Hi, this might be of interest to you: https://code.google.com/p/badvpn/ Peer-to-peer VPN The VPN part of this project implements a Layer 2 (Ethernet) network between the peers (VPN nodes). The peers connect to a central server which acts as a chat server for them to establish direct connections between each other (data connections). These connections are used for transferring network data (Ethernet frames), and can be secured with a multitude of mechanisms. Notable features are: * UDP and TCP transport * Converges very quickly after a new peer joins * IGMP snooping to deliver multicasts efficiently (e.g. for IPTV) * Double SSL: if SSL is enabled, not only do peers connect to the server with SSL, but they use an additional layer of SSL when exchanging messages through the server * Features related to the NAT problem: 1. Can work with multiple layers of NAT (needs configuration) 2. Local peers inside a NAT can communicate directly 3. Relaying as a fallback (needs configuration) More info here: https://code.google.com/p/badvpn/wiki/badvpn P. S. It would be nice to see this with easy to use GUI and prepacked binaries for all "main" systems... Regards, M.
On Thu, Dec 26, 2013 at 7:05 AM, Matej Kovacic <matej.kovacic@owca.info> wrote:
... this might be of interest to you: https://code.google.com/p/badvpn/ ... The VPN part of this project implements a Layer 2 (Ethernet) network between the peers (VPN nodes).
i love the concept of L2 VPNs; so pure in theory. (AppleTalk and IPX over WAN? no problem!) in practice they need a lot of careful implementation and configuration. the attack surface for tap vs. tun is very different; many services handling broadcast traffic assume a trusted local network environment. all of the security features listed on the wiki are related to transport / authentication rather than endpoint service considerations. this should be remedied. looks interesting! perhaps i can play around with it soon... best regards,
Dnia czwartek, 26 grudnia 2013 16:05:01 Matej Kovacic pisze:
Hi,
this might be of interest to you: https://code.google.com/p/badvpn/
Peer-to-peer VPN
The VPN part of this project implements a Layer 2 (Ethernet) network between the peers (VPN nodes). The peers connect to a central server which acts as a chat server for them to establish direct connections between each other (data connections). These connections are used for transferring network data (Ethernet frames), and can be secured with a multitude of mechanisms. Notable features are:
* UDP and TCP transport * Converges very quickly after a new peer joins * IGMP snooping to deliver multicasts efficiently (e.g. for IPTV) * Double SSL: if SSL is enabled, not only do peers connect to the server with SSL, but they use an additional layer of SSL when exchanging messages through the server * Features related to the NAT problem: 1. Can work with multiple layers of NAT (needs configuration) 2. Local peers inside a NAT can communicate directly 3. Relaying as a fallback (needs configuration)
More info here: https://code.google.com/p/badvpn/wiki/badvpn
Very interesting project indeed!
P. S. It would be nice to see this with easy to use GUI and prepacked binaries for all "main" systems...
It would also be nice to see this hosted somewhere outside Google... -- Pozdr rysiek
participants (3)
-
coderman
-
Matej Kovacic
-
rysiek