| … | |
… | |
| 127 | .\} |
127 | .\} |
| 128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
| 129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
| 130 | .\" |
130 | .\" |
| 131 | .IX Title "GVPE 5" |
131 | .IX Title "GVPE 5" |
| 132 | .TH GVPE 5 "2004-06-11" "1.7" "GNU Virtual Private Ethernet" |
132 | .TH GVPE 5 "2005-03-18" "1.8" "GNU Virtual Private Ethernet" |
| 133 | .SH "NAME" |
133 | .SH "NAME" |
| 134 | GNU\-VPE \- Overview of the GNU Virtual Private Ethernet suite. |
134 | GNU\-VPE \- Overview of the GNU Virtual Private Ethernet suite. |
| 135 | .SH "DESCRIPTION" |
135 | .SH "DESCRIPTION" |
| 136 | .IX Header "DESCRIPTION" |
136 | .IX Header "DESCRIPTION" |
| 137 | \&\s-1GVPE\s0 is a suite designed to provide a virtual private network for multiple |
137 | \&\s-1GVPE\s0 is a suite designed to provide a virtual private network for multiple |
| 138 | nodes over an untrusted network. |
138 | nodes over an untrusted network. This document first gives an introduction |
| 139 | .PP |
139 | to VPNs in general and then describes the specific implementation of \s-1GVPE\s0. |
|
|
140 | .Sh "\s-1WHAT\s0 \s-1IS\s0 A \s-1VPN\s0?" |
|
|
141 | .IX Subsection "WHAT IS A VPN?" |
|
|
142 | \&\s-1VPN\s0 is an acronym, it stands for: |
|
|
143 | .IP "\(bu" 4 |
|
|
144 | .IX Xref "Virtual" |
| 140 | \&\*(L"Virtual\*(R" means that no physical network is created (of course), but an |
145 | Virtual means that no physical network is created (of course), but a |
| 141 | ethernet is emulated by creating multiple tunnels between the member |
146 | network is \fIemulated\fR by creating multiple tunnels between the member |
|
|
147 | nodes by encapsulating and sending data over another transport network. |
|
|
148 | .Sp |
|
|
149 | Usually the emulated network is a normal \s-1IP\s0 or Ethernet, and the transport |
|
|
150 | network is the Internet. However, using a \s-1VPN\s0 system like \s-1GVPE\s0 to connect |
|
|
151 | nodes over other untrusted networks such as Wireless \s-1LAN\s0 is not uncommon. |
|
|
152 | .IP "\(bu" 4 |
|
|
153 | .IX Xref "Private" |
|
|
154 | Private means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
|
|
155 | inject (\*(L"spoof\*(R") packets. This means that nodes can be connected over |
|
|
156 | untrusted networks such as the public Internet without fear of being |
|
|
157 | eavesdropped while at the same time being able to trust data sent by other |
| 142 | nodes. |
158 | nodes. |
| 143 | .IX Xref "Virtual" |
159 | .Sp |
| 144 | .PP |
|
|
| 145 | \&\*(L"Private\*(R" means that non-participating nodes cannot decode (\*(L"sniff)\*(R" nor |
|
|
| 146 | inject (\*(L"spoof\*(R") packets. |
|
|
| 147 | .IX Xref "Private" |
|
|
| 148 | .PP |
|
|
| 149 | In the case of gvpe, even participating nodes cannot sniff packets send to |
160 | In the case of \s-1GVPE\s0, even participating nodes cannot sniff packets |
| 150 | other nodes or spoof packets as if sent from other nodes. |
161 | send to other nodes or spoof packets as if sent from other nodes, so |
| 151 | .PP |
162 | communications between any two nodes is private to those two nodes. |
| 152 | \&\*(L"Network\*(R" means that more than two parties can participate in the |
163 | .IP "\(bu" 4 |
| 153 | network, so for instance it's possible to connect multiple branches of a |
|
|
| 154 | company into a single network. Many so-called \*(L"vpn\*(R" solutions only create |
|
|
| 155 | point-to-point tunnels. |
|
|
| 156 | .IX Xref "Network" |
164 | .IX Xref "Network" |
|
|
165 | Network means that more than two parties can participate in the network, |
|
|
166 | so for instance it's possible to connect multiple branches of a company |
|
|
167 | into a single network. Many so-called \*(L"vpn\*(R" solutions only create |
|
|
168 | point-to-point tunnels, which in turn can be used to build larger |
|
|
169 | networks. |
|
|
170 | .Sp |
|
|
171 | \&\s-1GVPE\s0 provides a true multi-point network in wich any number of nodes (at |
