CN116209095A - A network connection method and device - Google Patents

Abstract

The invention discloses a network connection method and device, relates to the field of communication, and solves the problem of difficult virtual private network connection. The network connection method comprises the following steps: receiving a connection request sent by target terminal equipment, wherein the connection request comprises a physical address of the target terminal equipment, and the target terminal equipment accesses a network through wireless access equipment; verifying whether the target terminal equipment has the authority of connecting with the target private network according to the physical address of the target terminal equipment to obtain a verification result; if the verification result shows that the target terminal equipment has the authority of connecting with the target private network, the first IP address is taken out from an address pool of the target private network, and the first IP address is sent to the target terminal equipment; the first IP address is for the target terminal device to connect to the target private network.

Description

A network connection method and device

technical field

The invention relates to the communication field, in particular to a network connection method and device.

Background technique

With the development of computer technology, virtual private network has been widely used.

However, since the virtual private network requires the connected terminal device to access with a fixed IP address (Internet Protocol Address), there is a problem that the terminal device is not easy to access the virtual private network. Terminal equipment that accesses the network in a wired manner can access the virtual private network with a fixed IP address, but the laying of wired lines is subject to construction costs and laying conditions, and it is not easy to promote. Terminal equipment that accesses the network in a wireless manner is often assigned an IP address randomly and dynamically, which cannot meet the access conditions of a virtual private network.

Therefore, how to access the virtual private network more easily has become a technical problem to be solved urgently.

Contents of the invention

The invention provides a network connection method and device, which are used to solve the problem of how terminal equipment accesses a virtual private network.

To achieve the above object, the present invention adopts the following technical solutions:

In the first aspect, the present invention provides a network connection method applied to a server, including: receiving a connection request sent by a target terminal device, where the connection request includes the physical address of the target terminal device, and the target terminal device accesses the network through a wireless access device network; according to the physical address of the target terminal device, verify whether the target terminal device has the authority to connect to the target private network, and obtain the verification result; if the verification result is that the target terminal device has the Taking out the first IP address and sending the first IP address to the target terminal device; the first IP address is used for the target terminal device to connect to the target private network.

Optionally, the server is connected to the user database, and the user database contains the physical address of the terminal device with the authority to connect to the target private network; according to the physical address of the target terminal device, verify whether the target terminal device has the authority to connect to the target private network, and obtain The verification result includes: querying whether the physical address of the target terminal device exists in the user database; if the physical address of the target terminal device exists in the user database, obtain the verification result that the target terminal device has the authority to connect to the target private network.

Optionally, the user database also includes user verification information to verify whether the target terminal device has the authority to connect to the target private network, and also includes: if the physical address of the target terminal device does not exist in the user database, push the user verification information to the target terminal device Information verification interface; receiving the user verification information of the target terminal device sent by the target terminal device, and verifying whether the user verification information of the target terminal device exists in the user database;

If the user verification information of the target terminal device exists in the user database, a verification result is obtained that the target terminal device has the authority to connect to the target private network.

Optionally, the network connection method also includes: if the physical address of the target terminal device does not exist in the user database, and the verification result that the target terminal device has the authority to connect to the target private network is obtained, then saving the physical address of the target terminal device to the user in the database.

Optionally, the user database also includes the network identifier corresponding to the terminal device with the authority to connect to the target private network, and the network identifier points to the target private network with which the terminal device has connection authority; the first IP address is taken out from the address pool of the target private network Previously, the network connection method further includes: according to the network identifier corresponding to the target terminal device in the user database, determining the target private network to which the target terminal device has connection authority.

Optionally, after sending the first IP address to the target terminal device, the network connection method further includes: determining the first IP address as an IP address that cannot be allocated in the address pool of the target private network; When there is an IP address, determine the first IP address as an IP address that can be allocated in the address pool of the target private network.

In the network connection method provided by this application, the server can receive the connection request sent by the target terminal device through the wireless access device, and verify the connection authority of the target terminal device, and the target terminal device can be assigned the target private network address pool after passing the authority verification of the first IP address. On the premise of dynamically assigning addresses for wireless transmission, it meets the needs of trusted IP addresses for the target private network. Dynamic allocation of IP addresses can also make better use of IP address resources, and meet the dynamic access requirements of the target private network with fewer IP addresses.

In similar technologies, because terminal devices need to use trusted IP addresses to access the virtual private network, and these trusted IP addresses usually do not change, and the way of wireless connection is usually to randomly and dynamically assign IP addresses to terminal devices, so wireless connections usually The requirement to access a virtual private network cannot be met. Through the network connection method provided by this application, on the basis of dynamically assigning addresses, after the server verifies the authority of the target terminal device, the target terminal device can be assigned the first IP address in the target private network address pool, that is, the target private network trusted IP address. When the target terminal device accesses the network wirelessly through the wireless access device, it can solve the contradiction between the terminal device being dynamically assigned an IP address by the wireless connection and the target private network can only be accessed through a trusted IP address.

Compared with similar technologies that require a wired connection to access the target private network, the network connection method provided by this application can enable terminal equipment that accesses the network wirelessly to also access the target private network, thereby avoiding It is necessary to lay physical lines at all connection sites, regardless of the laying conditions of physical lines and existing optical cable resources, so that target terminal devices can access the target private network by setting up wireless access devices wherever there is a network.

When the physical address of the target terminal device does not exist in the user database, the server will also perform a second authority verification on the target terminal device. When the target terminal device passes the second permission verification, the physical address of the target terminal device will be saved in the user database, then, the next time the target terminal device connects to the target private network, it does not need to enter the user verification information for permission verification . For users, they can access the target private network without verification, which reduces the operation process and improves user experience.

