虛擬私有網路（Virtual Private Network）是一種即使在公共網路上也能利用隧道機制以及安全通訊協定來存取內部私有網路資源的技術。而行動IP技術（Mobile IP）則是提供了使用者在>不同網路移動時，仍能使用其原本的IP位址與其他使用者連結並且不會造成任何程式斷線。然而，當這兩種技術合併使用時會產生出額外的問題。例如，當使用並存模式（Co-located mode）時，當使用者移動時，虛擬私有網路方面必須每次重新建立彼此的安全連繫（Security Association）。因此 IETF 提出了泛用型的解決方案，如此一來使用者可以無縫隙地任意移動到不同網路並且同時得到虛擬私有網路的服務。然而，行動IP技術所使用的隧道機制以及虛擬私有網路所使用的安全保護對於即時通訊服務會造成極大的影響，尤其是網路電話服務（VoIP）會造成在頻寬使用上的負擔以及點對點的延遲增加。
本篇論文則提出了以SIP為基礎的行動虛擬私有網路的方法。我們結合了SIP, SRTP, cRTP, MIKEY, 以及 Diameter 來為及時通訊服務提供較佳的行動能力以及負擔較少的安全保護。此提出來的解決方案是基於 MIDCOM 的架構而實作出來的；SIP代理器（SIP Proxy）一方面處理訊號的交換，同時也扮演了MIDCOM代理者（MIDCOM Agent）的角色。而應用層閘道（ALG）不只是具有防火牆的功能，同時也具備了中間盒（middlebox）的功能，負責一方面接受來自MIDCOM代理者的命令，另一方面來處理即時通訊資料的保護。這兩種角色的互動則是這篇論文提出的方法核心。

A virtual private network (VPN) is a kind of technology that takes the public telecommunication network to access the private network by using the tunneling and security protocol. Mobile IP allows the mobile node seamlessly roam to foreign networks without any session disconnection. However the combination of the VPN and Mobile IP results in some integration issues. Hence IETF proposed an solution, which could bring the mobility convenience for customers to keep up their connection seamlessly and confidentially. However, the mobile IP tunneling and security overhead could affect the realtime traffic severely, especially for the bandwidth consumption and end-to-end delay for VoIP service . This thesis presents an alternative SIP-Based Mobile VPN that comprises of SIP, SRTP, MIKEY, and Diameter to provide confidential realtime service with mobility. The proposed approach is implemented based on the MIDCOM architecture, which the SIP Proxy processes the signaling exchange and the Application Level Gateway (ALG) not only performs the firewall functionality but also acts as a middlebox for the SIP proxy to protect the realtime traffic between the mobile node and Intranet. The interaction of the SIP Proxy and the ALG is the core of our proposed solution. Finally, a testbed for our proposed solution has been implemented and have experiments of bandwidth consumption, end-to-end delay, and handoff delay for comparing with IETF Mobile VPN.

[1] V. Consortium, “VPN Technologies: Definitions and Requirements.” VPN Consortium, Jan. 2003.

[2] C. E. Perkins, “IP Mobility support for IPv4.” IETF RFC 3220, Jan. 2002.

[3] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, “SIP: Session Initiation Protocol.” IETF RFC 3261, June 2002.

[4] M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, “The Secure Realtime Transport Protocol (SRTP).” IETF RFC 3771, Mar. 2004.

[5] J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, “MIKEY: Multimedia Internet KEYing.” IETF Internet-Draft draft-ietf-msec-mikey-08, Dec. 2003.

[6] P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J. Arkko, “Diameter Base Protocol.”IETF RFC 3588, Sept. 2003.

[7] F. Adrangi and H. Levkowetz, “Problem Statement: Mobile IPv4 Traversal of VPN Gateways.” IETF Internet-Draft draft-ietf-mip4-vpn-problem-statement-02.txt, Feb.2004.

[8] F. Adrangi and H. Levkowetz, “Problem Statement: Mobile IPv4 Traversal of VPN Gateways.” IETF Internet-Draft draft-ietf-mobileip-vpn-problem-statement-req-03, June 2003.

[9] M. Handley and V. Jacobson, “SDP: Session Description Protocol.” IETF RFC 2327, Apr. 1998.

[10] E. Wedlund and H. Schulzrinne, “Mobility Support using SIP.”

[11] H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, “RTP: A Transport Protocol for Real-Time Applications.” IETF RFC 3550, July 2003.

[12] S. Casner and V. Jacobson, “Compressing IP/UDP/RTP Headers for Low-Speed Serial Links.” IETF RFC 2508, Feb. 1999.

[13] C. Rigney, S. Willens, A. Rubens, and W. Simpson, “Remote Authentication Dial In User Service (RADIUS).” IETF RFC 2865, June 2000.

[14] M. Garcia-Martin, M. Belinchon, M. Pallares-Lopez, C. Canales, and K. Tammi, “Diameter Session Initiation Protocol (SIP) Application.”