WO2025067012A1

WO2025067012A1 - Communication method and apparatus based on virtual local area network, and device and storage medium

Info

Publication number: WO2025067012A1
Application number: PCT/CN2024/119704
Authority: WO
Inventors: 金磊; 邵峰; 单志胜; 吕高扬; 吴海丁
Original assignee: Hangzhou Ezviz Software Co Ltd
Current assignee: Hangzhou Ezviz Software Co Ltd
Priority date: 2023-09-25
Filing date: 2024-09-19
Publication date: 2025-04-03
Anticipated expiration: 2026-03-25
Also published as: CN119743346A

Abstract

Provided in the present application are a communication method and apparatus based on a virtual local area network, and a device and a storage medium. The method comprises: monitoring a virtual interface of a first terminal by means of a first client, and acquiring a service message to be sent; then, performing encapsulation processing on the service message on the basis of pre-acquired configuration information of a virtual local area network, so as to obtain a transmission message; then, on the basis of an IP address of a second client, transmitting the transmission message to the second client by means of the virtual local area network; and finally, the second client performing decapsulation processing on the transmission message on the basis of the pre-acquired configuration information of the virtual local area network, so as to obtain the service message. By means of the method, data communication between terminal devices under different local area networks is realized, thereby improving the efficiency of communication between users.

Description

Communication method, device, equipment and storage medium based on virtual local area network

Technical Field

本申请涉及虚拟网技术，尤其涉及一种基于虚拟局域网的通信方法、装置、设备及存储介质。The present application relates to virtual network technology, and in particular to a communication method, device, equipment and storage medium based on a virtual local area network.

Background Art

局域网通讯是指能够即时发送和接收互联网消息等的业务，随着科技的不断进步，局域网通讯功能日益丰富，逐渐集成了电子邮件、博客、音乐、电视、游戏和搜索等多种功能。局域网通讯已经发展成集交流、资讯、娱乐、搜索、电子商务、办公协作和企业客户服务等为一体的综合化信息平台，是一种终端联网即时通讯网络的服务。LAN communication refers to the service of sending and receiving Internet messages instantly. With the continuous advancement of science and technology, the functions of LAN communication are becoming increasingly rich, and gradually integrating multiple functions such as e-mail, blogs, music, television, games and search. LAN communication has developed into a comprehensive information platform integrating communication, information, entertainment, search, e-commerce, office collaboration and corporate customer service. It is a service of terminal networking instant communication network.

局域网通讯通常是通过路由器实现终端设备的通信，处于同一路由器下的终端设备具有相同的网段。LAN communication usually realizes the communication of terminal devices through routers, and the terminal devices under the same router have the same network segment.

但是不同路由器下的终端设备具有不同网段，处于不同的局域网下，无法实现通信。However, terminal devices under different routers have different network segments and are in different local area networks, so communication is impossible.

发明内容Summary of the invention

本申请提供一种基于虚拟局域网的通信方法、装置、设备及存储介质，用以解决现有技术中处于不同的局域网下的电子设备无法实现通信的问题。The present application provides a communication method, apparatus, device and storage medium based on a virtual local area network, which are used to solve the problem in the prior art that electronic devices in different local area networks cannot communicate.

第一方面，本申请提供一种基于虚拟局域网的通信方法，应用于第一终端，所述第一终端中设置有进行虚拟局域网服务的第一客户端，所述方法包括：通过所述第一客户端监听所述第一终端的虚拟接口，获取待发送的业务报文，所述业务报文中包括作为所述业务报文的接收端的第二客户端的互联网协议IP地址；根据预先获取的虚拟局域网的配置信息，对所述业务报文进行封装处理，得到传输报文；根据所述第二客户端的IP地址，将所述传输报文通过所述虚拟局域网传输至所述第二客户端；其中，所述第二客户端所在的第二终端与所述第一终端属于同一个虚拟局域网。In a first aspect, the present application provides a communication method based on a virtual local area network, which is applied to a first terminal, wherein a first client for performing a virtual local area network service is provided in the first terminal, and the method comprises: monitoring a virtual interface of the first terminal through the first client to obtain a service message to be sent, wherein the service message includes an Internet Protocol IP address of a second client as a receiving end of the service message; encapsulating the service message according to pre-acquired configuration information of the virtual local area network to obtain a transmission message; and transmitting the transmission message to the second client through the virtual local area network according to the IP address of the second client; wherein the second terminal where the second client is located belongs to the same virtual local area network as the first terminal.

结合第一方面，在一些实施例中，所述根据所述第二客户端的IP地址，将所述传输报文通过所述虚拟局域网传输至所述第二客户端，包括：根据所述第二客户端的IP地址，确定所述第一客户端与所述第二客户端之间是否打通点对点通信通道；若所述第一客户端与所述第二客户端之间已打通点对点通信通道，则根据所述第二客户端的IP地址，通过所述点对点通信通道，将所述传输报文发送给所述第二客户端；若所述第一客户端与所述第二客户端之间未打通点对点通信通道，则通过所述虚拟局域网的服务端将所述传输报文传送至所述第二客户端。In combination with the first aspect, in some embodiments, transmitting the transmission message to the second client through the virtual local area network according to the IP address of the second client includes: determining whether a point-to-point communication channel is established between the first client and the second client according to the IP address of the second client; if a point-to-point communication channel is established between the first client and the second client, sending the transmission message to the second client through the point-to-point communication channel according to the IP address of the second client; if a point-to-point communication channel is not established between the first client and the second client, transmitting the transmission message to the second client through the server of the virtual local area network.

结合第一方面，在一些实施例中，所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息；所述根据预先获取的虚拟局域网的配置信息，对所述业务报文进行封装处理，得到传输报文，包括：对所述业务报文进行隧道封装，得到封装后的报文；根据所述报文加密信息对所述封装后的报文进行加密，并根据所述报文压缩信息对加密后的报文进行压缩，得到所述传输报文。In combination with the first aspect, in some embodiments, the configuration information of the virtual LAN includes message compression information and message encryption information; the encapsulation processing of the service message according to the pre-acquired configuration information of the virtual LAN to obtain a transmission message includes: tunnel encapsulating the service message to obtain an encapsulated message; encrypting the encapsulated message according to the message encryption information, and compressing the encrypted message according to the message compression information to obtain the transmission message.

结合第一方面，在一些实施例中，所述通过所述第一客户端监听所述第一终端的虚拟接口，获取待发送的业务报文之前，所述方法还包括：接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的IP地址以及所述虚拟局域网中所有客户端的IP地址；根据所述服务端的IP地址，所述认证字段以及所述第一客户端的IP地址，向所述服务端发送虚拟局域网接入请求；接收所述服务端返回的接入确认消息，所述接入确认消息用于指示所述第一客户端接入所述虚拟局域网成功。In combination with the first aspect, in some embodiments, before the first client monitors the virtual interface of the first terminal to obtain the business message to be sent, the method also includes: receiving the authentication field sent by the cloud platform for joining the virtual LAN configuration, the IP address of the server and the IP addresses of all clients in the virtual LAN; sending a virtual LAN access request to the server according to the IP address of the server, the authentication field and the IP address of the first client; receiving an access confirmation message returned by the server, the access confirmation message being used to indicate that the first client has successfully accessed the virtual LAN.

所述通过所述第一客户端监听所述第一终端的虚拟接口，获取待发送的业务报文之前，所述方法还包括：通过所述第一客户端对所述第一终端的上行网络设备进行扫描，获取部署了虚拟局域网的服务端的网络设备；向所述网络设备中的所述服务端发送虚拟局域网加入请求；接收所述服务端返回的虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息用于指示所述第一客户端加入虚拟局域网是否成功。 Before the first client monitors the virtual interface of the first terminal to obtain the service message to be sent, the method also includes: scanning the uplink network device of the first terminal through the first client to obtain the network device of the server on which the virtual LAN is deployed; sending a virtual LAN joining request to the server in the network device; receiving the virtual LAN joining feedback message returned by the server, wherein the virtual LAN joining feedback message is used to indicate whether the first client has successfully joined the virtual LAN.

结合第一方面，在一些实施例中，若所述虚拟局域网加入反馈消息指示所述第一客户端加入所述虚拟局域网成功，则所述虚拟局域网加入反馈消息中还包括所述服务端配置的认证字段和所述虚拟局域网的配置信息；所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息以及所述虚拟局域网中所有客户端的IP地址。In combination with the first aspect, in some embodiments, if the virtual LAN joining feedback message indicates that the first client has successfully joined the virtual LAN, then the virtual LAN joining feedback message also includes the authentication field configured by the server and the configuration information of the virtual LAN; the configuration information of the virtual LAN includes message compression information, message encryption information and the IP addresses of all clients in the virtual LAN.

结合第一方面，在一些实施例中，所述虚拟局域网加入请求中包括所述第一客户端的IP地址。In combination with the first aspect, in some embodiments, the virtual local area network joining request includes the IP address of the first client.

结合第一方面，在一些实施例中，若所述虚拟局域网加入请求中不包括所述第一客户端的IP地址，则所述虚拟局域网的配置信息中所述第一客户端的IP地址为所述服务端分配的。In combination with the first aspect, in some embodiments, if the virtual LAN joining request does not include the IP address of the first client, the IP address of the first client in the configuration information of the virtual LAN is allocated by the server.

第二方面，本申请提供一种基于虚拟局域网的通信方法，应用于第二终端，所述第二终端中设置有进行虚拟局域网服务的第二客户端，所述方法包括：通过所述第二客户端接收第一客户端传输的传输报文；根据预先获取的虚拟局域网的配置信息，对所述传输报文进行解封处理，得到业务报文；其中，所述第一客户端所在的第一终端与所述第二终端属于同一个虚拟局域网。In a second aspect, the present application provides a communication method based on a virtual local area network, which is applied to a second terminal, in which a second client for performing virtual local area network services is provided. The method comprises: receiving, through the second client, a transmission message transmitted by a first client; according to pre-acquired configuration information of the virtual local area network, unsealing the transmission message to obtain a service message; wherein, the first terminal where the first client is located and the second terminal belong to the same virtual local area network.

结合第二方面，在一些实施例中，所述通过所述第二客户端接收第一客户端传输的传输报文，包括：接收所述第一客户端通过点对点通信发送的所述传输报文；或者，接收所述虚拟局域网的服务端发送的所述第一客户端传输的所述传输报文。In combination with the second aspect, in some embodiments, receiving the transmission message transmitted by the first client through the second client includes: receiving the transmission message sent by the first client through point-to-point communication; or receiving the transmission message transmitted by the first client sent by the server of the virtual local area network.

结合第二方面，在一些实施例中，所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息；In conjunction with the second aspect, in some embodiments, the configuration information of the virtual local area network includes message compression information and message encryption information;

所述根据预先获取的虚拟局域网的配置信息，对所述传输报文进行解封处理，得到业务报文，包括：根据所述报文压缩信息对所述传输报文解除压缩，得到解压后的报文；根据所述报文加密信息对所述解压后的报文进行解密，并进行隧道解封装，得到所述业务报文。The method of decompressing the transmission message according to the pre-acquired configuration information of the virtual local area network to obtain the business message includes: decompressing the transmission message according to the message compression information to obtain the decompressed message; decrypting the decompressed message according to the message encryption information, and performing tunnel decapsulation to obtain the business message.

结合第二方面，在一些实施例中，所述通过所述第二客户端接收第一客户端传输的传输报文之前，所述方法还包括：接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的互联网协议IP地址以及所述虚拟局域网中所有客户端的IP地址；根据所述服务端的IP地址，所述认证字段以及所述第二客户端的IP地址，向所述服务端发送虚拟局域网接入请求；接收所述服务端返回的接入确认消息，所述接入确认消息用于指示所述第二客户端接入所述虚拟局域网成功。In combination with the second aspect, in some embodiments, before the transmission message transmitted by the first client is received through the second client, the method also includes: receiving the authentication field sent by the cloud platform for joining the virtual LAN configuration, the Internet Protocol IP address of the server and the IP addresses of all clients in the virtual LAN; sending a virtual LAN access request to the server based on the IP address of the server, the authentication field and the IP address of the second client; receiving an access confirmation message returned by the server, the access confirmation message being used to indicate that the second client has successfully accessed the virtual LAN.

结合第二方面，在一些实施例中，所述通过所述第二客户端接收第一客户端传输的传输报文之前，所述方法还包括：通过所述第二客户端对所述第二终端的上行网络设备进行扫描，获取部署了虚拟局域网的服务端的网络设备；向所述网络设备中的所述服务端发送虚拟局域网加入请求；接收所述服务端返回的虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息用于指示所述第二客户端加入虚拟局域网是否成功。In combination with the second aspect, in some embodiments, before receiving the transmission message transmitted by the first client through the second client, the method also includes: scanning the uplink network device of the second terminal through the second client to obtain the network device of the server on which the virtual LAN is deployed; sending a virtual LAN joining request to the server in the network device; receiving the virtual LAN joining feedback message returned by the server, wherein the virtual LAN joining feedback message is used to indicate whether the second client has successfully joined the virtual LAN.

结合第二方面，在一些实施例中，若所述虚拟局域网加入反馈消息指示所述第二客户端加入虚拟局域网成功，则所述虚拟局域网加入反馈消息中还包括所述服务端配置的认证字段和所述虚拟局域网的配置信息；所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息以及所述虚拟局域网中所有客户端的IP地址。In combination with the second aspect, in some embodiments, if the virtual LAN joining feedback message indicates that the second client has successfully joined the virtual LAN, then the virtual LAN joining feedback message also includes the authentication field configured by the server and the configuration information of the virtual LAN; the configuration information of the virtual LAN includes message compression information, message encryption information and the IP addresses of all clients in the virtual LAN.

结合第二方面，在一些实施例中，所述虚拟局域网加入请求中包括所述第二客户端的IP地址。In combination with the second aspect, in some embodiments, the virtual LAN join request includes the IP address of the second client.

结合第二方面，在一些实施例中，若所述虚拟局域网加入请求中不包括所述第二客户端的IP地址，则所述虚拟局域网的配置信息中所述第二客户端的IP地址为所述服务端分配的。In combination with the second aspect, in some embodiments, if the virtual LAN joining request does not include the IP address of the second client, the IP address of the second client in the configuration information of the virtual LAN is allocated by the server.

第三方面，本申请提供一种基于虚拟局域网的通信方法，应用于网络设备，所述网络设备中设置有进行虚拟局域网服务的服务端，所述方法包括：接收第一客户端发送的传输报文，所述传输报文中包括作为所述传输报文的接收端的第二客户端的IP地址；根据所述第二客户端的IP地址，将所述传输报文发送至所述第二客户端；其中，所述第一客户端和所述第二客户端均加入所述服务端服务的同一个虚拟局域网。In a third aspect, the present application provides a communication method based on a virtual local area network, which is applied to a network device. A server for performing virtual local area network services is provided in a network device, and the method comprises: receiving a transmission message sent by a first client, wherein the transmission message comprises an IP address of a second client as a receiving end of the transmission message; and sending the transmission message to the second client according to the IP address of the second client; wherein the first client and the second client both join the same virtual local area network served by the server.

