[Open Source] Blockchain Decentralized Lightweight VPN in Rust

Overview

[Open Source] Blockchain Decentralized Lightweight VPN in Rust

DCVPN_Rust (Decentralized VPN in Rust) is an open-source initiative started by @anandgokul18 to design, develop and maintain a decentralized Virtual Private Network (VPN) solution, meticulously engineered using the Rust programming language. Chosen for its superior performance characteristics, Rust empowers this project with high-speed execution, rigorous memory safety, and seamless concurrency capabilities.

This project's central design philosophy revolves around the creation of a lightweight, yet robust VPN solution, characterised by its ease of use and adaptability. DCVPN_RUST is underpinned by a configuration system that simplifies deployment across multiple hosts, making it an ideal choice for diverse networking environments.

With a design that encourages direct UDP communication between selected hosts, DCVPN_RUST eliminates the need for a central server, thereby fostering a truly decentralized network. Built with Linux systems in mind, it harnesses the power of TUN devices to deliver a high-performance networking solution.

One of the cornerstones of DCVPN_RUST is its commitment to security. It employs AES-128, AES-192, or AES-256 encryption, giving users the flexibility to choose between speed and security, as per their requirements. Additionally, an optional HMAC-SHA256 encryption is available for enhanced data integrity and authenticity.

DCVPN_RUST is a testament to the power of open-source development. It is not only a product of rigorous engineering and meticulous design but also of the collective effort of a passionate community. As an open-source project, it welcomes contributions from developers around the world, fostering a culture of collaboration and continuous improvement.

However, it's important to note that while DCVPN_RUST is a powerful tool, it is still in its beta stage. Its use comes with a set of risks and it's recommended to use only the versions marked as "release". Despite this, we're confident in the potential of this project and are continually working towards enhancing its capabilities and stability.

Features

  • Lightweight and easy to use with a similar config for all hosts.
  • Auto-detects local parameters, making it suitable for use with configuration management tools like Puppet.
  • Uses AES-128, AES-192, or AES-256 encryption (note that AES-256 is much slower than AES-128 on most computers) + optional HMAC-SHA256 or NONE encryption (just copy without modification).
  • Communicates via UDP directly to selected hosts (no central server required).
  • Only works on macOS/ Linux (uses TUN device).
  • Supports basic routing, making it suitable for connecting multiple networks.
  • Multithreaded send and receive, making it scalable for high traffic.
  • Better performance with a higher number of hosts due to the use of SO_REUSEPORT.
  • Still in beta stage, use at your own risk (and please use only versions marked as "release").

alt tag

Installation and Usage

First, you need to have Rust installed. You can install Rust from the official website: https://www.rust-lang.org/tools/install.

After Rust is installed, you can clone the repository and build the project:

$ git clone https://github.com/anandgokul18/dcvpn_rust
$ cd dcvpn_rust
$ cargo build --release

You can run DCVPN_RUST with the following commands:

If you have a config in /etc/dcvpn_rust.conf:

$ sudo ./target/release/dcvpn_rust

If you want to specify a different location for the config file (or if you need to run several instances):

$ sudo ./target/release/dcvpn_rust -config dcvpn_rust.conf

If your host is hidden behind a firewall (with UDP port forward) and DCVPN_RUST is unable to detect which "remote" is localhost, use the following syntax:

$ sudo ./target/release/dcvpn_rust -local berlin -config dcvpn_rust.conf

Configuration Example

A sample configuration file is provided below:

[main]
port = 23456
encryption = aescbc
mainkey = 4A34E352D7C32FC42F1CEB0CAA54D40E9D1EEDAF14EBCBCECA429E1B2EF72D21
altkey = 1111111117C32FC42F1CEB0CAA54D40E9D1EEDAF14EBCBCECA429E1B2EF72D21
broadcast = 192.168.3.255
netcidr = 24
recvThreads = 4
sendThreads = 4

