另外,本申请实施例提供的上述技术方案中与现有技术中对应技术方案实现原理一致的部分并未详细说明,以免过多赘述。It should be noted that, in this document, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any relationship between these entities or operations. any such actual relationship or sequence exists. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that elements inherent to a process, method, article or apparatus of a list of elements are included. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element. In addition, parts of the above technical solutions provided in the embodiments of the present application that are consistent with the implementation principles of the corresponding technical solutions in the prior art are not described in detail, so as to avoid redundant descriptions.

上述虽然结合附图对本发明的具体实施方式进行了描述,但并非对本发明保护范围的限制。对于所属领域的技术人员来说,在上述说明的基础上还可以做出其它不同形式的修改或变形。这里无需也无法对所有的实施方式予以穷举。在本发明的技术方案的基础上,本领域技术人员不需要付出创造性劳动即可做出的各种修改或变形仍在本发明的保护范围以内。Although the specific embodiments of the present invention have been described above with reference to the accompanying drawings, they are not intended to limit the protection scope of the present invention. For those skilled in the art, on the basis of the above description, other modifications or variations in different forms can also be made. There is no need and cannot be exhaustive of all implementations here. On the basis of the technical solutions of the present invention, various modifications or deformations that can be made by those skilled in the art without creative work still fall within the protection scope of the present invention.

Claims (10)

1. A method for actively accessing a local area network via a relay LNS, comprising the steps of:
configuring first information communicated with a remote terminal and first static routing information communicated with a local area network by the remote terminal on a relay LNS, generating a host routing communicated with the remote terminal by the relay LNS, and acquiring a first static routing from the remote terminal to the local area network;
configuring second information communicated with the L2TP access concentrator on the relay LNS, and configuring second static routing information from the relay LNS to the local area network;
and accessing the L2TP access concentrator into the local area network, and establishing communication connection between the L2TP access concentrator and the relay LNS through automatic dialing to realize that the remote terminal actively accesses the local area network through the relay LNS.
2. The method of claim 1, wherein the first information comprises a first VT interface, an IP address pool, an L2TP tunnel name, and a dial-up account number.
3. The method of claim 1, wherein the step of generating the host route for the relay LNS to communicate with the remote terminal, and the remote terminal obtaining the first static route to the local area network comprises: after the first information and the first static route information are configured, the remote terminal creates an L2TP tunnel through dialing, and after the L2TP tunnel is successfully established, the remote terminal obtains the first static route to the local area network, and meanwhile, the relay LNS generates a host route for communication with the remote terminal.
4. The method of claim 1, wherein configuring the second information on the relay LNS for communication with the L2TP access concentrator comprises: configuring a second VT interface for the access L2TP access concentrator on the relay LNS, and allocating a fixed IP address for a third VT interface on the L2TP access concentrator; and utilizing a host routing configuration source NAT strategy to convert the access local area network traffic source IP into a second VT interface address configured for the L2TP access concentrator on the relay LNS.
5. The method according to claim 1, wherein the configuring the second static routing information of the relay LNS to the local area network includes: the next hop accesses the third VT interface address on the concentrator for L2 TP.
6. The method of claim 1, wherein the accessing of the L2TP access concentrator to the local area network, the L2TP access concentrator establishing a communication connection with the relay LNS through automatic dialing comprises:
configuring a third VT interface and an LNS server address on the L2TP access concentrator, configuring the L2TP access concentrator as an automatic dialing, and automatically establishing an L2tp tunnel with the relay LNS;
configuring addresses of the same network segments as the local area network terminal for the L2TP access concentrator output interface;
configuring a route from the L2TP access concentrator to the local area network, wherein the next hop is a gateway address of an output interface of the L2TP access concentrator; and configuring a backhaul route to the relay LNS;
and configuring a source NAT policy, and converting the IP of the access local area network traffic source into an outgoing interface address of the L2TP access concentrator.
7. The method according to claim 6, wherein the enabling the remote terminal to actively access the local area network through the relay LNS includes:
the L2TP access concentrator and the relay LNS automatically establish an L2TP tunnel, so that the remote terminal can not only actively access the local area network terminal, but also have the same access right as the local area network terminal.
8. A system for actively accessing a local area network through a relay LNS is characterized by comprising a first configuration module, a second configuration module and a connection module;
the first configuration module is used for configuring first information communicated with a remote terminal and first static routing information communicated with a local area network on the relay LNS, the relay LNS generates a host routing communicated with the remote terminal, and the remote terminal obtains the first static routing to the local area network;
the second configuration module is configured to configure, on the relay LNS, second information for communicating with the L2TP access concentrator, and configure second static routing information from the relay LNS to the local area network;
the connection module is used for accessing the L2TP access concentrator to the local area network, and the L2TP access concentrator establishes communication connection with the relay LNS through automatic dialing, so that the remote terminal can actively access the local area network through the relay LNS.
9. The system according to claim 8, wherein the detailed procedure implemented by the first configuration module includes: configuring first information communicated with a remote terminal and first static routing information communicated with a local area network by the remote terminal on a relay LNS, after configuration is completed, the remote terminal creates an L2TP tunnel through dialing, after the L2TP tunnel is successfully established, the remote terminal obtains a first static routing to the local area network, and meanwhile the relay LNS generates a host routing communicated with the remote terminal.
10. The system according to claim 8, wherein the detailed procedure implemented by the connection module includes:
configuring a third VT interface and an LNS server address on the L2TP access concentrator, configuring the L2TP access concentrator as an automatic dialing, and automatically establishing an L2tp tunnel with the relay LNS;
configuring addresses of the same network segments as the local area network terminal for the L2TP access concentrator output interface;
configuring a route from the L2TP access concentrator to the local area network, wherein the next hop is a gateway address of an output interface of the L2TP access concentrator; and configuring a backhaul route to the relay LNS;
configuring a source NAT strategy, and converting an access local area network traffic source IP into an output interface address of an L2TP access concentrator;
the L2TP access concentrator and the relay LNS automatically establish an L2TP tunnel, so that the remote terminal can not only actively access the local area network terminal, but also have the same access right as the local area network terminal.
CN202210154492.4A 2022-02-18 2022-02-18 Method and system for actively accessing local area network through relay LNS (Low noise network) Active CN114553636B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210154492.4A CN114553636B (en) 2022-02-18 2022-02-18 Method and system for actively accessing local area network through relay LNS (Low noise network)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210154492.4A CN114553636B (en) 2022-02-18 2022-02-18 Method and system for actively accessing local area network through relay LNS (Low noise network)