结合第三方面，在一些实施例中，所述接收第一客户端发送的传输报文之前，所述方法还包括：接收云平台发送的为虚拟局域网组网配置的认证字段，所述服务端的IP地址以及所述虚拟互联网中所有客户端的IP地址；接收任一个客户端发送的虚拟局域网接入请求，所述虚拟局域网接入请求中包括认证字段；根据所述云平台配置的认证字段对所述虚拟局域网接入请求中的认证字段进行验证；在认证字段验证通过后，允许所述客户端接入所述服务端的IP地址对应的虚拟局域网；向所述客户端返回接入确认消息，所述接入确认消息用于指示所述客户端接入所述虚拟局域网成功。In combination with the third aspect, in some embodiments, before receiving the transmission message sent by the first client, the method also includes: receiving the authentication field sent by the cloud platform for the virtual LAN networking configuration, the IP address of the server and the IP addresses of all clients in the virtual Internet; receiving a virtual LAN access request sent by any client, the virtual LAN access request including an authentication field; verifying the authentication field in the virtual LAN access request according to the authentication field configured by the cloud platform; after the authentication field verification is passed, allowing the client to access the virtual LAN corresponding to the IP address of the server; returning an access confirmation message to the client, the access confirmation message being used to indicate that the client has successfully accessed the virtual LAN.

结合第三方面，在一些实施例中，所述接收第一客户端发送的传输报文之前，所述方法还包括：接收任一客户端发送的虚拟局域网加入请求；若所述虚拟局域网加入请求中未携带所述客户端的IP地址，则允许所述客户端加入所述虚拟局域网，并为所述客户端分配IP地址；向所述客户端发送虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息中包括所述服务端配置的认证字段和配置信息，所述配置信息中包括：报文压缩信息，报文加密信息、为所述客户端分配的IP地址以及所述虚拟局域网中其他客户端的IP地址。In combination with the third aspect, in some embodiments, before receiving the transmission message sent by the first client, the method also includes: receiving a virtual LAN joining request sent by any client; if the virtual LAN joining request does not carry the IP address of the client, allowing the client to join the virtual LAN and assigning an IP address to the client; sending a virtual LAN joining feedback message to the client, the virtual LAN joining feedback message including the authentication field and configuration information configured by the server, the configuration information including: message compression information, message encryption information, the IP address assigned to the client, and the IP addresses of other clients in the virtual LAN.

结合第三方面，在一些实施例中，所述方法还包括：若所述虚拟局域网加入请求中携带所述客户端的IP地址，则检测所述客户端的IP地址是否被所述虚拟局域网中其他客户端使用；若所述客户端的IP地址未被所述虚拟局域网中其他客户端使用，则允许所述客户端加入所述虚拟局域网；向所述客户端返回所述虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息中包括所述服务端配置的所述认证字段和所述配置信息，所述配置信息中包括：所述报文压缩信息，所述报文加密信息和所述虚拟局域网中其他客户端的IP地址。In combination with the third aspect, in some embodiments, the method also includes: if the virtual LAN join request carries the IP address of the client, detecting whether the IP address of the client is used by other clients in the virtual LAN; if the IP address of the client is not used by other clients in the virtual LAN, allowing the client to join the virtual LAN; returning the virtual LAN join feedback message to the client, the virtual LAN join feedback message including the authentication field and the configuration information configured by the server, the configuration information including: the message compression information, the message encryption information and the IP addresses of other clients in the virtual LAN.

结合第三方面，在一些实施例中，所述方法还包括：若所述客户端的IP地址被所述虚拟局域网中其他客户端使用，则不允许所述客户端加入所述虚拟局域网，向所述客户端返回用于指示局域网加入失败的虚拟局域网加入反馈消息。In combination with the third aspect, in some embodiments, the method also includes: if the IP address of the client is used by other clients in the virtual LAN, the client is not allowed to join the virtual LAN, and a virtual LAN joining feedback message indicating a LAN joining failure is returned to the client.

第四方面，本申请提供一种基于虚拟局域网的通信装置，应用于第一终端，所述第一终端中设置有进行虚拟局域网服务的第一客户端，所述装置包括：第一获取模块，用于通过所述第一客户端监听所述第一终端的虚拟接口，获取待发送的业务报文，所述业务报文中包括作为所述业务报文的接收端的第二客户端的互联网协议IP地址；封装模块，用于根据预先获取的虚拟局域网的配置信息，对所述业务报文进行封装处理，得到传输报文；传输模块，用于根据所述第二客户端的IP地址，将所述传输报文通过所述虚拟局域网传输至所述第二客户端；其中，所述第二客户端所在的第二终端与所述第一终端属于同一个虚拟局域网。In a fourth aspect, the present application provides a communication device based on a virtual local area network, which is applied to a first terminal, wherein a first client for performing a virtual local area network service is provided in the first terminal, and the device comprises: a first acquisition module, which is used to monitor the virtual interface of the first terminal through the first client, and obtain a business message to be sent, wherein the business message includes an Internet Protocol IP address of a second client as a receiving end of the business message; an encapsulation module, which is used to encapsulate the business message according to the configuration information of the virtual local area network obtained in advance, and obtain a transmission message; a transmission module, which is used to transmit the transmission message to the second client through the virtual local area network according to the IP address of the second client; wherein the second terminal where the second client is located belongs to the same virtual local area network as the first terminal.

结合第四方面，在一些实施例中，所述传输模块，包括：确定单元，用于根据所述第二客户端的IP地址，确定所述第一客户端与所述第二客户端之间是否打通点对点通信通道；第一传输单元，用于若所述第一客户端与所述第二客户端之间已打通点对点通信通道，则根据所述第二客户端的IP地址通过所述点对点通信通道，将所述传输报文发送给所述第二客户端；第二传输单元，用于若所述第一客户端与所述第二客户端之间未打通点对点通信通道，则通过所述虚拟局域网的服务端将所述传输报文传送至所述第二客户端。In combination with the fourth aspect, in some embodiments, the transmission module includes: a determination unit, used to determine whether a point-to-point communication channel is established between the first client and the second client based on the IP address of the second client; a first transmission unit, used to send the transmission message to the second client through the point-to-point communication channel based on the IP address of the second client if the point-to-point communication channel is established between the first client and the second client; and a second transmission unit, used to transmit the transmission message to the second client through the server of the virtual local area network if the point-to-point communication channel is not established between the first client and the second client.

结合第四方面，在一些实施例中，所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息；相应的，所述封装模块，包括：封装单元，用于对所述业务报文进行隧道封装，得到封装后的报文；压缩加密单元，用于根据所述报文加密信息对所述封装后的报文进行加密，并根据所述报文压缩信息对加密后的报文进行压缩，得到所述传输报文。In conjunction with the fourth aspect, in some embodiments, the configuration information of the virtual local area network includes message compression information and message encryption information; accordingly, the encapsulation module includes: an encapsulation unit, configured to perform tunnel encapsulation on the service message to obtain an encapsulated message; a compression and encryption unit, configured to perform tunnel encapsulation on the service message according to the message encryption information; The message is encrypted, and the encrypted message is compressed according to the message compression information to obtain the transmission message.

结合第四方面，在一些实施例中，所述装置还包括：第一接收模块，用于接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的IP地址以及所述虚拟局域网中所有客户端的IP地址；第一发送模块，用于根据所述服务端的IP地址，所述认证字段以及所述第一客户端的IP地址，向所述服务端发送虚拟局域网接入请求；第二接收模块，用于接收所述服务端返回的接入确认消息，所述接入确认消息用于指示所述第一客户端接入所述虚拟局域网成功。In combination with the fourth aspect, in some embodiments, the device also includes: a first receiving module, used to receive the authentication field configured for joining the virtual LAN, the IP address of the server and the IP addresses of all clients in the virtual LAN sent by the cloud platform; a first sending module, used to send a virtual LAN access request to the server based on the IP address of the server, the authentication field and the IP address of the first client; a second receiving module, used to receive an access confirmation message returned by the server, and the access confirmation message is used to indicate that the first client has successfully accessed the virtual LAN.

结合第四方面，在一些实施例中，所述装置还包括：第二获取模块，用于通过所述第一客户端对所述第一终端的上行网络设备进行扫描，获取部署了虚拟局域网的服务端的网络设备；第二发送模块，用于向所述网络设备中的所述服务端发送虚拟局域网加入请求；第三接收模块，用于接收所述服务端返回的虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息用于指示所述第一客户端加入虚拟局域网是否成功。In combination with the fourth aspect, in some embodiments, the device also includes: a second acquisition module, used to scan the uplink network device of the first terminal through the first client to obtain the network device of the server that deploys the virtual LAN; a second sending module, used to send a virtual LAN joining request to the server in the network device; a third receiving module, used to receive the virtual LAN joining feedback message returned by the server, and the virtual LAN joining feedback message is used to indicate whether the first client has successfully joined the virtual LAN.

结合第四方面，在一些实施例中，若所述虚拟局域网加入反馈消息指示所述第一客户端加入所述虚拟局域网成功，则所述虚拟局域网加入反馈消息中还包括所述服务端配置的认证字段和所述虚拟局域网的配置信息；所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息以及所述虚拟局域网中所有客户端的IP地址。In combination with the fourth aspect, in some embodiments, if the virtual LAN joining feedback message indicates that the first client has successfully joined the virtual LAN, then the virtual LAN joining feedback message also includes the authentication field configured by the server and the configuration information of the virtual LAN; the configuration information of the virtual LAN includes message compression information, message encryption information and the IP addresses of all clients in the virtual LAN.

结合第四方面，在一些实施例中，所述虚拟局域网加入请求中包括所述第一客户端的IP地址。In combination with the fourth aspect, in some embodiments, the virtual LAN join request includes the IP address of the first client.

结合第四方面，在一些实施例中，若所述虚拟局域网加入请求中不包括所述第一客户端的IP地址，则所述虚拟局域网的配置信息中所述第一客户端的IP地址为所述服务端分配的。In combination with the fourth aspect, in some embodiments, if the virtual LAN joining request does not include the IP address of the first client, the IP address of the first client in the configuration information of the virtual LAN is allocated by the server.

第五方面，本申请提供一种基于虚拟局域网的通信装置，应用于第二终端，所述第二终端中设置有进行虚拟局域网服务的第二客户端，所述装置包括：第一接收模块，用于通过所述第二客户端接收第一客户端传输的传输报文；解封模块，用于根据预先获取的虚拟局域网的配置信息，对所述传输报文进行解封处理，得到业务报文；其中，所述第一客户端所在的第一终端与所述第二终端属于同一个虚拟局域网。In a fifth aspect, the present application provides a communication device based on a virtual local area network, which is applied to a second terminal, in which a second client for performing virtual local area network services is provided, and the device includes: a first receiving module, which is used to receive a transmission message transmitted by a first client through the second client; an unsealing module, which is used to unseale the transmission message according to pre-acquired configuration information of the virtual local area network to obtain a service message; wherein the first terminal where the first client is located and the second terminal belong to the same virtual local area network.

结合第五方面，在一些实施例中，所述第一接收模块，包括：第一接收单元，用于接收所述第一客户端通过点对点通信发送的所述传输报文；或者，第二接收单元，用于接收所述虚拟局域网的服务端发送的所述第一客户端传输的所述传输报文。In combination with the fifth aspect, in some embodiments, the first receiving module includes: a first receiving unit for receiving the transmission message sent by the first client through point-to-point communication; or a second receiving unit for receiving the transmission message transmitted by the first client and sent by the server of the virtual local area network.

结合第五方面，在一些实施例中，所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息；相应的，所述解封模块，包括：解压单元，用于根据所述报文压缩信息对所述传输报文解除压缩，得到解压后的报文；解密解封单元，用于根据所述报文加密信息对所述、解压后的报文进行解密，并进行隧道解封装，得到所述业务报文。In combination with the fifth aspect, in some embodiments, the configuration information of the virtual local area network includes message compression information and message encryption information; accordingly, the decompression module includes: a decompression unit, used to decompress the transmission message according to the message compression information to obtain a decompressed message; a decryption and decompression unit, used to decrypt the decompressed message according to the message encryption information, and perform tunnel decapsulation to obtain the business message.

结合第五方面，在一些实施例中，所述装置还包括：第二接收模块，用于接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的IP地址以及所述虚拟局域网中所有客户端的IP地址；第一发送模块，用于根据所述服务端的IP地址，所述认证字段以及所述第二客户端的IP地址，向所述服务端发送虚拟局域网接入请求；第三接收模块，用于接收所述服务端返回的接入确认消息，所述接入确认消息用于指示所述第二客户端接入所述虚拟局域网成功。In combination with the fifth aspect, in some embodiments, the device also includes: a second receiving module, used to receive the authentication field configured for joining the virtual LAN, the IP address of the server and the IP addresses of all clients in the virtual LAN sent by the cloud platform; a first sending module, used to send a virtual LAN access request to the server based on the IP address of the server, the authentication field and the IP address of the second client; a third receiving module, used to receive an access confirmation message returned by the server, and the access confirmation message is used to indicate that the second client has successfully accessed the virtual LAN.

结合第五方面，在一些实施例中，所述装置还包括：获取模块，用于通过所述第二客户端对所述第二终端的上行网络设备进行扫描，获取部署了虚拟局域网的服务端的网络设备；第二发送模块，用于向所述网络设备中的所述服务端发送虚拟局域网加入请求；第四接收模块，用于接收所述服务端返回的虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息用于指示所述第二客户端加入虚拟局域网是否成功。 In combination with the fifth aspect, in some embodiments, the device also includes: an acquisition module, used to scan the uplink network device of the second terminal through the second client to obtain the network device of the server that deploys the virtual LAN; a second sending module, used to send a virtual LAN joining request to the server in the network device; a fourth receiving module, used to receive the virtual LAN joining feedback message returned by the server, and the virtual LAN joining feedback message is used to indicate whether the second client has successfully joined the virtual LAN.

结合第五方面，在一些实施例中，若所述虚拟局域网加入反馈消息指示所述第二客户端加入虚拟局域网成功，则所述虚拟局域网加入反馈消息中还包括所述服务端配置的认证字段和所述虚拟局域网的配置信息；所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息以及所述虚拟局域网中所有客户端的IP地址。In combination with the fifth aspect, in some embodiments, if the virtual LAN joining feedback message indicates that the second client has successfully joined the virtual LAN, then the virtual LAN joining feedback message also includes the authentication field configured by the server and the configuration information of the virtual LAN; the configuration information of the virtual LAN includes message compression information, message encryption information and the IP addresses of all clients in the virtual LAN.