In addition, the present application can also determine the target private network corresponding to the target terminal device, so the network connection method provided by the present application is also oriented to multiple private networks.

In a second aspect, the present invention provides a network connection method applied to a target terminal device, including: establishing a connection with a wireless access device; broadcasting a connection request through the wireless access device, so that the server receives and verifies the target terminal device Whether you have the right to connect to the target private network, the connection request contains the physical address of the target terminal device; if the target terminal device has the right to connect to the target private network, you will receive the first IP address sent by the server; the first IP address is the slave target The address taken from the address pool of the private network; use the first IP address as the IP address to connect to the target private network.

Optionally, the server is connected to the user database, and the user database contains the physical address of the terminal device with the permission to connect to the target private network; if the physical address of the target terminal device exists in the user database, then the target terminal device has the permission to connect to the target private network. permission.

Optionally, the user database also includes user verification information of a terminal device with the authority to connect to the target dedicated network; if the physical address of the target terminal device does not exist in the user database, before receiving the first IP address sent by the server, the network The connection method also includes: receiving the user verification information verification interface pushed by the server; receiving the input user verification information of the target terminal device, and sending the user verification information of the target terminal device to the server; if the user verification information of the target terminal device exists In the user database, the target terminal device has passed the verification, and the target terminal device has the authority to connect to the target private network.

Optionally, the network connection method further includes: stopping using the first IP address, and disconnecting from the target private network.

The network connection method provided in this application decouples the device establishing a tunnel with the network and the device establishing a connection with the private network, and the target terminal device can use the first IP address to access the private network through the wireless access device establishing a tunnel with the network. For users, the network connection method provided by this application only needs to access the wireless access device to access the target private network, and does not need to configure parameters related to the target private network. After verifying the information, you can directly connect to the target private network after connecting the wireless access device, omitting cumbersome parameter configuration and connection operations, making it easier and faster to access the target private network, and improving user experience.

In a third aspect, the present invention provides a network connection device, including:

The request receiving module is configured to receive the connection request sent by the target terminal device, the connection request includes the physical address of the target terminal device, and the target terminal device accesses the network through the wireless access device.

The information verification module is used to verify whether the target terminal device has the authority to connect to the target dedicated network according to the physical address of the target terminal device, and obtain a verification result.

The address assignment module is configured to take out the first IP address from the address pool of the target private network and send the first IP address to the target terminal device when the verification result is that the target terminal device has the authority to connect to the target private network. The first IP address is used for the target terminal device to connect to the target private network.

In a fourth aspect, the present invention provides a network connection device, including:

The signal connection module is used to establish a connection with the wireless access device.

The data sending module is used to broadcast and send a connection request through the wireless access device, so that the server receives and verifies whether the target terminal device has the right to connect to the target dedicated network, and the connection request includes the physical address of the target terminal device.

The data receiving module is used to receive the first IP address sent by the server when the target terminal device has the authority to connect to the target private network; the first IP address is an address taken from the address pool of the target private network.

The signal connection module is also used to connect to the target private network using the first IP address as the IP address.

For the specific description of the third aspect to the fourth aspect and its various implementation modes in this application, you can refer to the detailed descriptions in the first aspect to the second aspect and its various implementation modes; and, the third aspect to the fourth aspect and For the beneficial effects of various implementations thereof, reference may be made to the analysis of the beneficial effects in the first aspect to the second aspect and various implementations thereof, and will not be repeated here.

These or other aspects of the present application will be more clearly understood in the following description.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.

FIG. 1 is a schematic diagram of a system architecture of a network connection method in an embodiment of the present application;

FIG. 2 is a schematic structural diagram of a computing device included in the basic physical structure of the server 101 and the terminal device 102 in the embodiment of the present application;

FIG. 3 is a schematic flowchart of a network connection method on the server side in an embodiment of the present application;

FIG. 4 is a schematic flow diagram of verifying whether the target terminal device 102 has the authority to connect to the target private network and obtaining the verification result in the embodiment of the present application;

FIG. 5 is a schematic flowchart of a network connection method on the target terminal device side in an embodiment of the present application;

FIG. 6 is a schematic structural diagram of a network connection device in an embodiment of the present application;

FIG. 7 is a schematic structural diagram of another network connection device in an embodiment of the present application.

Detailed ways

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

The terms "first" and "second" are used for descriptive purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly specifying the quantity of indicated technical features. Thus, a feature defined as "first" and "second" may explicitly or implicitly include one or more of these features. In the description of the present invention, unless otherwise specified, "plurality" means two or more.

Embodiments of the present application provide a network connection method and device, and the network connection method is applicable to the system architecture shown in FIG. 1 . The system architecture includes a server 101 , a target terminal device 102 and a wireless access device 103 . The server 101 is connected to or included in the network. The target terminal device 102 is connected to the wireless access device 103 , accesses the network through the wireless access device 103 , and then communicates with the server 101 .

Specifically, the target terminal device 102 may be connected to the wireless access device 103 through a wired connection or a wireless connection.

It should be noted that this application does not limit the number of servers 101, target terminal devices 102 and wireless access devices 103 in the system architecture. This application uses a server 101, a target terminal device 102 and a wireless access device The input device 103 is taken as an example for description.

In a possible embodiment, the server 101 may receive the connection request sent by the target terminal device 102 . The server 101 can also verify whether the target terminal device 102 has the right to connect to the target private network based on the connection request, and obtain a verification result. Further, if the target terminal device 102 has the right to connect to the target private network, the server will send the first IP address to the target terminal device 102, and the first IP address is taken from the address pool of the target private network.

