Important: |
---|
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
The following list shows the Mobile virtual private network (VPN) client includes five components:
- IPsec VPN Policy Manager
- IPsec VPN Configuration Service Provider (CSP)
- IPsec VPN User Interface (UI)
- IPsec VPN IM driver
- IPsec VPN 802.3 miniport
The following figure illustrates the Mobile VPN system architecture.
The IPSec VPN Miniport is the virtual NIC, or the virtual miniport driver that represents the IPSec tunnel. This provides a virtual interface to be assigned the allocated private IP address, and allows applications to bind to it to send and receive traffic through the IPSec tunnel transparently.
The IPSec VPN IM Driver is the NDIS intermediate driver that implements functionality such as the IPSec data-path transformations, packet filtering, routing, and NAT keepalives. It cannot coexist with other IM drivers.
The IPSec VPN Policy Manager ( ipsecvpnpm.exe) implements the IKEv2 logic, the control and management logic to run the Mobile VPN connectivity and perform Connection Manager operations, NAT timeout detections, persisted connections, and performance measurement, as well as providing APIs for the other system components to control, query the status of, and get notifications from the Mobile VPN connections.
The IPSec VPN CSP is invoked when VPN group policies are applied to the device, parses the policy values, and writes them into the Registry for the IPSec VPN Policy Manager to pick up the changes. It also provisions the device for the VPN when the device is first enrolled by checking all the Registry settings for the NDIS drivers ipsecvpn.dlland ipsecvpnvnic.dlland for the device alerter, then adds the Policy Manager ( ipsecvpnpm.exe) to the autostart list so that it runs on each reboot. Finally, it creates the CM_NetEntries for the VNIC so that it has the highest bandwidth, to allow the Connection Planner to prefer using the VPN VNIC when the tunnel is established.
The IPSec VPN UI displays the VPN status page. It is launched when the user selects the Control Panelor Settingsentry.