--- gvpe/doc/gvpe.5.pod 2005/01/27 06:58:48 1.3 +++ gvpe/doc/gvpe.5.pod 2005/02/22 23:00:57 1.5 @@ -5,34 +5,52 @@ =head1 DESCRIPTION GVPE is a suite designed to provide a virtual private network for multiple -nodes over an untrusted network. +nodes over an untrusted network. This document first gives an introduction +to VPNs in general and then describes the specific implementation of GVPE. + +=head2 WHAT IS A VPN? + +VPN is an acronym, it stands for: =over 4 =item X -Virtual means that no physical network is created (of course), but an -ethernet is emulated by creating multiple tunnels between the member -nodes. +Virtual means that no physical network is created (of course), but a +network is I by creating multiple tunnels between the member +nodes by encapsulating and sending data over another transport network. + +Usually the emulated network is a normal IP or Ethernet, and the transport +network is the Internet. However, using a VPN system like GVPE to connect +nodes over other untrusted networks such as Wireless LAN is not uncommon. =item X Private means that non-participating nodes cannot decode ("sniff)" nor -inject ("spoof") packets. +inject ("spoof") packets. This means that nodes can be connected over +untrusted networks such as the public Internet without fear of being +eavesdropped while at the same time being able to trust data sent by other +nodes. -In the case of gvpe, even participating nodes cannot sniff packets send to -other nodes or spoof packets as if sent from other nodes. +In the case of GVPE, even participating nodes cannot sniff packets +send to other nodes or spoof packets as if sent from other nodes, so +communications between any two nodes is private to those two nodes. =item X Network means that more than two parties can participate in the network, so for instance it's possible to connect multiple branches of a company into a single network. Many so-called "vpn" solutions only create -point-to-point tunnels. +point-to-point tunnels, which in turn can be used to build larger +networks. + +GVPE provides a true multi-point network in wich any number of nodes (at +least a few dozen in practise, the theoretical limit is 4095 nodes) can +participate. =back -=head2 DESIGN GOALS +=head2 GVPE DESIGN GOALS =over 4 @@ -41,7 +59,11 @@ Cipher, HMAC algorithms and other key parameters must be selected at compile time - this makes it possible to only link in algorithms you actually need. It also makes the crypto part of the source very -transparent and easy to inspect. +transparent and easy to inspect, and last not least this makes it possible +to hardcode the layout of all packets into the binary. GVPE goes a step +further and internally reserves blocks of the same length for all packets, +which virtually removes all possibilities of buffer overflows, as there is +only a single type of buffer and it's always of fixed length. =item EASY TO SETUP @@ -83,20 +105,25 @@ Please have a look at the C manpage for platform-specific information. -Here are a few recipes for compiling your gvpe: +Here are a few recipes for compiling your gvpe, showing the extremes +(fast, small, insecure OR slow, large, more secure), between you should +choose: =head2 AS LOW PACKET OVERHEAD AS POSSIBLE ./configure --enable-hmac-length=4 --enable-rand-length=0 -Minimize the header overhead of VPN packets (the above will result in only -4 bytes of overhead over the raw ethernet frame). +Minimize the header overhead of VPN packets (the above will result in +only 4 bytes of overhead over the raw ethernet frame). This is a insecure +configuration because a HMAC length of 4 makes collision attacks based on +the birthday paradox easy, though. =head2 MINIMIZE CPU TIME REQUIRED ./configure --enable-cipher=bf --enable-digest=md4 -Use the fastest cipher and digest algorithms currently available in gvpe. +Use the fastest cipher and digest algorithms currently available in +gvpe. MD4 has been broken and is quite insecure, though. =head2 MAXIMIZE SECURITY