⛵ EdgeVPN: the immutable, decentralized, statically built VPN. NO central server!

Related tags

Network edgevpn
Overview

EdgeVPN

Fully Decentralized. Immutable. Portable. Easy to use Statically compiled VPN

Usage

Generate a config:

./edgevpn -g > config.yaml

Run it on multiple hosts:

EDGEVPNCONFIG=config.yaml IFACE=edgevpn0 ADDRESS=10.1.0.11/24 ./edgevpn
EDGEVPNCONFIG=config.yaml IFACE=edgevpn0 ADDRESS=10.1.0.12/24 ./edgevpn
EDGEVPNCONFIG=config.yaml IFACE=edgevpn0 ADDRESS=10.1.0.13/24 ./edgevpn
...

... and that's it!

Note: It might take up time to build the connection between nodes. Wait at least 5 mins, it depends on the network behind the hosts.

Is it for me?

EdgeVPN makes VPN decentralization a first strong requirement.

Its mainly use is for edge and low-end devices and especially for development.

The decentralized approach has few cons:

  • The underlaying network is chatty. It uses a Gossip protocol and p2p. Every message is broadcasted to all peers.
  • Not suited for low latency. On my local tests on very slow connections, ping took ~200ms.

Keep that in mind before using it for your prod networks!

But it has a strong pro: it just works everywhere libp2p works!

Example use case: network-decentralized k3s test cluster

Let's see a practical example, you are developing something for kubernetes and you want to try a multi-node setup, but you have machines available that are only behind NAT (pity!) and you would really like to leverage HW.

If you are not really interested in network performance (again, that's for development purposes only!) then you could use edgevpn + k3s in this way:

  1. Generate edgevpn config: edgevpn -g > vpn.yaml

  2. Start the vpn:

    on node A: sudo IFACE=edgevpn0 ADDRESS=10.1.0.3/24 EDGEVPNCONFIG=vpn.yml edgevpn

    on node B: sudo IFACE=edgevpn0 ADDRESS=10.1.0.4/24 EDGEVPNCONFIG=vpm.yml edgevpn

  3. Start k3s:

    on node A: k3s server --flannel-iface=edgevpn0

    on node B: K3S_URL=https://10.1.0.3:6443 K3S_TOKEN=xx k3s agent --flannel-iface=edgevpn0 --node-ip 10.1.0.4

We have used flannel here, but other CNI should work as well.

As a library

EdgeVPN can be used as a library. It is very portable and offers a functional interface:

import (
    edgevpn "github.com/mudler/edgevpn/pkg/edgevpn"
)

e := edgevpn.New(edgevpn.Logger(l),
    edgevpn.LogLevel(log.LevelInfo),
    edgevpn.MaxMessageSize(2 << 20),
    edgevpn.WithMTU(1500),
    edgevpn.WithInterfaceMTU(1300),
    edgevpn.WithInterfaceAddress(os.Getenv("ADDRESS")),
    edgevpn.WithInterfaceName(os.Getenv("IFACE")),
    // ....
    edgevpn.WithInterfaceType(water.TAP))

e.Start()

Architecture

  • p2p encryption between peers with libp2p
  • randezvous points dynamically generated from OTP keys
  • extra AES symmetric encryption on top. In case randezvous point is compromised

Credits

Disclaimers

I'm not a security expert, and this software didn't went through a full security audit, so don't use and rely it for sensible traffic! I did this mostly for fun while I was experimenting with libp2p.

LICENSE

GNU GPLv3.

edgevpn  Copyright (C) 2021 Ettore Di Giacinto
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions.
Comments
  • Intermittent connection drops with Edgevpn 0.10.0/libp2p 0.18.0-rc5 leaves disconnected peers

    Intermittent connection drops with Edgevpn 0.10.0/libp2p 0.18.0-rc5 leaves disconnected peers

    After about a 30min of usage, I started to notice constants connection drops by peers node. The issue seems to be persisting as connections doesn't seems to be rebuilt between nodes automatically, leaving peers disconnected. the only workaround is restarting the service.

    This seems to be tied with the recent libp2p bump to 0.18.0-rc5. I'm not sure if it's due to rsmngr configuration or either something else. I can't still trace it, but this is what I'm seeing now at a behavioral level:

    while opening a bunch of multiple streams to a single connection the connection gets eventually killed and seems the node can't recover and connect to it again.