Publications (2)

Publication Number Publication Date
CN114553636A true CN114553636A (en) 2022-05-27
CN114553636B CN114553636B (en) 2024-05-03

Family

ID=81676061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210154492.4A Active CN114553636B (en) 2022-02-18 2022-02-18 Method and system for actively accessing local area network through relay LNS (Low noise network)

Country Status (1)

Country Link
CN (1) CN114553636B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116471163A (en) * 2022-12-30 2023-07-21 四川九州电子科技股份有限公司 Method for accessing web configuration page of wireless repeater based on fixed ip
CN119172151A (en) * 2024-09-25 2024-12-20 韶关市海拓智能电子有限公司 A remote multi-network integration maintenance and management method based on the combination of NAT and L2TP technology

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003198640A (en) * 2001-12-25 2003-07-11 Toshiba Corp Remote access system, terminal device, and access terminal device
CN1440155A (en) * 2002-02-23 2003-09-03 三星电子株式会社 Safety system and method for accessing virtual special network service in communication network
CN1492650A (en) * 2002-10-24 2004-04-28 华为技术有限公司 A Method for Supporting Multiple Instances of Network Server Based on Layer 2 Tunneling Protocol
US20080123604A1 (en) * 2004-10-01 2008-05-29 Keiichi Shimizu Access Service Network System, Access Device, L2tp Tunnel Line Concentrator, Home Agent, and Method of Providing Access Service
CN101461198A (en) * 2006-06-05 2009-06-17 日立通讯技术株式会社 Relay network system and terminal adapter
CN102104525A (en) * 2011-03-16 2011-06-22 华为技术有限公司 Media gateway equipment and method for forwarding data frame
CN102447752A (en) * 2012-02-09 2012-05-09 杭州华三通信技术有限公司 Service access method, system and device based on layer2 tunnel protocol (L2TP)
CN102724767A (en) * 2012-04-27 2012-10-10 杭州华三通信技术有限公司 Virtual private network access method and device for mobile user
CN102938732A (en) * 2012-11-08 2013-02-20 浙江宇视科技有限公司 Method and device for improving double-tunnel reliability
CN103747116A (en) * 2014-01-24 2014-04-23 杭州华三通信技术有限公司 Business access method and device based on Layer 2 Tunneling Protocol (L2TP)
CN109600292A (en) * 2018-12-24 2019-04-09 安徽皖通邮电股份有限公司 A kind of LAC router initiates the method and system of L2TP Tunnel connection from dialing