结合第五方面，在一些实施例中，所述虚拟局域网加入请求中包括所述第二客户端的IP地址。In combination with the fifth aspect, in some embodiments, the virtual LAN join request includes the IP address of the second client.

结合第五方面，在一些实施例中，若所述虚拟局域网加入请求中不包括所述第二客户端的IP地址，则所述虚拟局域网的配置信息中所述第二客户端的IP地址为所述服务端分配的。In combination with the fifth aspect, in some embodiments, if the virtual LAN joining request does not include the IP address of the second client, the IP address of the second client in the configuration information of the virtual LAN is allocated by the server.

第六方面，本申请提供一种基于虚拟局域网的通信装置，应用于网络设备，所述网络设备中设置有进行虚拟局域网服务的服务端，所述装置包括：第一接收模块，用于接收第一客户端发送的传输报文，所述传输报文中包括所述传输报文的接收端的第二客户端的IP地址；传输模块，用于根据所述第二客户端的IP地址，将所述传输报文发送至所述第二客户端；其中，所述第一客户端和所述第二客户端均加入所述服务端服务的同一个虚拟局域网。In a sixth aspect, the present application provides a communication device based on a virtual local area network, which is applied to a network device, wherein the network device is provided with a server end for performing virtual local area network services, and the device includes: a first receiving module, used to receive a transmission message sent by a first client, the transmission message including the IP address of a second client at the receiving end of the transmission message; a transmission module, used to send the transmission message to the second client according to the IP address of the second client; wherein the first client and the second client both join the same virtual local area network served by the server end.

结合第六方面，在一些实施例中，所述装置还包括：第二接收模块，用于接收云平台发送的为虚拟局域网组网配置的认证字段，所述服务端的IP地址以及所述虚拟局域网中所有客户端的IP地址；第三接收模块，用于接收任一个客户端发送的局域网接入请求，所述局域网接入请求中包括认证字段；验证模块，用于根据所述云平台配置的认证字段对所述局域网接入请求中的认证字段进行验证；第一确认模块，用于在认证字段验证通过后，允许所述客户端接入所述服务端的IP地址对应的虚拟局域网；第一返回模块，用于向所述客户端返回接入确认消息，所述接入确认消息用于指示所述客户端接入所述虚拟局域网成功。In combination with the sixth aspect, in some embodiments, the device also includes: a second receiving module, used to receive the authentication field configured for the virtual LAN networking, the IP address of the server and the IP addresses of all clients in the virtual LAN sent by the cloud platform; a third receiving module, used to receive a LAN access request sent by any client, the LAN access request including the authentication field; a verification module, used to verify the authentication field in the LAN access request according to the authentication field configured by the cloud platform; a first confirmation module, used to allow the client to access the virtual LAN corresponding to the IP address of the server after the authentication field verification is passed; a first return module, used to return an access confirmation message to the client, the access confirmation message is used to indicate that the client has successfully accessed the virtual LAN.

结合第六方面，在一些实施例中，所述装置还包括：第四接收模块，用于接收任一客户端发送的虚拟局域网加入请求；确认分配模块，用于若所述虚拟局域网加入请求中未携带所述客户端的IP地址，则允许所述客户端加入所述虚拟局域网，并为所述客户端分配IP地址；发送模块，用于向所述客户端发送虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息中包括所述服务端配置的认证字段和配置信息，所述配置信息中包括：报文压缩信息，报文加密信息、为所述客户端分配的IP地址以及所述虚拟局域网中其他客户端的IP地址。In combination with the sixth aspect, in some embodiments, the device also includes: a fourth receiving module, used to receive a virtual LAN joining request sent by any client; a confirmation allocation module, used to allow the client to join the virtual LAN and allocate an IP address to the client if the virtual LAN joining request does not carry the IP address of the client; a sending module, used to send a virtual LAN joining feedback message to the client, the virtual LAN joining feedback message including the authentication field and configuration information configured by the server, the configuration information including: message compression information, message encryption information, the IP address allocated to the client, and the IP addresses of other clients in the virtual LAN.

结合第六方面，在一些实施例中，所述装置还包括：检测模块，用于若所述虚拟局域网加入请求中携带所述客户端的IP地址，则检测所述客户端的IP地址是否被所述虚拟局域网中其他客户端使用；第二确认模块，用于若所述客户端的IP地址未被所述虚拟局域网中其他客户端使用，则允许所述客户端加入所述虚拟局域网；第二返回模块，用于向所述客户端返回所述虚拟局域网加入反馈消息，所述虚拟局域网加入反馈消息中包括所述服务端配置的所述认证字段和所述配置信息，所述配置信息中包括：所述报文压缩信息，所述报文加密信息和所述虚拟局域网中其他客户端的IP地址。In combination with the sixth aspect, in some embodiments, the device also includes: a detection module, which is used to detect whether the IP address of the client is used by other clients in the virtual LAN if the virtual LAN joining request carries the IP address of the client; a second confirmation module, which is used to allow the client to join the virtual LAN if the IP address of the client is not used by other clients in the virtual LAN; and a second return module, which is used to return the virtual LAN joining feedback message to the client, the virtual LAN joining feedback message including the authentication field and the configuration information configured by the server, and the configuration information including: the message compression information, the message encryption information and the IP addresses of other clients in the virtual LAN.

结合第六方面，在一些实施例中，所述装置还包括：确认返回模块，用于若所述客户端的IP地址被所述虚拟局域网中其他客户端使用，则不允许所述客户端加入所述虚拟局域网，向所述客户端返回用于指示局域网加入失败的虚拟局域网加入反馈消息。In combination with the sixth aspect, in some embodiments, the device also includes: a confirmation return module, which is used to not allow the client to join the virtual LAN if the IP address of the client is used by other clients in the virtual LAN, and return a virtual LAN joining feedback message to the client to indicate that the LAN joining failed.

第七方面，本申请提供一种终端设备，包括：存储器，处理器，客户端，虚拟接口；所述存储器存储计算机执行指令；所述处理器执行所述存储器存储的计算机执行指令，以实现上述第一方面和第二方面所述的方法。In the seventh aspect, the present application provides a terminal device, including: a memory, a processor, a client, and a virtual interface; the memory stores computer execution instructions; the processor executes the computer execution instructions stored in the memory to implement the methods described in the first and second aspects above.

第八方面，本申请提供一种网络设备，包括：存储器，处理器，服务端，通信接口；所述存储器存储计算机执行指令；所述处理器执行所述存储器存储的计算机执行指令，以实现上述第三方面所述的方法。In an eighth aspect, the present application provides a network device, comprising: a memory, a processor, a server, and a communication interface; the memory stores computer-executable instructions; the processor executes the computer-executable instructions stored in the memory, To implement the method described in the third aspect above.

本申请提供的基于虚拟局域网的通信方法、装置、设备及存储介质，通过第一客户端监听第一终端的虚拟接口，获取待发送的业务报文，然后根据预先获取的虚拟局域网的配置信息，对业务报文进行封装处理，得到传输报文，再根据第二客户端的IP地址，将传输报文通过虚拟局域网传输至第二客户端，最后第二客户端根据预先获取的虚拟局域网的配置信息，对传输报文进行解封处理，得到业务报文。通过上述方法，实现了不同局域网下的终端设备之间的数据通信，进而提高了用户之间的通信效率。The communication method, device, equipment and storage medium based on virtual local area network provided by the present application obtain the service message to be sent by monitoring the virtual interface of the first terminal through the first client, and then encapsulate the service message according to the configuration information of the virtual local area network obtained in advance to obtain the transmission message, and then transmit the transmission message to the second client through the virtual local area network according to the IP address of the second client, and finally the second client decapsulates the transmission message according to the configuration information of the virtual local area network obtained in advance to obtain the service message. Through the above method, data communication between terminal devices in different local area networks is realized, thereby improving the communication efficiency between users.

BRIEF DESCRIPTION OF THE DRAWINGS

此处的附图被并入说明书中并构成本说明书的一部分，示出了符合本申请的实施例，并与说明书一起用于解释本申请的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and, together with the description, serve to explain the principles of the present application.

图1为本申请实施例提供的基于虚拟局域网的通信方法应用场景一的系统架构图；FIG1 is a system architecture diagram of a first application scenario of a communication method based on a virtual local area network provided in an embodiment of the present application;

图2为本申请实施例提供的基于虚拟局域网的通信方法应用场景二的系统架构图；FIG2 is a system architecture diagram of a second application scenario of a communication method based on a virtual local area network provided in an embodiment of the present application;

图3为本申请实施例提供的基于虚拟局域网的通信方法实施例一的流程示意图；FIG3 is a flow chart of a first embodiment of a communication method based on a virtual local area network according to an embodiment of the present application;

图4为本申请实施例提供的基于虚拟局域网的通信方法具体实现的示意图；FIG4 is a schematic diagram of a specific implementation of a communication method based on a virtual local area network provided in an embodiment of the present application;

图5为本申请实施例提供的基于虚拟局域网的通信方法实施例二的流程示意图；5 is a flow chart of a second embodiment of a communication method based on a virtual local area network provided in an embodiment of the present application;

图6为本申请实施例提供的基于虚拟局域网的通信方法实施例三的流程示意图；FIG6 is a flow chart of a third embodiment of a communication method based on a virtual local area network according to an embodiment of the present application;

图7为本申请实施例提供的基于虚拟局域网的通信方法实施例四的流程示意图；7 is a flow chart of a fourth embodiment of a communication method based on a virtual local area network provided in an embodiment of the present application;

图8为本申请实施例提供的基于虚拟局域网的通信方法实施例五的流程示意图；FIG8 is a flow chart of a fifth embodiment of a communication method based on a virtual local area network according to an embodiment of the present application;

图9为本申请实施例提供的基于虚拟局域网的通信装置实施例一的结构示意图；FIG9 is a schematic diagram of the structure of a first embodiment of a communication device based on a virtual local area network provided in an embodiment of the present application;

图10为本申请实施例提供的基于虚拟局域网的通信装置实施例二的结构示意图；10 is a schematic diagram of the structure of a second embodiment of a communication device based on a virtual local area network provided in an embodiment of the present application;

图11为本申请实施例提供的基于虚拟局域网的通信装置实施例三的结构示意图；FIG11 is a schematic diagram of the structure of a third embodiment of a communication device based on a virtual local area network provided in an embodiment of the present application;

图12为本申请实施例提供的电子设备的结构示意图；FIG12 is a schematic diagram of the structure of an electronic device provided in an embodiment of the present application;

图13为本申请实施例提供的网络设备的结构示意图。FIG13 is a schematic diagram of the structure of a network device provided in an embodiment of the present application.

通过上述附图，已示出本申请明确的实施例，后文中将有更详细的描述。这些附图和文字描述并不是为了通过任何方式限制本申请构思的范围，而是通过参考特定实施例为本领域技术人员说明本申请的概念。The above drawings have shown clear embodiments of the present application, which will be described in more detail later. These drawings and text descriptions are not intended to limit the scope of the present application in any way, but to illustrate the concept of the present application to those skilled in the art by referring to specific embodiments.

DETAILED DESCRIPTION

这里将详细地对示例性实施例进行说明，其示例表示在附图中。下面的描述涉及附图时，除非另有表示，不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反，它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are shown in the accompanying drawings. When the following description refers to the drawings, the same numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with the present application. Instead, they are merely examples of devices and methods consistent with some aspects of the present application as detailed in the appended claims.

局域网可以将一个区域内的多个用户设备UE互联。局域网可应用到企业、家庭和工业等多种场景。随着科技的不断进步，局域网通讯功能日益丰富，逐渐集成了电子邮件、博客、音乐、电视、游戏和搜索等多种功能。局域网通讯已经发展成集交流、资讯、娱乐、搜索、电子商务、办公协作和企业客户服务等为一体的综合化信息平台，是一种终端联网即时通讯网络的服务。局域网通讯通常是通过路由器实现终端设备的通信，处于同一路由器下的终端设备具有相同的网段，则可以实现互联互通，然而处于不同路由器下的终端设备，具有不同的网段，无法实现互联互通。A LAN can interconnect multiple user equipment (UE) in an area. LANs can be applied to a variety of scenarios such as enterprises, homes, and industries. With the continuous advancement of technology, LAN communication functions are becoming increasingly rich, gradually integrating multiple functions such as email, blogs, music, television, games, and search. LAN communication has developed into an integrated information platform that integrates communication, information, entertainment, search, e-commerce, office collaboration, and corporate customer service. It is a terminal networking instant messaging network service. LAN communication usually realizes the communication of terminal devices through routers. Terminal devices under the same router have the same network segment, so they can be interconnected. However, terminal devices under different routers have different network segments and cannot be interconnected.

针对上述问题，本申请实施例提供了一种基于虚拟局域网的通信方法、装置、设备及存储介质，实现了不同局域网内的终端设备之间互联互通。具体的，同一局域网下的终端设备具有相同的网段，可以通过同一个路由器实现互联互通，而不同局域网下的终端设备具有不同网段，具有网络隔离，无法实现互联互通，考虑到这些问题，发明人研究了是否可以将不同局域网下的终端设备组建一个虚拟局域网，通过部署服务端和客户端，进而实现终端设备之间互联互通，基于此，提出本申请的技术方案。In view of the above problems, the embodiments of the present application provide a communication method, device, equipment and storage medium based on a virtual local area network, which realizes the interconnection between terminal devices in different local area networks. Specifically, the terminal devices in the same local area network have the same network segment and can be interconnected through the same router, while the terminal devices in different local area networks have different network segments and have network isolation, and cannot be interconnected. Considering these problems, the inventor studied whether it is possible to form a virtual local area network with terminal devices in different local area networks, and to realize the interconnection between terminal devices by deploying a server and a client. Based on this, the technical solution of the present application is proposed.

图1为本申请实施例提供的基于虚拟局域网的通信方法的应用场景一的系统架构图，该场景至少包括本地网络顶端的网络设备100、多个路由器101和多个终端设备102，图1中仅示出了网络设备下的三个路由器和每个路由器下连接的三个终端设备。FIG1 is a system architecture diagram of an application scenario 1 of a communication method based on a virtual local area network provided in an embodiment of the present application. The scenario at least includes a network device 100 at the top of a local network, multiple routers 101, and multiple terminal devices 102. FIG1 only shows three routers under the network device and three terminal devices connected to each router.