    Although this seems to be an issue even with small streams - where I was previously pushing GBs of traffic just fine between nodes, now doesn't hold even for simple http requests.

    @vyzo / @marten-seemann sorry guys to ping you directly again, and don't want to sound annoying either. I'm seeing weird issues with 0.18.0 -rc5 here. I'm not sure if it's due to rsmngr configuration or either something else. I can't still trace it and give some helpful debug information, but this is what I'm seeing now at a behavioral level, the effect is quite noticeable.

    opened by mudler 17
  • Memleak in v0.9.3-v0.9.4

    Memleak in v0.9.3-v0.9.4

    Seems the bump to libp2p which was reverted here: #10 caused few memleaks, I'm still not sure if it's due to the bump or of something rather we shouldn't do in the code, but seems to occur only on edgevpn versions with the commit above.

    After few runs with pprof, seems to happen in aes.newCipher. so my first thoughts are at either something not properly consumed in the streams or either some internal buffer.

    10MB 3.87% 24.19% 10MB 3.87% crypto/aes.newCipher and the quic stack in general grows constantly, and can be seen in the pprof files

    Starting from:

    howing top 20 nodes out of 201                                                                                                                                                                       [245/1512]
          flat  flat%   sum%        cum   cum%                                                                                                                                                                      
          10MB  9.02%  9.02%       10MB  9.02%  github.com/libp2p/go-cidranger.newPrefixTree                                                                                                                        
        7.52MB  6.78% 15.80%     8.52MB  7.68%  github.com/lucas-clemente/quic-go/internal/handshake.newCryptoSetup
        6.50MB  5.87% 21.67%     6.50MB  5.87%  github.com/libp2p/go-libp2p-peerstore/pstoremem.(*memoryAddrBook).addAddrsUnlocked                                                                                  
        5.50MB  4.96% 26.63%     5.50MB  4.96%  crypto/aes.newCipher                                                                                                                                                
        4.52MB  4.07% 30.71%     4.52MB  4.07%  github.com/libp2p/go-libp2p-asn-util.init                                                                                                                           
        3.01MB  2.72% 33.43%     3.01MB  2.72%  bufio.NewReaderSize                                                                                                                                                 
           3MB  2.71% 36.14%        3MB  2.71%  crypto/x509.parseCertificate                                                                                                                                        
           3MB  2.71% 38.84%        3MB  2.71%  github.com/lucas-clemente/quic-go.(*frameSorter).push                                                                                                               
        2.50MB  2.26% 41.10%     6.51MB  5.87%  github.com/lucas-clemente/quic-go.(*session).preSetup                                                                                                               
        2.50MB  2.26% 43.36%     2.50MB  2.26%  runtime.malg                                                                                                                                                        
        2.50MB  2.26% 45.62%     2.50MB  2.26%  crypto/aes.(*aesCipherGCM).NewGCM                                                                                                                                   
        2.50MB  2.26% 47.87%     2.50MB  2.26%  github.com/libp2p/go-libp2p-kad-dht/providers.mkProvKeyFor                                                                                                          
           2MB  1.81% 49.68%        2MB  1.81%  github.com/libp2p/go-yamux/v3.newSession                                                                                                                            
           2MB  1.81% 51.49%    23.02MB 20.77%  github.com/lucas-clemente/quic-go.glob..func3                                                                                                                       
           2MB  1.80% 53.29%        2MB  1.80%  github.com/libp2p/go-libp2p-core/record/pb.(*Envelope).Unmarshal                                                                                                    
           2MB  1.80% 55.10%        2MB  1.80%  github.com/multiformats/go-multiaddr.NewMultiaddrBytes
        1.50MB  1.35% 56.45%     1.50MB  1.35%  runtime.allocm
        1.50MB  1.35% 57.80%     1.50MB  1.35%  github.com/lucas-clemente/quic-go.(*cryptoStreamImpl).Write
        1.50MB  1.35% 59.16%     1.50MB  1.35%  github.com/marten-seemann/qtls-go1-17.(*Conn).readHandshake
        1.50MB  1.35% 60.51%        4MB  3.61%  github.com/lucas-clemente/quic-go.newStream
    
