I see this repeated in a lot of places about WireGuard but is there anything wrong with UDPTunnel (http://www.cs.columbia.edu/~lennox/udptunnel/)?
Why would one prefer this instead of WireGuard + UDPTunnel?
The previous commenter was pointing out that you don’t need your VPN to support TCP in order to tunnel it over TCP, since that is exactly what UDP Tunnel is designed to do.
There will no doubt be a way to get around your networks propensity to block traffic that looks encrypted, though we are getting very specific to that circumstance in order to do so. Perhaps using actual valid HTTP protocol on port 80 to send and receive data via POST requests (polling for receive if there is nothing to send) would be sufficient, though not efficient. If not then you could try hide the encrypted traffic inside what looks like plain text, maybe sending book passages and flipping between upper and lower case to represent 1 & 0 bits... Though of course any human looking at packets that are part of the stream are going to see that you are trying to hide something, though that would be a problem with all these techniques.
I don't know if it would be appropriate for me to comment further as I work for a middlebox provider.
Often, through some kind of employee code of conduct; think along the lines of "I agree to refrain from using my work computer for personal business." or similar. Then, if something sensitive is decrypted, the employer has some legal cover.
IP address matching: Watch raw IP layer, pass through TLS traffic to some IP range, this requires vigilance to ensure the IP range maps well to the set of sites you're OK not decrypting and doesn't include sites you want to decrypt.
SNI matching: During TLS ClientHello watch the SNI provided by the client, if it's on a whitelist, let the entire connection through. Clients aren't obliged to be honest and servers aren't required to even look at SNI, if they serve only a single site why check?
Certificate CN/ SAN matching: Stall during TLS ClientHello, wait for the responding ServerHello and Certificate from the server, and examine the certificate for a hostname, check if it's whitelisted. Otherwise, decrypt the connection.
That last technique is very popular, and real middlebox companies (e.g. Cisco) have argued that since it doesn't work in TLS 1.3 (the Certificate message is encrypted so they can't read it) this is a significant security-relevant change. In the rant below I will show how to bypass this "security" check mostly because it is useless, companies selling it have been selling snake oil. Either they're too stupid to know it doesn't work or they assume their customers are too stupid, either way why would you deal with a "security" company like that?
1. Certificate contains only public documents, one or more X.509 certificates. Bad guys can get Google's certificate, or that of a bank, STI clinic or government regulator by simply connecting to those outfits and gathering the certificate.
2. The legitimate _client_ (e.g. your web browser) will need proof that the web site knows the Private Key corresponding to the public key in the certificate, but that proof is encrypted, either implicitly (RSA key exchange sends the session keys encrypted with the public key) or explicitly (modern cipher suites present an encrypted public key proof of ownership for the session) and so a middlebox can't see it except by interposing and decrypting everything.
3. Thus a "rogue" client can just connect to a "rogue" TLS endpoint and send SNI for www.google.com [pick any whitelisted hostname here], the server sends back a Certificate message for www.google.com and then the client just ignores the public key inside that certificate and presses on using a defined public key for the rogue server.
The middlebox cannot detect this happening, regardless of whether TLS 1.3 or earlier are used, it works the same and the "security" features in the middlebox don't prevent it.
Again, middlebox vendors have been _told_ about this, they either aren't bright enough to understand it (so you should not trust them) or they are lying to customers in the hope the customers don't understand it (so you should not trust them) and either way the result is the same.
Can't the middlebox just connect to the same endpoint, verify the certificate itself by checking that it is signed by a proper CA, and then, if it is not, drop the connection?
But the middlebox can, indeed, verify that when it connects to this same (IP, port) pair that endpoint is able to prove it's the real thing. I have never seen one that does this, and it won't prove anything about other connections, since our "rogue" TLS server can proxy everything to the real whitelisted server and that will pass, but yes you could do that.
You can invent arbitrarily sophisticated schemes and counter-schemes in this space. The 32 bytes of ClientHello random in particular mean you can never tell whether the client is signalling to the server or not if you even sometimes choose not to interpose.
