The present invention relates to communication networks, and more specifically, to virtual private networks.
A virtual private network (VPN) extends a private network across a public network, for example the Internet. Use of a VPN enables users to send and receive data across shared or public networks as if their processing devices were directly connected to a private network. Thus, using a VPN, users benefit from the functionality, security and management policies of the private network, though the users may be remotely located with respect to the systems/devices (e.g., a domain server) managing the private network. A VPN is created by establishing a point-to-point connection through the use of a VPN tunnel.
From a user perspective, extended network resources are accessed in the same way as resources available within the private network. This allows employees to securely access a corporate intranet while working outside the office. Similarly, VPNs can be used to securely connect geographically separated offices of an organization, creating a cohesive network. VPNs also can be used by individual Internet users to, among other things, secure wireless transactions.
Businesses have been leveraging Virtual Private Networks (VPN) for the past several years to enable their workforce to connect to enterprise resources over the public network. For example, an enterprise may provision a VPN gateway to provide secure access to the enterprise resources. However with the proliferation of multiple devices (laptop, tablet, smartphones, etc.) and the application ecosystem, it is necessary to enhance VPN capabilities in order to make the user's experience faster and more seamless. Indeed, today users are connecting to multiple VPN networks (work, home, school, etc.) from their devices and they tend to keep all those connections active in parallel on their system. There is no intelligent mechanism, however, to decide which VPN gateways to leverage in real time to handle traffic generated by the different applications residing on the user's device. Currently devices use a static routing table to decide where outbound traffic should be sent, which is inefficient.
U.S. Patent Publication No. 20130205025A1 discloses “[t]he first VPN gateway sends an indication of the second VPN gateway to the remote access client and maintains the first secure communication tunnel while the remote access client accesses the first resource of the enterprise network through a second secure communication tunnel established between the remote access client and the second VPN gateway” and “[e]ach VPN gateway may be operable to provide secure access to the same subset of a plurality of resources of the enterprise network.” Thus, the selection of the second VPN gateway is performed by the first VPN gateway. Moreover, both VPN gateways merely provide access to the same subnet. Thus, using multiple gateways to access different subnets required to be accessed by different applications executing on a client device is not addressed, and solutions for enabling this to happen are not provided.