    

    We went up in about 1 hour or so to:

    Showing nodes accounting for 151.65MB, 58.62% of 258.71MB total
    Dropped 172 nodes (cum <= 1.29MB)
    Showing top 20 nodes out of 254
          flat  flat%   sum%        cum   cum%
       18.04MB  6.97%  6.97%    22.54MB  8.71%  github.com/lucas-clemente/quic-go/internal/handshake.newCryptoSetup
       14.52MB  5.61% 12.59%    25.02MB  9.67%  github.com/lucas-clemente/quic-go.(*session).preSetup
       10.01MB  3.87% 16.46%    11.01MB  4.26%  crypto/x509.parseCertificate
          10MB  3.87% 20.32%       10MB  3.87%  github.com/libp2p/go-libp2p-peerstore/pstoremem.(*memoryAddrBook).addAddrsUnlocked
          10MB  3.87% 24.19%       10MB  3.87%  crypto/aes.newCipher
          10MB  3.87% 28.05%       10MB  3.87%  github.com/libp2p/go-cidranger.newPrefixTree
        9.50MB  3.67% 31.73%     9.50MB  3.67%  github.com/lucas-clemente/quic-go.(*frameSorter).push
        8.51MB  3.29% 35.01%     8.51MB  3.29%  github.com/lucas-clemente/quic-go.(*cryptoStreamImpl).Write
           7MB  2.71% 37.72%    11.50MB  4.45%  github.com/lucas-clemente/quic-go.newStream
        6.01MB  2.32% 40.04%     6.01MB  2.32%  github.com/libp2p/go-yamux/v3.newSession
           6MB  2.32% 42.36%        6MB  2.32%  crypto/aes.(*aesCipherGCM).NewGCM
        5.51MB  2.13% 44.49%     5.51MB  2.13%  github.com/lucas-clemente/quic-go/internal/wire.init.0.func1
        5.50MB  2.13% 46.62%     9.50MB  3.67%  github.com/lucas-clemente/quic-go.(*cryptoStreamImpl).HandleCryptoFrame
           5MB  1.93% 48.55%    70.57MB 27.28%  github.com/lucas-clemente/quic-go.glob..func3
           5MB  1.93% 50.49%        5MB  1.93%  runtime.malg
        4.52MB  1.75% 52.23%     4.52MB  1.75%  bufio.NewReaderSize
        4.52MB  1.75% 53.98%     4.52MB  1.75%  github.com/libp2p/go-libp2p-asn-util.init
        4.50MB  1.74% 55.72%     4.50MB  1.74%  github.com/libp2p/go-libp2p-kad-dht/providers.mkProvKeyFor
           4MB  1.55% 57.26%        4MB  1.55%  github.com/lucas-clemente/quic-go.newOutgoingUniStreamsMap
        3.50MB  1.35% 58.62%        4MB  1.55%  github.com/marten-seemann/qtls-go1-17.(*Conn).readHandshake
    

    here is a previously svg draw, where can be seen that newCipher was just about 6MB. profile001

    By looking at profiles, seems the quic stack is suffering of some memory leak, but can't be sure yet.

    To repro, just check out RAM usage in a bunch of hours, you would see it constantly growing. It eventually fills out the whole ram of the node

    ping: @marten-seemann @vyzo

    Sorry guys for pinging you directly, but before opening an issue upstream want to nail down if it's an issue on my side here, or do you have already an idea what's causing it? Thanks! :bow:

    opened by mudler 10
  • High memory usage.

    High memory usage.

    I run the following command. ./edgevpn --token xxx --address 10.1.0.1/24

    After one day, it will cost 1GB of memory. And the memory is keep going up. Is this normal? Thank you.

    question 
    opened by hkhk366 6
  • ERROR: Failed to find any peer in table

    ERROR: Failed to find any peer in table

    Somehow I cannot get this work even locally, perhaps I am missing something trivial:

    PCA:

    [email protected]:~/edgevpn$ sudo IFACE=edgevpn0 ADDRESS=10.1.0.3/24 EDGEVPNCONFIG=config.yaml ./edgevpn INFO edgevpn Copyright (C) 2021-2022 Ettore Di Giacinto This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. INFO Version: v0.15.3 commit: 9307c34028989e4b398464bcb072fda4b1b482a5 INFO Starting EdgeVPN network INFO Node ID: 12D3KooWJmkQSCRmbUBuRMjSe34Ugx51ZgDGkv2AEX62cf1qodVp INFO Node Addresses: [/ip4/192.168.1.105/tcp/40471 /ip4/127.0.0.1/tcp/40471 /ip6/::1/tcp/32857] INFO Bootstrapping DHT ERROR failed to find any peer in table 2022/08/21 13:13:51 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.