网络设备100可以是连通网络的任意设备，例如路由器、交换机、中继器、网桥等，并且网络设备100中部署有服务端。路由器101用于保障连接的终端设备102可以进行网络通信。终端设备102可以是任意能连通网络的智能电子设备，例如智能手机、传真机、打印机、笔记本电脑、台式电脑、投影仪、录像机等，并且每个终端设备102中部署有客户端、虚拟接口。The network device 100 may be any device connected to the network, such as a router, a switch, a repeater, a bridge, etc., and a server is deployed in the network device 100. The router 101 is used to ensure that the connected terminal device 102 can perform network communication. The terminal device 102 may be any intelligent electronic device that can connect to the network, such as a smart phone, a fax machine, a printer, a laptop computer, a desktop computer, a projector, a video recorder, etc., and each terminal device 102 is deployed with a client and a virtual interface.

在一些示例中，局域网可由一个服务端和多个客户端组成，服务端和客户端可理解为是一个程序等。例如，手机上运行的抖音可以是一个客户端程序，它去连接抖音的服务器去下载短视频。虚拟局域网的客户端运行在终端上，可在终端上创建一个虚拟接口，该虚拟接口与正常的真实网口类似，有IP和MAC地址，可以在这个虚拟接口上收发报文。在本申请示例中，虚拟接口的IP地址可以由用户指定或由服务端分配。若终端的业务使用虚拟接口发送报文，虚拟接口的报文会被客户端收到，客户端会对报文进行封装并发送给服务端，服务端再转发给虚拟局域网中的其它终端的客户端。虚拟局域网中的所有终端的客户端都有虚拟接口，可以理解为虚拟接口将各个终端连起来组成一个“局域网”，如果终端上有业务想要与该虚拟局域网中的其它终端通信，则业务只需要将报文发送至虚拟接口即可。In some examples, the local area network may be composed of a server and multiple clients, and the server and the client may be understood as a program, etc. For example, the vibrato running on the mobile phone may be a client program, which connects to the vibrato server to download short videos. The client of the virtual local area network runs on the terminal, and a virtual interface may be created on the terminal. The virtual interface is similar to a normal real network port, has an IP and MAC address, and can send and receive messages on this virtual interface. In the example of this application, the IP address of the virtual interface may be specified by the user or assigned by the server. If the terminal's service uses a virtual interface to send a message, the message of the virtual interface will be received by the client, and the client will encapsulate the message and send it to the server, which will then forward it to the client of other terminals in the virtual local area network. The clients of all terminals in the virtual local area network have virtual interfaces, which can be understood as the virtual interface connecting each terminal to form a "local area network". If there is a business on the terminal that wants to communicate with other terminals in the virtual local area network, the business only needs to send the message to the virtual interface.

网络设备100和不同路由器101下连接的终端设备102可根据相同认证字段组建成为一个虚拟局域网，进而同一个虚拟局域网下的终端设备102可以通过虚拟局域网实现任何数据的通信。The network device 100 and the terminal devices 102 connected to different routers 101 can be formed into a virtual local area network according to the same authentication field, and then the terminal devices 102 under the same virtual local area network can realize the communication of any data through the virtual local area network.

通过本申请实施例提供的基于虚拟局域网的通信方法，不同局域网内的设备之间的流量可以通过虚拟局域网通信，而无需依赖外部的云平台进行转发，从而节省云平台的带宽，同时提高了数据传输效率并且确保了数据的安全性。Through the virtual LAN-based communication method provided in the embodiment of the present application, the traffic between devices in different LANs can be communicated through the virtual LAN without relying on an external cloud platform for forwarding, thereby saving the bandwidth of the cloud platform, while improving data transmission efficiency and ensuring data security.

图2为本申请实施例提供的基于虚拟局域网的通信方法的应用场景二的系统架构图，该场景至少包括公网服务器200，用于连接不同城市路由器的云端201、多个不同城市的路由器202和每个路由器202下连接的终端设备203。Figure 2 is a system architecture diagram of application scenario 2 of the virtual local area network-based communication method provided in an embodiment of the present application. The scenario includes at least a public network server 200, a cloud 201 for connecting routers in different cities, routers 202 in multiple cities, and terminal devices 203 connected to each router 202.

公网服务器200部署有服务端，终端设备203部署有客户端和虚拟接口，同样，公网服务器200和多个不同城市的路由器202下连接的终端设备203可以根据相同的认证字段组建成为一个虚拟局域网，进而同一个虚拟局域网下的终端设备203可以通过虚拟局域网实现任何数据的通信。其中，网络设备100和公网服务器200分别可以根据不同认证字段组建多个虚拟局域网，并且每个虚拟局域网之间可以实现流量隔离。需要说明的是，上述提到的网络设备、公网服务器、路由器、终端设备的具体数量、类型和形态均不作具体限定。The public network server 200 is deployed with a server, and the terminal device 203 is deployed with a client and a virtual interface. Similarly, the public network server 200 and the terminal devices 203 connected to the routers 202 in multiple cities can form a virtual local area network according to the same authentication field, and then the terminal devices 203 under the same virtual local area network can realize the communication of any data through the virtual local area network. Among them, the network device 100 and the public network server 200 can respectively form multiple virtual local area networks according to different authentication fields, and traffic isolation can be achieved between each virtual local area network. It should be noted that the specific number, type and form of the network devices, public network servers, routers, and terminal devices mentioned above are not specifically limited.

下面以具体的实施例对本申请的技术方案进行详细说明。下面这几个具体的实施例可以单独运用，也可以相互结合成新的实施例，相同或相似的概念或过程可能在某些实施例中不再赘述。下面将结合附图，对本申请的实施例进行描述。The technical solution of the present application is described in detail with specific embodiments below. The following specific embodiments can be used alone or combined with each other to form new embodiments. The same or similar concepts or processes may not be repeated in some embodiments. The embodiments of the present application will be described below in conjunction with the accompanying drawings.

图3为本申请实施例提供的基于虚拟局域网的通信方法的实施例一的流程示意图，图4为本申请实施例提供的基于虚拟局域网的通信方法的具体实现的示意图，如图3和图4所示，该方法主要应用于虚拟局域网中，虚拟局域网中至少包括第一终端、第二终端和网络设备，第一终端设置有第一客户端、第二终端设置有第二客户端、网络设备设置有服务端。该方法包括：FIG3 is a flow chart of the first embodiment of the communication method based on the virtual local area network provided by the embodiment of the present application, and FIG4 is a schematic diagram of the specific implementation of the communication method based on the virtual local area network provided by the embodiment of the present application. As shown in FIG3 and FIG4, the method is mainly applied to the virtual local area network, and the virtual local area network includes at least a first terminal, a second terminal and a network device, and the first terminal is provided with a first client, the second terminal is provided with a second client, and the network device is provided with a server. The method includes:

S301：通过第一客户端监听虚拟接口，获取待发送的业务报文。S301: Acquire a service message to be sent by monitoring a virtual interface through a first client.

在本步骤中，在不同局域网的终端设备之间进行通信时，用户通过第一终端发起终端业务服务，第一终端根据终端业务服务，得到业务报文并传输至虚拟接口，部署在第一终端中的客户端通过监听虚拟接口，获取到待发送的业务报文。其中，业务报文中包括报文接收端的第二客户端的IP地址。 In this step, when the terminal devices in different local area networks communicate with each other, the user initiates the terminal service through the first terminal, and the first terminal obtains the service message according to the terminal service and transmits it to the virtual interface, and the client deployed in the first terminal obtains the service message to be sent by monitoring the virtual interface. The service message includes the IP address of the second client at the message receiving end.

可选的，用户通过第一终端发起终端业务服务的具体方式，可以是通过直接对第一终端中的某个应用程序进行信息输入操作，也可以是通过点触第一终端的屏幕或者按键发起指令，第一终端根据用户发起的指令启动终端业务服务，终端业务服务可以是通话服务、视频传输服务、文字传输服务等。Optionally, the specific method for the user to initiate a terminal business service through the first terminal may be by directly inputting information into an application in the first terminal, or by touching the screen or buttons of the first terminal to initiate a command. The first terminal starts the terminal business service according to the command initiated by the user. The terminal business service may be a call service, a video transmission service, a text transmission service, etc.

对于上述用户发起终端业务服务的具体方式以及终端业务服务的具体内容，本申请不做具体限定。This application does not specifically limit the specific method in which the user initiates the terminal business service and the specific content of the terminal business service.

S302：根据预先获取的虚拟局域网的配置信息，对业务报文进行封装处理，得到传输报文。S302: encapsulate the service message according to the pre-acquired virtual local area network configuration information to obtain a transmission message.

在本步骤中，第一客户端在获取到业务报文后，为与报文接收端的第二客户端进行数据通信，并保障数据安全，则根据预先获取的虚拟局域网的配置信息，对业务报文进行封装处理，得到传输报文。具体地，封装处理指在原始的业务报文之前加一个封装头，该封装头的信息包括：sessionID、报文类型(控制报文还是业务报文等)、报文长度、对端虚拟接口的IP和MAC地址等。In this step, after obtaining the service message, the first client encapsulates the service message according to the pre-acquired virtual local area network configuration information to obtain a transmission message in order to communicate data with the second client at the message receiving end and ensure data security. Specifically, encapsulation refers to adding an encapsulation header before the original service message, and the information of the encapsulation header includes: sessionID, message type (control message or service message, etc.), message length, IP and MAC address of the virtual interface of the other end, etc.

具体的，首先将业务报文进行隧道封装，得到封装后的报文，然后再将封装后的报文进行加密和压缩，从而得到传输报文。Specifically, the service message is first tunnel-encapsulated to obtain an encapsulated message, and then the encapsulated message is encrypted and compressed to obtain a transmission message.

S303：根据第二客户端的IP地址，将传输报文通过虚拟局域网传输至第二客户端。S303: According to the IP address of the second client, transmit the transmission message to the second client through the virtual local area network.

在本步骤中，第一客户端对业务报文处理，得到传输报文后，根据第二客户端的IP地址，通过虚拟局域网，将传输报文传输至第二客户端。In this step, the first client processes the service message to obtain a transmission message, and then transmits the transmission message to the second client through the virtual local area network according to the IP address of the second client.

具体的，虚拟局域网的配置信息中还包括点对点(P2P)通信信息，任一客户端根据点对点通信信息可以选择开启点对点通信，也可以选择不开启点对点通信。在同一虚拟局域网中开启点对点通信的客户端之间可以打通点对点通信通道。P2P通信涉及P2P打洞。具体地，每个终端在启动客户端时有一个配置文件，该配置文件里有一项指明该终端是否开启P2P打洞，同一个虚拟局域网里的开启了P2P打洞的终端之间会相互进行P2P打洞，如果两个终端之间打通了P2P通道，则它们之间通信就可以不需要经过服务端的转发，直接进行点对点通信。Specifically, the configuration information of the virtual local area network also includes peer-to-peer (P2P) communication information. Any client can choose to enable peer-to-peer communication or not based on the peer-to-peer communication information. Peer-to-peer communication channels can be opened between clients that enable peer-to-peer communication in the same virtual local area network. P2P communication involves P2P hole punching. Specifically, each terminal has a configuration file when starting the client. There is an item in the configuration file that indicates whether P2P hole punching is enabled for the terminal. Terminals that enable P2P hole punching in the same virtual local area network will perform P2P hole punching with each other. If a P2P channel is opened between two terminals, communication between them can be done directly in peer-to-peer mode without forwarding by the server.

则本步骤可以通过以下两个实现方式实现：This step can be implemented in the following two ways:

第一实现方式：第一客户端根据第二客户端的IP地址，检测第一客户端与第二客户端之间是否打通了点对点通信通道，若第一客户端与第二客户端之间打通了点对点通信通道，则第一客户端可以直接通过与第二客户端之间的点对点通信通道，将传输报文传输至第二客户端。The first implementation method: The first client detects whether a point-to-point communication channel is established between the first client and the second client based on the IP address of the second client. If a point-to-point communication channel is established between the first client and the second client, the first client can directly transmit the transmission message to the second client through the point-to-point communication channel between the first client and the second client.

第二实现方式：若第一客户端与第二客户端之间未打通点对点通信通道，则第一客户端需要将传输报文传输至服务端，由服务端将传输报文中转，传输至第二客户端。Second implementation method: If a point-to-point communication channel is not established between the first client and the second client, the first client needs to transmit the transmission message to the server, and the server transfers the transmission message and transmits it to the second client.

需要说明的是，任一客户端与服务端以及客户端与客户端之间的通信方式，可以是基于网际协议版本4(Internet Protocol version 4，IPv4)或者网际协议版本6(Internet Protocol version 6，IPv6)的用户数据报协议(User Datagram Protocol，UDP)、传输控制协议/网际协议(Transmission Control Protocol/Internet Protocol，TCP/IP)、网际包交换/顺序包交换(Internetwork Packet Exchange/Sequences Packet Exchange，IPX/SPX)协议、NetBios增强用户接口(NetBios Enhanced User Interface，NetBEUI)协议中的任意一个，本实施例不做具体限定。It should be noted that the communication method between any client and server and between clients can be any one of the User Datagram Protocol (UDP) based on Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6), Transmission Control Protocol/Internet Protocol (TCP/IP), Internetwork Packet Exchange/Sequences Packet Exchange (IPX/SPX) protocol, and NetBios Enhanced User Interface (NetBEUI) protocol, and this embodiment does not make any specific limitation.

S304：根据预先获取的虚拟局域网的配置信息，对传输报文进行解封处理，得到业务报文。S304: Decapsulate the transmission message according to the pre-acquired virtual local area network configuration information to obtain a service message.

在本步骤中，第二客户端在接收到第一客户端传输的传输报文后，为了完成终端业务服务的内容，根据预先获取的虚拟局域网的配置信息，将传输报文进行解封处理，得到业务报文。具体的，第二客户端根据所述配置信息，例如，首先对传输报文进行解压，然后解密，最后再隧道解封，从而得到业务报文。第二客户端通过第二终端部署的虚拟接口将业务报文传输至对应的应用程序，用户根据业务报文在对应的应用程序完成操作。In this step, after receiving the transmission message transmitted by the first client, the second client unpacks the transmission message according to the pre-acquired virtual local area network configuration information in order to complete the terminal service content. To the service message. Specifically, the second client, according to the configuration information, for example, first decompresses the transmission message, then decrypts it, and finally unblocks the tunnel, thereby obtaining the service message. The second client transmits the service message to the corresponding application through the virtual interface deployed by the second terminal, and the user completes the operation in the corresponding application according to the service message.

在一种可能的实现方式中，以图1所示的场景为基础，同一个虚拟局域网中可以包括多个终端，每个终端中都部署有客户端，在通过该虚拟局域网进行数据通信时，业务报文中可以不指定报文接收端的客户端的IP地址，也可以包括多个报文接收端的客户端的IP地址。In a possible implementation, based on the scenario shown in FIG. 1 , a plurality of terminals may be included in the same virtual local area network, and a client is deployed in each terminal. When data communication is performed through the virtual local area network, the service message may not specify the IP address of the client at the message receiving end, or may include the IP addresses of the clients at multiple message receiving ends.

