Architecture of the vpn¶
vpn² is a virtual private network software much like the popular OpenVPN. But unlike OpenVPN is based on a peer-to-peer architecture to alleviate the need for central server.
Features¶
- Decentral organisation of the vpn
- No dedicated server is required
Technical Overview¶
vpn² peers use direct (peer-to-peer) connections to communicate between each other
- Peers operate as client and server altogether
- No single point of failure
Direct encrypted connection between peers:
Authentication based on OpenPGP (RFC 6091)
- Using local GnuPG keyring
- Trust delegation using trusted signatures
- OpenPGP’s Web-of-Trust algorithm
- Key exchange during TLS handshake possible
IPv6 (RFC 4291) addresses used for addressing vpn² peers
Address prefix
fc00::/8
used for vpn²Auto address assignment of unique local address (ULA, RFC 4193) based on OpenPGP certificate hash and
fc00::/64
prefixLAN connectivity
- Routing of prefix
fc00::/64
between LAN and vpn - Stateless address autoconfiguration (SLAAC, RFC 4862) of prefix for LAN access
- Routing of multicast addresses (RFC 4291#section-2.7) with site-local scope or link-local scope to support mDNS (RFC 6762)
- Routing of prefix
Decentral organization
- No configuration needed
- Addresses not assigned by central authority
- Low chance of address conflicts due to IPv6 address space
Implementation in Userspace
- C++11 code base
- GnuTLS encryption
- Boost.ASIO network library
- Userspace software using tun/tap kernel support