Enabling VPN and Secure Remote Access using TLS Protocol

Virtual private networks (VPN) technology allows users to remotely access their enterprise networks through a public network such as Internet. To accomplish secure remote accesses to private networks, many security protocols including transport layer security (TLS) have been introduced. TLS is an IETF standard allowing secure channels between two applications conversing over the Internet as well as over wireless networks. However, using TLS with VPN is limited to web-based applications due to the fact that TLS cannot multiplex application data over a single TLS session. Therefore, actual VPN based-TLS solutions use multiplexing with HTTP encapsulation and they are consequently limited to applications running over reliable transport protocols such as TCP. Hence, streaming and sensitive data (voice and video) will not be able to perfectly running with existing VPN solution since exchanging streaming data over reliable transport protocols reduces application performances. In this paper, we extend TLS with a new extension providing application multiplexing/demultiplexing through a single TLS session. The extension use is backward-compatible with existing TLS implementations and it is designed to be deployed over reliable transport protocols using TLS as long as over unreliable transport protocols using datagram TLS (DTLS)