Skip to content

@eantcal eantcal released this Oct 13, 2015 · 9 commits to master since this release


TVPN is an open source software application that implements virtual private network techniques for creating p2p or site2site connection configurations.

You can compile TVPN code using GCC (to generate user space tools g++ 4.8.1 or higher is required).

  • TVPN works on GNU/Linux distributions based on kernel since version 2.6.38
  • TVPN relies on Vnddmgr which is an alternative network device driver similar to Linux TAP (namely network tap).
    • Vnddmgr simulates a link layer device and it operates with layer 2 packets like Ethernet frames. Packets sent by an operating system via a Vnddmgr virtual devices are delivered to a user-space program which attaches itself to the device.
      A user-space program may also pass packets into a vnddmgr device. In this case the vnddmgr device delivers (or "injects") these packets to the operating-system network stack thus emulating their reception from an external source.

Building TVPN

  • Getting the latest released code.

  • Download and uncompress it.

  • Enter the package-name directory where you uncompressed it, and type the following commands:

cd driver
cd ..

Prerequisites for building TVPN

To build TVPN on Linux you need to install GNU g++ compiler and kernel headers.
For example, using a Debian/Ubuntu distros open the Terminal and then type the following apt-get command as root user:

   sudo apt-get install build-essential linux-headers-$(uname -r)

Example: Using TVPN to can create tunnels to connect private networks across public networks (Internet).
Consider the following sample scenario:

alt text

  • H1 and H2 are two hosts on which TVPN framework is installed, in particular:
  • LAN 1 is C class network with the address
  • LAN 2 is C class network with the address
  • H1 a host with two network interfaces: one configured with a public IP address and the other with a private address
  • H2 a host with two network interfaces : one configured with a public IP address and the other with a private address
  • H1 is able to reach H2 through the interface IP Just like H2 can reach H1 through its public interface.

The two hosts are default gateway for the respective private networks.
The choice of addresses is random and made to illustrate the example, so replace it with your proper values.
Taking into account the above scenario, let us take an example of the configuration of hosts H1 and H2 in order to create the virtual LAN 3.

First we have to create virtual interfaces (let's call it vlan3) on both the hosts using the same command:
sudo vnddconfig add vlan3
The previous operation is permissible since the namespace of the interface is confined to each host.
After we have to configure the virtual interfaces.
To configure H1, we may use the following command:

sudo ifconfig vlan3

And similarly for H2:

sudo ifconfig vlan3

Alternatively, you can create interfaces as broadcast. In this case you need to give different mac address to the VLAN3 interface, leaving ARP eanbled or statically updating the ARP cache of each host.
Once the creation of virtual interfaces, you can create the tunnels running on both hosts the program vnddvpnd.

On H1 you can use the command:

sudo vnddvpnd -tunnel vlan3 33000 33000

And similarly on the H2:

sudo vnddvpnd -tunnel vlan3 33000 33000 

Even if the port 33000 was chosen arbitrarily, in general , that choice should take into account the configuration of the system, the firewall configuration and etc.

The vnddvpnd program can be run as a service by specifying the optional parameter "-daemonize".
To obtain that the connection of the tunnel is encrypted you can use the parameter "-pwd" followed by the string used as key of DES, which must be the same for H1 and H2.

The full list of parameters accepted by vnddvpnd and vnddconfig can be obtained by running these programs without arguments.
To allow H1 and H2 be the gateway for the respective sub-networks, we need to enable IP forwarding.
This can be achieved by writing "1" in the entry "/proc/sys/net/ipv4/ip_forward" in the /proc file system, using (for example) the command:

sudo sysctl -w net.ipv4.ip_forward=1

Finally, to complete the configuration of the VPN you must update the routing table of the hosts of the private networks, setting as default gateway the host 254 of the respective subnets.
When configuration will be completed, any host of the 192.168.1.x private network can communicate with any other host on the private network 192.168.2.x.

Assets 2
You can’t perform that action at this time.