We have implemented a VPN server and clients in Python. The server will run on wolfe.cloudapp.net port 5000. Clients may then connect to the server via a tunnel interface and join a network with other clients to that server.
We also some additional functions for our VPN for extra credit. They are listed at the end of the README.
The code is split into 4 main files:
-
vpnserv.pystarts up the VPN server onwolfe.cloudapp.netport 5000. It will then accept connections and forward packets from clients using the given VPN client code. -
vpncli.pystarts up the VPN client on the user's host machine. See instructions below for ensuring the host machine is properly configured. -
pytun.pycontains a function for opening the tunnel interface within our client. -
fakenet.pycontains functions for configuring the tunnel interface.
Please grade the master branch, tag: June1. Let us know if there are any issues with the server running and we can provide the credentials for signing in to Willy's Azure account.
The code is all written in Python2.7, so compilation is unnecessary.
To run the server, simply run vpnserv.py from the command line. The server code will already be running on our host, Willy's Microsoft Azure server: will@wolfe.cloudapp.net
To start a client, first ensure that the tunnel interface is correctly configured.
This is achieved with the command: openvpn --mktun --dev tun0. Additionally, the setup.sh script can be run to perform this command.
Then you may run vpncli.py, and any connections in the 10.10.0.0/24 range will be captured by the client program and forwarded to the VPN server.
Testing involves starting the server on wolfe.cloudapp.net:5000, and running the client program on at least two separate hosts. The test strategy we implemented is as follows:
- Start VPN server by running
vpnserv.pyonwolfe.cloudapp.net. - Start VPN Client on two hosts: they receive the addresses 10.10.0.2 and 10.10.0.3
- Host 2 pings Host 3 - successful
- Host 3 pings Host 2 - successful
- Both hosts ping the server - successful
- Both hosts ssh into each other - successful
- Host disconnects and reconnects - is given new network IP address - successful
- Runnning testserver.sh on one client and testclient.sh on another client to ensure UDP/TCP connectivity
- To run testing scripts use
testserver.sh <client ip> <port>andtestclient.sh <server ip> <port>
- The client hosts and server host must have root privilege.
- Running on linux client only.
- Running with Python 2.7
- The client hosts and server host must have scapy installed.
- No connection to outside internet yet (still working on NAT).
- The clients are not remembered when disconnecting and reconnecting.
Two additional features were added on top of the required base functionality for the VPN:
-
Encryption - a simple encryption using a shared secret key is used to hide all traffic between clients and the server. This includes connections between clients that go through the server. The code used by encryption lives in
encryption.py -
NAT (UNFINISHED) - we started to implement most of the features of project option 1 and allowed our VPN clients to connect to the outside internet through our VPN. This feature is still in a separate branch, and will be worked on more for Sergey to grade by the June 5th deadline. See notes on our NAT configuration