    PCB: [email protected]:~/edgevpn$ sudo IFACE=edgevpn0 ADDRESS=10.1.0.4/24 EDGEVPNCONFIG=config.yaml ./edgevpn INFO edgevpn Copyright (C) 2021-2022 Ettore Di Giacinto This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. INFO Version: v0.15.3 commit: 9307c34028989e4b398464bcb072fda4b1b482a5 INFO Starting EdgeVPN network INFO Node ID: 12D3KooWGUNFWqw6yHug1vSkrue7bWnQukFaU9oJSYDtukPFLFWj INFO Node Addresses: [/ip4/192.168.1.106/tcp/34943 /ip4/127.0.0.1/tcp/34943 /ip6/::1/tcp/40675] INFO Bootstrapping DHT ERROR failed to find any peer in table 2022/08/21 13:14:07 failed to sufficiently increase receive buffer size (was: 160 kiB, wanted: 2048 kiB, got: 320 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.

    Prior to these runs I generated the file config.yaml with "edgevpn -g > config.yaml" on PCA and then sent myself this very same config file to PCB via email and copied it into PCB's edgevpn folder from which I run the program (exactly the same config file sits on both PCs).

    Both nodes have been running without further progress over 30 minutes. PCB is a very old 2GB RAM 32 bit machine running Ubuntu 18.04 (Mate), while the config I generated on PCA which is 16GB RAM on a 64 bit Ubuntu 22.04.

    I might test this with hyprspace and report back. The motivation to use edgevpn over hyprspace was that you provided 32bit binaries, kudos for that, which I could not get for hyprspace, but I will try compiling the latter manually and will report back if there is a progress.

    ux 
    opened by aabbtree77 5
  • panic with DHCP

    panic with DHCP

    Hi @mudler! I have an issue I see randomly on peers when using DHCP feature

    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: {"level":"DEBUG","time":"2022-11-26T14:22:35.984+0300","caller":"vpn/dhcp.go:83","message":"12D3KooWBVp3ogQY8itAbmJCLuDt8vaoCMwf8QVetUB4ZAEmPCPP uses 10.0.1.1\n"}
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: {"level":"DEBUG","time":"2022-11-26T14:22:35.984+0300","caller":"vpn/dhcp.go:83","message":"12D3KooWNVqBVGt63AUq6VoVQZ1hTTdZ7MYyqDAkgGVmEPBoqidG uses 10.0.1.2\n"}
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: panic: runtime error: index out of range [0] with length 0
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: goroutine 1 [running]:
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: github.com/mudler/edgevpn/pkg/utils.Leader({0x285f638, 0x0, 0xc003d256c0?})
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]:         github.com/mudler/edgevpn/pkg/utils/leader.go:28 +0x1a5
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: github.com/mudler/edgevpn/pkg/vpn.DHCPNetworkService.func1({_, _}, {{0xc00081c3c0, 0x20}, {0xc00081c460, 0x20}, {0x0, 0x0, 0x0}, 0x0, ...}, ...)
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]:         github.com/mudler/edgevpn/pkg/vpn/dhcp.go:99 +0x356
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: github.com/mudler/edgevpn/pkg/node.(*Node).Start(0xc000aa0000, {0x17cbf70, 0xc0000443e0})
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]:         github.com/mudler/edgevpn/pkg/node/node.go:131 +0x2ba
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: github.com/mudler/edgevpn/cmd.Main.func1(0xc000856160)
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]:         github.com/mudler/edgevpn/cmd/main.go:221 +0xfae
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: github.com/urfave/cli.HandleAction({0x1098d20?, 0x1635ab8?}, 0xc000840540?)
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]:         github.com/urfave/[email protected]/app.go:524 +0xa8
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: github.com/urfave/cli.(*App).Run(0xc000840540, {0xc00003c180, 0x3, 0x3})
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]:         github.com/urfave/[email protected]/app.go:286 +0x7d9
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]: main.main()
    ноя 26 14:22:35 si-ni-tsin jajykimzibnqvw4b7qwjmxmh8b2142lk-edgevpn[197342]:         github.com/mudler/edgevpn/main.go:52 +0x785
    ноя 26 14:22:36 si-ni-tsin systemd[1]: edgevpn.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
    ноя 26 14:22:36 si-ni-tsin systemd[1]: edgevpn.service: Failed with result 'exit-code'.
    ноя 26 14:22:36 si-ni-tsin systemd[1]: edgevpn.service: Consumed 13.334s CPU time, received 6.0M IP traffic, sent 13.4M IP traffic.
    
