# vppn: Virtual Pretty Private Network ## Roadmap * Peer: router: create process for managing the routing table * Peer: router: track mediators, enable / disable ... * Hub: track peer last-seen timestamp (?) * Peer: local peer discovery - part of RoutingProcessor * Peer: update hub w/ latest port on startup ## Learnings * Encryption / decryption is 20x faster than signing/opening. ## Principles * Creates an IPv4/24 network with a maximum of 254 peers. (1-254) * Simple setup: via setup link from the hub. * Each peer has full network state replicated from the hub. ## Routing * Routing is different for public vs non-public peers * Public: routes are initialized via incoming ping requests * NonPub: routes are initialized via incoming ping responses A non-public peer needs to maintain connections with every public peer. * Sending: * Public: send to address * Non-public: send to a mediator * Pings: * Servers don't need to ping * Clients need to ping all public and local peers to keep connections open ## Hub Server Configuration ``` # Create user. adduser user # Enable ssh. cp -r ~/.ssh /home/user/ chown -R user:user /home/user/.ssh ``` Upload `hub` executable: ``` scp hub user@:~/ ``` Create systemd file in `/etc/systemd/system/hub.service ``` Description=hub Requires=network.target [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE Type=simple User=user WorkingDirectory=/home/user/ ExecStart=/home/user/hub -listen :https -secure=true -root-dir=/home/user Restart=always RestartSec=8 TimeoutStopSec=24 [Install] WantedBy=default.target ``` Add and start the hub server: ``` systemctl daemon-reload systemctl start hub ``` Get initial password from logs: ``` journalctl -f -u hub -n 100 ``` Sign-in and configure. ## Peer Configuration Install the binary somewhere, for example `~/bin/vppn`. Create systemd file in `/etc/systemd/system/vppn.service`. ``` Description=vppn Requires=network.target [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN Type=simple User=user WorkingDirectory=/home/user/ ExecStart=/home/user/vppn -name vppn Restart=always RestartSec=8 TimeoutStopSec=24 [Install] WantedBy=default.target ``` --- ## Sub-packets If we make our MTU large, like 8k, our computations become more efficient. We can send packets with header like: