在以往的網路環境中，私有網路要完成相互連結的工作時，通常都是使用專線來完成，可是專線的費用非常昂貴，尤其遇到跨國連線時，費用更高。VPN是連接私有網路的技術，有別於傳統的專線，VPN提供更佳的彈性與更便宜的價格，IPSec是實行VPN的技術之一，IPSec主要架設在固定IP，若要架設於動態的IP環境則必須要付出較高的管理成本，目前Internet的環境下固定IP的取得成本較動態IP來的高，若能夠在動態IP下架設VPN將更為便利。
本論文提出使用DDNS來協助IPSec在動態IP中架設VPN，並加入Firewall來增加安全性。DDNS提供IP更新機制讓成員得知其他成員的IP位址來完成VPN的建立，在認證方面採用DNSSEC/TSIG，並搭配Firewall的狀態檢測技術來強化IPSec安全性，降低攻擊者的攻擊與入侵。
論文中針對所提方法的相關效能與資料流之間的安全性做評估與探討。效能評估方面分別在實驗室內區域網路以及Internet的環境作測試，根據測試所得到的結果證明所提的方法能夠適應於現實的網路環境。安全性方面則對所有資料流做探討，確保主機與主機之間的所有資料溝通安全性是無顧慮。在多項數據的評估下，證明本論文確實能使IPSec VPN更具彈性，使得IPSec VPN的應用更為廣泛。

About the network environment, we used to use the leased line for private network interconnection, but the expense of leased line is very expensive, the expense could be higher when the leased line is used for transnational interconnection. VPN(Virtua Private Network) is the technology for private network interconnection, being different from the traditional leased line, VPN offers more flexible and cheaper price. IPSec(IP Protocol Security) is one of the technologies for implementing VPN, it is implemented in a static IP network mainly. If we want to implement IPSec in a dynamic IP network, we have to demand higher management cost. The expense of static IP is higher than dynamic IP in the
Internet. It will be more convenient if VPN can implement in a dynamic IP network.
This thesis proposes using DDNS(Dynamic Domain Name System) to be assistance the IPSec for implementing VPN in a dynamic IP network; we could add Firewall to enhance the security. DDNS offers dynamic addition and deletion of DNS records to notice each member’s IP address for the VPN implementing, and adopts DNSSEC(DNS Security extension)/TSIG(Transaction Signature) for authentication. For reduce the assailants’ attack and invasions, we could strengthen the IPSec’s security level by using Firewall with its stateful-inspection technique.
This thesis focuses on evaluating the performances and discussing the security of data-flow between servers. Performance evaluations investigated into both LAN and Internet separately. Based on the result of investigations, it proves the proposition can adapt to the realistic network environment, it also discuss with the security of data commutations between the servers. According the investigations and evaluations, this thesis proves the applications of IPSec and VPN can be used more flexibility and more
extensive.

【1】Charlie Scott, Paul Wolfe, Mike Erwin,“Virtual Private Network, Second
Edition”, O'Reilly, January 1999.
【2】翁木龍, “Linux環境下以AES及SHA-256強化VPN的設計與實現”, 高雄第一科技大學
碩士論文, July 2002.
【3】Point-to-Point Tunneling Protocol (PPTP), RFC 2637, July 1999.
【4】Generic Routing Encapsulation (GRE), RFC 1701, October 1994.
【5】Generic Routing Encapsulation over IPv4 networks, RFC 1702, October 1994.
【6】Layer Two Tunneling Protocol (L2TP), RFC 2661, August 1999.
【7】Security Architecture for the Internet Protocol, RFC 2401, November 1998.
【8】The TSL Protocol Version 1.0, RFC 2246, January 1999.
【9】Naganand Doraswamy, Dan Harkins, “IPSec: the new security standard for
the Internet, intranets, and virtual private networks, Second Edition” ,
Prentice-Hall, March 2003.
【10】Carlton R. Davis, “IPSec-VPN安全架構與實作”, 麥格羅.希爾國際出版社,
June 2002.
【11】Internet Protocol, Version 6 (IPv6) Specification, RFC 2460, December
1998.
【12】The Internet Key Exchange (IKE), RFC 2409, November 1998.
【13】Internet Security Association and Key Management Protocol (ISAKMP), RFC
2408, November 1998
【14】Albitz & Liu, “DNS and BIND, 4th Edition”, O’Reilly, April 2001.
【15】Dynamic Updates in the Domain Name System, RFC 2136, April 1997.
【16】Secret Key Transaction Authentication for DNS (TSIG), RFC 2845, May 2000.
【17】Robert Zalenski, “Firewall technologies”, IEEE POTENTIALS, 2002.
【18】The FreeBSD Project, http://www.freebsd.org
【19】Racoon project, http://www.kame.net/racoon/
【20】Sourceforge.net, http://ipsec-tools.sourceforge.net/
【21】Nagios home, http://www.nagios.org/