示例性的，若业务报文中不指定报文接收端的客户端的IP地址，发起业务的终端设备为终端设备A，终端设备A中部署有第一客户端，则第一客户端将传输报文经过路由器A传输至网络设备100部署的服务端，服务端将传输报文传输至终端设备B、终端设备C、终端设备D、终端设备E、终端设备F、终端设备G、终端设备H、终端设备I中部署的客户端。For example, if the IP address of the client at the message receiving end is not specified in the service message, the terminal device initiating the service is terminal device A, and a first client is deployed in terminal device A, then the first client transmits the transmission message through router A to the server deployed in network device 100, and the server transmits the transmission message to the clients deployed in terminal device B, terminal device C, terminal device D, terminal device E, terminal device F, terminal device G, terminal device H, and terminal device I.

示例性的，若业务报文中指定多个报文接收端的客户端的IP地址，发起业务的终端设备为终端设备A，终端设备A中部署有第一客户端，业务报文中指定的多个报文接收端的客户端的IP地址对应的终端设备为终端设备D、终端设备E、终端设备H，则第一客户端分别检测与终端设备D、终端设备E、终端设备H中部署的客户端之间是否都打通了点对点通信通道，若打通了点对点通信通道，则通过点对点通信将传输报文传输至对应的客户端，若未打通，则通过服务端中转传输至对应客户端。Exemplarily, if the business message specifies multiple IP addresses of clients at the message receiving end, the terminal device initiating the service is terminal device A, a first client is deployed in terminal device A, and the terminal devices corresponding to the IP addresses of multiple clients at the message receiving end specified in the business message are terminal device D, terminal device E, and terminal device H, then the first client respectively detects whether point-to-point communication channels are established between the clients deployed in terminal device D, terminal device E, and terminal device H. If the point-to-point communication channel is established, the transmission message is transmitted to the corresponding client through point-to-point communication. If not, the message is transmitted to the corresponding client through the server.

本实施例提供的基于虚拟局域网的通信方法，通过第一客户端监听虚拟接口，获取待发送的业务报文，然后根据预先获取的虚拟局域网的配置信息，对业务报文进行封装处理，得到传输报文，再根据第二客户端的IP地址，将传输报文通过虚拟局域网传输至第二客户端，最后第二客户端根据预先获取的虚拟局域网的配置信息，对传输报文进行解封处理，得到业务报文。通过上述方法，实现了不同局域网下的终端设备之间的数据通信，进而提高了用户之间的通信效率。The communication method based on virtual local area network provided in this embodiment obtains the service message to be sent by monitoring the virtual interface through the first client, and then encapsulates the service message according to the pre-acquired configuration information of the virtual local area network to obtain the transmission message, and then transmits the transmission message to the second client through the virtual local area network according to the IP address of the second client, and finally the second client decapsulates the transmission message according to the pre-acquired configuration information of the virtual local area network to obtain the service message. Through the above method, data communication between terminal devices in different local area networks is realized, thereby improving the communication efficiency between users.

图5为本申请实施例提供的基于虚拟局域网的通信方法的实施例二的流程示意图，如图5所示，在上述实施例的基础上，虚拟局域网的配置信息包括报文压缩信息，报文加密信息，则步骤S302可以通过以下步骤实现：FIG5 is a flow chart of Embodiment 2 of the communication method based on a virtual local area network provided in an embodiment of the present application. As shown in FIG5 , based on the above embodiment, the configuration information of the virtual local area network includes message compression information and message encryption information, and step S302 can be implemented by the following steps:

S501：对业务报文进行隧道封装，得到封装后的报文。S501: Perform tunnel encapsulation on the service message to obtain an encapsulated message.

S502：根据报文加密信息对封装后的报文进行加密，并根据报文压缩信息对压缩加密后的报文进行压缩，得到传输报文。S502: Encrypt the encapsulated message according to the message encryption information, and compress the compressed and encrypted message according to the message compression information to obtain a transmission message.

为了提高信息安全性，根据报文加密信息对封装后的报文进行加密，为了节省网络带宽，提高传输效率，则将加密后的报文根据报文压缩信息进行压缩，进而得到传输报文。In order to improve information security, the encapsulated message is encrypted according to the message encryption information. In order to save network bandwidth and improve transmission efficiency, the encrypted message is compressed according to the message compression information to obtain the transmission message.

具体的，对封装后的报文进行加密可采用对称性加密算法或者非对称性加密算法，例如对称性加密算法可采用高级加密标准(Advanced Encryption Standard，AES)或者数据加密标准(Data Encryption Standard，DES)又或者3DES。非对称加密算法可以采用公共密钥算法或者数字签名算法(Digital Signature Algorithm，DSA)又或者椭圆曲线密码编码学(Elliptic Curves Cryptography，ECC)。本申请对于加密方式不做具体限定。Specifically, the encapsulated message can be encrypted using a symmetric encryption algorithm or an asymmetric encryption algorithm. For example, the symmetric encryption algorithm can use the Advanced Encryption Standard (AES) or the Data Encryption Standard (DES) or 3DES. The asymmetric encryption algorithm can use a public key algorithm or a digital signature algorithm (DSA) or elliptic curve cryptography (ECC). This application does not specifically limit the encryption method.

本实施例提供的基于虚拟局域网的通信方法，通过对业务报文进行封装、加密、压缩，进而实现报文的传输，节省了网络带宽、提高了传输效率和数据安全性。The communication method based on the virtual local area network provided in this embodiment realizes the transmission of the message by encapsulating, encrypting and compressing the service message, thereby saving network bandwidth and improving transmission efficiency and data security.

在一种可能的设计中，在前述各个实施例的基础上，客户端在通过虚拟局域网进行数据通信之前，还需要加入虚拟局域网，则具体的加入方式可以通过以下两种方式实现。In a possible design, based on the aforementioned embodiments, the client needs to join the virtual local area network before performing data communication through the virtual local area network. The specific joining method can be implemented in the following two ways.

第一种方式，图6为本申请实施例提供的基于虚拟局域网的通信方法的实施例三的流程示意图，参考图6，具体可以通过以下步骤实现： In the first way, FIG. 6 is a flow chart of Embodiment 3 of the communication method based on the virtual local area network provided in the embodiment of the present application. Referring to FIG. 6 , the method can be implemented by the following steps:

S601：客户端接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的IP地址以及所有客户端的IP地址。S601: The client receives the authentication field configured for joining the virtual LAN, the IP address of the server, and the IP addresses of all clients sent by the cloud platform.

在本步骤中，当网络设备和终端设备连接同一个云平台的时候，可以通过云平台实现虚拟局域网的组建。云平台为组建虚拟局域网配置认证字段和IP地址。在一些示例中，认证字段可为单个比特或多个比特，或一个字符串，等等，本申请实施例并不对认证字段的形式进行限制。In this step, when the network device and the terminal device are connected to the same cloud platform, the cloud platform can be used to establish a virtual local area network. The cloud platform configures the authentication field and IP address for establishing the virtual local area network. In some examples, the authentication field can be a single bit or multiple bits, or a string, etc. The embodiment of the present application does not limit the form of the authentication field.

客户端通过通信接口，接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的IP地址以及所有客户端的IP地址。值得注意的是，用户可以在云平台指示组建虚拟局域网的终端设备。The client receives the authentication field, the server IP address and all client IP addresses sent by the cloud platform through the communication interface for joining the virtual LAN. It is worth noting that the user can instruct the terminal device to form a virtual LAN on the cloud platform.

S602：客户端根据服务端的IP地址，认证字段以及客户端的IP地址，向服务端发送虚拟局域网接入请求。S602: The client sends a virtual local area network access request to the server according to the IP address of the server, the authentication field and the IP address of the client.

在本步骤中，在客户端接收到云平台发送的认证字段，服务端的IP地址以及所有客户端的IP地址后，根据服务端的IP地址和认证字段，向服务端发送虚拟局域网接入请求。在一些示例中，客户端将认证字段携带在虚拟局域网接入请求中并将该接入请求发送给服务端的IP地址。在一些示例中，一个客户端可以接入云平台组建的一个虚拟局域网或更多个虚拟局域网。In this step, after the client receives the authentication field sent by the cloud platform, the IP address of the server and the IP addresses of all clients, it sends a virtual LAN access request to the server according to the IP address and authentication field of the server. In some examples, the client carries the authentication field in the virtual LAN access request and sends the access request to the IP address of the server. In some examples, a client can access one or more virtual LANs established by the cloud platform.

S603：服务端根据云平台配置的认证字段对局域网接入请求中的认证字段进行验证。S603: The server verifies the authentication field in the LAN access request according to the authentication field configured by the cloud platform.

在本步骤中，服务端接收到客户端发送的虚拟局域网接入请求后，根据虚拟局域网接入请求，对客户端发送的认证字段进行验证。具体的，服务端将客户端发送的认证字段与云平台配置的认证字段进行对比，若客户端发送的认证字段与云平台配置的认证字段相同，则该客户端验证通过，若客户端发送的认证字段与云平台配置的认证字段不相同，则该客户端验证不通过。In this step, after receiving the virtual LAN access request sent by the client, the server verifies the authentication field sent by the client according to the virtual LAN access request. Specifically, the server compares the authentication field sent by the client with the authentication field configured by the cloud platform. If the authentication field sent by the client is the same as the authentication field configured by the cloud platform, the client is verified. If the authentication field sent by the client is different from the authentication field configured by the cloud platform, the client fails the verification.

S604：在认证字段验证通过后，允许客户端接入服务端的IP地址对应的虚拟局域网。S604: After the authentication field is verified, the client is allowed to access the virtual local area network corresponding to the IP address of the server.

在本步骤中，服务端通过对客户端发送的认证字段验证，在认证字段验证通过后，允许客户端接入服务端的IP地址对应的虚拟局域网，并与客户端建立通信连接。In this step, the server verifies the authentication field sent by the client. After the authentication field verification is passed, the client is allowed to access the virtual local area network corresponding to the IP address of the server and establishes a communication connection with the client.

S605：服务端向客户端返回接入确认消息。S605: The server returns an access confirmation message to the client.

在本步骤中，服务端允许客户端接入虚拟局域网后，通过与客户端建立的通信连接，向客户端返回接入确认消息，客户端接收服务端返回的接入确认消息。其中，接入确认消息用于指示客户端接入虚拟局域网成功。可选的，在云平台为加入虚拟局域网配置认证字段，服务端的IP地址以及所有客户端的IP地址后，还需要将认证字段，服务端的IP地址以及所有客户端的IP地址发送至服务端。In this step, after the server allows the client to access the virtual local area network, it returns an access confirmation message to the client through the communication connection established with the client, and the client receives the access confirmation message returned by the server. The access confirmation message is used to indicate that the client has successfully accessed the virtual local area network. Optionally, after the cloud platform configures the authentication field, the IP address of the server, and the IP addresses of all clients for joining the virtual local area network, the authentication field, the IP address of the server, and the IP addresses of all clients need to be sent to the server.

本实施例提供的基于虚拟局域网的通信方法，通过用户指定组建虚拟局域网的终端设备，云平台配置认证字段和IP地址，并下发至客户端和服务端，客户端根据服务端的IP地址和认证字段向服务端请求接入虚拟局域网，服务端在对客户端发送的认证字段验证通过后，向客户端返回接入确认消息。通过上述方法，实现了虚拟局域网的组建，进而实现了不同局域网下终端设备之间的通信。The communication method based on virtual local area network provided in this embodiment is that the user specifies the terminal device for forming the virtual local area network, the cloud platform configures the authentication field and IP address, and sends it to the client and the server. The client requests the server to access the virtual local area network according to the IP address and authentication field of the server. After the authentication field sent by the client is verified, the server returns an access confirmation message to the client. Through the above method, the formation of the virtual local area network is realized, and then the communication between terminal devices in different local area networks is realized.

第二种方式，图7为本申请实施例提供的基于虚拟局域网的通信方法的实施例四的流程示意图，参考图7，具体可以通过以下步骤实现：The second method is shown in FIG. 7 as a flow chart of the fourth embodiment of the communication method based on the virtual local area network provided in the embodiment of the present application. Referring to FIG. 7 , the method can be implemented by the following steps:

S701：通过客户端对终端的上行网络设备进行扫描，获取部署了虚拟局域网的服务端的网络设备。S701: Scan the uplink network device of the terminal through the client to obtain the network device of the server where the virtual local area network is deployed.

在本步骤中，若想组建虚拟局域网，则需要客户端与服务端建立通信，则客户端对终端的上行网络设备进行扫描，从而获取部署了虚拟局域网的服务端的网络设备。在一些示例中，客户端对终端的上行网络设备进行扫描是指，客户端先使用类似traceroute技术，一层一层获取上级的网关，并且对每个上级网关所处的网段的所有IP地址发送扫描报文，如果服务端在上级，则会收到这个扫描报文，该服务端在收到该扫描报文后会回应扫描请求，这样客户端就获得了这个服务端的IP地址和端口。扫描到服务端之后，客户端会尝试去加入该服务端的虚拟局域网。In this step, if you want to build a virtual LAN, you need to establish communication between the client and the server, and the client scans the upstream network device of the terminal to obtain the network device of the server that has deployed the virtual LAN. In some examples, the client scans the upstream network device of the terminal, which means that the client first uses a technology similar to traceroute to obtain the upper-level gateway layer by layer, and sends a scan message to all IP addresses of the network segment where each upper-level gateway is located. If the server is at the upper level, it will receive the scan message. After receiving the scan message, the server will respond to the scan request, so that the client obtains the IP address and port of the server. After scanning the server, the client will try to join the virtual LAN of the server.

具体的，由于服务端有可能部署在顶端网络设备中，则客户端对终端的上行网络设备进行扫描，需要一层一层的进行扫描，扫描到部署了虚拟局域网的服务端并开启了服务端的网络设备，进而得到服务端的IP地址。Specifically, since the server may be deployed in the top network device, the client scans the upstream network device of the terminal layer by layer, scans the server that deploys the virtual LAN and turns on the server's network device, and then obtains the server's IP address.

S702：向网络设备中的服务端发送虚拟局域网加入请求。S702: Send a virtual local area network joining request to a server in the network device.

在本步骤中，客户端在获取到服务端的IP地址后，通过通信连接向网络设备中的服务端发送虚拟局域网加入请求。In this step, after obtaining the IP address of the server, the client sends a virtual local area network joining request to the server in the network device through a communication connection.

S703：若虚拟局域网加入请求中未携带客户端的IP地址，则允许客户端加入虚拟局域网，并为客户端分配IP地址。S703: If the virtual local area network joining request does not carry the IP address of the client, the client is allowed to join the virtual local area network and an IP address is allocated to the client.

