# vppn: Virtual Pretty Private Network ## Roadmap * `node` package * rename `peerRepo` to `routingTable` * create router type with `Get(ip) *peer` and `Mediator() *peer` methods * connReader / Writer should have access to the peerRepo * Use default port 456 * Remove signing key from hub * Peer: UDP hole-punching * Peer: local peer discovery - part of RoutingProcessor * Peer: update hub w/ latest port on startup ## Learnings * Encryption / decryption is 20x faster than signing/opening. * Allowing out-of order packets is massively important for throughput with TCP ## Principles * Creates an IPv4/24 network with a maximum of 254 peers. (1-254) * Simple setup: via setup link from the hub. * Each peer has full network state replicated from the hub. ## Routing * Routing is different for public vs non-public peers * Public: routes are initialized via incoming ping requests * NonPub: routes are initialized via incoming ping responses A non-public peer needs to maintain connections with every public peer. * Sending: * Public: send to address * Non-public: send to a mediator * Pings: * Servers don't need to ping * Clients need to ping all public and local peers to keep connections open ## Hub Server Configuration ``` # Create user. adduser user # Enable ssh. cp -r ~/.ssh /home/user/ chown -R user:user /home/user/.ssh ``` Upload `hub` executable: ``` scp hub user@:~/ ``` Create systemd file in `/etc/systemd/system/hub.service ``` Description=hub Requires=network.target [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE Type=simple User=user WorkingDirectory=/home/user/ ExecStart=/home/user/hub -listen :https -secure=true -root-dir=/home/user Restart=always RestartSec=8 TimeoutStopSec=24 [Install] WantedBy=default.target ``` Add and start the hub server: ``` systemctl daemon-reload systemctl start hub ``` Get initial password from logs: ``` journalctl -f -u hub -n 100 ``` Sign-in and configure. ## Peer Configuration Install the binary somewhere, for example `~/bin/vppn`. Create systemd file in `/etc/systemd/system/vppn.service`. ``` Description=vppn Requires=network.target [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN Type=simple User=user WorkingDirectory=/home/user/ ExecStart=/home/user/vppn -name vppn Restart=always RestartSec=8 TimeoutStopSec=24 [Install] WantedBy=default.target ```