Abstract Page v
© 2009 Chen Xu Page v
Abstract
Wireless networks introduce a whole range of challenges to the traditional TCP/IP
network, especially Virtual Private Network (VPN). Changing IP address is a difficult issue for
VPNs in wireless networks because IP addresses are used as one of the identifiers of a VPN
connection and the change of IP addresses will break the original connection. The current
solution to this problem is to run VPN tunnels over Mobile IP (MIP). However, Mobile IP itself
has significant problems in performance and security and that solution is inefficient due to double
tunneling.
This thesis proposes and implements a new and novel solution on simulators and real
devices to solve the mobility problem in a VPN. The new solution adds mobility support to
existing L2TP/IPsec (Layer 2 Tunneling Protocol/IP Security) tunnels. The new solution tunnels
Layer 2 packets between VPN clients and a VPN server without using Mobile IP, without
incurring tunnel-re-establishment at handoff, without losing packets during handoff, achieves
better security than current mobility solutions for VPN, and supports fast handoff in IPv4
networks.
Experimental results on a VMware simulation showed the handoff time for the VPN
tunnel to be 0.08 seconds, much better than the current method which requires a new tunnel
establishment at a cost of 1.56 seconds.
Experimental results with a real network of computers showed the handoff time for the
VPN tunnel to be 4.8 seconds. This delay was mainly caused by getting an IP address from
DHCP servers via wireless access points (4.6 seconds). The time for VPN negotiation was only
0.2 seconds. The experimental result proves that the proposed mobility solution greatly reduces
the VPN negotiation time but getting an IP address from DHCP servers is a large delay which
obstructs the real world application. This problem can be solved by introducing fast DHCP or
supplying an IP address from a new wireless access point with a strong signal while the current
