Rosenpass is a formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data.

Overview

Rosenpass README

Nix QC crates.io Libraries.io dependency status for latest release

This repository contains

  1. A description of the Rosenpass protocol
  2. The reference implementation of the protocol – the rosenpass tool
  3. A frontend integrating Rosenpass and WireGuard to create a vpn – the rp frontend
  4. Security analysis of the protocol using proverif

Getting started

First, install rosenpass. Then, check out the help funtions of rp & rosenpass:

rp help
rosenpass help

Follow quickstart instructions to get a VPN up and running.

Software architecture

The rosenpass tool is written in Rust and uses liboqs1 and libsodium2. The tool establishes a symmetric key and provides it to WireGuard. Since it supplies WireGuard with key through the PSK feature using Rosenpass+WireGuard is cryptographically no less secure than using WireGuard on its own ("hybrid security"). Rosenpass refreshes the symmetric key every two minutes.

As with any application a small risk of critical security issues (such as buffer overflows, remote code execution) exists; the Rosenpass application is written in the Rust programming language which is much less prone to such issues. Rosenpass can also write keys to files instead of supplying them to WireGuard With a bit of scripting the stand alone mode of the implementation can be used to run the application in a Container, VM or on another host. This mode can also be used to integrate tools other than WireGuard with Rosenpass.

The rp tool written in bash makes it easy to create a VPN using WireGuard and Rosenpass.

rp is easy to get started with but has a few drawbacks; it runs as root, demanding access to both WireGuard and Rosenpass private keys, takes control of the interface and works with exactly one interface. If you do not feel confident about running Rosenpass as root, you should use the stand-alone mode to create a more secure setup using containers, jails, or virtual machines.

Networking & ports

rp allocates two UDP ports; if port N is specified for rosenpass, it will allocate port N+1 for WireGuard.

Like WireGuard, Rosenpass does not enforce any separation between clients and servers. If you do not specify the listen option, Rosenpass and WireGuard will choose random ports; this is client mode. If you do not specify endpoint, Rosenpass will not try to connect to the peer and instead wait for connections from peers. This is server mode. You may specify both. Leaving out both is not forbidden but also not very useful.

Security analysis

We are working on a cryptographic proof of security, but we already provide a symbolic analysis using proverif as part of the software package. You can run the security analysis using the nix package manager which handles installing the dependencies or you can call the ./analyze.sh script directly. In this case, you need to ensure that proverif, graphviz, awk, and cpp are installed on your system.

   (nix) $ nix build .#proof-proverif --print-build-logs
(manual) $ ./analyze.sh

The analysis is implemented according to modern software engineering principles: Using the C preprocessor, we where able to split the analysis into multiple files and uses some metaprogramming to avoid repetition. The code uses a variety of optimizations to speed up analysis such as using secret functions to model trusted/malicious setup. We split the model into two separate entry points which can be analyzed in parallel. Each is much faster than both models combined. A wrapper script provides instant feedback about which queries execute as expected in color: A red cross if a query fails and a green check if it succeeds.

Getting Rosenpass

Rosenpass is packaged for more and more distros, maybe also for the distro of your choice?

Packaging status

Supported by

Funded through NLNet with financial support for the European Commission's NGI Assure program.

Footnotes

  1. https://openquantumsafe.org/liboqs/

  2. https://doc.libsodium.org/

You might also like...
A Prometheus exporter for WireGuard

wireguard_exporter An asynchronous Prometheus exporter for wireguard wireguard_exporter runs wg show [..] and scrapes the output to build Prometheus m

WireGuard front for mitmproxy (WIP)
WireGuard front for mitmproxy (WIP)

mitmguard work-in-progress WireGuard front for mitmproxy Architecture DONE multi-threaded / asynchronous WireGuard server using tokio: one worker thre

WireGuard frontend for mitmproxy (WIP)
WireGuard frontend for mitmproxy (WIP)

mitmproxy_wireguard Transparently proxy any device that can be configured as a WireGuard client! Work-In-Progress. Architecture DONE multi-threaded /

Rust utility crate for parsing, encoding and generating x25519 keys used by WireGuard

WireGuard Keys This is a utility crate for parsing, encoding and generating x25519 keys that are used by WireGuard. It exports custom types that can b

WireGuard gateway with SNI for portable connectivity.

