The present invention relates to a system for the routing of data to computer networks.
The increasingly stronger need exists to connect an application on a client computer to an application on a remote server through the conventional Internet.
Generally, the connection has a series of common features:                the traffic generated by the two applications uses standard level-4 protocols of the so-called ISO/OSI model, typically TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) protocols;        to each application (or service) is statically associated a different port (socket), which enables several processes/applications to activate multiple TCP/UDP connections despite sharing the same IP address;        access to the Internet by components or apparatus is of the indirect type.        
This implies that the assigned IP address is not public, but rather belongs to a sub-network to which the apparatus is connected and is therefore a private and not univocal address in the space of addresses assigned in the Internet.
Within the sub-network, the use is known and common of an electronic component/apparatus, a so-called router suitable for routing data towards distinct networks and, in particular, suitable for managing all the requests towards public IP addresses.
Within the networks, also managed is the filtering of communications according to the IP address, to the TCP/UDP port number, besides the plaintext of the communication.
The filtering done by the firewall can be more or less stringent depending on the level of computer security envisaged for the specific sub-network.
Considering the need to connect an application p on a client computer to an application present on a remote server through the conventional Internet, and in general the need to interconnect different client apparatus/components, a number of complexities are therefore to be found.
The client apparatus/components can in fact have the following characteristics:
private IP address and therefore not univocal;
the requests towards public IPs are routed by a third-party gateway present on the same network;
the third-party firewall may not allow routing packages tied to a number of ports and/or effecting filtering according to the contents of the packages;
the third-party firewall may not send the requests coming from outside towards a client present in its sub-network.
To overcome such drawbacks and allow the complete control of the client, communication systems of the VPN (Virtual Private Network) type are normally used, which make it possible to establish a private connection between two apparatuses, more specifically between client and server, using a shared public network.
In particular, a number of VPN programs, such as, e.g., OpenVPN, permit implementing tunnelling, i.e., the channelling of all the TCP/UDP connections on different ports routed onto a single port, e.g., the more common 80 TCP/IP port, thus in fact resolving the problem of filtering effected by a third-party firewall and the routing of the packages from and to the client.
As FIG. 1 schematically shows, the use of a VPN type system envisages the assigning on the server of an IP address for one end of the tunnels (srvtun1) and the assigning of a different IP address on each client for every other end of the tunnels (tun1-tunn).
As shown in FIG. 1, always by way of example, in this configuration, the possibility exists that the network interface (eth0) of the client (client 1) connected to a LAN (3p LAN 1) be assigned an IP address identical to that preset for the tunnel (tun1), with consequent forwarding problems.
In fact, in such case, the private IP address assigned to the network interface (eth0) is assigned dynamically by the DHCP service of the private network (3p LAN 1) and can belong to any class of private IP addresses.
In particular, the three classes of private IP addresses are, respectively:                class A 10.x.x.x addresses, with IP addresses from 10.0.0.0 to 10.255.255.255;        class B 172.x.x.x addresses, with IP addresses from 172.16.0.0 to 172.31.255.255;        class C 192.168.x.x addresses, with IP addresses from 192.168.0.0 to 192.168.255.255.        
To overcome such drawback, the intervention is therefore required of the network administrator who, after checking the fault, must change the assigned IP addresses in a manual and static way.