1. Field of the Invention
The present invention relates to the routing of data between a client computer and one or more resources through a network. Various aspects of the invention may be used to help ensure that data, exchanged between a client computer and resources in a remote network, is routed using network addresses that do not conflict with addresses local to the client computer.
2. Description of the Related Art
In the last decade, the use of electronic computer networks has greatly increased. Electronic computer networks may be found in businesses, schools, hospitals, and even residences. With these networks, two or more computing devices communicate together to exchange packets of data according to one or more standard protocols, such as the Transmission Control Protocol/Internet Protocol. Usually, one computer, often referred to as a “client” or “client” computer, requests that a second computer perform a service. In response, the second computer, often referred to as a “server” or “server” computer, performs the service and communicates the resulting data back to the first computer.
As reliance on computers has increased, the demand to access computer resources from a variety of locations has increased as well. Conventionally, for example, a business user may have accessed resources on a corporate server through a desktop computer connected to the corporate server by a private, secure corporate network. Now, however, that user may wish to access the same corporate resources from a remote location over a public network, such as the Internet. For example, a user may need to access resources through a corporate network from a personal computer while at home or from a laptop computer while traveling. In order to securely access these network resources, the user will typically employ an encrypted communication technique. The connection formed by the client computer and a server computer (or by the client computer and another network available through a server computer) often is referred to as a Virtual Private Network (VPN).
A virtual private network can be formed using a plurality of different encrypted communication techniques. For example, a client computer may implement a temporary or permanent dedicated communication software application to securely communicate with a server computer. The dedicated communication software application will then encrypt and send messages to the server computer, and receive and decrypt messages received from the server computer. Some examples of this type of dedicated communication software application may embed encrypted messages in conventionally formatted data packets, so that the encrypted messages are unreadable from outside of the secure communication channel. The virtual private networks that employ these embedded communication techniques are sometimes referred to as “tunneling” virtual private networks, because their communications appear to “tunnel” through a public network such as the Internet.
It also should be appreciated that, with some implementations of a virtual private network, the client computer can communicate point-to-point with some or all of the nodes within another network available through the server computer. With still other implementations of a virtual private network, however, the client computer may directly communicate with only a proxy software application on the server computer. The proxy software application will then decrypt communications from the client computer, and route them to the appropriate node within the network. With this type of virtual private network, the proxy software application may be hosted on a computer (or computing node) outside of a firewall protecting the rest of the network. The proxy software application communicates with network nodes through the firewall. Different types of virtual private networks may employ any desired encryption technique. For example, a virtual private network may implement communication channels secured using the Secure Socket Layers (SSL) protocol, the Hypertext Transfer Protocol Secure (HTTPS) protocol (which employs the Secure Socket Layers (SSL) protocol), or the Internet Protocol Security (IPSec) protocol.
While a virtual private network can provide a client computer with secure access to remote resources through a network, the network addresses for the remote resources may conflict with local network addresses. For example, a user may purchase a cable modem or local router for a home network which uses the IP address range 192.168.x.x. Many commercial systems also use this IP address range of 192.168.x.x, however. Accordingly, when the user's computer attempts to access a resource in a remote network, such as a corporate network maintained by the user's employer, the address of the resource on the remote network may conflict with a local resource on the user's home network. For example, in some situations, a server on the remote network may allocate addresses to the client computer for accessing one or more resources on the remote network. If one of these network addresses conflicts with the network address for the network interface card (NIC) of the client computer, the conflict may prevent the client computer from accessing any external resources. As a result, an address conflict may prevent the user's computer from accessing a desired resource in the remote network, or even access a local resource.
Accordingly, it would be desirable to be able to resolve network address conflicts between a client computer's local resources and the resources on a remote network. Further, it would be desirable to resolve conflicts without overwhelming the routing table provided on the client computer or creating unnecessary conflicts within the routing table.