app/vppn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity
24 Commits 1 Branch 8 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
jdl c7d3fe1ed8 wip: client/server working.
2024-12-20 21:06:16 +01:00
aestests
wip: cleanup
2024-12-18 14:40:25 +01:00
cmd
Client-server working. No mediator.
2024-12-18 12:35:47 +01:00
fasttime
wip
2024-12-08 09:45:29 +01:00
hub
WIP
2024-12-12 21:11:17 +01:00
m
WIP
2024-12-12 21:11:17 +01:00
node
wip: client/server working.
2024-12-20 21:06:16 +01:00
stage1
WIP: Simple working client/server
2024-12-16 20:51:30 +01:00
stage2
WIP: Simple working client/server
2024-12-16 20:51:30 +01:00
stage3
WIP: Simple working client/server
2024-12-16 20:51:30 +01:00
.gitignore
wip
2024-12-08 09:45:29 +01:00
go.mod
wip
2024-12-08 09:45:29 +01:00
go.sum
wip
2024-12-08 09:45:29 +01:00
LICENSE
Initial commit
2024-12-08 08:43:02 +00:00
README.md
WIP: Working
2024-12-20 15:55:46 +01:00

README.md

vppn: Virtual Pretty Private Network

Roadmap

  • Rename Mediator -> Relay
  • Node: use symmetric encryption after handshake
  • AEAD-AES uses a 12 byte nonce. We need to shrink the header:
    • Remove Forward and replace it with a HeaderFlags bitfield.
      • Forward, Asym/Sym, ...
  • Use default port 456
  • Remove signing key from hub
  • Peer: UDP hole-punching
  • Peer: local peer discovery - part of RoutingProcessor
  • Peer: update hub w/ latest port on startup

Learnings

  • Encryption / decryption is 20x faster than signing/opening.
  • Allowing out-of order packets is massively important for throughput with TCP

Principles

  • Creates an IPv4/24 network with a maximum of 254 peers. (1-254)
  • Simple setup: via setup link from the hub.
  • Each peer has full network state replicated from the hub.

Routing

  • Routing is different for public vs non-public peers
    • Public: routes are initialized via incoming ping requests
    • NonPub: routes are initialized via incoming ping responses

A non-public peer needs to maintain connections with every public peer.

  • Sending:

    • Public: send to address
    • Non-public: send to a mediator

  • Pings:

    • Servers don't need to ping
    • Clients need to ping all public and local peers to keep connections open

Hub Server Configuration

# Create user.
adduser user

# Enable ssh.
cp -r ~/.ssh /home/user/
chown -R user:user /home/user/.ssh

Upload hub executable:

scp hub user@<remote>:~/

Create systemd file in `/etc/systemd/system/hub.service

Description=hub
Requires=network.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
Type=simple
User=user
WorkingDirectory=/home/user/
ExecStart=/home/user/hub -listen <addr>:https -secure=true -root-dir=/home/user
Restart=always
RestartSec=8
TimeoutStopSec=24

[Install]
WantedBy=default.target

Add and start the hub server:

systemctl daemon-reload
systemctl start hub

Get initial password from logs:

journalctl -f -u hub -n 100

Sign-in and configure.

Peer Configuration

Install the binary somewhere, for example ~/bin/vppn.

Create systemd file in /etc/systemd/system/vppn.service.

Description=vppn
Requires=network.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
Type=simple
User=user
WorkingDirectory=/home/user/
ExecStart=/home/user/vppn -name vppn
Restart=always
RestartSec=8
TimeoutStopSec=24

[Install]
WantedBy=default.target
Description
No description provided
Readme MIT 16 MiB
Releases 8
v0.7.0 Latest
2025-09-05 09:52:27 +00:00
Languages
Go 93.6%
HTML 6.2%
CSS 0.2%