|
|
172 | least a few dozen in practise, the theoretical limit is 4095 nodes) can |
|
|
173 | participate. |
| 157 | .Sh "\s-1DESIGN\s0 \s-1GOALS\s0" |
174 | .Sh "\s-1GVPE\s0 \s-1DESIGN\s0 \s-1GOALS\s0" |
| 158 | .IX Subsection "DESIGN GOALS" |
175 | .IX Subsection "GVPE DESIGN GOALS" |
| 159 | .IP "\s-1SIMPLE\s0 \s-1DESIGN\s0" 4 |
176 | .IP "\s-1SIMPLE\s0 \s-1DESIGN\s0" 4 |
| 160 | .IX Item "SIMPLE DESIGN" |
177 | .IX Item "SIMPLE DESIGN" |
| 161 | Cipher, \s-1HMAC\s0 algorithms and other key parameters must be selected |
178 | Cipher, \s-1HMAC\s0 algorithms and other key parameters must be selected |
| 162 | at compile time \- this makes it possible to only link in algorithms |
179 | at compile time \- this makes it possible to only link in algorithms |
| 163 | you actually need. It also makes the crypto part of the source very |
180 | you actually need. It also makes the crypto part of the source very |
| 164 | transparent and easy to inspect. |
181 | transparent and easy to inspect, and last not least this makes it possible |
|
|
182 | to hardcode the layout of all packets into the binary. \s-1GVPE\s0 goes a step |
|
|
183 | further and internally reserves blocks of the same length for all packets, |
|
|
184 | which virtually removes all possibilities of buffer overflows, as there is |
|
|
185 | only a single type of buffer and it's always of fixed length. |
| 165 | .IP "\s-1EASY\s0 \s-1TO\s0 \s-1SETUP\s0" 4 |
186 | .IP "\s-1EASY\s0 \s-1TO\s0 \s-1SETUP\s0" 4 |
| 166 | .IX Item "EASY TO SETUP" |
187 | .IX Item "EASY TO SETUP" |
| 167 | A few lines of config (the config file is shared unmodified between all |
188 | A few lines of config (the config file is shared unmodified between all |
| 168 | hosts) and a single run of \f(CW\*(C`gvpectrl\*(C'\fR to generate the keys suffices to |
189 | hosts) and a single run of \f(CW\*(C`gvpectrl\*(C'\fR to generate the keys suffices to |
| 169 | make it work. |
190 | make it work. |
| … | |
… | |
| 189 | .SH "COMPILETIME CONFIGURATION" |
210 | .SH "COMPILETIME CONFIGURATION" |
| 190 | .IX Header "COMPILETIME CONFIGURATION" |
211 | .IX Header "COMPILETIME CONFIGURATION" |
| 191 | Please have a look at the \f(CW\*(C`gvpe.osdep(5)\*(C'\fR manpage for platform-specific |
212 | Please have a look at the \f(CW\*(C`gvpe.osdep(5)\*(C'\fR manpage for platform-specific |
| 192 | information. |
213 | information. |
| 193 | .PP |
214 | .PP |
| 194 | Here are a few recipes for compiling your gvpe: |
215 | Here are a few recipes for compiling your gvpe, showing the extremes |
|
|
216 | (fast, small, insecure \s-1OR\s0 slow, large, more secure), between you should |
|
|
217 | choose: |
| 195 | .Sh "\s-1AS\s0 \s-1LOW\s0 \s-1PACKET\s0 \s-1OVERHEAD\s0 \s-1AS\s0 \s-1POSSIBLE\s0" |
218 | .Sh "\s-1AS\s0 \s-1LOW\s0 \s-1PACKET\s0 \s-1OVERHEAD\s0 \s-1AS\s0 \s-1POSSIBLE\s0" |
| 196 | .IX Subsection "AS LOW PACKET OVERHEAD AS POSSIBLE" |
219 | .IX Subsection "AS LOW PACKET OVERHEAD AS POSSIBLE" |
| 197 | .Vb 1 |
220 | .Vb 1 |
| 198 | \& ./configure --enable-hmac-length=4 --enable-rand-length=0 |
221 | \& ./configure --enable-hmac-length=4 --enable-rand-length=0 |
| 199 | .Ve |
222 | .Ve |
| 200 | .PP |
223 | .PP |
| 201 | Minimize the header overhead of \s-1VPN\s0 packets (the above will result in only |
224 | Minimize the header overhead of \s-1VPN\s0 packets (the above will result in |
| 202 | 4 bytes of overhead over the raw ethernet frame). |
225 | only 4 bytes of overhead over the raw ethernet frame). This is a insecure |
|
|
226 | configuration because a \s-1HMAC\s0 length of 4 makes collision attacks based on |
|
|
227 | the birthday paradox easy, though. |
| 203 | .Sh "\s-1MINIMIZE\s0 \s-1CPU\s0 \s-1TIME\s0 \s-1REQUIRED\s0" |
228 | .Sh "\s-1MINIMIZE\s0 \s-1CPU\s0 \s-1TIME\s0 \s-1REQUIRED\s0" |
| 204 | .IX Subsection "MINIMIZE CPU TIME REQUIRED" |
229 | .IX Subsection "MINIMIZE CPU TIME REQUIRED" |
| 205 | .Vb 1 |
230 | .Vb 1 |
