Design of GPRS wireless VPN router based on ARM7

“This article introduces the design method of a new type of wireless VPN router in more detail. First, analyze the hardware structure and provide a detailed hardware development plan. Then it focuses on the software design method, including the transplantation of the operating system, the PPP dial-up program to realize the wireless network connection and the IPSEC application program to realize the VPN. By using the method proposed in this article, the application needs of many industries can be well met.

“

Introduction: This article introduces the design method of a new type of wireless VPN router in more detail. First, analyze the hardware structure and provide a detailed hardware development plan. Then it focuses on the software design method, including the transplantation of the operating system, the PPP dial-up program to realize the wireless network connection and the IPSEC application program to realize the VPN. By using the method proposed in this article, the application needs of many industries can be well met.

In recent years, the development of cellular mobile communication systems in China has been very rapid, which not only brings convenient and fast voice communication services to users, but also provides flexible data communication services.

This article proposes a new type of ARM7-based embedded device-GPRS wireless VPN router design method, so that various business terminal equipment that originally used the wired communication system can easily access the GPRS network, using wireless mobile Data services provided by the network for data communication.

1 Overview

1.1 Introduction to ARM

ARM (Advanced RISC Machines) can be considered as the name of a company, a generic term for a type of microprocessor, or as a technology name. ARM was established in Cambridge, England in 1991. ARM is a company specializing in the design and development of chips based on RISC technology. The world’s major semiconductor manufacturers buy their designed ARM microprocessor cores from ARM, and add appropriate peripheral circuits according to their different application fields, thus forming their own ARM microprocessor chips to enter the market. ARM microprocessors currently include the following series, ARM7 series, ARM9 series, ARM9E series, ARM10E series, SecurCore series, Intel’s Xscale and StrongARM. Together they constitute the mainstream microprocessor in today’s embedded field.

1.2 Introduction to GPRS

GPRS (General Packet Radio Service) is the abbreviation of General Packet Radio Service. It is a packet-switched data bearing and transmission method developed on the basis of GSM. Compared with the original GSM, GPRS has very obvious advantages in the bearing and support of data services: through the multiplexing of multiple GSM time slots, the supported data transmission rate is higher, with a theoretical peak value of 115kbps; shared by different network users The same group of GPRS channels, but only when a certain user needs to send or receive data will occupy the channel resources. In this way, through multi-user service multiplexing, wireless network channel resources can be used more effectively, which is especially suitable for sudden and frequent small-flow data transmission, and is well adapted to the bursty characteristics of data services; GPRS billing methods are more flexible , Can support billing according to data flow; different from wireless application protocol (WAP) technology, GPRS can provide users with a transparent IP channel at any time, and can directly access all sites and resources in the Internet; using channel multiplexing technology, each A GPRS user can always be online.

2 hardware part

2.1 Design ideas

The wireless router circuit board connects to the GPRS mobile network through the wireless communication module, and connects to the internal terminal equipment or internal local area network through the Ethernet port. The wireless router has a network routing function and can forward data between two networks. The data sent by various terminal devices are received by the processor through the Ethernet port, and the processor processes the data accordingly (such as encryption/decryption) and then sends it to the wireless communication module through the serial port, which is then forwarded to the GPRS network. In the same way, the reverse data is finally sent back to the terminal device through the reverse path.

2.2 Hardware design

The embedded processor uses Samsung’s S3C4510B, which is a cost-effective 16/32-bit RISC microcontroller based on the Ethernet application system, and contains a 16/32-bit ARM7TDMI RISC processor core designed by ARM. GPRS module is required for data transmission through GPRS network. At present, the GPRS module generally refers to a GSM module with GPRS function. The module communicates with the base station of the cell through an external antenna, and sends and receives wireless data. The GPRS module in this design uses Wavecom’s W ISMO Quik Q2400 series. The basic functions of other parts are described as follows:

The serial interface circuit is used for short-distance two-way serial communication between S3C4510B and GPRS module and other application systems; the reset circuit can complete the system power-on reset and the user button reset when the system is working; the power circuit provides the voltage required for the work of the entire system , Including 5V, 3.6V and 3.3V; 10MHz active crystal oscillator provides the working clock for the system; FLASH memory can store debugged applications, embedded operating systems or other user data that needs to be saved after the system is powered off;

SDRAM memory is the main area when the system is running. The system and user data and stack are all located in the SDRAM memory; the 10M/100M Ethernet interface provides the system with a physical channel for Ethernet access; the I2C memory can store a small amount of user data that needs to be stored for a long time. .

