Posts Tagged ‘overlay’

L-VN Lite Virtual Network – GSoC 2011

Wednesday, June 1st, 2011

Most of the existing VPN solutions are based on user space tunneling (OPENVPN, TINC) and consume a large amount of CPU on copying packets from/to user space. Kernel based solutions (e.g.: IPsec VPNs) are more efficient in terms of CPU load but still consume CPU resources on cryptographic operations which sometimes are not even required. In many cases in facts, when the goal is simply the creation on a hub-and-spoke overlay network with a central server and several clients behind NAT, the preferred solution is to use OPENVPN with NULL CIPHER.

The idea of L-VN is to exploit the IP/UDP encapsulation kernel module proposed for GSoC 2010 to develop a VPN/Overlay tool based on IP/UDP encapsulation performed in kernel space with no “security services” for the encapsulated packets (i.e. no confidentiality, no authentication). The goal is to provide a lightweight overlay network tool that might be preferable to other VPN/Overlay solutions for devices with limited computational resources. The project is a proposal, and is sponsored by the Google Summer of Code 2011 program.

In details, this project requires 2 main tasks:

1) the IP/UDP encapsulation Kernel module needs to be finished and improved as for different technical details described in this README. Moreover, the incoming packets are currently intercepted with a NETFILTER hook and then decapsulated. To be eligible for a possible integration in the Linux Kernel, a different solution has to be found and implemented.

2) a client/server application for authentication, automatic tunnel establishment and NAT traversal has to be designed and developed. This application will basically provide the following features: a) (optional) mutual authentication; b) NAT reflexed address discovery and automatic tunnel establishment; c) NAT binding keep alive; d) automatic inactive tunnel de-allocation.

The source code will be publicly available through the ninux svn repository: Comments, remarks or any kind of support will be truly appreciated.