Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
punchVPN-dansk
Search
Claus Lensbøl
May 13, 2013
Programming
1
240
punchVPN-dansk
Danish walk-through of the punchVPN program
Claus Lensbøl
May 13, 2013
Tweet
Share
Other Decks in Programming
See All in Programming
❄️ tmux-nixの実装を通して学ぶNixOSモジュール
momeemt
1
120
Language Server と喋ろう – TSKaigi 2025
pizzacat83
2
670
複数アプリケーションを育てていくための共通化戦略
irof
3
770
コードに語らせよう――自己ドキュメント化が内包する楽しさについて / Let the Code Speak
nrslib
5
1.1k
iOSアプリ開発もLLMで自動運転する
hiragram
6
2.2k
當開發遇上包裝:AI 如何讓產品從想法變成商品
clonn
0
2.6k
ワンバイナリWebサービスのススメ
mackee
10
7.5k
〜可視化からアクセス制御まで〜 BigQuery×Looker Studioで コスト管理とデータソース認証制御する方法
cuebic9bic
2
270
What Spring Developers Should Know About Jakarta EE
ivargrimstad
1
620
DevDay2025-OracleDatabase-kernel-addressing-history
oracle4engineer
PRO
7
1.6k
primeNumberでのRBS導入の現在 && RBS::Traceでinline RBSを拡充してみた
mnmandahalf
0
260
TypeScriptのmoduleオプションを改めて整理する
bicstone
4
430
Featured
See All Featured
Fireside Chat
paigeccino
37
3.5k
GraphQLとの向き合い方2022年版
quramy
46
14k
Practical Orchestrator
shlominoach
188
11k
GitHub's CSS Performance
jonrohan
1031
460k
Six Lessons from altMBA
skipperchong
28
3.8k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
750
Building Applications with DynamoDB
mza
95
6.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
35
2.7k
Statistics for Hackers
jakevdp
799
220k
Bash Introduction
62gerente
614
210k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Transcript
punchVPN p2p VPN tunneler bag NAT
Facts • Klient - Python3.2 • Server - Python2.7 Kommende
Win32+OSX+UNIX support
Hvad skal det til for? • Sikkerhed • Anonymitet •
Direkte forbindelse
✘ Skidt måde at snakke sammen på A B 3.
part ☠ Forbindelse via 3. part Krypteret eller ukrypteret
✔ God måde at snakke sammen på A B 3.
part ☠ Direkte krypteret forbindelse udenom 3. part
Verdensbillede A B punch VPN Server Internet FW FW
Klient A -> Server A B punch VPN Server Internet
FW FW 1.
Klient B -> Server A B punch VPN Server Internet
FW FW 1. 2.
Klient A <-> Klient B A B punch VPN Server
Internet FW FW 1. 2. 3.
Forbindelsesmetoder A B punch VPN Server Internet FW FW 1.
2. 3. NAT-PMP UPnP-IGD UDP-HolePunch
Hvem kan forbinde? NAT-PMP UPnP-IGD Direct mapping Random mapping NAT-PMP
✔ ✔ ✔ ✔ UPnP-IGD ✔ ✔ ✔ ✔ Direct mapping ✔ ✔ ✔ ✘ Random mapping ✔ ✔ ✘ ✘
[code] punchVPNd/punchVPNd.py:108
NAT-PMP Dynamisk firewall
Hvordan virker det? • Simpel protokol • Apple-Bonjour
Bed om den eksterne IP adresse Data der skal sendes:
0b0000000000000000 Modtaget data: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vers = 0 | OP = 128 + 0 | Result Code (net byte order) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Seconds Since Start of Epoch (in network byte order) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | External IPv4 Address (a.b.c.d) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Revisionerne, det nye def create_payload(self, local_port, external_port, lifetime): return pack('>2B3HI',
0, 1, 0, local_port, external_port, lifetime)
[code] natPMP/natPMP.py:49 natPMP/natPMP.py:70
Greenlets og Gevent Micro threads og long polling
Greenlets • Micro Threading • God scheduling
Gevent • Modul på libevent • Bruger Greenlets • Monkey-patcher
Python • Webserver
Long polling • Lange HTTP(S) kald • Næsten en socket
while(1): new_request_event.wait() if me.peer: msg = {'status': 'READY'} msg = json.dumps(msg) return msg new_request_event.set() new_request_event.clear()
[code] punchVPNd/punchVPNd.py:71 punchVPNd/punchVPNd.py:132
Et eksempel
Server og klient Hvordan hænger det sammen
JSON • Nemt at udvide • Ensartet syntax { "me.VPNaddr"
: "169.254.45.221", "me.mode" : "p2p", "peer.VPNaddr" : "169.254.45.222", "peer.ip" : "130.225.204.238", "peer.lport" : 15544, "status" : "READY" }
Demonstration Ellers er det jo bare en masse ord
UDP hole punching
[demo]
Spørgsmål? • https://github.com/cmol/punchVPN/ • https://twitter.com/lensboel • https://speakerdeck.com/cmol/punchvpn- dansk