Optionally, the server 101 may determine the first IP address sent to the target terminal device 102 as an unallocated IP address in the address pool of the target private network. The server 101 can also determine the first IP address as an IP address that can be allocated in the address pool of the target private network when the target terminal device 102 stops using the first IP address.

The target terminal device 102 may broadcast a connection request to the server 101 through the wireless access device 103, where the connection request includes the physical address (MediaAccessControlAddress, MAC address) of the target terminal device 102. If the target terminal device 102 has the right to connect to the target private network, the target terminal device 102 will receive the first IP address sent by the server 101, and use the first IP address as the IP address to connect to the target private network.

The wireless access device 103 can establish a connection with the edge router of the core network in the network according to the L2TP protocol (Layer2Tunneling Protocol, Layer 2 Tunneling Protocol), so as to transmit all the data sent by the target terminal device 102 .

In a possible embodiment, the system architecture of the network connection method in the embodiment of the present application further includes a user database 104 , and the user database 104 is connected to the server 101 .

The data in the user database 104 can be retrieved by the server 101 .

Optionally, the user database 104 includes physical addresses of terminal devices that have the authority to connect to the target private network. The physical address of the terminal device in the user database 104 can be used by the server 101 to verify whether the target terminal device 102 has the authority to connect to the target private network.

Optionally, the user database 104 also includes user verification information of a terminal device having the right to connect to the target private network, and the user verification information can be used by the server 101 to verify whether the target terminal device 102 has the right to connect to the target private network.

Optionally, there may be one or more target dedicated networks, and the target dedicated network is included in the network. The user database 104 also includes network identifiers corresponding to terminal devices that have permission to connect to the target private network. The network identifier points to the target private network to which the terminal device has connection permission, and the network identifier can be used by the server 101 to determine the target private network to which the target terminal device 102 has connection permission before taking the first IP address from the address pool of the target private network.

In a possible embodiment, the server 101 includes a user database 104 .

The server 101 in the embodiment of the present application may be a rack server, a blade server, a tower server or a cabinet server, etc., and the construction method may be single integrated, clustered or distributed, which is not mentioned in the embodiment of the present application. Do limit.

The terminal device 102 in the embodiment of the present application may be a mobile phone, a desktop computer, a tablet computer, a notebook computer, a handheld computer, a wearable electronic device, a handheld computer, an ultra-mobile personal computer (Ultra-mobile Personal Computer, UMPC), an electronic device such as a netbook, The embodiments of this application do not impose any limitation on this.

The wireless access device 103 may be a wireless connection device such as a wireless router or a 4G/5G wireless access device, which is not limited in this embodiment of the present application.

The basic physical structures of the server 101 and the terminal device 102 are similar, and both include elements included in the computing device shown in FIG. 2 . The following uses the computing device shown in FIG. 2 as an example to introduce the physical structures of the server 101 and the terminal device 102 .

As shown in FIG. 2 , the computing device may include a processor 201 , a memory 202 , a communication interface 203 , and a bus 204 . The processor 201 , the memory 202 and the communication interface 203 may be connected through a bus 204 .

The processor 201 is the control center of the computing device, and may be one processor, or a general term for multiple processing elements. For example, the processor 201 may be a general-purpose central processing unit (central processing unit, CPU), or other general-purpose processors. Wherein, the general-purpose processor may be a microprocessor or any conventional processor.

As an embodiment, the processor 201 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 2 .

The memory 202 may be a read-only memory (read-only memory, ROM) or other types of static storage devices that can store static information and instructions, a random access memory (random access memory, RAM) or other types of dynamic storage devices that can store information and instructions. The storage device can also be an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a magnetic disk storage medium or other magnetic storage devices, or can be used to carry or store desired program codes in the form of instructions or data structures and any other medium that can be accessed by a computer, but is not limited to.

In a possible implementation manner, the memory 202 may exist independently of the processor 201, and the memory 202 may be connected to the processor 201 through the bus 204, and is used for storing instructions or program codes. When the processor 201 invokes and executes the instructions or program codes stored in the memory 202, the model deployment method provided by the embodiment of the present application can be implemented.

In this embodiment of the present application, for the server 101 and the terminal device 102, the software programs stored in the memory 202 are different, and the functions realized are different. The functions performed by each device will be described in conjunction with the flow chart below.

In another possible implementation manner, the memory 202 may also be integrated with the processor 201 .

The communication interface 203 is used for connecting the computing device with other devices through a communication network, and the communication network may be Ethernet, radio access network (radio access network, RAN), wireless local area network (wireless local area network, WLAN) and so on. The communication interface 203 may include a receiving unit for receiving data, and a sending unit for sending data.

The bus 204 may be an Industry Standard Architecture (Industry Standard Architecture, ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA) bus, etc. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 2 , but it does not mean that there is only one bus or one type of bus.

It should be pointed out that the structure shown in FIG. 2 does not constitute a limitation to the computing device. In addition to the components shown in FIG. 2, the computing device may include more or less components than shown in the illustration, or combine some components, or a different arrangement of components.

As shown in FIG. 3 , a network connection method provided by the present application is applied to a server, such as the server shown in FIG. 1 , and the method may include the following steps S301 to S303.

S301: Receive a connection request sent by a target terminal device, where the connection request includes a physical address of the target terminal device, and the target terminal device accesses a network through a wireless access device.

The target terminal device can access the network through the wireless access device. When the wireless access device accesses the network for the first time, it will be assigned a fixed IP address by the network. Therefore, the wireless access device can serve as a gateway for the target terminal device, enabling the target terminal device to also access the network.

In a possible implementation manner, the target terminal device may use a connector or connection line based on an RJ45 interface (Registered Jack45) to connect to the wireless access device.

