BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | **This repository has been archived and is not being maintained by the author any longer.** |
2 | |||
3 | # BadVPN |
||
4 | |||
5 | ## Introduction |
||
6 | |||
7 | In this project I host some of my open-source networking software. |
||
8 | All of the software is written in C and utilizes a custom-developed framework for event-driven programming. |
||
9 | The extensive code sharing is the reason all the software is packaged together. |
||
10 | However, it is possible to compile only the required components to avoid extra dependencies. |
||
11 | |||
12 | ### NCD programming language |
||
13 | |||
14 | NCD (Network Configuration Daemon) is a daemon and programming/scripting language for configuration of network interfaces and other aspects of the operating system. |
||
15 | It implements various functionalities as built-in modules, which may be used from an NCD program wherever and for whatever purpose the user needs them. |
||
16 | This modularity makes NCD extremely flexible and extensible. It does a very good job with hotplugging in various forms, like USB network interfaces and link detection for wired devices. |
||
17 | New features can be added by implementing statements as C-language modules using a straightforward interface. |
||
18 | |||
19 | ### Tun2socks network-layer proxifier |
||
20 | |||
21 | The tun2socks program "socksifes" TCP connections at the network layer. |
||
22 | It implements a TUN device which accepts all incoming TCP connections (regardless of destination IP), and forwards the connections through a SOCKS server. |
||
23 | This allows you to forward all connections through SOCKS, without any need for application support. |
||
24 | It can be used, for example, to forward connections through a remote SSH server. |
||
25 | |||
26 | ### Peer-to-peer VPN |
||
27 | |||
28 | The VPN part of this project implements a Layer 2 (Ethernet) network between the peers (VPN nodes). |
||
29 | The peers connect to a central server which acts as a communication proxy allowing the peers to establish direct connections between each other (data connections). |
||
30 | These connections are used for transferring network data (Ethernet frames), and can be secured with a multitude of mechanisms. Notable features are: |
||
31 | |||
32 | - UDP and TCP transport |
||
33 | - Converges very quickly after a new peer joins |
||
34 | - IGMP snooping to deliver multicasts efficiently (e.g. for IPTV) |
||
35 | - Double SSL: if SSL is enabled, not only do peers connect to the server with SSL, but they use an additional layer of SSL when exchanging messages through the server |
||
36 | - Features related to the NAT problem: |
||
37 | - Can work with multiple layers of NAT (needs configuration) |
||
38 | - Local peers inside a NAT can communicate directly |
||
39 | - Relaying as a fallback (needs configuration) |
||
40 | |||
41 | ## Requirements |
||
42 | |||
43 | NCD only works on Linux. Tun2socks works on Linux and Windows. The P2P VPN works on Linux, Windows and FreeBSD (not tested often). |
||
44 | |||
45 | ## Installation |
||
46 | |||
47 | The build system is based on CMake. On Linux, the following commands can be used to |
||
48 | build: |
||
49 | |||
50 | ``` |
||
51 | cd <badvpn-source-dir> |
||
52 | mkdir build |
||
53 | cd build |
||
54 | cmake .. -DCMAKE_INSTALL_PREFIX=<install-dir> |
||
55 | make install |
||
56 | ``` |
||
57 | |||
58 | If you only need tun2socks or udpgw, then add the following arguments to the `cmake` |
||
59 | command: `-DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1 -DBUILD_UDPGW=1`. |
||
60 | Otherwise (if you want the VPN software), you will first need to install the OpenSSL |
||
61 | and NSS libraries and make sure that CMake can find them. |
||
62 | |||
63 | Windows builds are not provided. You can build from source code using Visual Studio by |
||
64 | following the instructions in the file `BUILD-WINDOWS-VisualStudio.md`. |
||
65 | |||
66 | ## License |
||
67 | |||
68 | The BSD 3-clause license as shown below applies to most of the code. |
||
69 | |||
70 | ``` |
||
71 | Copyright (c) 2009, Ambroz Bizjak <ambrop7@gmail.com> |
||
72 | All rights reserved. |
||
73 | |||
74 | Redistribution and use in source and binary forms, with or without |
||
75 | modification, are permitted provided that the following conditions are met: |
||
76 | 1. Redistributions of source code must retain the above copyright |
||
77 | notice, this list of conditions and the following disclaimer. |
||
78 | 2. Redistributions in binary form must reproduce the above copyright |
||
79 | notice, this list of conditions and the following disclaimer in the |
||
80 | documentation and/or other materials provided with the distribution. |
||
81 | 3. Neither the name of the author nor the |
||
82 | names of its contributors may be used to endorse or promote products |
||
83 | derived from this software without specific prior written permission. |
||
84 | |||
85 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
||
86 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
87 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
88 | DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
||
89 | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
90 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
91 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
92 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
93 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
94 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
95 | ``` |
||
96 | |||
97 | List of third-party code included in the source: |
||
98 | - lwIP - A Lightweight TCP/IP stack. License: `lwip/COPYING` |