[remote "prague"]
ExtIP = 46.234.105.229
LocIP = 192.168.3.15
route = 192.168.10.0/24
route = 192.168.15.0/24
route = 192.168.20.0/24

[remote "berlin"]
ExtIP = 103.224.182.245
LocIP = 192.168.3.8
route = 192.168.11.0/24

[remote "kiev"]
ExtIP = 95.168.211.37
LocIP = 192.168.3.3
route = 192.168.12.0/24

The configuration parameters are defined as follows:

  • port is the UDP port for communication.
  • encryption can be set to aescbc for AES-CBC, aescbchmac for AES-CBC+HMAC-SHA245, or none for no encryption.
  • For aescbc, mainkey/altkey is the hexadecimal form of a 16, 24, or 32 bytes key (for AES-128, AES-192, or AES-256).
  • For aescbchmac, mainkey/altkey is 32 bytes longer.
  • For none, mainkey/altkey is just ignored.
  • Number of remotes is virtually unlimited, each taking about 256 bytes in memory.

Configuration Reload

The configuration is reloaded on a HUP signal. In the case of an invalid configuration, a log message will appear, and the previous configuration will be used.

Please note: the listening UDP socket is not currently reopened, so a restart is required when changing the port.

Online Key Change

The altkey configuration option allows you to specify an alternative encryption key that will be used if decryption with the primary one fails. This allows the following algorithm to change keys without taking the link offline:

  • In normal state, only mainkey is set (setting altkey is more CPU-consuming).
  • Set altkey to the new key on all hosts and send a HUP signal.
  • Swap altkey and mainkey on all hosts and send a HUP signal.
  • Remove altkey (with the old key) from the configurations on all hosts and send a HUP signal again.
  • The system is now running with the new key :)

Roadmap

  • 100% unit test coverage.
  • Support for additional platforms.
  • Improvements in efficiency and performance.
  • If there's something more you need, please let us know!

Contributing

We welcome contributions from the open source community! Whether it's improving the code, adding new features, fixing bugs, or enhancing the documentation, your contributions are always appreciated.

If you're thinking of contributing, please follow these steps:

  1. Fork the repository - This creates your own copy of the project where you can make your changes.

  2. Create a new branch - This keeps your main branch clean and makes it easier to integrate your changes later.

  3. Make your changes - Make sure to thoroughly test your changes!

  4. Submit a pull request - Push your changes to your branch on GitHub and open a pull request against the main branch in the original repository. Please include a clear description of the changes you've made in your pull request.

All pull requests will be reviewed by the maintainers of the project. Feedback may be given and changes requested. Once everything is in order, your pull request will be merged into the main codebase.

We look forward to your contributions and to collaborating with you!

Code of Conduct

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.

We expect all participants in our community to abide by this code of conduct. Please report any unacceptable behavior to the project maintainers.

Thank you for helping us create a positive environment for everyone!

You might also like...
A lightweight and flexible framework to build your tailored blockchain applications.

TRINCI Blockchain Core A lightweight and flexible framework to build your tailored blockchain applications. Requirements The required dependencies to

An open source Rust high performance cryptocurrency trading API with support for multiple exchanges and language wrappers. written in rust(🦀) with ❤️

Les.rs - Rust Cryptocurrency Exchange Library An open source Rust high performance cryptocurrency trading API with support for multiple exchanges and

Crates - A collection of open source Rust crates from iqlusion

iqlusion crates 📦 This repository contains a set of Apache 2.0-licensed packages (a.k.a. "crates") for the Rust programming language, contributed to

Notabena, the pure Rust open-source note-taking app.

Notabena About Notabena is the free and open source note-taking app, written in pure Rust. Features These are our current planned features. (Most feat

An open source, high performance limit order book for the Seaport smart contracts. Implemented in Rust using ethers-rs, this offers a turnkey option for digital asset marketplaces.

