Virtual private network implementation method and client device

What is claimed is: 1. A virtual private network implementation method applied to a virtual private network over Secure Sockets Layer (SSL VPN), wherein the SSL VPN comprises a client device, a gateway, and an intranet server of the SSL VPN, wherein the client device communicates with the intranet server using the gateway, wherein the client device comprises a Transport Driver Interface (TDI) driver, a Network Driver Interface Specification (NDIS) protocol driver, a NDIS intermediate driver, a NDIS network interface card driver, and a client, and wherein the method comprises: intercepting, by the NDIS intermediate driver, an original packet sent by an application program to the intranet server; determining, according to a process identification (PID) corresponding to the original packet, whether to allow a process corresponding to the original packet to use the SSL VPN by: obtaining a protocol type and a port number of the original packet; determining, according to a mapping relationship between a protocol type, a port number, and a PID, the PID corresponding to the original packet; and determining, according to the PID, whether to allow the process corresponding to the PID to use the SSL VPN; establishing, by the NDIS intermediate driver, a new packet when the process corresponding to the original packet is allowed to use the SSL VPN; setting a destination address of the new packet as a local address of the client device on which the application program is located; setting a destination port number of the new packet as a port number by which the client receives the original packet; changing a source Internet Protocol (IP) address of the original packet to a virtual Internet Protocol IP address; using the original packet as a payload of the new packet; submitting the new packet to the NDIS network interface card driver, wherein the virtual IP address is a virtual IP address obtained from the gateway after the client and the gateway establish a Secure Sockets Layer (SSL) tunnel; sending, by the NDIS network interface card driver, the new packet to the client; and sending, by the client, the new packet to the intranet server. 2. The method according to claim 1 , wherein before intercepting, by the NDIS intermediate driver, the original packet sent by the application program to the intranet server, the method further comprises: obtaining, by the TDI driver, information about a packet flow for sending the original packet, wherein the information comprises the protocol type, the port number, and the PID; notifying the NDIS intermediate driver of the information; and storing, by the NDIS intermediate driver, the mapping relationship between the information. 3. The method according to claim 1 , wherein before determining, according to the PID corresponding to the original packet, whether to allow the process corresponding to the original packet to use the SSL VPN, the method further comprises setting, in the NDIS intermediate driver by the client, a PID indicating whether to allow the process corresponding to the original packet to use the SSL VPN. 4. The method according to claim 1 , further comprising: receiving, by the client, a packet from the intranet server that is forwarded by the gateway; changing a destination address of the packet to the local address of the client device on which the client is located; sending the packet to the NDIS protocol driver using a raw socket interface; and forwarding, by the NDIS protocol driver, the packet to a corresponding application program. 5. A client device, applied to a virtual private network over Secure Sockets Layer (SSL VPN), wherein the SSL VPN comprises a client device, a gateway, and an intranet server of the SSL VPN, wherein the client device communicates with the intranet server using the gateway, wherein the client device comprises: a client; a Transport Driver Interface (TDI) driver; a Network Driver Interface Specification (NDIS) protocol driver; a NDIS network interface card driver; and a NDIS intermediate driver configured to: intercept an original packet sent by an application program to the intranet server; determine, according to a process identification (PID) corresponding to the original packet, whether to allow a process corresponding to the original packet to use the SSL VPN by: obtaining a protocol type and a port number of the original packet; determining, according to a mapping relationship between a protocol type, a port number, and a PID, the PID corresponding to the original packet; and determining, according to the PID, whether to allow the process corresponding to the PID to use the SSL VPN; establish a new packet when the process corresponding to the original packet is allowed to use the SSL VPN; set a destination address of the new packet as a local address of the client device on which the application program is located; set a destination port number of the new packet as a port number by which the client receives the original packet; change a source Internet Protocol (IP) address of the original packet to a virtual IP address; use the original packet as a payload of the new packet; and submit the new packet to the NDIS network interface card driver, wherein the virtual IP address is a virtual IP address obtained from the gateway after the client and the gateway establish a Secure Sockets Layer (SSL) tunnel, and wherein the NDIS network interface card driver is configured to send the new packet to the client, so that the client sends the new packet to the intranet server. 6. The client device according to claim 5 , wherein the TDI driver is configured to: obtain information about a packet flow for sending the original packet, wherein the information comprises the protocol type, the port number, and the PID; and notify the NDIS intermediate driver of the information, so that the NDIS intermediate driver stores the mapping relationship between the information. 7. The client device according to claim 5 , wherein the client is configured to set, in the NDIS intermediate driver, a PID indicating whether to allow the process corresponding to the original packet to use the SSL VPN. 8. The client device according to claim 5 , wherein the client is configured to: receive a packet, from the intranet server, that is forwarded by the gateway; change a destination address of the packet to the local address of the client device on which the client is located; and send the packet to the NDIS protocol driver using a raw socket interface, so that the NDIS protocol driver forwards the packet to a corresponding application program. 9. A virtual private network over Secure Sockets Layer (SSL VPN), comprising: a client device comprising a processing hardware platform executing instructions stored on a non-transitory computer-readable storage medium, to perform functions as a plurality of modules, the plurality of modules comprise a Transport Driver Interface (TDI) driver, a Network Driver Interface Specification (NDIS) protocol driver, a NDIS intermediate driver, a NDIS network interface card driver, and a client; a gateway; and an intranet server of the SSL VPN, wherein the client device communicates with the intranet server using the gateway, wherein the NDIS intermediate driver is configured to: intercept an original packet sent by an application program to the intranet server; determine, according to a process identification (PID) corresponding to the original packet, whether to allow a process corresponding to the original packet to use the SSL VPN by: obtaining a protocol type and a port number of the original packet; determining, according to a mapping relationship between a protocol type, a port number, and a