In another possible implementation manner, the target terminal device is connected to the wireless access device through a WI FI signal sent by the wireless access device.

For example, the target terminal device accesses the wireless access device through a wired connection or a wireless connection, and the wireless access device establishes a connection with the network through a wireless connection, and then sends a connection request to the server. Further, the server may receive a connection request sent by the target terminal device after accessing the network, and the connection request includes the physical address of the target terminal device, that is, the MAC address.

S302: According to the physical address of the target terminal device, verify whether the target terminal device has the right to connect to the target private network, and obtain a verification result.

S303: If the verification result is that the target terminal device has the authority to connect to the target private network, take the first IP address from the address pool of the target private network, and send the first IP address to the target terminal device. The first IP address is used to connect the target terminal device to the target private network.

Generally, connecting to a virtual private network needs to verify the source address of the connecting end, that is, usually the connecting end uses a fixed and trusted IP address to access the virtual private network.

In this application, the target private network is the aforementioned virtual private network, and the source address of the connection end is the IP address of the target terminal device requesting to connect to the target private network. The target terminal device does not have an IP address at this time, and needs to be assigned by the server.

When the verification result obtained by the server verification is that the target terminal device has the authority to connect to the target private network, the server fetches the first IP address from the address pool of the target private network, and sends it to the target terminal device. Wherein, since the first IP address is an address in the address pool of the target private network, that is, a trusted IP address of the target private network, the target terminal device can use the first IP address to connect to to the target private network.

It can be seen from the above embodiments that in the network connection method provided by the present application, the server receives the connection request sent by the target terminal device, and verifies whether the target terminal device has the right to access the target private network. If the target terminal device has the right to connect to the target private network, the first IP address sent by the server can enable the target terminal device to connect to the target private network.

In similar technologies, because terminal devices need to use trusted IP addresses to access the virtual private network, and these trusted IP addresses usually do not change, and the way of wireless connection is usually to randomly and dynamically assign IP addresses to terminal devices, so wireless connections usually The requirement to access a virtual private network cannot be met. Through the network connection method provided by this application, on the basis of dynamically assigning addresses, after the server verifies the authority of the target terminal device, the target terminal device can be assigned the first IP address in the target private network address pool, that is, the target private network trusted IP address. When the target terminal device accesses the network wirelessly through the wireless access device, it can solve the contradiction between the terminal device being dynamically assigned an IP address by the wireless connection and the target private network can only be accessed through a trusted IP address.

Compared with similar technologies that require a wired connection to access the target private network, the network connection method provided by this application can enable terminal equipment that accesses the network wirelessly to also access the target private network, thereby avoiding It is necessary to lay physical lines at all connection sites, regardless of the laying conditions of physical lines and existing optical cable resources, so that target terminal devices can access the target private network by setting up wireless access devices wherever there is a network.

In a possible embodiment, the server is connected to the user database, and the user database contains the physical addresses of the terminal devices that have the authority to connect to the target private network. As shown in Figure 4, according to the physical address of the target terminal device, verify whether the target terminal device has the authority to connect to the target private network, and obtain the verification result, which may include S3021 to S3022:

S3021: Query whether the physical address of the target terminal device exists in the user database.

S3022: If the physical address of the target terminal device exists in the user database, obtain a verification result that the target terminal device has the authority to connect to the target private network.

Since the physical address of the terminal device is a distinguishing identifier of the terminal device, it can be used to verify whether the terminal device has the authority of the target private network.

For example, if the physical address of the target terminal device is "CC-85-E2-00-6A-E2", then query whether "CC-85-E2-00-6A-E2" exists in the user database. If "CC-85-E2-00-6A-E2" exists, the target terminal device has the authority to connect to the target private network.

It can be seen from the above embodiments that when the physical address of the target terminal device exists in the user database, the target terminal device only needs to send a connection request including its own physical address, which triggers the server to verify the target terminal device. For the user, when the physical address of the target terminal device exists in the user database, and the target terminal device accesses the network through a wireless access device, the network connection method provided by this application can achieve "instant connection". That is, as long as the target terminal device accesses the wireless access device, it can access the target private network. Compared with similar technologies, the network connection method provided by this application not only verifies the target terminal device, but also saves the cumbersome operation of manually verifying each time for the user, which facilitates the user to access the target private network and improves user experience.

In a possible embodiment, the user database further includes user verification information of terminal devices connected to the target private network. Verify whether the target terminal device has the authority to connect to the target private network, also including S3023 to S3025:

S3023: If the physical address of the target terminal device does not exist in the user database, push a user verification information verification interface to the target terminal device.

If the physical address of the target terminal device does not exist in the user database, then the target terminal device may be a terminal device without permission to connect to the target private network, or the target terminal device may be a terminal device with permission to connect to the target private network, but the physical address of the target terminal device The address has not been stored in the user database. Therefore, further verification can be used to determine whether the target terminal device has the right to connect to the target private network.

S3024: Receive the user verification information of the target terminal device sent by the target terminal device, and verify whether the user verification information of the target terminal device exists in the user database.

For example, if the physical address of the target terminal device does not exist in the user database, the server pushes a user verification information interface to the target terminal device. The user verification information interface contains an input box, and the content that the user can enter in the input box includes user verification information . The server receives the user verification information obtained by the target terminal device in the input box, and compares it with the user verification information of the target terminal device in the user database.

In a possible embodiment, the user authentication information is a user name and a password. In addition, the user verification information may also be other information, such as a verification code. In the embodiment of the present application, the user name and password are used as the user verification information only as an example, and do not constitute an actual limitation to the present application.