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003198640A (en) * 2001-12-25 2003-07-11 Toshiba Corp Remote access system, terminal device, and access terminal device
CN1440155A (en) * 2002-02-23 2003-09-03 三星电子株式会社 Safety system and method for accessing virtual special network service in communication network
CN1492650A (en) * 2002-10-24 2004-04-28 华为技术有限公司 A Method for Supporting Multiple Instances of Network Server Based on Layer 2 Tunneling Protocol
US20080123604A1 (en) * 2004-10-01 2008-05-29 Keiichi Shimizu Access Service Network System, Access Device, L2tp Tunnel Line Concentrator, Home Agent, and Method of Providing Access Service
CN101461198A (en) * 2006-06-05 2009-06-17 日立通讯技术株式会社 Relay network system and terminal adapter
CN102104525A (en) * 2011-03-16 2011-06-22 华为技术有限公司 Media gateway equipment and method for forwarding data frame
CN102447752A (en) * 2012-02-09 2012-05-09 杭州华三通信技术有限公司 Service access method, system and device based on layer2 tunnel protocol (L2TP)
CN102724767A (en) * 2012-04-27 2012-10-10 杭州华三通信技术有限公司 Virtual private network access method and device for mobile user
CN102938732A (en) * 2012-11-08 2013-02-20 浙江宇视科技有限公司 Method and device for improving double-tunnel reliability
CN103747116A (en) * 2014-01-24 2014-04-23 杭州华三通信技术有限公司 Business access method and device based on Layer 2 Tunneling Protocol (L2TP)
CN109600292A (en) * 2018-12-24 2019-04-09 安徽皖通邮电股份有限公司 A kind of LAC router initiates the method and system of L2TP Tunnel connection from dialing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZHENGYI LIU: "Communication Between Remote LANs Based on L2TP", 2018 IEEE 9TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND SERVICE SCIENCE (ICSESS), 10 March 2019 (2019-03-10) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116471163A (en) * 2022-12-30 2023-07-21 四川九州电子科技股份有限公司 Method for accessing web configuration page of wireless repeater based on fixed ip
CN119172151A (en) * 2024-09-25 2024-12-20 韶关市海拓智能电子有限公司 A remote multi-network integration maintenance and management method based on the combination of NAT and L2TP technology

Also Published As

Publication number Publication date
CN114553636B (en) 2024-05-03

Similar Documents

Publication Publication Date Title
US7830878B2 (en) Virtual network connection system, virtual network connection apparatus, and computer-readable medium
JP5335886B2 (en) Method and apparatus for communicating data packets between local networks
WO2020186925A1 (en) Data transmission method and computer system
CN109728984B (en) An access system, method and device
CN114553636B (en) Method and system for actively accessing local area network through relay LNS (Low noise network)
CN101159657A (en) A method, device and server for realizing private network traversal
WO2018014434A1 (en) Network system, proxy server, and data processing method and system used by same
CN110691150A (en) An SDN-based IPv4 and IPv6 interconnection method and system
CN105359458A (en) Network device communication method and network device
CN118300981A (en) A network address translation gateway configuration method and cloud management platform
CN101262416B (en) Method, system and device for hiding user location in communication system
CN108512755A (en) A kind of learning method and device of routing iinformation
CN101286919B (en) Method and device for implementing inter-access between virtual private networks by conversion of network addresses
CN111711705B (en) Method and device for realizing network connection based on bidirectional NAT (network Address translation) by proxy node
CN105635335A (en) Social resource access method, apparatus, and system
CN101141281A (en) A method for network management and non-gateway network element communication
JP2001237898A (en) Frame transfer method
CN103888511A (en) Remote access control method based on dynamic proxy
WO2016078235A1 (en) Network translation realization method and apparatus for transiting to ipv6 on the basis of pant
CN117377130A (en) Service connection method, device and storage medium
CN114301913B (en) Request processing method and system
CN114979079B (en) Information processing method, information processing device, related equipment and storage medium
KR20020040102A (en) Apparatus and method for providing service server functionality to the hosts of a private network
CN116436729A (en) Message transmission method, networking system and access cloud gateway
CN101572729A (en) Processing method of node information of virtual private network, interrelated equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 251200 Dezhou (Yucheng) national high tech Industrial Development Zone, Shandong Province

Patentee after: Jinan Second Machine Tool Group (Dezhou) Industrial Park Co.,Ltd.

Country or region after: China

Address before: 251200 Dezhou (Yucheng) national high tech Industrial Development Zone, Shandong Province

Patentee before: SHANDONG METALIST HEAVY MACHINERY Co.,Ltd.

Country or region before: China