Java 无需安装客户端软件即可连接到 VPN
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/899349/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Connecting to a VPN without installation of client software
提问by Adam Paynter
I must sometimes write software to establish a socket with a particular server residing within a Cisco VPN. I simply write my software as if there were no VPN (making use of the standard sockets library). When it is time to run this program, I manually connect to the VPN using the client software installed on my computer, then run the program itself.
有时我必须编写软件来与驻留在 Cisco VPN 中的特定服务器建立套接字。我只是像没有 VPN 一样编写我的软件(使用标准套接字库)。当需要运行这个程序时,我使用安装在我电脑上的客户端软件手动连接到 VPN,然后运行程序本身。
However, it would be desirable to write the software to take advantage of a specialized socket library capable of communicating over the VPN directly, without the use of any installed client software.
但是,希望编写软件以利用能够直接通过 VPN 进行通信的专用套接字库,而无需使用任何已安装的客户端软件。
Here is some Java code illustrating the functionality I would like:
下面是一些 Java 代码,说明了我想要的功能:
String vpnHost = ...;
String vpnUser = ...;
String vpnPassword = ...;
VPNConnection vpnConnection = new CiscoVPNConnection(vpnHost, vpnUser, vpnPassword);
String serverHost = ...;
int serverPort = ...;
Socket socket = vpnConnection.openSocket(serverHost, serverPort);
Is it possible to establish such a connection to a VPN without installing any client software?
是否可以在不安装任何客户端软件的情况下建立与 VPN 的连接?
采纳答案by d3jones
This depends on how the VPN server is configured.
这取决于 VPN 服务器的配置方式。
Most VPN products use IPSEC, a standard protocol for encrypting TCP/IP connections. Most products also use ISAKMP, the Internet Security Architecture Key Management Protocol, also a standard, to set up the session. Source code for IPSEC and ISAKMP is readily available, and may already be installed on your system.
大多数 VPN 产品使用 IPSEC,这是一种用于加密 TCP/IP 连接的标准协议。大多数产品还使用 ISAKMP(互联网安全架构密钥管理协议,也是一种标准)来设置会话。IPSEC 和 ISAKMP 的源代码随时可用,并且可能已经安装在您的系统上。
Now for the bad news: although everything I've already mentioned is standard, the authentication schemes that can be used with ISAKMP are almost all proprietary. The two "standard" authentication schemes are pre-shared key, and X.509 certificates. If the VPN server is configured to permit either of these then you have a chance. Otherwise, you cannot really use the VPN, as the protocol is truly proprietary and almost impossible to reverse engineer as the authentication conversation is encrypted.
现在坏消息是:尽管我已经提到的所有内容都是标准的,但可以与 ISAKMP 一起使用的身份验证方案几乎都是专有的。两种“标准”身份验证方案是预共享密钥和 X.509 证书。如果 VPN 服务器配置为允许其中任何一个,那么您就有机会。否则,您就无法真正使用 VPN,因为该协议是真正专有的,并且几乎不可能进行逆向工程,因为身份验证对话是加密的。
A far easier path: do you really need a VPN, or is there a way you can tunnel over SSL? I think Java supports SSL; you can just create the secure socket you need and go from there.
一条更简单的路径:您真的需要 VPN,还是可以通过 SSL 建立隧道?我认为 Java 支持 SSL;您可以创建您需要的安全套接字并从那里开始。
If you know what client system you're using, then consider shelling out to invoke the Cisco VPN client for that system.
如果您知道您使用的是什么客户端系统,那么可以考虑为该系统调用 Cisco VPN 客户端。
Otherwise, you'll have to replicate what a VPN client does. The VPN client performs authentication and session setup with ISAKMP, and installs the result into the kernel to create the VPN connection. ISAKMP implementations are available; you need only figure out what authentication is being used and try to set that up. At which point you will have written your own VPN client.
否则,您将不得不复制 VPN 客户端的功能。VPN 客户端使用 ISAKMP 执行身份验证和会话设置,并将结果安装到内核中以创建 VPN 连接。ISAKMP 实现可用;您只需要弄清楚正在使用什么身份验证并尝试进行设置。此时,您将编写自己的 VPN 客户端。
回答by Jherico
I use the vpnc package on linux in order to connect to my company's Cisco VPN, since we don't have a compatible linux client. vpnc is written in c though, so you'll have to perform a port.
我在 linux 上使用 vpnc 包来连接到我公司的 Cisco VPN,因为我们没有兼容的 linux 客户端。不过,vpnc 是用 c 编写的,因此您必须执行移植。
回答by Michael
You can read Official cisco doc and after that you can Create a bat file with these data: vpnclient connect [Connection name] pwd [Password] and disconnect. Include it to your java program: Runtime.getRuntime().exec("cmd /c start [Path to bat file]");
您可以阅读官方 cisco doc,然后您可以使用这些数据创建一个 bat 文件:vpnclient connect [Connection name] pwd [Password] 并断开连接。将它包含到您的 Java 程序中: Runtime.getRuntime().exec("cmd /c start [Path to bat file]");
