app/vppn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity
vppn/README.md
jdl ee4f5e012c Cleanup
2024-12-18 21:08:48 +01:00

2.4 KiB
Raw Blame History

vppn: Virtual Pretty Private Network

Roadmap

  • Node: use symmetric encryption after handshake
  • AEAD-AES uses a 12 byte nonce. We need to shrink the header:
    • Remove Forward and replace it with a HeaderFlags bitfield.
      • Forward, Asym/Sym, ...
  • Use default port 456
  • Remove signing key from hub
  • Peer: UDP hole-punching
  • Peer: local peer discovery - part of RoutingProcessor
  • Peer: update hub w/ latest port on startup

Learnings

  • Encryption / decryption is 20x faster than signing/opening.
  • Allowing out-of order packets is massively important for throughput with TCP

Principles

  • Creates an IPv4/24 network with a maximum of 254 peers. (1-254)
  • Simple setup: via setup link from the hub.
  • Each peer has full network state replicated from the hub.

Routing

  • Routing is different for public vs non-public peers
    • Public: routes are initialized via incoming ping requests
    • NonPub: routes are initialized via incoming ping responses

A non-public peer needs to maintain connections with every public peer.

  • Sending:

    • Public: send to address
    • Non-public: send to a mediator

  • Pings:

    • Servers don't need to ping
    • Clients need to ping all public and local peers to keep connections open

Hub Server Configuration

# Create user.
adduser user

# Enable ssh.
cp -r ~/.ssh /home/user/
chown -R user:user /home/user/.ssh

Upload hub executable:

scp hub user@<remote>:~/

Create systemd file in `/etc/systemd/system/hub.service

Description=hub
Requires=network.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
Type=simple
User=user
WorkingDirectory=/home/user/
ExecStart=/home/user/hub -listen <addr>:https -secure=true -root-dir=/home/user
Restart=always
RestartSec=8
TimeoutStopSec=24

[Install]
WantedBy=default.target

Add and start the hub server:

systemctl daemon-reload
systemctl start hub

Get initial password from logs:

journalctl -f -u hub -n 100

Sign-in and configure.

Peer Configuration

Install the binary somewhere, for example ~/bin/vppn.

Create systemd file in /etc/systemd/system/vppn.service.

Description=vppn
Requires=network.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
Type=simple
User=user
WorkingDirectory=/home/user/
ExecStart=/home/user/vppn -name vppn
Restart=always
RestartSec=8
TimeoutStopSec=24

[Install]
WantedBy=default.target