122 lines
2.3 KiB
Markdown
122 lines
2.3 KiB
Markdown
# vppn: Virtual Pretty Private Network
|
|
|
|
## Roadmap
|
|
|
|
* Peer: router: create process for managing the routing table
|
|
* Peer: router: track mediators, enable / disable ...
|
|
* Hub: track peer last-seen timestamp (?)
|
|
* Peer: local peer discovery - part of RoutingProcessor
|
|
* Peer: update hub w/ latest port on startup
|
|
|
|
## Learnings
|
|
|
|
* Encryption / decryption is 20x faster than signing/opening.
|
|
|
|
## Principles
|
|
|
|
* Creates an IPv4/24 network with a maximum of 254 peers. (1-254)
|
|
* Simple setup: via setup link from the hub.
|
|
* Each peer has full network state replicated from the hub.
|
|
|
|
## Routing
|
|
|
|
* Routing is different for public vs non-public peers
|
|
* Public: routes are initialized via incoming ping requests
|
|
* NonPub: routes are initialized via incoming ping responses
|
|
|
|
A non-public peer needs to maintain connections with every public peer.
|
|
|
|
* Sending:
|
|
* Public: send to address
|
|
* Non-public: send to a mediator
|
|
|
|
* Pings:
|
|
* Servers don't need to ping
|
|
* Clients need to ping all public and local peers to keep connections open
|
|
|
|
## Hub Server Configuration
|
|
|
|
```
|
|
# Create user.
|
|
adduser user
|
|
|
|
# Enable ssh.
|
|
cp -r ~/.ssh /home/user/
|
|
chown -R user:user /home/user/.ssh
|
|
|
|
```
|
|
|
|
Upload `hub` executable:
|
|
|
|
```
|
|
scp hub user@<remote>:~/
|
|
```
|
|
|
|
Create systemd file in `/etc/systemd/system/hub.service
|
|
|
|
```
|
|
Description=hub
|
|
Requires=network.target
|
|
|
|
[Service]
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
Type=simple
|
|
User=user
|
|
WorkingDirectory=/home/user/
|
|
ExecStart=/home/user/hub -listen <addr>:https -secure=true -root-dir=/home/user
|
|
Restart=always
|
|
RestartSec=8
|
|
TimeoutStopSec=24
|
|
|
|
[Install]
|
|
WantedBy=default.target
|
|
```
|
|
|
|
Add and start the hub server:
|
|
|
|
```
|
|
systemctl daemon-reload
|
|
systemctl start hub
|
|
```
|
|
|
|
Get initial password from logs:
|
|
|
|
```
|
|
journalctl -f -u hub -n 100
|
|
```
|
|
|
|
Sign-in and configure.
|
|
|
|
## Peer Configuration
|
|
|
|
Install the binary somewhere, for example `~/bin/vppn`.
|
|
|
|
Create systemd file in `/etc/systemd/system/vppn.service`.
|
|
|
|
|
|
```
|
|
Description=vppn
|
|
Requires=network.target
|
|
|
|
[Service]
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
|
|
Type=simple
|
|
User=user
|
|
WorkingDirectory=/home/user/
|
|
ExecStart=/home/user/vppn -name vppn
|
|
Restart=always
|
|
RestartSec=8
|
|
TimeoutStopSec=24
|
|
|
|
[Install]
|
|
WantedBy=default.target
|
|
```
|
|
|
|
---
|
|
|
|
## Sub-packets
|
|
|
|
If we make our MTU large, like 8k, our computations become more efficient.
|
|
|
|
We can send packets with header like:
|