Gateway This is a daemon that controls gateway servers. Gateway servers are servers that fulfil three major purposes: facilitating connectivity betwee

User-space Wireguard gateway allowing sharing network connection from environment where usual routing rules are inaccessible.

wgslirpy A command line tool (and a Rust library) for accepting incoming connections within a Wireguard link and routing them to external network usin

Tachyon is a performant and highly parallel reliable udp library that uses a nack based model

Tachyon Tachyon is a performant and highly parallel reliable udp library that uses a nack based model. Strongly reliable Reliable fragmentation Ordere

📊 Collect cloud usage data, so that it can be combined with impact data of Boavizta API.
📊 Collect cloud usage data, so that it can be combined with impact data of Boavizta API.

cloud-scanner Collect aws cloud usage data, so that it can be combined with impact data of Boavizta API. ⚠ Very early Work in progress ! At the moment

Easily share data between terminal windows!
Easily share data between terminal windows!

abra A tool that makes data sharing between terminal windows easy. abra can be used for displaying info about the current working directory, for split

Comments
  • Should support unbundling liboqs and others

    Should support unbundling liboqs and others

    For packaging this project in distributions, dependencies on C and C++ libraries should have the option to unbundle them. This enables distributions to find and fix bugs in these dependencies.

    opened by clausecker 5
  • Support for absolute paths in rp

    Support for absolute paths in rp

    The rp shell script parses directories using skdir="${1/\//}", likely to make sure the directory name does not contain a trailing slash.

    It evades me how I overlooked, that this would prohibit the use of actual paths.

    bug 
    opened by koraa 0
  • OpenBSD support

    OpenBSD support

    I tried following this setup: https://rosenpass.eu/#start

    Server: 192.168.2.107/24

    rp exchange 192.168.2.107-sec dev rosenpass0 listen 192.168.2.107:9999 peer 192.168.2.106-pub allowed-ips 192.168.123.0/24
    

    Client: 192.168.2.106/24

    rp exchange 192.168.2.106-sec dev rosenpass0 peer 192.168.2.107-pub endpoint 192.168.2.107:9999 allowed-ips 192.168.123.0/24
    

    However, I am getting this output from the client:

    [2023-03-14T20:59:57Z ERROR rosenpass] unexpected error after processing 0 messages: Address family not supported by protocol family (os error 47) disabled backtrace
    [2023-03-14T20:59:57Z ERROR rosenpass] reinitializing networking in 0.01! 10 tries left.
    [2023-03-14T20:59:57Z ERROR rosenpass] unexpected error after processing 0 messages: Address family not supported by protocol family (os error 47) disabled backtrace
    [2023-03-14T20:59:57Z ERROR rosenpass] reinitializing networking in 0.02! 9 tries left.
    [2023-03-14T20:59:58Z ERROR rosenpass] unexpected error after processing 0 messages: Address family not supported by protocol family (os error 47) disabled backtrace
    [2023-03-14T20:59:58Z ERROR rosenpass] reinitializing networking in 0.04! 8 tries left.
    [2023-03-14T20:59:59Z ERROR rosenpass] unexpected error after processing 0 messages: Address family not supported by protocol family (os error 47) disabled backtrace
    [2023-03-14T20:59:59Z ERROR rosenpass] reinitializing networking in 0.08! 7 tries left.
    ...
    

    To my understanding this is because the socket the rosenpass binary is using for sendig is somehow bound for IPv6:

     98150 rosenpass CALL  socket(AF_INET6,0x8002,0)
     98150 rosenpass RET   socket 3
     98150 rosenpass CALL  bind(3,0x7f7ffffd19a8,28)
     98150 rosenpass STRU  struct sockaddr { AF_INET6, [::]:0 }
     98150 rosenpass RET   bind 0
    ...
     98150 rosenpass CALL  sendto(3,0x7f7ffffd24b0,0x444,0x400,0x7f7ffffd1a30,0x10)
     98150 rosenpass STRU  struct sockaddr { AF_INET, 192.168.2.107:9999 }
     98150 rosenpass RET   sendto -1 errno 47 Address family not supported by protocol family
     98150 rosenpass CALL  write(2,0x878b524c500,0xd9)
     98150 rosenpass GIO   fd 2 wrote 217 bytes
           "\^[[0m\^[[38;5;8m[\^[[0m2023-03-14T20:59:57Z \^[[0m\^[[1m\^[[31mERROR\
            \^[[0m rosenpass\^[[0m\^[[38;5;8m]\^[[0m unexpected error after proces\
            sing 0 messages: Address family not supported by protocol family (os e\
            rror 47) disabled backtrace
           "
     98150 rosenpass RET   write 217/0xd9
     98150 rosenpass CALL  write(2,0x878b524c500,0x8c)
     98150 rosenpass GIO   fd 2 wrote 140 bytes
           "\^[[0m\^[[38;5;8m[\^[[0m2023-03-14T20:59:57Z \^[[0m\^[[1m\^[[31mERROR\
            \^[[0m rosenpass\^[[0m\^[[38;5;8m]\^[[0m reinitializing networking in \
            0.01! 10 tries left.
           "
    
    This unwrap_or makes the socket IPv6 since `listen` is not set for the client.