S3025: If the user verification information of the target terminal device exists in the user database, obtain a verification result that the target terminal device has the authority to connect to the target private network.

As can be seen from the above-mentioned embodiments, the network connection method provided by the present application can further verify whether the target terminal device has a dedicated network for connection to the target terminal device through user verification information when the physical address of the target terminal device does not exist in the user database. .

In a possible embodiment, if the physical address of the target terminal device does not exist in the user database, and the verification result that the target terminal device has the authority to connect to the target private network is obtained, then the physical address of the target terminal device is saved in the user database middle.

It can be seen that when the physical address of the target terminal device does not exist in the user database, and the target terminal device has the authority to connect to the target private network through the verification of the user authentication information, the user database will store the physical address of the target terminal device. In this way, after the target terminal device sends a connection request next time, it can be directly determined by the server as a terminal device with the right to connect to the target dedicated network without being authenticated by the user verification information again. For the user, only the user verification information needs to be entered when accessing the target private network for the first time, and no further operation is required for the second time and thereafter, which can achieve the above-mentioned effect of connecting to the target private network by accessing the wireless connection device , improving the user experience.

In a possible embodiment, the user database further includes a network identifier corresponding to a terminal device having permission to connect to the target private network, and the network identifier points to the target private network to which the terminal device has connection permission. Before taking out the first IP address from the address pool of the target private network, the network connection method further includes: determining the target private network to which the target terminal device has connection authority according to the network identifier corresponding to the target terminal device in the user database.

For example, the target terminal device has the right to connect to the target private network, and in the user database, the network identifier corresponding to the target terminal device points to the private network A. Then, the server determines private network A as the target private network of the target terminal device. Further, the server will take out the first IP address from the address pool of network A, and send the first IP address to the target terminal device.

It can be seen from the above embodiments that, in the network connection method provided by the present application, after verifying that the target terminal device has the authority to connect to the target private network, it further determines which private network the target private network corresponds to. And, by allocating the IP address in the address pool of the corresponding target private network to the target terminal device, the target terminal device is made to access the corresponding target private network. In this way, the network connection method provided by the present application can be oriented to multiple private networks, and only one server for verifying the authority of the terminal device is needed.

In a possible embodiment, after sending the first IP address to the target terminal device, the network connection method further includes: determining the first IP address as an unallocated IP address in the address pool of the target private network. When the target terminal device stops using the first IP address, determine the first IP address as an IP address that can be allocated in the address pool of the target private network.

It should be understood that IP addresses are limited, and at the same time, one IP address can only be used by one network device. However, terminal devices that access the network through wireless connections have high mobility. Generally, terminal devices that access the network obtain IP addresses in a dynamic manner, that is, they are assigned IP addresses only when they need to access the network.

After the server assigns the first IP address to the target terminal device, the first IP address can no longer be used by other terminal devices, then the server will determine the first IP address as an IP address that cannot be allocated in the address pool of the target private network . When the target terminal device stops using the first IP address, the first IP address can be used by other terminal devices again, and the server will determine the first IP address as an IP address that can be allocated.

It can be seen that the present application dynamically allocates IP addresses through the above method, even if the target terminal device can access the target private network, the address in the target private network address pool is allocated on demand, and will not be occupied by a terminal device for a long time. In this way, fewer IP addresses can meet the dynamically changing connection requirements of the target private network.

It can be seen from the above embodiments that in the network connection method provided by this application, the server can receive the connection request sent by the target terminal device through the wireless access device, and verify the connection authority of the target terminal device. Allocate the first IP address of the target private network address pool. On the premise of dynamically assigning addresses for wireless transmission, it meets the needs of trusted IP addresses for the target private network. Dynamic allocation of IP addresses can also make better use of IP address resources, and meet the dynamic access requirements of the target private network with fewer IP addresses.

When the physical address of the target terminal device does not exist in the user database, the server will also perform a second authority verification on the target terminal device. When the target terminal device passes the second permission verification, the physical address of the target terminal device will be saved in the user database, then, the next time the target terminal device connects to the target private network, it does not need to enter the user verification information for permission verification . For users, they can access the target private network without verification, which reduces the operation process and improves user experience.

In addition, the present application can also determine the target private network corresponding to the target terminal device, so the network connection method provided by the present application is also oriented to multiple private networks.

As shown in FIG. 5 , a network connection method provided by the present application is applied to a target terminal device, such as the target terminal device 102 shown in FIG. 1 , and the method may include the following steps S501 to S504.

S501: Establish a connection with a wireless access device.

S502: Broadcast and send a connection request through the wireless access device, so that the server receives and verifies whether the target terminal device has the right to connect to the target private network, and the connection request includes the physical address of the target terminal device.

Since the target terminal device has not been assigned an IP address at this time, it can only use 0.0.0.0 as the IP address for communication. However, because 0.0.0.0 cannot be used for normal communication, and the target terminal device does not have the address of a server that can assign an IP address to it, the target terminal device will broadcast a connection request to the network through the wireless access device, and the connection The request contains the physical address of the target end device.

In a possible implementation manner, the wireless access device establishes a connection with the edge router of the core network in the network based on the L2TP protocol (Layer 2 Tunneling Protocol).

It should be understood that when data is being transmitted, a transmission path will be searched according to the source IP address and the destination IP address. After finding the transmission path, the source physical address carried by the data frame points to the target terminal device, and the destination physical address points to the gateway, that is, the wireless access device. Then, the data frame will change according to the change of the transmitting router and the receiving router in each hop. Therefore, the data frame received by the final destination IP address does not carry the physical address of the target terminal device pointed to by the source IP address, but the physical address of the previous network transmission device.