Quay Quay is an open source, high performance backend for the Seaport smart contracts. The project is implemented in Rust, using Postgres as a storage

Hyperswitch Card Vault is an open-source sensitive information storage system built on Rust.
Hyperswitch Card Vault is an open-source sensitive information storage system built on Rust.

Tartarus - Rust Locker Overview The Hyperswitch Card Vault (Tartarus) is a highly performant and a secure vault to save sensitive data such as payment

CKB's vm, based on open source RISC-V ISA

Nervos CKB VM About CKB VM CKB VM is a pure software implementation of the RISC-V instruction set used as scripting VM in CKB. Right now it implements

An open source desktop wallet for nano and banano with end-to-end encrypted, on chain messaging using the dagchat protocol.
An open source desktop wallet for nano and banano with end-to-end encrypted, on chain messaging using the dagchat protocol.

An open source wallet with end-to-end encrypted, on chain messaging for nano and banano using the dagchat protocol.

Open-Source Gamestreaming SDK
Open-Source Gamestreaming SDK

RhinoStream SDK OpenSource AppStream SDK aims to be (or GameStream) equivalent of FFMpeg or GStreamer aimed for use by developers. Stats for 2560x1440

Owner
Anand Gokul
NULL
Anand Gokul
An extensible open-source framework for creating private/permissioned blockchain applications

Exonum Status: Project info: Community: Exonum is an extensible open-source framework for creating blockchain applications. Exonum can be used to crea

Exonum 1.2k Jan 1, 2023
HyperCube is a free and open source blockchain project for everyone to use.

XPZ Public Chain HyperCube is a free and open source blockchain project for everyone to use. 日本語 简体中文 正體中文 HyperCube Wiki Wha is HyperCube HyperCube i

null 949 Dec 31, 2022
Outp0st is an open-source UI tool to enable next-level team collaboration on dApp development over Terra blockchain

Outp0st is an open-source UI tool to enable next-level team collaboration on dApp development over Terra blockchain

Genolis 2 May 4, 2022
Tradechain is an open source blockchain designed for fast trading & interoperability for new, existing assets

Tradechain is an open source blockchain designed for fast trading & interoperability for new, existing assets. Help build the future of trading with other Tradians.

Matt Shaver 5 Jul 5, 2022
Web-Scale Blockchain for fast, secure, scalable, decentralized apps and marketplaces.

Building 1. Install rustc, cargo and rustfmt. $ curl https://sh.rustup.rs -sSf | sh $ source $HOME/.cargo/env $ rustup component add rustfmt When buil

Solana Foundation 9.8k Jan 3, 2023
The Decentralized and Scaled Blockchain

Massa: The Decentralized and Scaled Blockchain Massa is a truly decentralized blockchain controlled by thousands of people. With the breakthrough mult

null 1.2k Dec 31, 2022
Polkadex - An Orderbook-based Decentralized Exchange using the Substrate Blockchain Framework.

What is Polkadex? ?? Polkadex is a Open Source, Decentralized Exchange Platform made using Substrate Blockchain Framework that provides traders with t

Polkadex 243 Dec 16, 2022
Open Protocol Indexer, OPI, is the best-in-slot open-source indexing client for meta-protocols on Bitcoin.

OPI - Open Protocol Indexer Open Protocol Indexer, OPI, is the best-in-slot open-source indexing client for meta-protocols on Bitcoin. OPI uses a fork

Best in Slot 33 Dec 16, 2023
Dank - The Internet Computer Decentralized Bank - A collection of Open Internet Services - Including the Cycles Token (XTC)

Dank - The Internet Computer Decentralized Bank Dank is a collection of Open Internet Services for users and developers on the Internet Computer. In t

Psychedelic 56 Nov 12, 2022
The Mullvad VPN client app for desktop and mobile

Mullvad VPN desktop and mobile app Welcome to the Mullvad VPN client app. This repository contains all the source code for the desktop and mobile vers

Mullvad VPN 3k Jan 2, 2023