| 206 | \& ./configure --enable-cipher=bf --enable-digest=md4 |
231 | \& ./configure --enable-cipher=bf --enable-digest=md4 |
| 207 | .Ve |
232 | .Ve |
| 208 | .PP |
233 | .PP |
| 209 | Use the fastest cipher and digest algorithms currently available in gvpe. |
234 | Use the fastest cipher and digest algorithms currently available in |
|
|
235 | gvpe. \s-1MD4\s0 has been broken and is quite insecure, though. |
| 210 | .Sh "\s-1MAXIMIZE\s0 \s-1SECURITY\s0" |
236 | .Sh "\s-1MAXIMIZE\s0 \s-1SECURITY\s0" |
| 211 | .IX Subsection "MAXIMIZE SECURITY" |
237 | .IX Subsection "MAXIMIZE SECURITY" |
| 212 | .Vb 1 |
238 | .Vb 1 |
| 213 | \& ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 |
239 | \& ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 |
| 214 | .Ve |
240 | .Ve |
| 215 | .PP |
241 | .PP |
| 216 | This uses a 16 byte \s-1HMAC\s0 checksum to authenticate packets (I guess 8\-12 |
242 | This uses a 16 byte \s-1HMAC\s0 checksum to authenticate packets (I guess 8\-12 |
| 217 | would also be pretty secure ;) and will additionally prefix each packet |
243 | would also be pretty secure ;) and will additionally prefix each packet |
| 218 | with 8 bytes of random data. |
244 | with 8 bytes of random data. In the long run, people should move to |
|
|
245 | \&\s-1SHA\-224\s0 and beyond, but support in openssl is missing as of writing this |
|
|
246 | document. |
| 219 | .PP |
247 | .PP |
| 220 | In general, remember that \s-1AES\-128\s0 seems to be more secure and faster than |
248 | In general, remember that \s-1AES\-128\s0 seems to be more secure and faster than |
| 221 | \&\s-1AES\-192\s0 or \s-1AES\-256\s0, more randomness helps against sniffing and a longer |
249 | \&\s-1AES\-192\s0 or \s-1AES\-256\s0, more randomness helps against sniffing and a longer |
| 222 | \&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1\s0 or \s-1RIPEMD160\s0 are |
250 | \&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1\s0 or \s-1RIPEMD160\s0 are |
| 223 | better, and Blowfish is a fast cipher (and also quite secure). |
251 | better, and Blowfish is a fast cipher (and also quite secure). |
| … | |
… | |
| 338 | inittab, as is recommended, \f(CW\*(C`gvpectrl \-k\*(C'\fR (or simply \f(CW\*(C`killall gvpe\*(C'\fR) will |
366 | inittab, as is recommended, \f(CW\*(C`gvpectrl \-k\*(C'\fR (or simply \f(CW\*(C`killall gvpe\*(C'\fR) will |
| 339 | kill the daemon, start it again, making it read it's configuration files |
367 | kill the daemon, start it again, making it read it's configuration files |
| 340 | again. |
368 | again. |
| 341 | .SH "SEE ALSO" |
369 | .SH "SEE ALSO" |
| 342 | .IX Header "SEE ALSO" |
370 | .IX Header "SEE ALSO" |
| 343 | \&\fIgvpe.osdep\fR\|(5) for OS-depedendent information, \fIgvpe.conf\fR\|(5), \fIgvpectrl\fR\|(8), and |
371 | \&\fIgvpe.osdep\fR\|(5) for OS-depedendent information, \fIgvpe.conf\fR\|(5), \fIgvpectrl\fR\|(8), |
| 344 | for a description of the protocol and routing algorithms, \fIgvpe.protocol\fR\|(7). |
372 | and for a description of the transports, protocol, and routing algorithm, |
|
|
373 | \&\fIgvpe.protocol\fR\|(7). |
|
|
374 | .PP |
|
|
375 | The \s-1GVPE\s0 mailinglist, at <http://lists.schmorp.de/>, or |
|
|
376 | \&\f(CW\*(C`gvpe@lists.schmorp.de\*(C'\fR. |
| 345 | .SH "AUTHOR" |
377 | .SH "AUTHOR" |
| 346 | .IX Header "AUTHOR" |
378 | .IX Header "AUTHOR" |
| 347 | Marc Lehmann <gvpe@plan9.de> |
379 | Marc Lehmann <gvpe@schmorp.de> |
| 348 | .SH "COPYRIGHTS AND LICENSES" |
380 | .SH "COPYRIGHTS AND LICENSES" |
| 349 | .IX Header "COPYRIGHTS AND LICENSES" |
381 | .IX Header "COPYRIGHTS AND LICENSES" |
| 350 | \&\s-1GVPE\s0 itself is distributed under the \s-1GENERAL\s0 \s-1PUBLIC\s0 \s-1LICENSE\s0 (see the file |
382 | \&\s-1GVPE\s0 itself is distributed under the \s-1GENERAL\s0 \s-1PUBLIC\s0 \s-1LICENSE\s0 (see the file |
| 351 | \&\s-1COPYING\s0 that should be part of your distribution). |
383 | \&\s-1COPYING\s0 that should be part of your distribution). |
| 352 | .PP |
384 | .PP |