But really, you don't have internet access at that point, so you shouldn't expect internet software to work.
But in my case, many local hospitals have free WiFi which blocks everything "suspicious", including most of UDP and many VPN-related TCP ports.
It allows you to tunnel UDP over a fake, non-lossless TCP connection. That is, it wraps packets in TCP headers to make them look like TCP to firewalls, but it doesn't actually implement TCP; instead, each "TCP" packet corresponds to one UDP packet, and it makes no attempt to resend dropped packets. This way you avoid the problems with TCP-over-TCP.
In FakeTCP header mode,udp2raw simulates 3-way handshake while establishing a connection,simulates seq and ack_seq while data transferring.
--seq-mode <number> seq increase mode for faketcp:
0:static header,do not increase seq and ack_seq
1:increase seq for every packet,simply ack last seq
2:increase seq randomly, about every 3 packets,simply ack last seq
3:simulate an almost real seq/ack procedure(default)
4:similiar to 3,but do not consider TCP Option Window_Scale,
maybe useful when firewall doesnt support TCP Option
The FakeTCP mode does not behave 100% like a real tcp connection. ISPs may be able to distinguish the simulated tcp traffic from the real TCP traffic (though it's costly). seq-mode can help you change the seq increase behavior slightly. If you experience connection problems, try to change the value.
The strange DNS and loss spikes however are not. If they aren't documented in the project, could you elaborate on these issues?
Though it would probably be wise at that point to make it congestion control aware, since TCP over TCP has some issues which are not considered solved.
OpenVPN was too hard to setup so they decided to write their own VPN from scratch? It's cool as an academic endeavor but by actually using it, they not only tossed out all the years of security work and the audits OpenVPN has gone through but also spent a ton of time creating something that they now will have to personally maintain.
I've tried 3 separate times now to set up the necessary pieces. I get all the way to the end and it just... doesn't work. And I'm just not a good enough network engineer to sniff out why.
I'm planning to re-implement it in rust (to learn from) and then contribute to Wireguards rust effort.
TCP_NOTSENT_LOWAT is not a solution to this either. It is a solution for HTTP/2 to be more aware of the congestion state and prioritize traffic properly, which itself does not do retransmission. It makes the buffer smaller so congestion is reported to upper layer earlier but still much later than when the actual congestion happens, distorting the upper/inner TCP congestion control. Also, a 128KiB value is hardcoded here for this knob, effectively rendering it only useful for a bandwidth delay product of 5Mbps * 200ms RTT.
However, it’s not broken in the exact way you’re thinking. TCP_NOTSENT_LOWAT is diffent from TCP_LOWAT. The latter would imply a hardcoded bandwidth-delay product. The one they’re using is a margin on top of the bandwidth-delay product, which mostly just depends on a fast enough CPU. They’re using a surprisingly high value for it though.
I use a wired connection, all routers and switches on our side are oversized professional units and the uplink is a beefy fiber link, so my packet loss rate is basically zero. Your results may vary.
I am much more intrigued by the attempts at breaking out of networks by tunneling over DNS (where that flavor of UDP traffic is let through) and ICMP (when not blocked).
in practice it works absolutely fine and infinite-percent better than a blocked udp-tunnel.
That's a bit light on details. Does it have hardware acceleration? Replay attack protection? Perfect forward secrecy? What are the underlying algorithms? Implementation verified by whom?
> Small (~25 KB), with an equally small and readable code base. No external dependencies.
This looks cool, however I don't like the fact that it doesn't use a trusted crypto library such as libsodium. It is likely to get less review and if weaknesses are detected in the algorithms, it is less likely to be improved.
That's somewhat amusing given that the author of dsvpn is the author of libsodium.
More details here: https://github.com/jedisct1/charm
Too bad that it never evolved further.
> * Support for multiple clients.
As long as it doesn't support multiple clients that can connect to each other, it's more of a proxy/gateway than a VPN.
