Skip to content

aleksipirttimaa/novpn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

NoVPN

This is a proof of concept do not use this for anything that you'd consider requires confidentiality, integrity or some other security property of a VPN.

This project depends on minivpn a native go implementation of the OpenVPN protocol. The authors of minivpn do not consider it safe to use in any real life scenario.


I don't like VPN's. NoVPN is a TCP and UDP proxy that listens on TCP and UDP ports and forwards any connections a remote system over an OpenVPN tunnel. This way I can use remote resources while avoiding having to install intrusive VPN software.

NoVPN wraps minivpn and a go module friendly for of gVisors netstack.

    +------------+
    |            |
    |   Client   |
    |            |  Local client software
    +------------+
           |
           |    <- TCP
           ↓       localhost:8080/tcp
    +-----------+
    |           |
    |   NoVPN   |
    |           |  NoVPN running on the same system
    +-----------+
          | |
          | |    <- OpenVPN Tunnel
          | |
    +------------+
    |            |
    |   OpenVPN  |
    |   Server   |
    |            |  A remote access gateway
    +------------+
           |
           |    <- TCP
           ↓       192.168.1.10:80/tcp
    +------------+
    |            |
    |     Web    |
    |   Server   |
    |            |  The remote destination
    +------------+

Daemonized:

novpn -ovpn my-vpn.ovpn -routes routes.yaml

where routes.yaml is:

routes:
  - listen: ":8080"
    proto: "tcp"
    target: "192.168.1.10:80"

SSH ProxyCommand

in your .ssh/config:

Host my-server
    ProxyCommand novpn -ovpn my-vpn.ovpn -listen - 192.168.1.10:22

or in your .ssh/config:

Host *.my-vpn
    ProxyCommand novpn -ovpn my-vpn.ovpn -ssh-proxy-command-suffix .my-vpn -listen - %h:%p

Build release

go build -o novpn -ldflags="-s -w" .

gVisor is heavy, omit symbols and DWARF.

Known limitations

  • minivpn has limited support for encryption methods and other OpenVPN features
  • netstack will fragment UDP traffic exceeding OpenVPN tunnel MTU in most cases

Releases

No releases published

Packages

 
 
 

Contributors

Languages