 |
| Overview |
|
| The virtual private network daemon vpnd is a
daemon which connects two networks on network level either via TCP/IP or a (virtual)
leased line attached to a serial interface. All data transfered between the two networks
are encrypted using the unpatented free Blowfish encryption algorithm. 
vpnd is not intended as a replacement of existing secured communications
software like ssh or tunneling facilities of the operating system. It is, however,
intended as a means of securing transparent network interconnection across potentially
insecure channels.
A functional overview of vpnd is available which
explains how vpnd basically works.
vpnd is distributed under the GPL/LGPL, the use in commercial
environments is explicitely allowed. See the README file and the headers of the individual
source files for details. |
|
| Operating Systems and Download from Denmark |
|
The following operating systems are
supported:
 |
Linux 1.2.x (1.2.9 tested) |
|
Linux 2.0.x (2.0.35 tested) |
|
Linux 2.2.x (2.2.13 tested) |
|
Linux 2.4.x (2.4.29 tested) |
|
Linux 2.6.x (2.6.13 tested) |
|
FreeBSD (3.3-RELEASE and 4.0-RELEASE tested) |
You can download the following versions here:
|
vpnd-1.1.4.tar.gz (Unix browsers, more options, VoIP optimizations for SIP phones, minor fixes) |
|
vpnd-1.1.4.tar.zip (Windows browsers, new options, more VoIP optimizations for SIP phones, minor fixes) |
|
vpnd-1.1.3.tar.gz (Unix browsers, minor fixes) |
|
vpnd-1.1.3.tar.zip (Windows browsers, minor fixes) |
|
vpnd-1.1.2.tar.gz (Unix browsers, minor fixes, x86_64 port, Solaris 8 support and VoIP optimizations for SIP phones) |
|
vpnd-1.1.2.tar.zip (Windows browsers, minor fixes, x86_64 port, Solaris 8 support and VoIP optimizations for SIP phones) |
|
vpnd-1.1.0.tar.gz (Unix browsers, minor fixes and FreeBSD port) |
|
vpnd-1.1.0.tar.zip (Windows browsers, minor fixes and FreeBSD port) |
|
vpnd-1.0.8.tar.gz (Unix browsers, faster crypto code, optional host name lookups) |
|
vpnd-1.0.8.tar.zip (Windows browsers, faster crypto code, optional host name lookups) |
|
vpnd-1.0.7.tar.gz (Unix browsers, HMAC, serial line lock file, additional options) |
|
vpnd-1.0.7.tar.zip (Windows browsers, HMAC, serial line lock file, additional options) |
|
vpnd-1.0.6.tar.gz (Unix browsers, portability fixes) |
|
vpnd-1.0.6.tar.zip (Windows browsers, portability fixes) |
|
vpnd-1.0.5.tar.gz (Unix browsers, new options, extended master key file format, lots of
optimizations) |
|
vpnd-1.0.5.tar.zip (Windows browsers, new options, extended master key file format, lots of
optimizations) |
|
vpnd-1.0.4.tar.gz (Unix browsers, new options, important bug fixes, x86 Blowfish assembler) |
|
vpnd-1.0.4.tar.zip (Windows browsers, new options, important bug fixes, x86 Blowfish assembler) |
|
vpnd-1.0.3.tar.gz (Unix browsers, new options, dynamic IP client sample) |
|
vpnd-1.0.3.tar.zip (Windows browsers, new options, dynamic IP client sample) |
|
vpnd-1.0.2.tar.gz (Unix browsers, routing fixes and new TCP/IP options) |
|
vpnd-1.0.2.tar.zip (Windows browsers, routing fixes and new TCP/IP options) |
|
vpnd-1.0.1.tar.gz (Unix browsers, minor fixes for higher portability between various
distributions) |
|
vpnd-1.0.1.tar.zip (Windows browsers, minor fixes for higher portability between various
distributions) |
|
vpnd-1.0.0.tar.gz (Unix browsers, initial release) |
|
vpnd-1.0.0.tar.zip (Windows browsers, initial release) |
After downloading, unzip (or uncompress) and untar the distribution. If
you want to use compression make sure that either libgz.a/libz.a and zlib.h or the zlib package are installed on your
system. cd into the distribution directory, do a ./configure and type make.
This should compile the included source code and create the executable binary file vpnd
(and randomd for Linux 1.2.x) in the distribution directory. Make sure that you have a
look at the configuration examples. |
|
| Version History |
|
| If you are interested you can have a look at
the version history file. |
|
|
|
|
| FAQ and Mailing List |
|
| In case of questions please read the FAQ or send mail to vpnd@sunsite.dk. To subscribe send an empty
mail to vpnd-subscribe@sunsite.dk and follow the
instructions given in the reply. |
|
| CVS Archive |
|
| You can get the vpnd package through
anonymous read-only CVS. Th only prerequisite you need is a recent copy of cvs
client binary. Run the command: cvs -d :pserver:cvs@sunsite.dk:/pack/anoncvs login
and enter cvs when prompted for the password. Then change to a
convenient directory where cvs should create the vpnd directory
and run the command:
cvs -d :pserver:cvs@sunsite.dk:/pack/anoncvs co vpnd
After running this command you will find the whole vpnd distribution
tree in the newly created vpnd directory. You can always update this distribution by
making the vpnd directory your working directory and executing:
cvs update -d -P |
|
| Configuration and Operation |
|
| vpnd requires a configuration file (default
is /etc/vpnd.conf) for operation. When used in serial line mode, an additional modem
initialization chat command file (default is /etc/vpnd.chat) is required. In addition a
file containing the shared secret of both peers involved in the communication is required
(default is either /etc/vpnd.key if the basic key file format is chosen or vpnd.lcl.key or
vpnd.rmt.key if the extended key file format is chosen). For details see the README,
vpnd.conf and vpnd.chat files contained in the package as well as the example
configurations in the samples directory of the package. vpnd
creates a SLIP interface on the local system and adds up to nine static routes to hosts
and/or networks to the interface. It connects to its remote peer either over TCP/IP
or a serial line.
vpnd transfers data blocks encrypted with Blowfish in CFB mode and uses a 256 byte
whitening ring buffer to make brute force plaintext/ciphertext attacks more difficult.
The key length of the keys used for encryption and decryption is user
definable and ranges from 0 to 576 bits (default is 576 bits) to suit any legal
requirements (0 bits is just plain and unencrypted SLIP). |
|
| Future Plans |
|
| vpnd will incorporate key management in the future which will take
quite a while to implement, especially as vpnd is currently a one man gang project and I
got to quite spend some time on my job :-). |
|
| A Final Word |
|
| vpnd was developed in Germany and the Web Server is located in
Denmark, so no U.S. export restrictions apply. As the code is put in the
'public domain' in the Wassenaar sense, the Wassenaar treaty doesn't apply, either. When you rely only on vpnd to secure your communications - just better don't use
vpnd at all. If one of the two systems involved in the vpnd communication gets compromised
the whole bridged LAN may be compromised and at least all traffic painfully transfered
encrypted can be easily sniffed in the plain version.
Secure your systems first, then use vpnd! |
|
|
