I am not a programmer.. Just learning Java right now.. But I think that it
sounds like a GREAT idea (for what its worth). I run a very small website
hosting business nolandbros.com and I would like to get a VPN going between
my servers and my home office and would love a free VPN solution.. (I like
to use opensource whenever it is appropiate or possible)
I wish you good luck and ask to keep me updated via this news group.
Hopefully you will have support from the programming community.
Brock
--
Ignorance is Bliss.........
----- Original Message -----
From: "Peter Stamfest" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 05, 2001 2:30 AM
Subject: Open VPN - Anybody interested / suggestions
>
> Hello OpenSSL users,
>
> I would like to tell you of a project I am currently thinking about. I
> have done some very preliminary coding and am I thinking about the future
> of this project. This is a rather brief e-mail, as I would first like to
> hear some comments.
>
>
> What it is all about:
>
> I want a VPN solution that is
> * free / open / GPL'd
> * UDP based instead of TCP based (see below for reasons)
> * Certificate based for first level authentication/authorization
> * Based on UNIX(r) on the server side (Linux being the primary goal)
> * available for Windows clients (Currently I am targeting for
> W98/W2000, Support for other/older versions would be very nice) and
> UNIX clients alike
> * Uses PPP for the actual transport
>
>
> If anybody knows of a product that can do this already, please say
> so. Also please comment if the project is a waste of time or not.
>
>
> What is a VPN
> -------------
>
> A VPN (Virtual Private Network) is a way to securely connect
> Computers/Networks to some private network over an insecure channel (like
> the internet).
>
>
> UDP based
> ---------
>
> The problem with TCP (or any stream based protocol that guarantees
> delivery) is that problems on the transport layer lead to retransmits on
> the VPN (the encapsulating) layer and on the encapsulated layer(s) (in
> case of eg. TCP traffic through the tunnel).
>
> To avoid this situation, it is necessary to drop the guaranteed
> encapsulating layer and to switch to a protocol that can drop
> packets "legally", like UDP.
>
> Another reason for UDP is that the protocol is well known to firewall
> people.
>
>
> Using PPP as the encapsulated protocol
> --------------------------------------
>
> I think about using PPP as the protocol to be encapsulated through an
> encrypted channel. This is because
>
> + some other VPN solutions use this mechanism
> + Server and client side software exists for this
>
>
> Current Status
> --------------
>
> Currently, I have done some testing wrt a UDP VPN server that accepts
> connections and encapsulates PPP packets (unencrypted). The code is quite
> simple. I have used this code to connect two Linux boxes via ethernet. I
> have done tests with dropped UDP packets, etc. Everything worked quite
> well.
>
> I have also done some thinking about the encryption to be used and
> about the control protocol to be used. (mixed with data packets).
>
>
> The MS Windows side exists in my brain only, at the moment. I think of the
> following architecture:
>
> + There is a special (virtual) modem driver that can be used with the dial
> up networking of Windows. This driver communicates with a user
> level service running in the background. This background service does
> the actual network side of the game. The device driver is there to hook
> the system into the dial up networking of windows.
>
> + The background service uses OpenSSL for its encryption/certificate
> handling.
>
>
> What is needed - Call for Participants
> --------------------------------------
>
> I would like to start of this project by
>
> + Discussing if it is worth the effort, or if anything like this already
> exists.
>
> + Discussing the protocol to be used, with a focus on security.
>
> + Discussing the developing model, location of the project.
>
> + Finding people to work on this. Particularly I look for people with
> enough Windows experience to write the Device Driver parts. The
> Unix/OpenSSL part can also need good programmers. Windows programmers
> should have legal access to all the needed parts to write a device
> driver, of course [Probably VC++, DDKs, etc].
>
>
> Expectations
> ------------
>
> * I would like this to become a serious alternative to any other VPN
> software. It can be done.
>
> * The whole of the software should be GPL'd, being as portable as
> possible, using automake/autoconf. I expect that CVS will be used for
> development.
>
> * It should be rock solid.
>
> * I would like to see a working prototype soon (particularly of the
> windows side).
>
> * The protocol to be used on the UDP channel should be well
> documented. Maybe we could make an RFC of it.
>
>
> I am willing to invest serious time into this project. The project could
> be hosted on Sourceforge or somewhere else. I could also provide Webspace
> or a CVS Server myself.
>
>
> Looking forward to hear from you.
>
>
> peter
>
> --
> _________________________________________________________________________
> Peter Stamfest UNIX, Networking & Computing Consultant
> Tel: +43/699/20711205 Software Development - Internetservices
> E-Mail: [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