    To fix this, the client should bind a v4 socket too and depending on endpoint it should use that socket for sending. Alternatively it could just try the v4 socket in case the v6 one failed.

    I will look into implementing that but I have little knowledge on rust.

    https://github.com/rosenpass/rosenpass/blob/main/src/main.rs#L356 Adding listen for the client makes it work with IPv4.


    Because the client is trying to send via an IPv6 socket, I tried just using IPv6 to connect to the server:

    Server:

    rp exchange 192.168.2.107-sec dev rosenpass0 listen fe80::fce1:bbff:fed1:3a06%vio0:9999 peer 192.168.2.106-pub allowed-ips 192.168.123.0/24
    

    Client:

    rp exchange 192.168.2.106-sec dev rosenpass0 peer 192.168.2.107-pub endpoint fe80::fce1:bbff:fed1:3a06%vio0:9999 allowed-ips 192.168.123.0/24
    

    Now everything works, I can assign IP addresses to the wg/rosenpass interfaces and ping through them.

    I had to adjust the rp script sligthly to make it work with OpenBSD, but I did not add any changes to the rosenpass binary: https://github.com/moritzbuhl/mystuff/tree/master/net/rosenpass

    opened by moritzbuhl 6
  • rp script is Linux only

    rp script is Linux only

    The rp script requires the Linux-only ip command and seems to be very specific to the Linux implementation of Wireguard. It will not work on FreeBSD and others. For the FreeBSD port, I'll probably have to rewrite it somewhat.

    enhancement 
    opened by clausecker 1
wireguard tool to manage / generate configuration. Maintain one yaml configuration file to quickly build wireguard network.

wgx wireguard tool to manage / generate configuration. Maintain one yaml configuration file to quickly build wireguard network. Usage wgx --h USAGE:

yinheli 6 Nov 3, 2022
A private network system that uses WireGuard under the hood.

innernet A private network system that uses WireGuard under the hood. See the announcement blog post for a longer-winded explanation. innernet is simi

Tonari, Inc 4.1k Dec 29, 2022
A µTP (Micro/uTorrent Transport Library) library implemented in Rust

rust-utp A Micro Transport Protocol library implemented in Rust. API documentation Overview The Micro Transport Protocol is a reliable transport proto

Ricardo Martins 134 Dec 11, 2022
🥧 Savoury implementation of the QUIC transport protocol and HTTP/3

quiche is an implementation of the QUIC transport protocol and HTTP/3 as specified by the IETF. It provides a low level API for processing QUIC packet

Cloudflare 7.1k Jan 8, 2023
Simple VPN implemented using rust

fubuki Simple VPN implemented using rust fubuki是类似与tincVPN的简单组网工具 不支持对等NAT 支持的平台: Windows Linux 工作机制 它由一台拥有公网IP的服务器来维持各个内网客户端的实际地址映射,在客户端和客户端之间实现P2P通信

XTY 84 Dec 31, 2022
MASQ Network 121 Dec 20, 2022
A super naive, (possibly unreliable), VPN implementation.

Poor Man's VPN A super naive, (possibly unreliable), VPN implementation. Try on Docker Containers You can test the VPN on docker containers. up.sh scr

algon 2 Sep 7, 2022
Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

Siger Yang 2 Jun 7, 2022
A virtual network tool (or VPN)

switch A virtual network tool (VPN) 将不同网络下的多个设备虚拟到一个局域网下 示例: 在一台mac设备上运行,获取到ip 10.13.0.2: 在另一台windows上运行,获取到ip 10.13.0.3: 此时这两个设备之间就能用ip相互访问了 输入"list"

null 49 Jan 21, 2023
A cross-platform, user-space WireGuard port-forwarder that requires no system network configurations.

Cross-platform, user-space WireGuard port-forwarder that requires no system network configurations.

Aram Peres 629 Jan 4, 2023