You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2020-05-28 09:10:55
- angt
- Member
- From: Paris
- Registered: 2020-05-25
- Posts: 10
- Website
glorytun - Multipath UDP tunnel
Hello 
Glorytun is a point-to-point VPN, its main purpose is to allows you to aggregate many links (xDSL, fiber, 3G/4G,...) into a virtual one.
It's available on AUR: https://aur.archlinux.org/packages/glorytun.
Sources are here: https://github.com/angt/glorytun (if you want to build it from github, use the stable branch)
key features:
Fast and highly secure
Glorytun uses a new and very fast AEAD construction called AEGIS-256 if AES-NI is available otherwise ChaCha20-Poly1305 is used. Of course, you can force the use of ChaCha20-Poly1305 for higher security. All messages are encrypted, authenticated and timestamped to mitigate a large set of attacks. This implies that the client and the server must be synchronized, an offset of 10min is accepted by default. Perfect forward secrecy is also implemented with ECDH over Curve25519. Keys are rotated every hours.Multipath and failover
Connectivity is now crucial, especially in the SD-WAN world. This feature allows a TCP connection (and all other protocols) to explore and exploit all available links without being disconnected. Aggregation should work on all conventional links. Only very high latency (+500ms) links are not recommended for now. Backup paths are also supported, they will be used only in case of emergency, it is useful when aggregation is not your priority.Traffic shaping
Shaping is very important in network, it allows to keep a low latency without sacrificing the bandwidth. It also helps the multipath scheduler to make better decisions. Currently it must be configured by hand, but soon Glorytun will do it for you.Path MTU discovery without ICMP
Bad MTU configuration is a very common problem in the world of VPN. As it is critical, Glorytun will try to setup it correctly by guessing its value. It doesn't rely on Next-hop MTU to avoid ICMP black holes. In asymmetric situations the minimum MTU is selected.
For your first steps you can look at the wiki: https://github.com/angt/glorytun/wiki/Mini-HowTo.
A Dockerfile is available to help configure the server side: https://github.com/angt/mudock.
Hope this post will help to make it better, through your recommendations 
Last edited by angt (2020-05-28 09:11:12)
Offline
#2 2020-05-28 11:04:29
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,282
Re: glorytun - Multipath UDP tunnel
Interesting... name.
Offline
#3 2020-05-28 11:08:24
- schard
- Forum Moderator
- From: Hannover
- Registered: 2016-05-06
- Posts: 1,972
- Website
Re: glorytun - Multipath UDP tunnel
Yeah, I wonder how one would call the ingress point.
Other than that, interesting project. I may look into it on the upcoming weekend.
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
Pages: 1