    opened by dukzcry 3
  • add bootstrap interface config flag

    add bootstrap interface config flag

    to work in non-privileged mode it is necessary to disable the interface setup

    index 91c1bb0..1e69138 100644
    --- a/cmd/util.go
    +++ b/cmd/util.go
    @@ -48,6 +48,11 @@ var CommonFlags []cli.Flag = []cli.Flag{
                    EnvVar: "EDGEVPNMTU",
                    Value:  1200,
            },
    +       &cli.BoolTFlag{
    +               Name:   "bootstrap-iface",
    +               Usage:  "Setup interface on startup (need privileges)",
    +               EnvVar: "BOOTIFACE",
    +       },
            &cli.IntFlag{
                    Name:   "packet-mtu",
                    Usage:  "Specify a mtu",
    @@ -326,6 +331,7 @@ func cliToOpts(c *cli.Context) ([]node.Option, []vpn.Option, *logger.Logger) {
                    FrameTimeout:      c.String("timeout"),
                    ChannelBufferSize: c.Int("channel-buffer-size"),
                    InterfaceMTU:      c.Int("mtu"),
    +               BootstrapIface:    c.Bool("bootstrap-iface"),
                    PacketMTU:         c.Int("packet-mtu"),
                    Ledger: config.Ledger{
                            StateDir:         c.String("ledger-state"),
    diff --git a/pkg/config/config.go b/pkg/config/config.go
    index c24a906..2f5ae91 100644
    --- a/pkg/config/config.go
    +++ b/pkg/config/config.go
    @@ -45,6 +45,7 @@ type Config struct {
            Address                                    string
            Router                                     string
            Interface                                  string
    +       BootstrapIface                             bool
            Libp2pLogLevel, LogLevel                   string
            LowProfile, VPNLowProfile                  bool
            Blacklist                                  []string
    @@ -178,7 +179,7 @@ func (c Config) ToOpts(l *logger.Logger) ([]node.Option, []vpn.Option, error) {
                    vpn.Logger(llger),
                    vpn.WithTimeout(c.FrameTimeout),
                    vpn.WithInterfaceType(water.TUN),
    -               vpn.NetLinkBootstrap(true),
    +               vpn.NetLinkBootstrap(c.BootstrapIface),
                    vpn.WithChannelBufferSize(c.ChannelBufferSize),
                    vpn.WithInterfaceMTU(c.InterfaceMTU),
                    vpn.WithPacketMTU(c.PacketMTU),
    diff --git a/pkg/vpn/interface.go b/pkg/vpn/interface.go
    index afd0718..e969375 100644
    --- a/pkg/vpn/interface.go
    +++ b/pkg/vpn/interface.go
    @@ -25,7 +25,8 @@ import (
     
     func createInterface(c *Config) (*water.Interface, error) {
            config := water.Config{
    -               DeviceType: c.DeviceType,
    +               DeviceType:             c.DeviceType,
    +               PlatformSpecificParams: water.PlatformSpecificParams{Persist: !c.NetLinkBootstrap},
            }
            config.Name = c.InterfaceName
     
    
    
    opened by kondratev 3
  • panic: runtime error: invalid memory address or nil pointer dereference

    panic: runtime error: invalid memory address or nil pointer dereference

    ./edgevpn api

    command throws out some error. another issue, it is fine (not always) to create a NIC on a physical Ubuntu box, but not on a vm and rasberry PI.

