[Ninux-Calabria] Fwd: [Ninux-Wireless] [blog] L-VN Lite Virtual Network - GSoC 2011

luigi gigismir at gmail.com
Wed Sep 21 03:26:22 UTC 2011



-------- Messaggio originale --------
Oggetto: [Ninux-Wireless] [blog]  L-VN Lite Virtual Network - GSoC 2011
Data: Wed, 1 Jun 2011 22:33:53 +0000
Mittente: marco.bonola <tuscolomesh a gmail.com>
Rispondi-a: marco.bonola <marco.bonola a gmail.com>, wireless a ml.ninux.org
A: marco.bonola a gmail.com

Nuovo post sul blog (Ninux.org Wireless Community): 

' L-VN Lite Virtual Network - GSoC 2011' di marco.bonola

Most ofthe  existing VPN solutions are based on user space tunneling (OPENVPN,
TINC) and consume a large amount of CPU on copying packets from/to user space.
Kernel based solutions (e.g.: IPsec VPNs) are more efficient in terms of CPU
load but still consume CPU resources on cryptographic operations which sometimes
are not even required. In many cases in facts, when the goal is simply the
creation on a hub-and-spoke overlay network with a central server and several
clients behind NAT, the preferred solution is to use OPENVPN with NULL CIPHER.

The idea of L-VN is to exploit the IP/UDP encapsulation kernel module proposed
for GSoC 2010 http://blog.ninux.org/tag/udp-encapsulation/ to develop a
VPN/Overlay tool based on IP/UDP encapsulation performed in kernel space with no
"security services" for the encapsulated packets (i.e. no confidentiality, no
authentication). The goal is to provide a lightweight overlay network tool that
might be preferable to other VPN/Overlay solutions for devices with limited
computational resources. The project is a Freifunk-Ninux.org proposal, and is
sponsored by the Google Summer of Code 2011 program.

In details, this project requires 2 main tasks:

1) the IP/UDP encapsulation Kernel module needs to be finished and improved as
for different technical details described in this README. Moreover, the incoming
packets are currently intercepted with a NETFILTER hook and then decapsulated.
To be eligible for a possible integration in the Linux Kernel, a different
solution has to be found and implemented.

2) a client/server application for authentication, automatic tunnel
establishment and NAT traversal has to be designed and developed. This
application will basically provide the following features: a) (optional) mutual
authentication; b) NAT reflexed address discovery and automatic tunnel
establishment; c) NAT binding keep alive; d) automatic inactive tunnel
de-allocation.

The source code will be publicly available through the ninux svn
repository: https://svn.ninux.org/svn/ninuxdeveloping/lvn. My mail is
marco.bonola a gmail.com. Comments, remarks or any kind of support will be truly
appreciated.

Marco

http://blog.ninux.org/2011/06/01/l-vn-lite-virtual-network-gsoc-2011/

(messaggio generato automaticamente)

_______________________________________________
Wireless mailing list
Wireless a ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless


More information about the Calabria mailing list