A Virtual Private Network (VPN) is a technology of establishing a private data communication network in a public network relying on an Internet Service Provider (ISP) and a Network Service Provider (NSP). According to networking types, the VPN may be divided into a fixed VPN and a mobile VPN. The fixed VPN provides users with VPN access through a fixed communication network, while the mobile VPN provide users with VPN access through such mobile communication networks as a General Packet Radio Service (GPRS) network/Wide-brand Code Division Multiplex Access (WCDMA) network/Code Division Multiplex Access (CDMA) network/Long Term Evolution-System Architecture Evolution (LTE-SAE) network.
In the mobile VPN, a Mobile Subscriber (MS) may need to act as an MS router to serve a mobile VPN branch network. In this case, a mobile packet gateway needs to obtain both an IP address of the MS (a network address) and information about a network segment IP address of the mobile VPN branch network served by the MS. Therefore, the IP address of the MS and the network segment IP address of the mobile VPN branch network may be associated with a same Packet Data Protocol Context (PDP context). In this way, the MS and all hosts of the mobile VPN branch network exchange IP traffic with an external device through the associated PDP context by using their respective IP addresses.
In the prior art, the mobile packet gateway obtains the IP address of the MS and the network segment IP address of the mobile VPN branch network served by the MS through an Authentication Authorization Accounting Server (AAA Server). When the MS is activated, the mobile packet gateway sends a Radius Access Request message to the AAA Server according to presetting; after determining that the MS enables an MS Router function, the AAA Server adds the pre-stored IP address of the MS and the network segment IP address of the mobile VPN branch network served by the MS to a Radius Access Accept message, and returns the Radius Access Accept message to the mobile packet gateway; the mobile packet gateway obtains the IP address of the MS and the network segment IP address of the mobile VPN branch network from the Radius Access Accept message.
During the implementation of mobile VPN communication, the inventor discovers at least the following problems in the prior art: According to technical solutions in the prior art, the information about the network segment IP address of the mobile VPN branch network stored on the AAA Server is pre-configured, however, the mobile VPN branch network served by the MS changes frequently; therefore, the information about the network segment IP address of the mobile VPN branch network stored on the AAA Server needs to be changed manually and frequently, so that the mobile packet gateway may perform the mobile VPN communication according to a new network segment IP address of the mobile VPN branch network. Therefore, network maintenance efficiency is low in the prior art.