The following documents are incorporated herein by reference: (1) RFC3378: EtherIP: Tunnelling Ethernet Frames in IP Datagrams; (2) RFC2661: Layer Two Tunnelling Protocol “L2TP”; (3) RFC2784: Generic Routing Encapsulation (GRE); and (4) RFC3022: Traditional IP Network Address Translator.
Virtual Private Networks (VPNs) allow an on-the-go user to access hosts on the user's home network, such as a fixed local area network (LAN), from remote locations. VPNs typically utilize existing public network infrastructures, for example the Internet, to achieve this remote access. To create a typical VPN, a secure connection is established between an entity at the remote-end, for example software on the user's PC, and a corresponding entity (for example a security gateway) at the network. Data is transported between the remote host and the home network using the publicly available network infrastructure.
Many conventional approaches to achieving connectivity between the remote end and the home end of a VPN utilize “virtual” point-to-point connectivity over a packet-switched network within the public network infrastructure. One conventional approach to achieving this connectivity is to create an IPSec “tunnel” over the public network between the remote-end host and the home-end host. For example, IPSec tunnels frequently traverse a private corporate intranet, and then the public Internet, thereby enabling corporate users to utilize the public Internet to access their corporate intranet. However, this IPSec tunnel solution is relatively complicated to implement, because the remote-end host must be specially configured and provided with specialized software, and because firewall and security gateways are needed at the home network.
Another known approach to achieving VPN connectivity is the SSL-based VPN. This approach is simple to use, because it is web browser-based. However, this means that only web-based applications may be run from the remote-end host. This may be undesirable for various reasons, especially when it is desired to establish VPN connectivity to a remote-end host running a legacy application that is not web-based.
In order to make connectivity to LANs more flexible, wireless LANs (WLANs) are increasingly common. (Hereinafter, the acronym “LAN” can generically refer either to a wired LAN or a wireless LAN.). In WLANs, PCs or other hosts within a WLAN coverage area, or “hotspot”, are able to connect to the LAN via an RF connection. However, the aforementioned WLAN hotspots are limited in coverage. For example, a typical WLAN hotspot has only a relatively short radio coverage range, typically on the order of 100 meters. Furthermore, each WLAN hotspot needs to be installed and supported, both technically and financially, by an operator or provider of some kind. Users subscribe to this provider's service in order to be able to utilize the WLAN connectivity. If, for example, a user moves about frequently, this could necessitate subscribing to numerous different providers for the appropriate hotspot accesses. It can become increasingly difficult for the user to manage and administer these various subscriptions if, for example, the user needs to connect from different cities or even different countries.
Packet-switched mobile networks, for example cellular mobile networks such as the General Packet Radio Service (GPRS) have been used conventionally to extend connectivity of a remote user to hosts on a fixed IP network (e.g., Internet). If the packet-switched mobile network utilizes IP as its transport mechanism, then packets from the remote user are transported within the IP datagrams of the mobile network's transport mechanism. However, mobile networks conventionally assign a private IP address to the host of the mobile (remote) user. Therefore, only unidirectional communications from a mobile host of the remote user to hosts on the fixed IP network are possible. For example, in conventional systems, a browser on a mobile terminal of the remote user can access a web-server on the fixed IP network. However, a browser running on a host of the fixed IP network cannot access a web-server on a host of the remote user.
It is desirable in view of the foregoing to provide for multi-user VPN connectivity with reduced implementational complexity in the hosts, to extend the range of wireless LANs, and to provide for LAN communications across packet-switched mobile networks.
Exemplary embodiments of the present invention use tunneling to exploit the address translation capabilities of packet-switched mobile networks in order to achieve bidirectional LAN communications therethrough. Exemplary embodiments according to the invention can also provide for a multi-user VPN by encapsulating a multi-user LAN communication protocol for traversal of a packet-switched network. Some embodiments encapsulate a commonly available multi-user LAN communication protocol, for example ethernet, thereby extending remote LAN connectivity without requiring any host reconfiguration.