在本步骤中，服务端接收到客户端发送的虚拟局域网加入请求后，查询虚拟局域网加入请求中是否携带了客户端的IP地址，若虚拟局域网加入请求中未携带客户端的IP地址，说明该客户端并未加入任何虚拟局域网，则允许客户端加入虚拟局域网，并为客户端分配IP地址。In this step, after receiving the virtual LAN joining request sent by the client, the server queries whether the virtual LAN joining request carries the client's IP address. If the virtual LAN joining request does not carry the client's IP address, it means that the client has not joined any virtual LAN. In this case, the client is allowed to join the virtual LAN and an IP address is allocated to the client.

S704：向客户端发送虚拟局域网加入反馈消息。S704: Send a virtual local area network joining feedback message to the client.

在本步骤中，服务端为客户端分配IP地址后，生成虚拟局域网加入反馈消息，并将虚拟局域网加入反馈消息通过通信连接，发送至客户端。In this step, after the server allocates an IP address to the client, it generates a virtual local area network joining feedback message, and sends the virtual local area network joining feedback message to the client through the communication connection.

S705：若虚拟局域网加入请求中携带客户端的IP地址，则检测客户端的IP地址是否被其他客户端使用。S705: If the virtual LAN joining request carries the IP address of the client, it is detected whether the IP address of the client is used by other clients.

在本步骤中，服务端接收到客户端发送的虚拟局域网加入请求后，查询虚拟局域网加入请求中是否携带了客户端的IP地址，若虚拟局域网加入请求中携带客户端的IP地址，则该客户端的IP地址与其他客户端的IP地址存在冲突的可能，因此服务端检测客户端的IP地址是否被其他客户端使用。In this step, after receiving the virtual LAN joining request sent by the client, the server queries whether the virtual LAN joining request carries the client's IP address. If the virtual LAN joining request carries the client's IP address, there is a possibility that the client's IP address conflicts with the IP addresses of other clients. Therefore, the server detects whether the client's IP address is used by other clients.

具体地，客户端对应的虚拟端口的IP地址可以通过两种方式生成，一种是自动生成，自动生成是由服务端进行IP地址分配；一种是静态生成，静态生成是由用户指定IP地址，该IP地址被指定后不再改变，静态生成的情况下会将虚拟端口的IP地址携带在虚拟局域网加入请求中发送给服务端，服务端会检查这个静态IP地址是否已经被这个虚拟局域网中的其它终端使用，如果已被使用，则不会让该客户端对应的终端加入此虚拟局域网。Specifically, the IP address of the virtual port corresponding to the client can be generated in two ways. One is automatic generation, in which the server allocates the IP address; the other is static generation, in which the user specifies the IP address, which will not change after being specified. In the case of static generation, the IP address of the virtual port will be carried in the virtual LAN joining request and sent to the server. The server will check whether the static IP address has been used by other terminals in the virtual LAN. If it has been used, the terminal corresponding to the client will not be allowed to join the virtual LAN.

S706：若客户端的IP地址未被其他客户端使用，则允许客户端加入虚拟局域网。S706: If the IP address of the client is not used by other clients, the client is allowed to join the virtual LAN.

在本步骤中，通过服务端对该客户端的IP地址进行检测，若客户端的IP地址未被其他客户端使用，说明该客户端的IP地址不存在冲突，则允许客户端加入虚拟局域网。In this step, the IP address of the client is detected by the server. If the IP address of the client is not used by other clients, it means that there is no conflict in the IP address of the client, and the client is allowed to join the virtual LAN.

S707：向客户端发送虚拟局域网加入反馈消息。S707: Send a virtual local area network joining feedback message to the client.

本步骤与步骤S704具体实施方式相同，在此不再赘述。The specific implementation of this step is the same as that of step S704, and will not be repeated here.

S708：若客户端的IP地址被其他客户端使用，则不允许该客户端加入虚拟局域网，向客户端返回用于指示局域网加入失败的虚拟局域网加入反馈消息。S708: If the IP address of the client is used by other clients, the client is not allowed to join the virtual LAN, and a virtual LAN joining feedback message indicating a failure to join the LAN is returned to the client.

在本步骤中，通过服务端对该客户端的IP地址进行检测，若客户端的IP地址被其他客户端使用，说明该客户端的IP地址存在冲突，则不允许客户端加入虚拟局域网，并通过通信连接，向客户端返回用于指示局域网加入失败的虚拟局域网加入反馈消息。在一些示例中，用户可针对该客户端重新指定IP地址。In this step, the IP address of the client is detected by the server. If the IP address of the client is used by other clients, it means that there is a conflict in the IP address of the client. The client is not allowed to join the virtual LAN, and a virtual LAN joining feedback message indicating the failure of joining the LAN is returned to the client through the communication connection. In some examples, the user can reassign the IP address for the client.

可选的，接收到服务端返回的虚拟局域网加入反馈消息后，若虚拟局域网加入反馈消息指示客户端加入虚拟局域网成功，则虚拟局域网加入反馈消息中还包括服务端配置的认证字段和配置信息，其中，配置信息包括报文压缩信息，报文加密信息以及虚拟局域网中所有客户端的IP地址。Optionally, after receiving the virtual LAN joining feedback message returned by the server, if the virtual LAN joining feedback message indicates that the client has successfully joined the virtual LAN, the virtual LAN joining feedback message also includes the authentication field and configuration information configured by the server, wherein the configuration information includes message compression information, message encryption information and the IP addresses of all clients in the virtual LAN.

本实施例提供的基于虚拟局域网的通信方法，客户端通过扫描确定部署服务端的网络设备，进而获取到服务端的IP地址，并向服务端发送虚拟局域网加入请求，服务端根据虚拟局域网加入请求，对客户端进行验证，验证通过则允许加入虚拟局域网，若验证未通过，则不允许加入虚拟局域网。通过上述方式，提高了安全性，并实现了不同局域网下终端设备之间的互联互通。In the communication method based on virtual local area network provided in this embodiment, the client scans and determines the network device where the server is deployed, and then obtains the IP address of the server, and sends a virtual local area network joining request to the server. The server verifies the client according to the virtual local area network joining request, and allows the client to join the virtual local area network if the verification passes, and does not allow the client to join the virtual local area network if the verification fails. Through the above method, security is improved, and interconnection between terminal devices in different local area networks is realized.

需要说明的是，上述组建虚拟局域网的实施例中的客户端可以是前述提到的第一客户端，也可以是第二客户端，还可以是其他任意客户端。It should be noted that the client in the above embodiment of forming a virtual local area network may be the first client mentioned above, or may be the second client, or may be any other client.

图8为本申请实施例提供的基于虚拟局域网的通信方法的实施例五的流程示意图，参考图8，在上述各个实施例的基础上，虚拟局域网的配置信息中包括报文压缩信息，报文加密信息，则步骤S304可以通过以下步骤实现：FIG8 is a flow chart of Embodiment 5 of the communication method based on a virtual local area network provided in an embodiment of the present application. Referring to FIG8 , based on the above embodiments, the configuration information of the virtual local area network includes message compression information and message encryption information, and step S304 can be implemented by the following steps:

S801：根据报文压缩信息对传输报文解除压缩，得到解压后的报文。S801: Decompress the transmission message according to the message compression information to obtain a decompressed message.

S802：根据报文加密信息对解压后的报文进行解密，并进行隧道解封装，得到业务报文。S802: Decrypt the decompressed message according to the message encryption information, and perform tunnel decapsulation to obtain a service message.

在报文接收端的第二客户端接收到传输报文后，根据虚拟局域网的配置信息进而对传输报文进行解压、解密和隧道解封，从而得到业务报文，并通过虚拟接口将业务报文传输至第二终端对应的应用程序中进行业务操作。After the second client at the message receiving end receives the transmission message, it decompresses, decrypts and unblocks the tunnel of the transmission message according to the configuration information of the virtual LAN to obtain the service message, and transmits the service message to the application corresponding to the second terminal through the virtual interface for service operation.

本实施例提供的基于虚拟局域网的通信方法，通过使用与发送报文端的第一客户端相同的配置信息对传输报文进行解压、解密和隧道解封，进而节省了网络带宽、提高了传输效率和数据安全性。The communication method based on virtual local area network provided in this embodiment decompresses, decrypts and unblocks the transmission message by using the same configuration information as the first client sending the message, thereby saving network bandwidth and improving transmission efficiency and data security.

图9为本申请实施例提供的基于虚拟局域网的通信装置实施例一的结构示意图，如9所示，第一终端中设置有进行虚拟局域网服务的第一客户端，则基于虚拟局域网的通信装置900，包括：第一获取模块901，用于通过第一客户端监听所述第一终端的虚拟接口，获取待发送的业务报文，业务报文中包括作为所述业务报文的接收端的第二客户端的互联网协议IP地址；封装模块902，用于根据预先获取的虚拟局域网的配置信息，对业务报文进行封装处理，得到传输报文；传输模块903，用于根据第二客户端的IP地址，将传输报文通过虚拟局域网传输至第二客户端。其中，第二客户端所在的第二终端与第一终端属于同一个虚拟局域网。FIG9 is a schematic diagram of the structure of the first embodiment of the communication device based on the virtual local area network provided by the embodiment of the present application. As shown in FIG9, a first client for performing virtual local area network service is provided in the first terminal, and the communication device based on the virtual local area network 900 includes: a first acquisition module 901, which is used to monitor the virtual interface of the first terminal through the first client to obtain the service message to be sent, and the service message includes the Internet Protocol IP address of the second client as the receiving end of the service message; an encapsulation module 902, which is used to encapsulate the service message according to the configuration information of the virtual local area network obtained in advance to obtain the transmission message; a transmission module 903, which is used to transmit the transmission message to the second client through the virtual local area network according to the IP address of the second client. Among them, the second terminal where the second client is located belongs to the same virtual local area network as the first terminal.

在一种可能的设计中，传输模块903，包括：确定单元，用于根据第二客户端的IP地址，确定第一客户端与第二客户端之间是否打通点对点通信通道；第一传输单元，用于若第一客户端与第二客户端之间已打通点对点通信通道，则根据第二客户端的IP地址，通过对点通信通道，将传输报文发送给第二客户端；第二传输单元，用于若第一客户端与第二客户端之间未打通点对点通信通道，则通过虚拟局域网的服务端将传输报文传送至第二客户端。In one possible design, the transmission module 903 includes: a determination unit, used to determine whether a point-to-point communication channel is established between the first client and the second client based on the IP address of the second client; a first transmission unit, used to send a transmission message to the second client through the point-to-point communication channel based on the IP address of the second client if a point-to-point communication channel is established between the first client and the second client; and a second transmission unit, used to transmit the transmission message to the second client through the server of the virtual local area network if a point-to-point communication channel is not established between the first client and the second client.

在一种可能的设计中，虚拟局域网的配置信息包括报文压缩信息，报文加密信息，则封装模块902，包括：封装单元，用于对业务报文进行隧道封装，得到封装后的报文；压缩加密单元，用于根据报文加密信息对封装后的报文进行加密，并根据报文压缩信息对加密后的报文进行压缩，得到传输报文。In one possible design, the configuration information of the virtual local area network includes message compression information and message encryption information, and the encapsulation module 902 includes: an encapsulation unit, used to perform tunnel encapsulation on the service message to obtain an encapsulated message; a compression and encryption unit, used to encrypt the encapsulated message according to the message encryption information, and compress the encrypted message according to the message compression information to obtain a transmission message.

在一种可能的设计中，基于虚拟局域网的通信装置900，还包括：第一接收模块904，用于接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的IP地址以及所述虚拟局域网中所有客户端的IP地址；第一发送模块905，用于根据服务端的IP地址，认证字段以及第一客户端的IP地址，向服务端发送虚拟局域网接入请求；第二接收模块906，用于接收服务端返回的接入确认消息，接入确认消息用于指示第一客户端接入虚拟局域网成功。In a possible design, the communication device 900 based on the virtual local area network further includes: a first receiving module 904, which is used to receive the authentication field configured for joining the virtual local area network, the IP address of the server, and the authentication field sent by the cloud platform. The IP addresses of all clients in the virtual LAN; a first sending module 905, used to send a virtual LAN access request to the server according to the IP address of the server, the authentication field and the IP address of the first client; a second receiving module 906, used to receive an access confirmation message returned by the server, the access confirmation message is used to indicate that the first client has successfully accessed the virtual LAN.

在一种可能的设计中，基于虚拟局域网的通信装置900，还包括：第二获取模块907，用于通过第一客户端对第一终端的上行网络设备进行扫描，获取部署了虚拟局域网的服务端的网络设备；第二发送模块908，用于向网络设备中的服务端发送虚拟局域网加入请求；第三接收模块909，用于接收服务端返回的虚拟局域网加入反馈消息，虚拟局域网加入反馈消息用于指示第一客户端加入虚拟局域网是否成功。In one possible design, the communication device 900 based on the virtual local area network also includes: a second acquisition module 907, which is used to scan the uplink network device of the first terminal through the first client to obtain the network device of the server on which the virtual local area network is deployed; a second sending module 908, which is used to send a virtual local area network joining request to the server in the network device; and a third receiving module 909, which is used to receive the virtual local area network joining feedback message returned by the server, and the virtual local area network joining feedback message is used to indicate whether the first client has successfully joined the virtual local area network.

在一种可能的设计中，若虚拟局域网加入反馈消息指示第一客户端加入虚拟局域网成功，则虚拟局域网加入反馈消息中还包括服务端配置的认证字段和虚拟局域网的配置信息；所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息以及虚拟局域网中所有客户端的IP地址。In one possible design, if the virtual LAN joining feedback message indicates that the first client has successfully joined the virtual LAN, the virtual LAN joining feedback message also includes an authentication field configured by the server and configuration information of the virtual LAN; the configuration information of the virtual LAN includes message compression information, message encryption information and the IP addresses of all clients in the virtual LAN.

在一种可能的设计中，虚拟局域网加入请求中包括第一客户端的IP地址。In one possible design, the virtual LAN join request includes the IP address of the first client.

在一种可能的设计中，若虚拟局域网加入请求中不包括第一客户端的IP地址，则所述虚拟局域网的配置信息中第一客户端的IP地址为服务端分配的。In a possible design, if the virtual local area network joining request does not include the IP address of the first client, the IP address of the first client in the configuration information of the virtual local area network is allocated by the server.

本申请实施例提供的装置，可用于执行上述实施例中第一终端侧的方法，其实现原理和技术效果类似，在此不再赘述。The device provided in the embodiment of the present application can be used to execute the method on the first terminal side in the above embodiment. Its implementation principle and technical effects are similar and will not be repeated here.