    EDGEVPNTOKEN=$EDGEVPNTOKEN ./edgevpn --address 10.1.0.11/24

    [email protected]:/box/vpn/edgevpn# ./edgevpn INFO edgevpn Copyright (C) 2021-2022 Ettore Di Giacinto This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. INFO Version: commit: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xd0767f]

    goroutine 1 [running]: github.com/mudler/edgevpn/pkg/blockchain.(*Ledger).newGenesis(0xc000960d50) github.com/mudler/edgevpn/pkg/blockchain/ledger.go:60 +0x15f github.com/mudler/edgevpn/pkg/blockchain.New(...) github.com/mudler/edgevpn/pkg/blockchain/ledger.go:52 github.com/mudler/edgevpn/pkg/node.(*Node).Ledger(0xc0002c0fc0) github.com/mudler/edgevpn/pkg/node/node.go:85 +0x17a github.com/mudler/edgevpn/pkg/node.(*Node).Start(0xc0002c0fc0, {0x152baf0, 0xc000146350}) github.com/mudler/edgevpn/pkg/node/node.go:92 +0x46 github.com/mudler/edgevpn/cmd.Main.func1(0xc0002be840) github.com/mudler/edgevpn/cmd/main.go:196 +0xbaf github.com/urfave/cli.HandleAction({0xefd3a0, 0x14033e0}, 0xc0002c0e00) github.com/urfave/[email protected]/app.go:524 +0xa8 github.com/urfave/cli.(*App).Run(0xc0002c0e00, {0xc0001181e0, 0x1, 0x1}) github.com/urfave/[email protected]/app.go:286 +0x625 main.main() github.com/mudler/edgevpn/main.go:50 +0x5a5

    opened by jingkang99 2
  • Add router option

    Add router option

    Hi @mudler, nice project! This PR adds possibility to optionally set one of the remote nodes as router / gateway and so allows to reach LAN networks behind the router or even use it as default gateway to forward Internet traffic via it. In short it adds traditional VPN functional in addition to existing mesh functional.

    Examples

    edgevpn --address 10.0.3.2/24 --router 10.0.3.1
    ...
    

    Access LAN network 10.0.0.0/24

    $ ip route add 10.0.0.0/24 dev edgevpn0
    $ ping -c 1 10.0.0.1
    PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
    64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=7.63 ms
    

    Access Internet (remote node should have configured forwarding and NAT)

    # 52.10.234.17 is the p2p-circuit address of remote node
    # 192.168.0.1 is the local router
    $ ip route add 52.10.234.17 via 192.168.0.1
    $ ip route add default dev edgevpn0 metric 1
    
    opened by dukzcry 2
  • Increse otp digits generated by defaults

    Increse otp digits generated by defaults

    The OTP library supports just the minimum of up to 9 digits which is what is documented in https://www.rfc-editor.org/rfc/rfc4226#section-5.3. While this is perfectly fine for human usage, also RFC defines that this is an example and more digits should be used for an increased security. As our case is not human-facing, we can bump this to the maximum size allowed by the hashing algorithm. Even if we were setting 32, we were getting 9 digits padded with 0 - now we ask for 43 and we get 43 alphanumeric strings (opposed to just numeric digits before)

    Credits to @aleksej-paschenko for discoverying that the gotp lib returned 0 padded strings!

    opened by mudler 1
  • routing option: allow mesh and VPN behaviour coexist

    routing option: allow mesh and VPN behaviour coexist

    Hi @mudler ! This PR allows mesh functionality when router option is used Access to not know networks go via router, but access to known peers now go directly

    opened by dukzcry 1
  • Fix Windows support

    Fix Windows support

    Hi @mudler, nice project! This PR fixes Windows support in EdgeVPN. In particular TUN Windows implementation in Water library requires to set address at device creation stage to properly fake ARP responses. (Note that you still need to set IP and mask on interface by yourself)

    Example

    edgevpn --address 10.0.3.2/24 --interface "Ethernet 3"
    ...
    
    opened by dukzcry 1
  • Drop otp fork

    Drop otp fork

    Drop fork of otp to handle totps.

    As the maintainer of otp https://github.com/creachadair/otp/pull/1 was kind to accept the request and provide it directly in the API, we should just consume that and avoid to use the fork with our changes.

