A virtual private network (VPN) is a secure and stable tunnel passing through a public network. A temporary and secure connection is established on a public network by transmitting network data obtained after encapsulation and encryption. Therefore, transmission of private data on the public network can reach a security level of a private network. Two commonly used VPN technologies are separately a VPN technology based on a conventional network security protocol and a VPN over Secure Sockets Layer (SSL) technology. The former is mainly applied to a network layer, and the latter is mainly applied to an application layer. An SSL VPN is a VPN technology based on the SSL. The SSL VPN uses a certificate-based mechanism that is of identity authentication, data encryption, and message integrity check and that is provided by the SSL protocol, to ensure that a user remotely accesses an internal network of a company (hereinafter referred to as the intranet) in a secure manner. The SSL VPN may be used in multiple manners, and a layer 3 SSL VPN is used most widely. Network drivers include a Transport Driver Interface (TDI) driver and a Network Driver Interface Specification (NDIS) driver. The NDIS driver may be further divided into a protocol driver, an intermediate driver, and a network interface card driver. The layer 3 SSL VPN requires client software to be installed. After an SSL VPN client (hereinafter referred to as the client) is started to log in to an SSL VPN gateway (hereinafter referred to as the gateway), the client and the gateway establish an SSL tunnel. The client applies to the gateway for a virtual internet protocol (IP) address, and the client configures a user operating system, so that an application program in the system can access an intranet server using the virtual IP address. The client intercepts a packet using the virtual IP address, and forwards the intercepted packet to the gateway using the previously established SSL tunnel. The gateway forwards the packet to the intranet server.
In the prior art, a new virtual network interface card is established in a user operating system when a client is installed, and the virtual network interface card is normally in a disabled state. When the client is started to log in to a gateway, the client obtains a virtual IP address from the gateway through application. The client starts the virtual network interface card, and sets the obtained virtual IP address through application as an address of the virtual network interface card. When a process accesses the intranet server using the virtual network interface card, data sent by the application program is sent downwards through a driver stack. When the data is finally sent to the virtual network interface card, the virtual network interface card receives a packet delivered by an upper-layer, and submits the packet to the client. The client sends the packet to the gateway using the SSL tunnel established during login, and the gateway forwards the packet to the intranet server.
Problems in the prior art are as follows: Because all processes in a system can use a virtual network interface card, and access an intranet server, there is no way to limit access of some processes; and because the virtual network interface card also needs to be started when a client is started, the client has a slow startup speed.