2.3 Hardware connection

The complete hardware connection diagram is shown in Figure 1.

Figure 1 Hardware connection diagram

3 Software part

The operating system used in this wireless router is uClinux, which is an operating system specifically applied to microcontrollers without MMU. The realization code of TCP/IP network protocol has been embedded in uClinux operating system, and the static routing function can be realized by setting “IP forwarding” in the kernel. In order to realize the functions of dial-up login to the mobile network and VPN, two network applications are needed: PPP application and IPSec application. Figure 2 is a hierarchical diagram of the software structure of the entire system.

Figure 2 Software structure hierarchy diagram

3.1 Porting of uClinux

The source code and development tools of uClinux can be downloaded from http://www.uclinux.org for free. Corresponding source code packages are regularly released on www.uclinux.org for the newly launched Linux kernel. The latest version is uClinux-dist-20040408.tar.gz, which can also be downloaded for free from this website. This source code package contains uCL inux-2.6.2, uCL inux-2.4.24, 2.0.39, uClibc and user applications that have been ported to uClinux. tar xzvf uClinux-dist-20040408.tar.bz unzip it to /home/uClinux-dist. In addition, you need to download the ARM cross compiler from www.uclinux.org/pub/uClinux/arm-elf-tools/: arm-elf-tools-20030314.sh, and execute it to establish a uClinux-ARM cross-compilation environment. In order to make uClinux run smoothly on the wireless router, uClinux needs to be modified for this hardware platform. The hardware.h file under /home/uClinux-dist/linux-2.4.x/include/asm-armnommu/ contains the definition of S3C4510B on-chip special function registers and other related hardware information. It can be modified here. In addition, you can also select the vendor as Samsung when making xconfig, and select the Customize Kernel Settings item, and then you can modify the relevant parameters in the System Type that appears, including the main clock frequency of the system, the start of FLASH and SDRAM Address and size, etc. Finally, the image.rom and image.ram needed for the operation of the wireless router can be obtained by compiling.

3. 2 PPP application

The PPP application program is used to log in to the mobile network through the wireless communication module dial-up. The login process follows the PPP (Point-to-Point Protocol) communication protocol. At present, there is a program pppd that implements the PPP protocol among the various application programs included in the uClinux operating system. You only need to modify some of the configuration parameters in the pppd source code according to the characteristics of wireless mobile network communication, and you can get the required PPP application program. . The following is a script program for dial-up login to the mobile network:

#! /bin/sh

/usr/sbin/pppd

nodetach

connect”/etc/ppp/peers/gprs-connect-chat”

disconnect”/etc/ppp /peers/gprs-disconnect-chat”

/dev/ttyS0

115200

nocrtscts

local

defaultroute

novj

nobsdcomp

novjccomp

nopcomp

noaccomp

noauth

The scripts gprs-connect-chat and gprs-disconnect-chat used to dial and hang up are as follows:

gprs-connect-chat

#! /bin/sh

exec/usr/sbin/chat

TIMEOUT 5

ECHO ON

ABORT’nBUSY r’

ABORT’nERROR r’

ABORT’nNO ANSWER r’

ABORT’nNO DIALTONE r’

ABORT’nR INGING rnrnRINGING r’

SAY “Press CTRL-C to close the connection at any stage!”

SAY”ndefining PDP context… N”

””’+ + + ‘

””’ATH’

OK’AT +CGDCONT = 1, “IP”, “cmnet” ‘

OK’ATDT3 993 3 3 1#’

TIMEOUT 10

SAY” nwaiting for connect… N”

CONNECT” “

SAY”nConnected.”