    This is also problematic as when using edgevpn as a lib the replace is needed, otherwise breaks compilation.

    techdebt 
    opened by mudler 0
  • some bugs on v0.17.0 and v0.18.0

    some bugs on v0.17.0 and v0.18.0

    I found some problems with the new version of edgevpn, when I run edgevpn for the first time, it will automatically quit, I have to run it a second time before it can run stably. In addition, edgevpn will crash the network card of some other applications that also use the wintun network card driver. I think there may be some bugs in the wintun related code of edgevpn.

    opened by vip123456789 1
  • Be able to pin keys and routing table

    Be able to pin keys and routing table

    It would be nice to support the use case when we want to have everything defined statically by config file from the CLI, such as:

    • static keypair (pub/priv key) to use to advertize and e2e encrypt packets with libp2p
    • static routing table defined by user config file which is used in place of the one distributed by the ledger

    In this way we support both scenarios: dynamic (currently) and statically user-defined. Note this is mostly already achievable by API, but currently the CLI lacks such features.

    enhancement 
    opened by mudler 1
  • Unable to establish VPN: 10.1.1.2 not found in the routing table

    Unable to establish VPN: 10.1.1.2 not found in the routing table

    I am using v0.16.1 on linux x86-64.

    I am attempting to simulate two hosts behind NAT establishing a VPN connection.

    I have two separate machines on the same LAN but are prohibited from talking to one other over the LAN. The machines only have internal 192.168.1.0/24 addresses.

    I followed the tutorial exactly as written but when trying to ping host2 (edgevpn ip: 10.1.1.2) from host1 (edgevpn ip: 10.1.1.1), I get the error:

    {"level":"DEBUG",
     "time":"[date]",
     "caller":"vpn/vpn.go:258",
     "message":"could not handle frame: '10.1.1.2' not found in the routing table\n"}
    

    Invocation:

    • host1: sudo ./edgevpn --interface edgevpn0 --config config.yaml --log-level=DEBUG --address 10.1.1.1/30 --libp2p-log-level=INFO --transient-conn
    • host2: sudo ./edgevpn --interface edgevpn1 --config config.yaml --log-level=DEBUG --address 10.1.1.2/30 --libp2p-log-level=INFO --transient-conn

    I have followed the sysctl -w net.core.rmem_max=2500000 step on both machines.

    config.yaml was generated with edgevpn -g > config.yaml and is the same on both machines.

    The DEBUG messages show that both machines Find Peers:

    {"level":"DEBUG",
     "time":"[date]",
     "caller":"discovery/dht.go:229",
     "message":" Found peer: {12D3KooW....: [/ip4/147.189.X.Y/udp/4001/quic/p2p/12D3KooWE.../p2p-circuit ..."}
    

    And even report Connected:

    {"level":"DEBUG",
     "time":"[date]",
     "caller":"discovery/dht.go:229",
     "message":" Connected to: {12D3KooW....: [/ip4/147.189.X.Y/udp/4001/quic/p2p/12D3KooWE.../p2p-circuit ..."}
    

    Yet edgevpn complains about the routing table when attempting to ping the other edgevpn IP address.

    It works when both edgevpn0 and edgevpn1 are invoked on the same machine (and talk over localhost), but this does not simulate my intention: two hosts behind NAT.

    edgevpn has many options that I don't know what they do - do I need to specify any of these?

    opened by realbiz21 6
  • Crypto Go :we are a research group to help developers build secure applications.

    Crypto Go :we are a research group to help developers build secure applications.

    Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following. Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows: (1) Location: pkg/crypto/md5.go:25 Broken rule: MD5 is an insecure algorithm; (2) Location: pkg/crypto/aes.go:29 Broken rule: Constant key in AES; We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.

    opened by 1047261438 0
Releases(v0.18.1)
Owner
Ettore Di Giacinto
Ettore Di Giacinto
Decentralized VPN in golang

LCVPN - Light decentralized VPN in golang Originally this repo was just an answer on a question "how much time it'll take to write my own simple VPN i

Anton Skorochod 498 Dec 6, 2022
Decentralized VPN

Decentralized VPN The RadVPN doesn't need any central point as it connects to other nodes directly (full mesh) it has built-in router that helps packe

Mehrdad Arshad Rad 1.1k Dec 5, 2022
A Lightweight VPN Built on top of Libp2p for Truly Distributed Networks.

