
Decentralized VPN Written in Go - ngaut
https://github.com/mehrdadrad/radvpn
======
q3k
Looking at it for a few minutes, this has some issues:

\- symmetrical crypto with shared key across all clients, letting any VPN
client act as any other client

\- no PFS (straight AEAD with AES-GCM)

\- alternatively, sketchy home-grown AES-CBC crypto that doesn't seem to be
authenticated and as such allows for replay attacks and whatnot

\- home-rolled SHA-1 pbkdf1 instead of stdlib pbkdf2 with a better hash

\- static routing (ie. no way for a client to decide what prefixes to announce
at a given time without updating the centralized config)

\- no support for roaming clients like phones or clients behind NAT (currently
just depends on being able to send UDP datagrams to a preconfigured remote
address)

There's probably other things I missed, especially crypto-wise.

I'd stay away from this (at least for now) and use something like wireguard or
tinc instead.

~~~
pinewurst
But it’s written in Go and that makes all the difference!

~~~
laurent123456
Why is Go so special that it needs to be mentioned every time there's a
project using it?

"written in go" comes up 540 times in the search results, vs only 196 times
for "written in javascript" even though the latter is way more common than Go.

~~~
bborud
337 times for "written in rust".

I think what is going on is that the number of times you get these "written
in" postings is somehow a function of the inverse of market share and how
convinced practitioners are that the language in question is so good it should
be used more widely. And some timing factor.

I had expected Rust to have more "written in" articles. It has a very
dedicated following, but it is struggling a bit to gain more mainstream
acceptance. Go meanwhile is getting to where it is in very widespread use for
a broad applications (mostly server stuff). So I had expected there to be more
"written in" articles for Rust than Go as Rust needs more evangelizing.

Perhaps if we lay out the articles on a timeline we see something interesting,
but I suspect my hypothesis was a bit off.

~~~
asdkhadsj
> I think what is going on is that the number of times you get these "written
> in" postings is somehow a function of the inverse of market share and how
> convinced practitioners are that the language in question is so good it
> should be used more widely.

I view you as correct about the market share, but incorrect about "language so
good it should be used more widely". Not that Go or Rust devs don't believe
that.. However, I don't think that's why these posts get upvoted. At least
speaking for myself I love seeing the language it's written in.

As a Rust focused dev _(for fun and profit)_ clearly I don't like Go posts
because I believe it's the best language and all of my code should be ported.
Yet I do like Go posts. Likewise I like Rust posts. I like Go posts because,
like Rust, I know it will be an easy install. It will be something active,
growing and "modern". I view these growing and modern languages to have more
active contribution to the core project _(if it 's a good project of course)_.

I'm less interested in tools written in Python because I've had enough of
difficulty in the past with Python installations that I just don't even care
enough to bother. I also am less interested in a cool project written in some
_(I don 't mean Python)_ other old and "dying" language. I have trouble
envisioning contributions being high and trajectory reaching any critical
point. Those things are important I think.

Language matters to me. It's not going to make or break a project to be
written in something "odd" \- but it's definitely of interest. For good or
bad.

These are all my views.. most of it not fact. Please take it as such :)

~~~
bborud
I’ve never managed to like Python as a language, but I used to recommend it to
beginners as a learning language. Mostly because you can do real things in it.

But I don’t much care for how the Python community has failed to produce a
language, practice and tool chain that plays nice with users. It is a somewhat
selfish and anti-social language environment that forces users to care about
things they shouldn’t have to care about.

------
sebsito
Apart from "written in X" is kind of clickbaity I find it useful after all. I
think that Go code is clear and readable and so it would be much easier to add
missing feature and use if I had such need.

Where "written in Rust" is almost a show stopper for me because I just can't
read through the source despite numerous attempts (not saying that Rust is bad
of course, it's just subjectively hard to approach for me)

------
davecap1
Is this similar to ZeroTier
[https://www.zerotier.com/](https://www.zerotier.com/)?

~~~
DuskStar
Except not as battle hardened and with fewer features, but otherwise that's
what it looks like to me

ZeroTier's pretty damn cool, IMO:
[https://github.com/zerotier/ZeroTierOne](https://github.com/zerotier/ZeroTierOne)

~~~
0az
ZeroTier _is_ cool. With it on, I can just grab a file / test something on my
laptop without needing to expose it publicly and either setup dyndns or grab
my laptop's assigned IP address. I can just keep one bookmark for each
service.

As a bonus, it'll route directly, instead of through an Open on server, etc.

I just wish they had an alternative to curl | bash. Something like Docker's
install instructions, where you don't have to look through the install script
to figure out what's going on inside sudo.

~~~
nine_k
Both Debian and Void Linux have proper packages; did not try other distros.

Android has an app, though I don't know whether the GUI part is open source.

So far, works great for me.

------
OJFord
With WireGuard in the kernel, and even systemd support, why? What is this even
aiming to offer that wg doesn't or couldn't be better done as an abstraction
over wg (e.g. if you wanted a Go library for it)?

~~~
merb
actually with a "home grown" vpn (userspace) you control the transport. thus
you can even create a transport on h2 which makes it way harder to detect.

~~~
tptacek
There's userspace WireGuard in Go.

------
mawalu
Hijacking this for a project I created a while back. An ansible role that
creates a "mesh" VPN between a set of servers using wireguard:
[https://github.com/mawalu/wireguard-private-
networking](https://github.com/mawalu/wireguard-private-networking)

------
davidcollantes
Related, recently on HN[0]:
[https://github.com/jedisct1/dsvpn](https://github.com/jedisct1/dsvpn)

[0]
[https://news.ycombinator.com/item?id=20571739](https://news.ycombinator.com/item?id=20571739)

------
ngcc_hk
Those free vpn you can get from people who want to target you and get your
traffic ? Not as bad I hope.

------
xvilka
There is also a Rust[1] implementation.

[1] [https://github.com/dswd/vpncloud](https://github.com/dswd/vpncloud)