图10为本申请实施例提供的基于虚拟局域网的通信装置实施例二的结构示意图，如图10所示，第二终端中设置有进行虚拟局域网服务的第二客户端，则基于虚拟局域网的通信装置1000，包括：第一接收模块1001，用于通过第二客户端接收第一客户端传输的传输报文；解封模块1002，用于根据预先获取的虚拟局域网的配置信息，对传输报文进行解封处理，得到业务报文。其中，第一客户端所在的第一终端与第二终端属于同一个虚拟局域网。FIG10 is a schematic diagram of the structure of the second embodiment of the communication device based on the virtual local area network provided by the embodiment of the present application. As shown in FIG10 , a second client for performing virtual local area network service is provided in the second terminal, and the communication device based on the virtual local area network 1000 includes: a first receiving module 1001, which is used to receive the transmission message transmitted by the first client through the second client; and a decapsulation module 1002, which is used to decapsulate the transmission message according to the configuration information of the virtual local area network obtained in advance to obtain the service message. Among them, the first terminal where the first client is located and the second terminal belong to the same virtual local area network.

在一种可能的设计中，第一接收模块1001，包括：第一接收单元，用于接收第一客户端通过点对点通信发送的传输报文；或者，第二接收单元，用于接收虚拟局域网的服务端发送的第一客户端传输的传输报文。In one possible design, the first receiving module 1001 includes: a first receiving unit for receiving a transmission message sent by the first client through point-to-point communication; or a second receiving unit for receiving a transmission message transmitted by the first client and sent by a server of a virtual local area network.

在一种可能的设计中，虚拟局域网的配置信息包括报文压缩信息，报文加密信息，则解封模块1002，包括：解压单元，用于根据报文压缩信息对传输报文解除压缩，得到解压后的报文；解密解封单元，用于根据报文加密信息对解压后的报文进行解密，并进行隧道解封装，得到业务报文。In one possible design, the configuration information of the virtual local area network includes message compression information and message encryption information, and the decompression module 1002 includes: a decompression unit, used to decompress the transmission message according to the message compression information to obtain a decompressed message; a decryption and decompression unit, used to decrypt the decompressed message according to the message encryption information, and perform tunnel decapsulation to obtain a business message.

在一种可能的设计中，基于虚拟局域网的通信装置1000，还包括：第二接收模块1003，用于接收云平台发送的为加入虚拟局域网配置的认证字段，服务端的IP地址以及所述虚拟局域网中所有客户端的IP地址；第一发送模块1004，用于根据服务端的IP地址，认证字段以及第二客户端的IP地址，向服务端发送虚拟局域网接入请求；第三接收模块1005，用于接收服务端返回的接入确认消息，接入确认消息用于指示第二客户端接入虚拟局域网成功。In one possible design, the communication device 1000 based on the virtual LAN also includes: a second receiving module 1003, used to receive the authentication field configured for joining the virtual LAN, the IP address of the server and the IP addresses of all clients in the virtual LAN sent by the cloud platform; a first sending module 1004, used to send a virtual LAN access request to the server according to the IP address of the server, the authentication field and the IP address of the second client; a third receiving module 1005, used to receive an access confirmation message returned by the server, and the access confirmation message is used to indicate that the second client has successfully accessed the virtual LAN.

在一种可能的设计中，基于虚拟局域网的通信装置1000，还包括：获取模块1006，用于通过第二客户端对第二终端的上行网络设备进行扫描，获取部署了虚拟局域网的服务端的网络设备；第二发送模块1007，用于向网络设备中的服务端发送虚拟局域网加入请求；第四接收模块1008，用于接收服务端返回的虚拟局域网加入反馈消息，虚拟局域网加入反馈消息用于指示第二客户端加入虚拟局域网是否成功。In one possible design, the communication device 1000 based on the virtual local area network also includes: an acquisition module 1006, which is used to scan the uplink network device of the second terminal through the second client to obtain the network device of the server on which the virtual local area network is deployed; a second sending module 1007, which is used to send a virtual local area network joining request to the server in the network device; and a fourth receiving module 1008, which is used to receive the virtual local area network joining feedback message returned by the server, and the virtual local area network joining feedback message is used to indicate whether the second client has successfully joined the virtual local area network.

在一种可能的设计中，若虚拟局域网加入反馈消息指示第二客户端加入虚拟局域网成功，则虚拟局域网加入反馈消息中还包括服务端配置的认证字段和所述虚拟局域网的配置信息，所述虚拟局域网的配置信息包括报文压缩信息，报文加密信息以及虚拟局域网中所有客户端的IP地址。In one possible design, if the virtual local area network joining feedback message indicates that the second client has successfully joined the virtual local area network, the virtual local area network joining feedback message also includes the authentication field configured by the server and the virtual local area network. Configuration information, the configuration information of the virtual local area network includes message compression information, message encryption information and IP addresses of all clients in the virtual local area network.

在一种可能的设计中，虚拟局域网加入请求中包括第二客户端的IP地址。In one possible design, the virtual LAN join request includes the IP address of the second client.

在一种可能的设计中，若虚拟局域网加入请求中不包括第二客户端的IP地址，则所述虚拟局域网的配置信息中第二客户端的IP地址为服务端分配的。In a possible design, if the virtual LAN joining request does not include the IP address of the second client, the IP address of the second client in the configuration information of the virtual LAN is allocated by the server.

本申请实施例提供的装置，可用于执行上述实施例中第二终端侧的方法，其实现原理和技术效果类似，在此不再赘述。The device provided in the embodiment of the present application can be used to execute the method on the second terminal side in the above embodiment. Its implementation principle and technical effect are similar and will not be repeated here.

图11为本申请实施例提供的基于虚拟局域网的通信装置实施例三的结构示意图，如图11所示，网络设备中设置有进行虚拟局域网服务的服务端，则基于虚拟局域网的通信装置1100，包括：第一接收模块1101，用于接收第一客户端发送的传输报文，传输报文中包括报文接收端的第二客户端的IP地址；传输模块1102，用于根据第二客户端的IP地址，将传输报文发送至第二客户端。其中，第一客户端和第二客户端均加入服务端服务的同一个虚拟局域网。FIG11 is a schematic diagram of the structure of the third embodiment of the communication device based on the virtual local area network provided by the embodiment of the present application. As shown in FIG11 , a server for performing virtual local area network services is provided in the network device, and the communication device based on the virtual local area network 1100 includes: a first receiving module 1101, which is used to receive a transmission message sent by a first client, and the transmission message includes the IP address of a second client at the message receiving end; a transmission module 1102, which is used to send the transmission message to the second client according to the IP address of the second client. The first client and the second client both join the same virtual local area network served by the server.

在一种可能的设计中，基于虚拟局域网的通信装置1100，还包括：第二接收模块1103，用于接收云平台发送的为虚拟局域网组网配置的认证字段，服务端的IP地址以及所述虚拟局域网中所有客户端的IP地址；第三接收模块1104，用于接收任一个客户端发送的局域网接入请求，局域网接入请求中包括认证字段；验证模块1105，用于根据云平台配置的认证字段对局域网接入请求中的认证字段进行验证；第一确认模块1106，用于在认证字段验证通过后，允许客户端接入服务端的IP地址对应的虚拟局域网；第一返回模块1107，用于向客户端返回接入确认消息，接入确认消息用于指示客户端接入虚拟局域网成功。In one possible design, the communication device 1100 based on the virtual LAN also includes: a second receiving module 1103, which is used to receive the authentication field configured for the virtual LAN networking, the IP address of the server and the IP addresses of all clients in the virtual LAN sent by the cloud platform; a third receiving module 1104, which is used to receive a LAN access request sent by any client, and the LAN access request includes an authentication field; a verification module 1105, which is used to verify the authentication field in the LAN access request according to the authentication field configured by the cloud platform; a first confirmation module 1106, which is used to allow the client to access the virtual LAN corresponding to the IP address of the server after the authentication field is verified; a first return module 1107, which is used to return an access confirmation message to the client, and the access confirmation message is used to indicate that the client has successfully accessed the virtual LAN.

在一种可能的设计中，基于虚拟局域网的通信装置1100，还包括：第四接收模块1108，用于接收任一客户端发送的虚拟局域网加入请求；确认分配模块1109，用于若虚拟局域网加入请求中未携带客户端的IP地址，则允许客户端加入虚拟局域网，并为客户端分配IP地址；发送模块1110，用于向客户端发送虚拟局域网加入反馈消息，虚拟局域网加入反馈消息中包括服务端配置的认证字段和所述虚拟局域网的配置信息，所述虚拟局域网的配置信息中包括：报文压缩信息，报文加密信息、为客户端分配的IP地址以及虚拟局域网中其他客户端的IP地址。In one possible design, the communication device 1100 based on the virtual LAN further includes: a fourth receiving module 1108, used to receive a virtual LAN joining request sent by any client; a confirmation allocation module 1109, used to allow the client to join the virtual LAN and allocate an IP address to the client if the virtual LAN joining request does not carry the client's IP address; a sending module 1110, used to send a virtual LAN joining feedback message to the client, the virtual LAN joining feedback message including an authentication field configured by the server and configuration information of the virtual LAN, the configuration information of the virtual LAN including: message compression information, message encryption information, the IP address allocated to the client, and the IP addresses of other clients in the virtual LAN.

在一种可能的设计中，基于虚拟局域网的通信装置1100，还包括：检测模块1111，用于若虚拟局域网加入请求中携带客户端的IP地址，则检测客户端的IP地址是否被虚拟局域网中的其他客户端使用；第二确认模块1112，用于若客户端的IP地址未被其他客户端使用，则允许客户端加入虚拟局域网；第二返回模块1113，用于向客户端返回虚拟局域网加入反馈消息，虚拟局域网加入反馈消息中包括服务端配置的认证字段和所述虚拟局域网的配置信息，所述虚拟局域网的配置信息中包括：报文压缩信息，报文加密信息和虚拟局域网中其他客户端的IP地址。In one possible design, the communication device 1100 based on the virtual local area network also includes: a detection module 1111, which is used to detect whether the IP address of the client is used by other clients in the virtual local area network if the virtual local area network joining request carries the IP address of the client; a second confirmation module 1112, which is used to allow the client to join the virtual local area network if the IP address of the client is not used by other clients; a second return module 1113, which is used to return a virtual local area network joining feedback message to the client, the virtual local area network joining feedback message including an authentication field configured by the server and the configuration information of the virtual local area network, and the configuration information of the virtual local area network including: message compression information, message encryption information and the IP addresses of other clients in the virtual local area network.

在一种可能的设计中，基于虚拟局域网的通信装置1100，还包括：确认返回模块1114，用于若客户端的IP地址被虚拟局域网中的其他客户端使用，则不允许客户端加入虚拟局域网，向客户端返回用于指示局域网加入失败的虚拟局域网加入反馈消息。In one possible design, the virtual LAN-based communication device 1100 further includes: a confirmation return module 1114, which is used to not allow the client to join the virtual LAN if the client's IP address is used by other clients in the virtual LAN, and return a virtual LAN joining feedback message to the client to indicate that the LAN joining failed.

本申请实施例提供的装置，可用于执行上述实施例中网络设备侧的方法，其实现原理和技术效果类似，在此不再赘述。The device provided in the embodiment of the present application can be used to execute the method on the network device side in the above embodiment. Its implementation principle and technical effects are similar and will not be repeated here.

需要说明的是，应理解以上任一装置的各个模块的划分仅仅是一种逻辑功能的划分，实际实现时可以全部或部分集成到一个物理实体上，也可以物理上分开。且这些模块可以全部以软件通过处理元件调用的形式实现；也可以全部以硬件的形式实现；还可以部分模块通过处理元件调用软件的形式实现，部分模块通过硬件的形式实现。例如，超级块获取模块可以为单独设立的处理元件，也可以集成在上述装置的某一个处理单元中实现，此外，也可以以程序代码的形式存储于上述装置的存储器中，由上述装置的某一个处理元件调用并执行以上超级块获取模块的功能。其它模块的实现与之类似。此外这些模块全部或部分可以集成在一起，也可以独立实现。这里的处理元件可以是一种集成电路，具有信号的处理能力。在实现过程中，上述方法的各步骤或以上各个模块可以通过处理器元件中的硬件的集成逻辑电路或者软件形式的指令完成。It should be noted that it should be understood that the division of the various modules of any of the above devices is only a division of logical functions. In actual implementation, they can be fully or partially integrated into one physical entity, or they can be physically separated. And these modules can all be implemented in the form of software calling through processing elements; they can also be all implemented in the form of hardware; some modules can also be implemented in the form of processing elements calling software, and some modules can be implemented in the form of hardware. For example, the super block acquisition module can be a separate processing element, or it can be integrated in a processing unit of the above device. In addition, it can also be stored in the memory of the above-mentioned device in the form of program code, and a processing element of the above-mentioned device can call and execute the function of the above super block acquisition module. The implementation of other modules is similar. In addition, all or part of these modules can be integrated together, or they can be implemented independently. The processing element here can be an integrated circuit with signal processing capabilities. In the implementation process, each step of the above method or each of the above modules can be completed by an integrated logic circuit of hardware in the processor element or an instruction in the form of software.

图12为本申请实施例提供的电子设备的结构示意图。如图12所示，电子设备1200，包括：存储1201，处理器1202，客户端1203，虚拟接口1204。存储器1201存储计算机执行指令；处理器1202执行存储器1201存储的计算机执行指令，以实现上述第一终端侧和第二终端侧的方法。客户端1203用于与服务端建立连接，并且对终端的业务报文进行隧道封装发送到服务端，同时对服务端转发过来的传输报文进行解封装并发送给终端的相应业务。虚拟接口1204用于接收用户发起的业务报文。FIG12 is a schematic diagram of the structure of an electronic device provided in an embodiment of the present application. As shown in FIG12, the electronic device 1200 includes: a storage 1201, a processor 1202, a client 1203, and a virtual interface 1204. The memory 1201 stores computer execution instructions; the processor 1202 executes the computer execution instructions stored in the memory 1201 to implement the above-mentioned methods on the first terminal side and the second terminal side. The client 1203 is used to establish a connection with the server, and tunnel encapsulates the service message of the terminal and sends it to the server, and at the same time decapsulates the transmission message forwarded by the server and sends it to the corresponding service of the terminal. The virtual interface 1204 is used to receive service messages initiated by users.

图13为本申请实施例提供的网络设备的结构示意图。如图13所示，电子设备1300，包括：存储器1301，处理器1302，服务端1303，通信接口1304。存储器1301存储计算机执行指令；处理器1302执行存储器1301存储的计算机执行指令，以实现上述网络设备侧的方法。服务端1303用于中转各个客户端的传输报文。通信接口1304用于服务端与客户端进行通信。FIG13 is a schematic diagram of the structure of a network device provided in an embodiment of the present application. As shown in FIG13 , an electronic device 1300 includes: a memory 1301, a processor 1302, a server 1303, and a communication interface 1304. The memory 1301 stores computer-executable instructions; the processor 1302 executes the computer-executable instructions stored in the memory 1301 to implement the method on the network device side described above. The server 1303 is used to transfer transmission messages of each client. The communication interface 1304 is used for the server to communicate with the client.