The L2TP protocol can establish a point-to-point tunnel transmission, use the original data as the payload data, and then seal the L2TP message header and the PPP message header. The encapsulated L2TP message header and PPP message header are used to indicate data transmission, so that the source physical address carried by the payload data will not be changed during transmission.

In this way, the data transmitted from the wireless access device can carry the physical address of the target terminal device, which is safer and more reliable than directly sending the physical address of the target terminal device.

S503: If the target terminal device has the authority to connect to the target private network, receive a first IP address sent by the server, where the first IP address is an address taken from an address pool of the target private network.

S504: Connect to the target private network by using the first IP address as the IP address.

For example, the target terminal device has the authority to connect to the target private network, and the target terminal device may receive the first IP address "116.179.33.144" taken out by the server from the address pool of the target private network. The target terminal device responds to the server accepting the address, and uses the first IP address "116.179.33.144" as the IP address to connect to the target private network.

It can be seen from the above-mentioned embodiments that in the network connection method provided by this application, after the target terminal device is connected to the network through the wireless access device, it only needs to send a connection request carrying a hardware address, and the first IP address can be obtained through verification, and connected to Target private network.

The target terminal device is connected wirelessly, so that it is not subject to the problem of laying wired lines, and can access the target private network through the wireless access device in any occasion where there is a network.

In addition, this application decouples the device that establishes the tunnel from the device that finally accesses the target private network, uses the wireless access device to establish the tunnel, and the final target terminal device obtains the IP address in the target private network address pool and connects to the target private network. In this way, when accessing the target private network, only the wireless access device needs to configure the parameters corresponding to the target private network connection, while the target terminal device only needs to connect to the wireless access device without complex configuration, which simplifies user The operation of accessing the target's private network.

In a possible embodiment, the server is connected to the user database, and the user database contains the physical addresses of the terminal devices that have the authority to connect to the private network of the target. If the physical address of the target terminal device exists in the user database, then the target terminal device has the right to connect to the target private network.

In a possible embodiment, the user database further includes user verification information of terminal devices that have the authority to connect to the target dedicated network. If the physical address of the target terminal device does not exist in the user database, before receiving the first IP address sent by the server, the network connection method further includes: receiving a user verification information verification interface pushed by the server. The input user verification information of the target terminal device is received, and the user verification information of the target terminal device is sent to the server. If the user verification information of the target terminal device exists in the user database, the target terminal device has passed the verification, and the target terminal device has the authority to connect to the target private network.

It can be seen from the foregoing embodiments that the present application provides two verifications of the connection authority to the target terminal device. When the physical address of the target terminal device exists in the user database, the target terminal device has the right to access. When the physical address of the target terminal device does not exist in the user database, the verification information verification interface pushed by the server can be used to further verify the connection authority. The first verification enables terminal devices whose physical addresses exist in the user database to quickly and conveniently connect to the target private network, and the second verification allows terminal devices whose physical addresses do not exist in the user database to pass verification and connect to the target private network.

In a possible embodiment, the addresses in the address pool of the target network can be used to connect to the target private network according to policy routing in the network.

Traditional routing table forwarding can only make decisions and provide routes based on the destination address of the data, while policy routing can make decisions and provide routes based on characteristics such as source address, destination address, source port, destination port, and protocol, which is flexible. When the routing table of the target private network is complex, or there are multiple entrances and exits of the target private network, it is necessary to control the access of different services, applications, and terminal devices, and it is more suitable to use policy routing.

For example, the target private network has two data entrances and exits, destination port A and destination port B, and it is required that the target terminal device must access the target private network through destination port A. Therefore, when the target terminal device searches for a routing path to access the target private network, it will obtain a corresponding routing path A, and the target terminal device is connected to the destination port A of the target private network through the routing path A.

Of course, there are other configuration methods for policy routing, such as configuring the routing path between the target terminal device and the target private network according to load balancing. In the embodiment of this application, the destination port is used to make decisions and provide routes. constitute a practical limit.

In a possible embodiment, the network connection method further includes: stopping using the first IP address, and disconnecting from the target private network.

There are many ways of dynamic address allocation. For example, the allocated IP address has a usage time, and the usage right will be revoked if the lease is not renewed upon expiration. Alternatively, the assigned IP address will be reclaimed upon disconnection.

For example, when the use of the first IP address by the target terminal device expires, the target terminal device no longer has the right to use the first IP address, the connection with the target private network will be disconnected, and the first IP address will be deleted by the server. take back.

It can be seen from the above-mentioned embodiments that the network connection method provided by the present application decouples the device that establishes a tunnel with the network and the device that establishes a connection with a private network, and the target terminal device can use the first IP address to establish a tunnel with the network. The device is connected to the private network. For users, the network connection method provided by this application only needs to access the wireless access device to access the target private network, and does not need to configure parameters related to the target private network. After verifying the information, you can directly connect to the target private network after connecting the wireless access device, omitting cumbersome parameter configuration and connection operations, making it easier and faster to access the target private network, and improving user experience.

As shown in FIG. 6, in some embodiments, a network connection device provided by the present application may include:

The request receiving module 601 is configured to receive a connection request sent by a target terminal device, the connection request includes the physical address of the target terminal device, and the target terminal device accesses the network through a wireless access device.

The information verification module 602 is configured to verify whether the target terminal device has the authority to connect to the target private network according to the physical address of the target terminal device, and obtain a verification result.

The address allocation module 603 is configured to take out the first IP address from the address pool of the target private network when the verification result is that the target terminal device has the authority to connect to the target private network, and send the first IP address to the target terminal device, the second An IP address for the target terminal device to connect to the target private network.