Hyprspace A Lightweight VPN Built on top of Libp2p for Truly Distributed Networks. demo.mp4 Table of Contents A Bit of Backstory Use Cases A Digital N

Hyprspace 357 Nov 25, 2022
A fork of the simple WireGuard VPN server GUI community maintained

Subspace - A simple WireGuard VPN server GUI Subspace - A simple WireGuard VPN server GUI Slack Screenshots Features Contributing Setup 1. Get a serve

null 1.7k Nov 29, 2022
A Wireguard VPN Server Manager and API to add and remove clients

Wireguard Manager And API A manager and API to add, remove clients as well as other features such as an auto reapplier which deletes and adds back a c

null 144 Nov 29, 2022
Terraform Provider for Pritunl VPN Server

Terraform Provider for Pritunl VPN Server Website: https://www.terraform.io Pritunl VPN Server: https://pritunl.com/ Provider: disc/pritunl Requiremen

Alexandr Hacicheant 26 Nov 18, 2022
A memory-safe SSH server, focused on listening only on VPN networks such as Tailscale

Features Is tested to work with SCP Integrates well with systemd Quickstart Download binary for your architecture. We only support Linux. If you don't

function61.com 2 Jun 10, 2022
Bigint - Immutable arbitrary-precision integer for Go

bigint Go's big.Int is mutable to enable flexibility in performance tuning but s

Minswap 6 Sep 13, 2022
SonicWall VPN-SSL Exploit* using Golang

goshock SonicWall VPN-SSL Exploit* using Golang ( * and other targets vulnerable to shellshock ).

Gustavo Roberto Rodrigues Gonçalves 17 Jul 6, 2022
Smart VPN client

Smart VPN client Performs all the standard functions of a VPN client, i.e. manages a connection to a VPN headend. The "smart" functionality includes:

Michael Kashin 21 Sep 2, 2022
Standalone client for proxies of Opera VPN

opera-proxy Standalone Opera VPN client. Younger brother of hola-proxy. Just run it and it'll start a plain HTTP proxy server forwarding traffic throu

null 357 Dec 7, 2022
SplitVPN - Split Internet and VPN routing

SplitVPN - Split Internet and VPN routing

null 7 Jul 15, 2022
CLI to drive SAML based auth for Global Protect VPN

GlobalProtect VPN Helper This tool is a CLI friendly tool used to perform POST based SAML authentication for GlobalProtect VPN. It displays a browser

Clement JACOB 9 Aug 28, 2022
A VPN Proxy Helper

VPN Proxy Helper Sometimes, VPN clients do not change the routing table of the computer but it still exists the VPN interface. Sometimes, you don't wa

null 3 Aug 19, 2022
IP2Proxy Go package allows users to query an IP address to determine if it was being used as open proxy, web proxy, VPN anonymizer and TOR exits.

IP2Proxy Go Package This package allows user to query an IP address if it was being used as VPN anonymizer, open proxies, web proxies, Tor exits, data

IP2Location 11 Sep 15, 2022
KeeneticRouteToVpn is simple app updating Keenetic Router rules for some hosts to go through VPN interface.

KeeneticRouteToVpn KeeneticRouteToVpn is simple app updating Keenetic Router rules for some hosts to go through VPN interface. It has defaults values

Vasilii Blazhnov 8 Oct 8, 2022
Hummingbard is an experimental client for building decentralized communities on top of Matrix.

Hummingbard is an experimental client for building decentralized communities on top of Matrix.

null 80 Oct 11, 2022
A decentralized P2P networking stack written in Go.

noise noise is an opinionated, easy-to-use P2P network stack for decentralized applications, and cryptographic protocols written in Go. noise is made

Perlin Network 1.7k Dec 2, 2022
Decentralized Chat ( 去中心化的聊天系统 )

dchat Introduce dchat (Decentralized Chat) 一款去中心化的聊天系统。 Features 轻量级 Unix指令交互 去中心化 断线重连 支持集群 分布式ID Start Install go get -u github.com/awesome-cmd/dcha

null 14 Jul 2, 2022