Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

Overview

yswan

Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

  • Written in Rust with tokio

  • Features

    • client authentication (PAM)
    • client authentication (cert)
    • multiple clients
    • centralized route installing

Building

You can either use cargo directly to build:

cargo build

or run the custom build script (it will copy binaries to ./bin)

./build

Testing

testing

"Gateway" is also serving as DNS on public networks to fake some domains (e.g., gateway.example.net).

# Enter gateway shell
docker-compose exec gateway bash
# Run yswan server
cd /app
./yswan server --tun-inet 10.233.233.1 --key ./pki/gateway/gateway.example.net.key --cert ./pki/gateway/gateway.example.net.pem --cacert ./pki/ca/ca.pem
# Enter client1 shell
docker-compose exec client1 bash
# Run yswan client
./yswan client --connect gateway.example.net --tun-inet 10.233.233.100 --cacert ./pki/ca/ca.pem --cert _ --key _

Some utilities

  • ypki: A small utility to make CA and endpoint certificates by OpenSSL.

    Example usage:

    # Make pki directory
    mkdir -p ./bin/pki
    
    # Generate certificates (+ keypairs) for CA
    mkdir ./pki/ca
    ./ypki ca --outputdir ./bin/pki/ca --cadir ./bin/pki/ca --subject example-ca --days 3650
    
    # Generate certificates (+ keypairs) for servers
    mkdir ./pki/gateway
    ./ypki endpoint --outputdir ./bin/pki/gateway --cadir ./bin/pki/ca --subject gateway.example.net --days 180
  • ytcpdump: Wrapper for docker-compose + tcpdump

    Example usage:

    # Capture ICMP packets involving 10.233.233.1 at "yswan" interface on service "client1"
    ./ytcpdump client1 -i yswan 'icmp and host 10.233.233.1'

    ytcpdump

  • ywireshark: Wireshark wrapper for docker-compose + tcpdump

    This is similar to ytcpdump.

    Example usage:

    # Capture ICMP packets involving 10.233.233.1 at "yswan" interface on service "client1"
    sudo ./ywireshark client1 -i yswan 'icmp and host 10.233.233.1'

    ywireshark

You might also like...
Simple and fast layer 4 proxy in Rust

Fourth 这一波在第四层。 English Fourth是一个Rust实现的Layer 4代理,用于监听指定端口TCP流量,并根据规则转发到指定目标。 功能 监听指定端口代理到本地或远端指定端口 监听指定端口,通过TLS ClientHello消息中的SNI进行分流 安装方法 为了确保获得您架构

Shotover: L7 data-layer proxy
Shotover: L7 data-layer proxy

Shotover: L7 data-layer proxy

An End-to-End Privacy Computing Protocol on Layer 2

Eigen Network Eigen Network is an end-to-end privacy computation network for a better digital economy based on hybrid privacy computation protocols an

Layer 4 load balancer with dynamic configuration loading
Layer 4 load balancer with dynamic configuration loading

Convey Layer 4 load balancer with dynamic configuration loading featuring proxy, passthrough and direct server return modes Features Stats page (at /s

Aggressively reliable delivery layer. Above UDP. Nothing else.
Aggressively reliable delivery layer. Above UDP. Nothing else.

Aggressively reliable delivery layer. Above UDP. Nothing else.

🤖 brwrs is a new protocol running over TCP/IP that is intended to be a suitable candidate for terminal-only servers

brwrs is a new protocol running over TCP/IP that is intended to be a suitable candidate for terminal-only servers (plain text data). That is, although it can be accessed from a browser, brwrs will not correctly interpret the browser's GET request.

Bevy asset loader that transparently supports loading over http(s)

Bevy Web Asset This is a tiny crate that that wraps the standard bevy asset loader, and adds the ability to load assets from http and https urls. Supp

A small utility to wake computers up or put them to sleep over the local network

WKSL - a wake and sleep utility An experiment in writing a small CLI utility in Rust. The program lets you wake a machine on your local network up fro

MQTT over QUIC
MQTT over QUIC

MQuicTT 🚧 This is a pre-alpha project, tread carefully 🚧 A rustlang utility/library for MQTT over QUIC. QUIC allows us to send data over multiple co

Owner
Siger Yang
PGP CFC232F777658A54; INFOSEC@HUST;
Siger Yang
Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.

Phantun A lightweight and fast UDP to TCP obfuscator. Table of Contents Phantun Latest release Overview Usage 1. Enable Kernel IP forwarding 2. Add re

Datong Sun 782 Dec 30, 2022
A super naive, (possibly unreliable), VPN implementation.

Poor Man's VPN A super naive, (possibly unreliable), VPN implementation. Try on Docker Containers You can test the VPN on docker containers. up.sh scr

algon 2 Sep 7, 2022
Simple VPN implemented using rust

fubuki Simple VPN implemented using rust fubuki是类似与tincVPN的简单组网工具 不支持对等NAT 支持的平台: Windows Linux 工作机制 它由一台拥有公网IP的服务器来维持各个内网客户端的实际地址映射,在客户端和客户端之间实现P2P通信

XTY 84 Dec 31, 2022
MASQ Network 121 Dec 20, 2022
A WireGuard UWP VPN plugin.

WireGuard UWP A Universal Windows Platform (UWP) VPN Plug-in for WireGuard® written in Rust. Windows provides a plug-in based model for adding 3rd-par

Luqman Aden 92 Dec 13, 2022
A virtual network tool (or VPN)

switch A virtual network tool (VPN) 将不同网络下的多个设备虚拟到一个局域网下 示例: 在一台mac设备上运行,获取到ip 10.13.0.2: 在另一台windows上运行,获取到ip 10.13.0.3: 此时这两个设备之间就能用ip相互访问了 输入"list"

null 49 Jan 21, 2023
Rosenpass is a formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data.

Rosenpass README This repository contains A description of the Rosenpass protocol The reference implementation of the protocol – the rosenpass tool A

Rosenpass 597 Mar 19, 2023
Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.

TTFB: CLI + Lib to Measure the TTFB of HTTP/1.1 Requests Similar to the network tab in Google Chrome or Mozilla Firefox, this crate helps you find the

Philipp Schuster 24 Dec 1, 2022
Automatic HTTPS certificates for trillium.rs, via Let's Encrypt and ACME tls-alpn-01 challenges

trillium-acme helps you serve HTTPS with Trillium using automatic certificates, via Let’s Encrypt and ACME tls-alpn-01 challenges. To use trillium-acm

Josh Triplett 12 Nov 6, 2023
A proof of concept implementation of RTSP over Dahua P2P protocol.

RTSP Streaming with Dahua P2P Protocol Implementation This is a proof of concept implementation of RTSP over Dahua P2P protocol. It works with Dahua a

null 6 Dec 21, 2023