Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
punchVPN-dansk
Search
Claus Lensbøl
May 13, 2013
Programming
1
240
punchVPN-dansk
Danish walk-through of the punchVPN program
Claus Lensbøl
May 13, 2013
Tweet
Share
Other Decks in Programming
See All in Programming
Lessons by WebAssembly app in production on CDN Edge Computing Service
tetsuharuohzeki
0
210
Scala におけるコンパイラエラーとの付き合い方
chencmd
2
430
LangGraphでのHuman-in-the-Loopの実装
os1ma
3
1.1k
Pythonで改めて考える「クラス(class)」の使いどころ
os1ma
3
870
Kotlin 2.0 and Beyond
antonarhipov
2
150
From Idea to IDE: Developing Plugins for Android Studio
thisaay
1
220
o1モデルのプロンプトエンジニアリングって?
ktc_wada
0
280
Why Prism?
kddnewton
4
1.7k
XStateでReactに秩序を与えたい
gizm000
0
730
Shinjuku.rb#95:心の技術書紹介
free_world21
1
110
開発を加速する共有Swift Package実践
elmetal
PRO
0
420
マルチモジュールにおけるテスト最適化
fxwx23
0
210
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
26
1.9k
Pencils Down: Stop Designing & Start Developing
hursman
119
11k
How to train your dragon (web standard)
notwaldorf
85
5.6k
The Pragmatic Product Professional
lauravandoore
31
6.2k
How to Ace a Technical Interview
jacobian
274
23k
Product Roadmaps are Hard
iamctodd
PRO
48
10k
VelocityConf: Rendering Performance Case Studies
addyosmani
322
23k
How to name files
jennybc
75
98k
Making the Leap to Tech Lead
cromwellryan
128
8.8k
Navigating Team Friction
lara
183
13k
Designing Experiences People Love
moore
138
23k
Optimising Largest Contentful Paint
csswizardry
31
2.8k
Transcript
punchVPN p2p VPN tunneler bag NAT
Facts • Klient - Python3.2 • Server - Python2.7 Kommende
Win32+OSX+UNIX support
Hvad skal det til for? • Sikkerhed • Anonymitet •
Direkte forbindelse
✘ Skidt måde at snakke sammen på A B 3.
part ☠ Forbindelse via 3. part Krypteret eller ukrypteret
✔ God måde at snakke sammen på A B 3.
part ☠ Direkte krypteret forbindelse udenom 3. part
Verdensbillede A B punch VPN Server Internet FW FW
Klient A -> Server A B punch VPN Server Internet
FW FW 1.
Klient B -> Server A B punch VPN Server Internet
FW FW 1. 2.
Klient A <-> Klient B A B punch VPN Server
Internet FW FW 1. 2. 3.
Forbindelsesmetoder A B punch VPN Server Internet FW FW 1.
2. 3. NAT-PMP UPnP-IGD UDP-HolePunch
Hvem kan forbinde? NAT-PMP UPnP-IGD Direct mapping Random mapping NAT-PMP
✔ ✔ ✔ ✔ UPnP-IGD ✔ ✔ ✔ ✔ Direct mapping ✔ ✔ ✔ ✘ Random mapping ✔ ✔ ✘ ✘
[code] punchVPNd/punchVPNd.py:108
NAT-PMP Dynamisk firewall
Hvordan virker det? • Simpel protokol • Apple-Bonjour
Bed om den eksterne IP adresse Data der skal sendes:
0b0000000000000000 Modtaget data: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vers = 0 | OP = 128 + 0 | Result Code (net byte order) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Seconds Since Start of Epoch (in network byte order) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | External IPv4 Address (a.b.c.d) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Revisionerne, det nye def create_payload(self, local_port, external_port, lifetime): return pack('>2B3HI',
0, 1, 0, local_port, external_port, lifetime)
[code] natPMP/natPMP.py:49 natPMP/natPMP.py:70
Greenlets og Gevent Micro threads og long polling
Greenlets • Micro Threading • God scheduling
Gevent • Modul på libevent • Bruger Greenlets • Monkey-patcher
Python • Webserver
Long polling • Lange HTTP(S) kald • Næsten en socket
while(1): new_request_event.wait() if me.peer: msg = {'status': 'READY'} msg = json.dumps(msg) return msg new_request_event.set() new_request_event.clear()
[code] punchVPNd/punchVPNd.py:71 punchVPNd/punchVPNd.py:132
Et eksempel
Server og klient Hvordan hænger det sammen
JSON • Nemt at udvide • Ensartet syntax { "me.VPNaddr"
: "169.254.45.221", "me.mode" : "p2p", "peer.VPNaddr" : "169.254.45.222", "peer.ip" : "130.225.204.238", "peer.lport" : 15544, "status" : "READY" }
Demonstration Ellers er det jo bare en masse ord
UDP hole punching
[demo]
Spørgsmål? • https://github.com/cmol/punchVPN/ • https://twitter.com/lensboel • https://speakerdeck.com/cmol/punchvpn- dansk