In a possible embodiment, the server is connected to the user database, and the user database contains the physical addresses of the terminal devices that have the authority to connect to the target private network. The information verification module 602 is specifically used to: query whether the physical address of the target terminal device exists in the user database; if the physical address of the target terminal device exists in the user database, obtain the verification result that the target terminal device has the authority to connect to the target private network.

In a possible embodiment, the user database also includes user verification information, and the information verification module 602 is also configured to: if the physical address of the target terminal device does not exist in the user database, push the user verification information verification information to the target terminal device. interface. Receive the user verification information of the target terminal device sent by the target terminal device, and verify whether the user verification information of the target terminal device exists in the user database. If the user verification information of the target terminal device exists in the user database, a verification result is obtained that the target terminal device has the authority to connect to the target private network.

In a possible embodiment, the information verification module 602 is further configured to: if the physical address of the target terminal device does not exist in the user database, and the verification result that the target terminal device has the authority to connect to the target private network is obtained, then the target terminal device The physical address of the terminal device is stored in the user database.

In a possible embodiment, the user database further includes a network identifier corresponding to a terminal device having permission to connect to the target private network, and the network identifier points to the target private network to which the terminal device has connection permission. The address assignment module 603 is further configured to: before taking out the first IP address from the address pool of the target private network, determine the target private network to which the target terminal device has connection authority according to the network identifier corresponding to the target terminal device in the user database.

In a possible embodiment, the address allocation module 603 is further configured to: after sending the first IP address to the target terminal device, determine the first IP address as an IP address that cannot be allocated in the address pool of the target private network. When the target terminal device stops using the first IP address, determine the first IP address as an IP address that can be allocated in the address pool of the target private network.

As shown in FIG. 7, in some embodiments, a network connection device provided by the present application may include:

A signal connection module 701, configured to establish a connection with a wireless access device.

The data sending module 702 is configured to broadcast and send a connection request through the wireless access device, so that the server receives and verifies whether the target terminal device has permission to connect to the target private network, and the connection request includes the physical address of the target terminal device.

The data receiving module 703 is configured to receive the first IP address sent by the server when the target terminal device has the authority to connect to the target private network, and the first IP address is an address taken from the address pool of the target private network.

The signal connection module 701 is further configured to use the first IP address as the IP address to connect to the target private network.

In a possible embodiment, the server is connected to the user database, and the user database contains the physical addresses of the terminal devices that have the authority to connect to the private network of the target. If the physical address of the target terminal device exists in the user database, then the target terminal device has the right to connect to the target private network.

In a possible embodiment, the user database further includes user verification information of terminal devices that have the authority to connect to the target dedicated network. If the physical address of the target terminal device does not exist in the user database, before receiving the first IP address sent by the server, the data receiving module 703 is further configured to: receive the user verification information verification interface pushed by the server. The input user verification information of the target terminal device is received, and the user verification information of the target terminal device is sent to the server. If the user verification information of the target terminal device exists in the user database, the target terminal device has passed the verification, and the target terminal device has the authority to connect to the target private network.

In a possible embodiment, the signal connection module 701 is further configured to: stop using the first IP address, and disconnect from the target private network.

The embodiment of the present application also provides a computer-readable storage medium, on which a program or instruction is stored, and when the program or instruction is executed by a processor, each step in the foregoing method embodiment is implemented.

Wherein, the computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination thereof. More specific examples (non-exhaustive list) of readable storage media include: an electrical connection having one or more wires, a portable computer disk, a hard disk. Random Access Memory (Random Access Memory, RAM), Read-Only Memory (Read-Only Memory, ROM), Erasable Programmable Read-Only Memory (ErasableProgrammableReadOnlyMemory, EPROM), Registers, Hard Disk, Optical Fiber, Portable Compact Disk Read-Only Memory (CompactDiscRead -OnlyMemory, CD-ROM), optical storage device, magnetic storage device, or any other form of readable storage medium in an appropriate combination of the above, or values in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be a component of the processor. The processor and the storage medium may be located in an application specific integrated circuit (Application Specific Integrated Circuit, ASIC). In the embodiments of the present application, a computer-readable storage medium may be any tangible medium containing or storing a program, and the program may be used by or in combination with an instruction execution system, device or device.

The embodiments of the present application provide a computer program product, the computer program product is stored in a non-volatile storage medium, and the computer program product is executed by at least one processor to implement the steps shown in the foregoing method embodiments.

In the above embodiments, all or part of the implementation may be implemented by software, physics, firmware or any combination thereof. When implemented using a software program, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in a readable storage medium or transmitted from one readable storage medium to another readable storage medium, for example, the computer instructions may be transmitted from a website site, a computer, a server or a data center via a wired ( Such as coaxial cable, optical fiber, digital subscriber line (Digital Subscriber Line, DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website site, computer, server or data center. The readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a solid state disk (SolidStateDisk, SSD)) and the like.

Through the description of the above embodiments, those skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of the above-mentioned functional units is used as an example for illustration. In practical applications, the above-mentioned functions can be allocated according to needs Completed by different functional units, that is, the internal structure of the device is divided into different functional units to complete all or part of the functions described above. For the specific working process of the above-described system, device, and unit, reference may be made to the corresponding process in the foregoing method embodiments, and details are not repeated here.

Since the devices, readable storage media, and computer program products in the embodiments of the present application can be applied to the above-mentioned methods, the technical effects that can be obtained can also refer to the above-mentioned method embodiments, and the embodiments of the present application are not repeated here. repeat.

It should be noted that each of the above units can be implemented as a separate processor, or can be integrated into a certain processor of the controller. In addition, it can also be stored in the memory of the controller in the form of program code. One of the processors calls and executes the functions of the above units. The processor mentioned here may be a central processing unit (Central Processing Unit, CPU), or a specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits configured to implement the embodiments of the present application.