本申请实施例还提供一种计算机可读存储介质，计算机可读存储介质中存储有计算机执行指令，计算机执行指令被处理器执行时用于执行上述的各种实施方式提供的基于虚拟局域网的通信方法。An embodiment of the present application also provides a computer-readable storage medium, in which computer-executable instructions are stored. When the computer-executable instructions are executed by a processor, they are used to execute the virtual local area network-based communication methods provided by the various implementations described above.

上述的计算机可读存储介质，上述可读存储介质可以是由任何类型的易失性或非易失性存储设备或者它们的组合实现，如静态随机存取存储器，电可擦除可编程只读存储器，可擦除可编程只读存储器，可编程只读存储器，只读存储器，磁存储器，快闪存储器，磁盘或光盘。可读存储介质可以是通用或专用计算机能够存取的任何可用介质。The computer-readable storage medium mentioned above can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory, electrically erasable programmable read-only memory, erasable programmable read-only memory, programmable read-only memory, read-only memory, magnetic memory, flash memory, magnetic disk or optical disk. The readable storage medium can be any available medium that can be accessed by a general or special-purpose computer.

可选的，将可读存储介质耦合至处理器，从而使处理器能够从该可读存储介质读取信息，且可向该可读存储介质写入信息。当然，可读存储介质也可以是处理器的组成部分。处理器和可读存储介质可以位于专用集成电路(Application Specific Integrated Circuits，ASIC)中。当然，处理器和可读存储介质也可以作为分立组件存在于设备中。Optionally, a readable storage medium is coupled to a processor so that the processor can read information from the readable storage medium and write information to the readable storage medium. Of course, the readable storage medium can also be an integral part of the processor. The processor and the readable storage medium can be located in an application specific integrated circuit (ASIC). Of course, the processor and the readable storage medium can also exist in the device as discrete components.

本申请实施例还提供一种计算机程序产品，该计算机程序产品包括计算机程序，该计算机程序存储在计算机可读存储介质中，至少一个处理器可以从该计算机可读存储介质中读取该计算机程序，至少一个处理器执行计算机程序时可实现上述任一方法实施例提供的技术方案。An embodiment of the present application also provides a computer program product, which includes a computer program. The computer program is stored in a computer-readable storage medium. At least one processor can read the computer program from the computer-readable storage medium. When at least one processor executes the computer program, the technical solution provided by any of the above method embodiments can be implemented.

本申请中，“至少一个”是指一个或者多个，“多个”是指两个或两个以上。“和/或”，描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B的情况，其中A，B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系；在公式中，字符“/”，表示前后关联对象是一种“相除”的关系。“以下至少一项(个)”或其类似表达，是指的这些项中的任意组合，包括单项(个)或复数项(个)的任意组合。例如，a，b，或c中的至少一项(个)，可以表示：a，b，c，a-b，a-c，b-c，或a-b-c，其中，a，b，c可以是单个，也可以是多个。In the present application, "at least one" means one or more, and "plurality" means two or more. "And/or" describes the association relationship of associated objects, indicating that three relationships may exist. For example, A and/or B can represent: A exists alone, A and B exist at the same time, and B exists alone, where A and B can be singular or plural. The character "/" generally indicates that the previous and next associated objects are in an "or" relationship; in the formula, the character "/" indicates that the previous and next associated objects are in a "division" relationship. "At least one of the following items" or similar expressions refers to any combination of these items, including any combination of single items or plural items. For example, at least one of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple.

可以理解的是，在本申请实施例中涉及的各种数字编号仅为描述方便进行的区分，并不用来限制本申请的实施例的范围。在本申请的实施例中，上述各过程的序号的大小并不意味着执行顺序的先后，各过程的执行顺序应以其功能和内在逻辑确定，而不应对本申请的实施例的实施过程构成任何限定。It is to be understood that the various numerical numbers involved in the embodiments of the present application are only for the convenience of description and are not intended to limit the scope of the embodiments of the present application. In the embodiments of the present application, the size of the sequence number of each process does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.

本领域技术人员在考虑说明书及实践这里公开的发明后，将容易想到本申请的其它实施方案。本申请旨在涵盖本申请的任何变型、用途或者适应性变化，这些变型、用途或者适应性变化遵循本申请的一般性原理并包括本申请未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的，本申请的真正范围和精神由下面的权利要求书指出。Those skilled in the art will readily appreciate other embodiments of the present application after considering the specification and practicing the invention disclosed herein. This application is intended to cover any modifications, uses, or adaptive changes of the present application, which modifications, uses, or adaptive changes of the present application Or the adaptive changes follow the general principles of this application and include common knowledge or customary technical means in the technical field that are not disclosed in this application. The description and examples are only regarded as exemplary, and the true scope and spirit of this application are pointed out by the following claims.

应当理解的是，本申请并不局限于上面已经描述并在附图中示出的精确结构，并且可以在不脱离其范围进行各种修改和改变。本申请的范围仅由所附的权利要求书来限制。 It should be understood that the present application is not limited to the precise structures that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present application is limited only by the appended claims.

Claims

A communication method based on a virtual local area network is applied to a first terminal, wherein the first terminal is provided with a first client for performing a virtual local area network service, and is characterized in that the method comprises:

monitoring the virtual interface of the first terminal through the first client to obtain a service message to be sent, wherein the service message includes an Internet Protocol IP address of a second client as a receiving end of the service message, and the second terminal where the second client is located belongs to the same virtual local area network as the first terminal;

According to the pre-acquired configuration information of the virtual local area network, encapsulating the service message to obtain a transmission message;

According to the IP address of the second client, the transmission message is transmitted to the second client through the virtual local area network.

The method according to claim 1, characterized in that the transmitting the transmission message to the second client through the virtual local area network according to the IP address of the second client comprises:

Determining whether a point-to-point communication channel is established between the first client and the second client according to the IP address of the second client;

If a point-to-point communication channel has been established between the first client and the second client, sending the transmission message to the second client through the point-to-point communication channel according to the IP address of the second client;

If a point-to-point communication channel is not established between the first client and the second client, the transmission message is transmitted to the second client via the server of the virtual local area network.

The method according to claim 1 is characterized in that the configuration information of the virtual local area network includes message compression information and message encryption information; and the encapsulating the service message according to the pre-acquired configuration information of the virtual local area network to obtain the transmission message comprises:

Performing tunnel encapsulation on the service message to obtain an encapsulated message;

The encapsulated message is encrypted according to the message encryption information, and the encrypted message is compressed according to the message compression information to obtain the transmission message.

The method according to any one of claims 1 to 3, characterized in that before the first client monitors the virtual interface of the first terminal to obtain the service message to be sent, the method further comprises:

Receive the authentication field configured for joining the virtual local area network, the IP address of the server, and the IP addresses of all clients in the virtual local area network sent by the cloud platform;

Sending a virtual local area network access request to the server according to the IP address of the server, the authentication field and the IP address of the first client;

Receive an access confirmation message returned by the server, where the access confirmation message is used to indicate that the first client has successfully accessed the virtual local area network.

The method according to claim 1 or 2, characterized in that before the first client monitors the virtual interface of the first terminal to obtain the service message to be sent, the method further comprises:

Scanning the uplink network device of the first terminal through the first client to obtain the network device of the server side where the virtual local area network is deployed;

Sending a virtual local area network joining request to the server in the network device;

Receive a virtual local area network joining feedback message returned by the server, where the virtual local area network joining feedback message is used to indicate whether the first client successfully joins the virtual local area network.

The method according to claim 5, characterized in that if the virtual local area network joining feedback message indicates that the first client has successfully joined the virtual local area network, then the virtual local area network joining feedback message also includes the authentication field configured by the server and the configuration information of the virtual local area network;

The configuration information of the virtual local area network includes message compression information, message encryption information and IP addresses of all clients in the virtual local area network.

The method according to claim 5 is characterized in that the virtual local area network joining request includes the IP address of the first client.

The method according to claim 5 is characterized in that if the virtual local area network joining request does not include the IP address of the first client, the IP address of the first client in the configuration information of the virtual local area network is allocated by the server.

A communication method based on a virtual local area network is applied to a second terminal, wherein the second terminal is provided with a second client for performing a virtual local area network service, and is characterized in that the method comprises:

receiving, by the second client, a transmission message transmitted by the first client, wherein a first terminal where the first client is located and the second terminal belong to the same virtual local area network;

According to the pre-acquired configuration information of the virtual local area network, the transmission message is unsealed to obtain a service message.

The method according to claim 9, wherein the step of receiving, by the second client, a transmission message transmitted by the first client comprises:

receiving the transmission message sent by the first client through point-to-point communication; or,

Receive the transmission message transmitted by the first client and sent by the server of the virtual local area network.

The method according to claim 9 is characterized in that the configuration information of the virtual local area network includes message compression information and message encryption information; and the decapsulating the transmission message according to the pre-acquired configuration information of the virtual local area network to obtain the service message comprises:

Decompressing the transmission message according to the message compression information to obtain a decompressed message;

The decompressed message is decrypted according to the message encryption information, and tunnel decapsulation is performed to obtain the service message.

The method according to any one of claims 9 to 11, characterized in that before receiving, by the second client, the transmission message transmitted by the first client, the method further comprises:

Receiving the authentication field configured for joining the virtual local area network, the Internet Protocol IP address of the server, and the IP addresses of all clients in the virtual local area network sent by the cloud platform;

Sending a virtual local area network access request to the server according to the IP address of the server, the authentication field and the IP address of the second client;

Receive an access confirmation message returned by the server, where the access confirmation message is used to indicate that the second client has successfully accessed the virtual local area network.

The method according to claim 9 or 10, characterized in that before receiving, by the second client, the transmission message transmitted by the first client, the method further comprises:

Scanning the uplink network device of the second terminal through the second client to obtain the network device of the server side where the virtual local area network is deployed;

Receive a virtual local area network joining feedback message returned by the server, where the virtual local area network joining feedback message is used to indicate whether the second client successfully joins the virtual local area network.

The method according to claim 13, characterized in that if the virtual local area network joining feedback message indicates that the second client successfully joins the virtual local area network, then the virtual local area network joining feedback message also includes the authentication field configured by the server and the configuration information of the virtual local area network;

The method according to claim 13 is characterized in that the virtual local area network joining request includes the IP address of the second client.

The method according to claim 13 is characterized in that if the virtual local area network joining request does not include the IP address of the second client, the IP address of the second client in the configuration information of the virtual local area network is allocated by the server.

A communication method based on a virtual local area network is applied to a network device, wherein the network device is provided with a server end for performing virtual local area network services, and is characterized in that the method comprises:

Receiving a transmission message sent by a first client, wherein the transmission message includes an IP address of a second client as a receiving end of the transmission message, wherein both the first client and the second client join the same virtual local area network served by the server;

The transmission message is sent to the second client according to the IP address of the second client.

The method according to claim 17, characterized in that before receiving the transmission message sent by the first client, the method further comprises:

Receiving the authentication field configured for the virtual local area network, the IP address of the server, and the IP addresses of all clients in the virtual local area network sent by the cloud platform;

Receiving a virtual local area network access request sent by any client, wherein the virtual local area network access request includes an authentication field;

Verifying the authentication field in the virtual local area network access request according to the authentication field configured by the cloud platform;

After the authentication field is verified, the client is allowed to access the virtual local area network corresponding to the IP address of the server;

An access confirmation message is returned to the client, where the access confirmation message is used to indicate that the client has successfully accessed the virtual local area network.

Receive a virtual local area network joining request sent by any client;

If the virtual local area network joining request does not carry the IP address of the client, allowing the client to join the virtual local area network and allocating an IP address to the client;

A virtual local area network joining feedback message is sent to the client, wherein the virtual local area network joining feedback message includes the authentication field and configuration information configured by the server, and the configuration information includes message compression information, message encryption information, the IP address assigned to the client, and the IP addresses of other clients in the virtual local area network.

The method according to claim 19, characterized in that the method further comprises:

If the virtual local area network joining request carries the IP address of the client, detecting whether the IP address of the client is used by other clients in the virtual local area network;

If the IP address of the client is not used by other clients in the virtual local area network, allowing the client to join the virtual local area network;

The virtual LAN joining feedback message is returned to the client, wherein the virtual LAN joining feedback message includes the authentication field and the configuration information configured by the server, and the configuration information includes the message compression information, the message encryption information and the IP addresses of other clients in the virtual LAN.

The method according to claim 20, characterized in that the method further comprises:

If the IP address of the client is used by other clients in the virtual LAN, the client is not allowed to join the virtual LAN, and a virtual LAN joining feedback message indicating a LAN joining failure is returned to the client.

A communication device based on a virtual local area network, characterized in that it is applied to a first terminal, wherein the first terminal is provided with a first client for performing a virtual local area network service, and the device comprises:

a first acquisition module, configured to monitor the virtual interface of the first terminal through the first client to acquire a service message to be sent, wherein the service message includes an Internet Protocol IP address of a second client as a receiving end of the service message, and the second terminal where the second client is located belongs to the same virtual local area network as the first terminal;

An encapsulation module, used to encapsulate the service message according to the pre-acquired virtual local area network configuration information to obtain a transmission message;

A transmission module is used to transmit the transmission message to the second client through the virtual local area network according to the IP address of the second client.

A communication device based on a virtual local area network, characterized in that it is applied to a second terminal, wherein the second terminal is provided with a second client for performing a virtual local area network service, and the device comprises:

A first receiving module, configured to receive a transmission message transmitted by a first client through the second client, wherein a first terminal where the first client is located and the second terminal belong to the same virtual local area network;

The decapsulation module is used to decapsulate the transmission message according to the pre-acquired configuration information of the virtual local area network to obtain the service message.

A communication device based on a virtual local area network, characterized in that it is applied to a network device, wherein the network device is provided with a server end for performing virtual local area network services, and the device comprises:

The first receiving module is used to receive a transmission message sent by a first client, wherein the transmission message includes The IP address of the second client at the receiving end of the transmission message, wherein the first client and the second client are both added to the same virtual local area network served by the server;

A transmission module is used to send the transmission message to the second client according to the IP address of the second client.

A terminal device, characterized in that it comprises a memory, a processor, a client and a virtual interface;

The memory stores computer-executable instructions;

The processor executes the computer-executable instructions stored in the memory to implement the method according to any one of claims 1 to 16.

A network device, characterized in that it includes a memory, a processor, a server, and a communication interface;

The memory stores computer-executable instructions;

The processor executes the computer-executable instructions stored in the memory to implement the method according to any one of claims 17 to 21.

A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are executed by a processor, they are used to implement the communication method based on a virtual local area network as described in any one of claims 1 to 21.