Method, apparatus, and network system for terminal to traverse private network to communicate with server in IMS core network

What is claimed is: 1. A method performed by a terminal in a private network to communicate with a network server in an internet protocol multimedia subsystem (IMS) network, comprising: constructing a first service packet, including: setting a source address of the first service packet as a virtual IP address allocated by the IMS network to the terminal; and setting a destination address of the first service packet as an address of the network server in the IMS network, wherein the first service packet contains service data to be sent to the network server; encapsulating the first service packet into a first tunnel packet, wherein a source IP address of the first tunnel packet is a real IP address of the terminal, and a destination IP address of the first tunnel packet is an IP address of a security tunnel gateway located at an edge of the IMS network; sending the first tunnel packet to the security tunnel gateway over a virtual private network (VPN) tunnel between the terminal and the security tunnel gateway, for the security tunnel gateway to deliver the first service packet to the network server; sending a configuration information request packet over the VPN tunnel to the security tunnel gateway after the VPN tunnel is set up successfully; and receiving configuration information returned by the security tunnel gateway, wherein the configuration information includes the address of the network server, a first mask of the network server, the virtual IP address allocated by the IMS network to the terminal, and a second mask allocated by the security tunnel gateway to the terminal. 2. The method according to claim 1 , wherein the VPN tunnel between the terminal and the security tunnel gateway is a UDP tunnel and a Security Socket Layer (SSL) tunnel exists between the terminal and the security tunnel gateway, the method further comprising: sending a first service control information to the security tunnel gateway over the SSL tunnel, the first service control information comprising a request for allocating the virtual IP address; and receiving second service control information sent by the security tunnel gateway over the SSL tunnel, the second service control information comprises the virtual IP address allocated by the security tunnel gateway to the terminal. 3. The method according to claim 2 , wherein the first service control information further comprises indication information of releasing the VPN tunnel. 4. The method according to claim 2 , wherein the method further comprises: setting up the SSL tunnel with the security tunnel gateway firstly; and negotiating a UDP tunnel key with the security tunnel gateway over the SSL tunnel that has been set up, so as to set up the UDP tunnel. 5. The method according to claim 1 , wherein the VPN tunnel between the terminal and the security tunnel gateway is a Hypertext Transfer Protocol (HTTP) tunnel; before encapsulating the first service packet into the first tunnel packet, the method further comprises: encrypting the first service packet with a SSL tunnel key, wherein the SSL tunnel key is pre-negotiated between the terminal and the security tunnel gateway over the HTTP tunnel; and the encapsulating the first service packet into the first tunnel packet comprises: encapsulating the encrypted first service packet into the first tunnel packet. 6. The method according to claim 1 , further comprising: receiving a second tunnel packet over the VPN tunnel when the terminal needs to receive service data of the network server, wherein a source IP address of the second tunnel packet is the IP address of the security tunnel gateway, and a destination IP address of the second tunnel packet is the real IP address of the terminal; decapsulating the second tunnel packet to obtain a second service packet, wherein a source address of the second service packet is the address of the network server, and a destination address of the second service packet is the virtual IP address; and obtaining the service data in the second service packet. 7. A terminal, comprising: a memory storage comprising instructions; and a processor in communication with the memory, wherein the processor executes the instructions to: construct a first service packet, including: set a source address of the first service packet as a virtual IP address allocated by the IMS network to the terminal, and set a destination address of the first service packet as an address of the network server in the IMS network, wherein the first service packet contains service data to be sent to the network server; encapsulate the first service packet into a first tunnel packet, wherein a source IP address of the first tunnel packet is a real IP address of the terminal, and a destination IP address of the first tunnel packet is an IP address of a security tunnel gateway located at an edge of the IMS network; send the first tunnel packet to the security tunnel gateway over a virtual private network (VPN) tunnel between the terminal and the security tunnel gateway, for the security tunnel gateway to deliver the first service packet to the network server; send a configuration information request packet over the VPN tunnel to the security tunnel gateway after the VPN tunnel is set up successfully; and receive configuration information returned by the security tunnel gateway, wherein the configuration information includes the address of the network server, a first mask of the network server, the virtual IP address allocated by the IMS network to the terminal, and a second mask allocated by the security tunnel gateway to the terminal. 8. The terminal according to claim 7 , wherein the VPN tunnel between the terminal and the security tunnel gateway is a UDP tunnel and a Security Socket Layer (SSL) tunnel exists between the terminal and the security tunnel gateway, wherein the processor is configured to: send first service control information to the security tunnel gateway over the SSL tunnel, the first service control information comprising a request for allocating the virtual IP address; and receive second service control information sent by the security tunnel gateway over the SSL tunnel, the second service control information comprising the virtual IP address allocated by the security tunnel gateway to the terminal. 9. The terminal according to claim 8 , wherein the processor further executes the instructions to: set up the SSL tunnel with the security tunnel gateway firstly; and negotiate a UDP tunnel key with the security tunnel gateway over the SSL tunnel that has been set up, so as to set up the UDP tunnel. 10. The terminal according to claim 7 , wherein the VPN tunnel between the terminal and the security tunnel gateway is a Hypertext Transfer Protocol (HTTP) tunnel, wherein the processor is configured to: before encapsulating the first service packet into the first tunnel packet, encrypt the first service packet with a SSL tunnel key, wherein the SSL tunnel key is pre-negotiated between the terminal and the security tunnel gateway over the HTTP tunnel; and encapsulate the encrypted first service packet into the first tunnel packet. 11. The terminal according to claim 7 , wherein the processor further executes the instructions to: receive a second tunnel packet over the VPN tunnel when the terminal needs to receive service data of the network server, wherein a source IP address of the second tunnel packet is the IP address of the security tunnel gateway and a destination IP address of the second tunnel packet is the real IP address of the terminal; decapsulate the second tunnel packet to obtain a second service packet, wherein a source address of the second servic