OpenVPN is dead easy to setup with a shared secret, and it can work over TCP in pretty much the same way.
Setting up openvpn is definitely involved. And I think being concerned that you've configured something incorrectly is a real issue, especially when it comes to security.
A shared secret point to point link really is dead simple with OpenVPN. The first half of this mini-howto is basically it:
(Note that it uses the default settings of UDP 1194. To use TCP 443 as discussed above, also set "proto tcp-server" and "port 443").
Sure you might need to learn some new configuration options, but you won't just use them in this project, they will serve you for the rest of your life for all possible VPN usage cases.
This is likely not the case. While it's true that there hasn't been a severe/highly exploitable published vulnerability in OpenVPN for the last decade or so, that doesn't mean that there aren't vulnerabilities.
So basically the author thought it was simple enough for him to write a new software, but not simple enough to setup OpenVPN? (which anyone can do, especially in the shared secret case?) This project smells.
I would not recommend anyone to use this project, it seems like something the author have simply enjoyed writing, not something that is created for using.
Also how is "using ports 80 and 443" is a new "feature" when every other VPN can do exactly that?
Looks like mainly just Windows is missing? I didn't check it carefully, but seems to be fine on macOS and Linux. Not sure if the server would run on macOS, but I don't think that would be a common use case.
Can somebody well versed explain what the difference between TCP and UDP in this case? I obviously know what these are, I just don't understand why it's such a debatable choice applied to VPNs.
The detailed explanation is in the linked article: “Why TCP over TCP is a bad idea”. It was broken for me so I dug up an archive.org copy.
The upper layer transmission control and and retransmission attempts are completely unnecessary as transmission is already guaranteed by the lower layer TCP. The upper layer TCP, unaware of TCP underneath and having an increasing timeout on acknowledgment failure, can begin to queue up more retransmission than the lower layer can process increasing congestion and inducing a meltdown effect.
Explained better here:
It's not detection proof - but it avoids a TON of common problems with VPNS.
I was back in Dubai recently and sadly WireGuard didn't work, so I had to use OpenConnect, which while doesn't have the connectionless-like behaviour of WireGuard atleast worked.
That's fascinating, I wonder how they managed that (unless they used cheats like sbrk of course).
Stack variables in C99 (and most C++ compilers supporting C99) can even have a dynamic, run-time determined length. It compiles down to a "add esp, (blah)" command, if anyone is curious, so its super efficient.
I prefer stack-based allocations in my code. I only use heap-variables if I'm passing data between threads. If you need to pass data "up" your functions, then its a parameter (that is passed in on the stack). I would argue that stack-based variables are preferred in C++ due to RAII.
No IPv6? That's a no.
Actually that's kind of the definition of childish isn't it? Being an adult is often about recognizing you need to do things you don't want to do.
If we're being asked to care about this developer's project, then I don't think it is unfair at all to criticize. Let me see if I can explain where I'm coming from with a short play representing many, many real dialogs I've had and read in my years of computing:
Evangelist: "hey, you should use this thing I made!"
Me: "No, it doesn't seem to do what I want."
Evangelist: "You don't really need that anyway..."
Me: "No, I really do."
<20 minutes of pointlessness later>
Evangelist: "It's wrong of you to criticize all this hard work I've given you for free!"
Me: "I didn't ask for it!"
So maybe too many years of dealing with open source software evangelists has lead me to assume that anyone posting a project like this is doing so in this vein.
Edit: you've been breaking the site guidelines repeatedly. We ban such accounts. I don't want to ban you, so would you please review and follow them?
Also he links to systemd script files maintained by someone else, he just doesn't want to do that himself:
It's effort he's deciding he doesn't want to expend. And why should he?
"presumably for some petty disdain"
His choice - he's doing the work, after all.
Anything else. Including supporting operating systems I don't use.
Any feature request mentioning systemd.
Or why it's been submitted to HN 6 times in the last 2 weeks...