[Ninux-Wireless] [blog] L-VN Lite Virtual Network - GSoC 2011
marco.bonola
tuscolomesh a gmail.com
Gio 2 Giu 2011 00:33:53 CEST
Nuovo post sul blog (Ninux.org Wireless Community):
' L-VN Lite Virtual Network - GSoC 2011' di marco.bonola
Most ofthe existing VPN solutions are based on user space tunneling (OPENVPN,
TINC) and consume a large amount of CPU on copying packets from/to user space.
Kernel based solutions (e.g.: IPsec VPNs) are more efficient in terms of CPU
load but still consume CPU resources on cryptographic operations which sometimes
are not even required. In many cases in facts, when the goal is simply the
creation on a hub-and-spoke overlay network with a central server and several
clients behind NAT, the preferred solution is to use OPENVPN with NULL CIPHER.
The idea of L-VN is to exploit the IP/UDP encapsulation kernel module proposed
for GSoC 2010 http://blog.ninux.org/tag/udp-encapsulation/ to develop a
VPN/Overlay tool based on IP/UDP encapsulation performed in kernel space with no
"security services" for the encapsulated packets (i.e. no confidentiality, no
authentication). The goal is to provide a lightweight overlay network tool that
might be preferable to other VPN/Overlay solutions for devices with limited
computational resources. The project is a Freifunk-Ninux.org proposal, and is
sponsored by the Google Summer of Code 2011 program.
In details, this project requires 2 main tasks:
1) the IP/UDP encapsulation Kernel module needs to be finished and improved as
for different technical details described in this README. Moreover, the incoming
packets are currently intercepted with a NETFILTER hook and then decapsulated.
To be eligible for a possible integration in the Linux Kernel, a different
solution has to be found and implemented.
2) a client/server application for authentication, automatic tunnel
establishment and NAT traversal has to be designed and developed. This
application will basically provide the following features: a) (optional) mutual
authentication; b) NAT reflexed address discovery and automatic tunnel
establishment; c) NAT binding keep alive; d) automatic inactive tunnel
de-allocation.
The source code will be publicly available through the ninux svn
repository: https://svn.ninux.org/svn/ninuxdeveloping/lvn. My mail is
marco.bonola a gmail.com. Comments, remarks or any kind of support will be truly
appreciated.
Marco
http://blog.ninux.org/2011/06/01/l-vn-lite-virtual-network-gsoc-2011/
(messaggio generato automaticamente)
Maggiori informazioni sulla lista
Wireless