At present, the technology of flexibly, securely and dynamically establishing a VPN between different node devices through a public network (Internet in general) is applied increasingly and widely. The VPN may help establish reliable and secure connection among a remote user, a company branch organization, a business partner as well as a supplier and an intranet, to ensure secure data transmission.
In the conventional VPN, each node is pre-configured with registration information of all other nodes; for example, current real Internet Protocol (IP) addresses, virtual IP addresses, and information indicating whether to accept extranet connection of the other node devices are configured. The node may establish a corresponding network tunnel with the other nodes according to the registration information of the other nodes. For example, when the other nodes accept the extranet connection, the node may establish a network tunnel in a direct connection channel mode with other nodes according to the real IP addresses of other nodes; and when other nodes do not accept the extranet connection, the node may establish a network tunnel in a virtual switch mode with the other nodes according to the virtual IP address of the other nodes.
However, the inventors find that, in the conventional VPN, when a node is added, it is required to configure the added node with the registration information of the other original nodes and adjust the configuration of the other original nodes at the same time. When one node is separated from the network, it is also required to adjust the configuration of the other original nodes, that is, the adding or separation of the node in the conventional VPN inevitably causes that the other nodes correspondingly adjust their own configuration. Therefore, the flexibility of the conventional VPN is poor, which as a result is only generally applicable to a topology structure and an environment with fixed network configuration.