The Bhojpur VPN is a decentralized, virtual private networking system applied within the
Bhojpur.NET Platform for delivery of distributed
applications or services. It uses libp2p to build private decentralized networks that
could be accessed via shared secrets.
It can:
-
Create a VPN : Secure VPN between P2P peers
- Automatically assign IPs to nodes
- Embedded tiny DNS server to resolve internal/external IPs
- Create trusted zones to prevent network access if token is leaked
-
Act as a reverse Proxy : Share a TCP service. The Bhojpur VPN let exposes TCP services to the P2P network nodes without establishing a VPN connection: creates reverse proxy and tunnels traffic into the P2P network.
-
Send files via P2P : Send files over P2P between nodes without establishing a VPN connection.
-
Be used as a library: Plug a distributed P2P ledger easily in your project!
Download the precompiled static release in the releases page. You can either install it in your system or just run it.
The Bhojpur VPN works by generating tokens (or, a configuration file) that can be shared between different machines, hosts, or peers to access to a decentralized secured network between them. Every token is unique and identifies the network, no central server setup, or specifying hosts IP is required.
To generate a config run:
# Generate a new config file and use it later as BHOJPUR_VPN_CONFIG
$ vpnsvr -g > config.yamlor, to generate a portable token:
$ BHOJPUR_VPN_TOKEN=$(vpnsvr -g -b)NOTE: Tokens are config merely encoded in base64, so this is equivalent:
$ BHOJPUR_VPN_TOKEN=$(vpnsvr -g | tee config.yaml | base64 -w0)All Bhojpur VPN commands implies that you either specify a BHOJPUR_VPN_TOKEN
(--token as parameter) or a BHOJPUR_VPN_CONFIG as this is the way for vpnsvr
to establish a network between the nodes.
The configuration file is the network definition and allows you to connect over to your peers securely.
Warning Exposing this file or passing-it by is equivalent to give full control to the network.
To start the VPN, simply run vpnsvr without any argument.
An example of running Bhojpur VPN on multiple hosts:
# on Node A
$ BHOJPUR_VPN_TOKEN=.. vpnsvr --address 10.1.0.11/24
# on Node B
$ BHOJPUR_VPN_TOKEN=.. vpnsvr --address 10.1.0.12/24
# on Node C ...
$ BHOJPUR_VPN_TOKEN=.. vpnsvr --address 10.1.0.13/24
...... and that's it! the --address is a virtual unique IP for each node, and it
is actually the IP, where the node will be reachable to from the VPN. You can assign
IPs freely to the nodes of the network, while you can override the default
bhojpurvpn0 interface with IFACE (or --interface)
NOTE: It might take up time to build the connection between nodes. Wait at least 5 mins, it depends on the network behind the hosts.
Use Case: Bhojpur DCP test cluster
Let's say you are developing something for the Kubernetes and you would like to a multi-node setup, but you have machines available only behind NAT; and, you would really like to leverage hardware.
-
Generate
Bhojpur VPNconfig:vpnsvr -g > vpn.yaml -
Start the VPN:
on node A:
sudo IFACE=bhojpurvpn0 ADDRESS=10.1.0.3/24 BHOJPUR_VPN_CONFIG=vpn.yml vpnsvron node B:
sudo IFACE=bhojpurvpn0 ADDRESS=10.1.0.4/24 BHOJPUR_VPN_CONFIG=vpm.yml vpnsvr -
Start Bhojpur DCP:
on node A:
dcp server --flannel-iface=bhojpurvpn0on node B:
DCP_URL=https://10.1.0.3:6443 DCP_TOKEN=xx dcp agent --flannel-iface=bhojpurvpn0 --node-ip 10.10.4
We have used flannel here, but other CNI should work as well.
Don't miss out Bhojpur OS, which is a Linux derivative
built on top of Bhojpur DCP and Bhojpur VPN for automatic
node discovery!
The Bhojpur VPN could be used as a library. It is very portable and offers a functional
interface. To join a node in a network from a token, without starting the VPN:
import (
node "github.com/bhojpur/vpn/pkg/node"
)
e := node.New(
node.Logger(l),
node.LogLevel(log.LevelInfo),
node.MaxMessageSize(2 << 20),
node.FromBase64( mDNSEnabled, DHTEnabled, token ),
// ....
)
e.Start(ctx)or, to start a Bhojpur VPN:
import (
vpn "github.com/bhojpur/vpn/pkg/engine"
node "github.com/bhojpur/vpn/pkg/node"
)
opts, err := vpn.Register(vpnOpts...)
if err != nil {
return err
}
e := vpn.New(append(o, opts...)...)
e.Start(ctx)If during bootstrap you see messages like:
vpnsvr[3679]: * [/ip4/104.131.131.82/tcp/4001] failed to negotiate stream multiplexer: context deadline exceeded or,
vpnsvr[9971]: 2021/12/16 20:56:34 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB)or, generally experiencing poor network performance, it is recommended to increase the maximum buffer size by running:
$ sysctl -w net.core.rmem_max=2500000