This is a proof of concept do not use this for anything that you'd consider requires confidentiality, integrity or some other security property of a VPN.
This project depends on minivpn a native go implementation of the OpenVPN protocol. The authors of minivpn do not consider it safe to use in any real life scenario.
I don't like VPN's. NoVPN is a TCP and UDP proxy that listens on TCP and UDP ports and forwards any connections a remote system over an OpenVPN tunnel. This way I can use remote resources while avoiding having to install intrusive VPN software.
NoVPN wraps minivpn and a go module friendly for of gVisors netstack.
+------------+
| |
| Client |
| | Local client software
+------------+
|
| <- TCP
↓ localhost:8080/tcp
+-----------+
| |
| NoVPN |
| | NoVPN running on the same system
+-----------+
| |
| | <- OpenVPN Tunnel
| |
+------------+
| |
| OpenVPN |
| Server |
| | A remote access gateway
+------------+
|
| <- TCP
↓ 192.168.1.10:80/tcp
+------------+
| |
| Web |
| Server |
| | The remote destination
+------------+
novpn -ovpn my-vpn.ovpn -routes routes.yamlwhere routes.yaml is:
routes:
- listen: ":8080"
proto: "tcp"
target: "192.168.1.10:80"in your .ssh/config:
Host my-server
ProxyCommand novpn -ovpn my-vpn.ovpn -listen - 192.168.1.10:22
or in your .ssh/config:
Host *.my-vpn
ProxyCommand novpn -ovpn my-vpn.ovpn -ssh-proxy-command-suffix .my-vpn -listen - %h:%p
go build -o novpn -ldflags="-s -w" .gVisor is heavy, omit symbols and DWARF.
minivpnhas limited support for encryption methods and other OpenVPN features- netstack will fragment UDP traffic exceeding OpenVPN tunnel MTU in most cases