It should be understood that, in various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not be used in the embodiments of the present application. The implementation process constitutes any limitation.

Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic physics, or a combination of computer software and electronic physics. Whether these functions are implemented in a physical or software manner depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or integrated. to another system, or some features may be ignored, or not implemented. In another point, the mutual coupling, direct coupling or communication connection shown or discussed may be realized through an interface, and the interface connection may be in an electrical, mechanical or other form.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.

The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims (12)

1. A network connection method, applied to a server, comprising:

receiving a connection request sent by target terminal equipment, wherein the connection request comprises a physical address of the target terminal equipment, and the target terminal equipment accesses a network through wireless access equipment;

Verifying whether the target terminal equipment has the authority of connecting with a target private network according to the physical address of the target terminal equipment to obtain a verification result;

if the verification result is that the target terminal equipment has the authority of connecting the target private network, a first IP address is taken out from an address pool of the target private network, and the first IP address is sent to the target terminal equipment; the first IP address is used for the target terminal device to connect to the target private network.

2. The network connection method according to claim 1, wherein the server is connected to a user database containing physical addresses of terminal devices having rights to connect to the target private network; and verifying whether the target terminal equipment has the right to connect with the target private network according to the physical address of the target terminal equipment to obtain a verification result, wherein the verification result comprises the following steps:

inquiring whether the physical address of the target terminal equipment exists in the user database;

and if the physical address of the target terminal equipment exists in the user database, obtaining a verification result that the target terminal equipment has the authority to connect with the target private network.

3. The network connection method according to claim 2, wherein the user database further contains user authentication information, and the authentication of whether the target terminal device has the right to connect to the target private network, further comprises:

if the physical address of the target terminal equipment does not exist in the user database, pushing a user verification information verification interface to the target terminal equipment;

receiving user authentication information of the target terminal equipment sent by the target terminal equipment _， And verifying whether user verification information of the target terminal device exists in the user database;

and if the user authentication information of the target terminal equipment exists in the user database, obtaining an authentication result that the target terminal equipment has the authority to connect the target private network.

4. A network connection method according to claim 3, characterized in that the method further comprises:

if the physical address of the target terminal equipment does not exist in the user database and a verification result that the target terminal equipment has the authority to connect with the target private network is obtained, the physical address of the target terminal equipment is stored in the user database.

5. The network connection method according to any one of claims 2 to 4, wherein the user database further contains a network identifier corresponding to the terminal device having the authority to connect to the target private network, the network identifier pointing to the target private network to which the terminal device has the authority to connect; before the first IP address is fetched from the address pool of the target private network, the method further includes:

and determining the target special network with the connection authority of the target terminal equipment according to the network identifier corresponding to the target terminal equipment in the user database.

6. The network connection method according to claim 1, wherein after the first IP address is sent to the target terminal device, further comprising:

determining the first IP address as a I P address in the address pool of the target private network that cannot be allocated;

when the target terminal device stops using the first IP address, the first IP address is determined as an IP address which can be allocated in an address pool of the target special network.

7. A network connection method, applied to a target terminal device, comprising:

Establishing a connection with a wireless access device;

broadcasting and sending a connection request through the wireless access equipment so that a server receives and verifies whether the target terminal equipment has the authority of connecting with a target special network, wherein the connection request comprises the physical address of the target terminal equipment;

if the target terminal equipment has the authority of connecting the target private network, a first IP address sent by the server is received; the first IP address is an address taken out of an address pool of the target private network;

and connecting to the target private network by taking the first IP address as an IP address.

8. The network connection method according to claim 7, wherein the server is connected to a user database containing physical addresses of terminal devices having rights to connect to the target private network; and if the physical address of the target terminal equipment exists in the user database, the target terminal equipment has the authority of connecting the target special network.

9. The network connection method according to claim 8, wherein the user database further contains user authentication information of the terminal device having authority to connect to the target private network; if the physical address of the target terminal device does not exist in the user database, before receiving the first IP address sent by the server, the method further includes:

Receiving a user verification information verification interface pushed by the server;

receiving input user authentication information of the target terminal equipment, and sending the user authentication information of the target terminal equipment to the server; if the user verification information of the target terminal equipment exists in the user database, the target terminal equipment passes verification, and the target terminal equipment has the authority of connecting the target private network.

10. The network connection method as recited in claim 7, wherein the method further comprises:

and stopping using the first IP address, and disconnecting from the target special network.

11. A network connection device, comprising:

a request receiving module, configured to receive a connection request sent by a target terminal device, where the connection request includes a physical address of the target terminal device, and the target terminal device accesses a network through a wireless access device;

the information verification module is used for verifying whether the target terminal equipment has the authority of connecting the target special network according to the physical address of the target terminal equipment to obtain a verification result;

The address allocation module is used for taking out a first IP address from an address pool of the target special network and sending the first IP address to the target terminal equipment when the verification result shows that the target terminal equipment has the authority of connecting the target special network; the first IP address is used for the target terminal device to connect to the target private network.

12. A network connection device, comprising:

the signal connection module is used for establishing connection with the wireless access equipment;

the data sending module is used for broadcasting and sending a connection request through the wireless access equipment so that a server receives and verifies whether target terminal equipment has the authority of connecting a target special network or not, wherein the connection request comprises a physical address of the target terminal equipment;

the data receiving module is used for receiving a first IP address sent by the server when the target terminal equipment has the authority of connecting the target private network; the first IP address is an address taken out of an address pool of the target private network;

the signal connection module is further configured to connect to the target private network with the first IP address as an IP address.

Images