SAY”n If the following ppp negotiations fail, n”

SAY”try restarting the phone.n”

gprs-disconnect

#!/bin/sh

/usr/sbin/chat

TIMEOUT 5

ECHO ON

ABORT’NO CARR IER’

ABORT’ERROR’

ABORT’NO DIALTONE’

SAY “nSending break to the modem n”

””’Dd + + + d d’

””’ATH’

“” OK

SAY”nPDP context detached n”

3. 3 IPSec application

The IPSec application is used to establish a virtual private network VPN (Virtual Private Network) based on the IPSec (IP Security) protocol on the router. IPSec is a security standard formulated by the IETF (Internet Engineer TaskForce), which combines several security technologies to form A relatively complete system. It guarantees the reliability, privacy and confidentiality of data transmission by encrypting, authenticating, and checking the integrity of the data. IPSec provides security at the IP layer. Since all hosts that support the TCP/IP protocol communicate through the IP layer, providing the security at the IP layer is equivalent to providing security for the entire network. IPSec is composed of Authentication Header (AH), Encap sulated Security Payload (ESP) and key management protocol. The design of IPSec application program is to realize IPSec agreement with computer language code. The FreeSWAN application in the uClinux operating system is a kind of open source software used to implement the IPSec protocol. It can run on the wireless router by modifying and configuring the relevant parts. FreeSWAN1.97 has been included in the latest version of uClinux.

The configuration of FreeSWAN is mainly to edit the two files / etc / ipsec.conf and / etc/ipsec.secrets accordingly. /etc/ipsec.conf contains relevant configuration information corresponding to different connections, and /etc/ipsec.secrets contains RSA key pair and pre-shared secret key information used for authentication. Execute # ipsec showhostkey―――left on the wireless router to obtain the RSA public key of the host, and then edit /etc/ipsec.conf to add a new connection named “net-net”.

conn net-net left = xxx x, fill in the external IP address obtained by the wireless router dialing leftsubnet = 192.168.1.0/24, the IP address range of the wireless router gateway protection subnet leftrsasigkey = 0s1LgR7 /oUM…, you will just get Fill in the left RSA public key of right = xxx x, fill in the external IP address of the VPN server rightsubnet=192.168.5.0/24, and the IP address range of the subnet protected by the other party rightrsasigkey = 0sAQOqH55O…, Set the right RSA of the VPN server The public key is filled with auto=add, and it is not automatically
After both parties restart ipsec to establish a connection, the connection is loaded by Pluto and is ready to establish a connection. On the wireless router, execute # ipsec auto―――up net-net to see a series of connection establishment processes.

4 Connection method and application

The wireless router provides two interfaces to the terminal equipment, namely the Ethernet interface and the RS-232 serial interface. The routing software in the wireless router automatically forwards the data from the device to the GPRS network, or receives the data from the GPRS network and forwards it to the device. As long as the terminal equipment is connected to the wireless router through the Ethernet port or RS-232 serial port, and the default gateway is set to the IP address of the wireless router, it can access the GPRS network.

Figure 3 Network planning and design diagram

Use dedicated communication lines to connect the mobile network with the industry’s data center; place a VPN server in the data center and connect with the wireless routers of each network; modify the network configuration of each device in the existing network, and use the mobile network for data communication. Its applicable occasions include: Bank: business outlets, ATM machines, POS machines; hospitals: medical insurance center networking, mobile ambulances; insurance: insurance company outlets networking; supermarkets, chain stores: M IS system interconnection; mobile places: electric power repairs, public security Police cars, etc.; Environmental protection: on-site monitoring and networking.

5 Summary

This article introduces the design method of a new type of wireless VPN router in more detail. First, analyze the hardware structure and provide a detailed hardware development plan. Then it focuses on the software design method, including the transplantation of the operating system, the PPP dial-up program to realize the wireless network connection and the IPSEC application program to realize the VPN. By using the method proposed in this article, the application needs of many industries can be well met.