Skip to content

netblue30/firetunnel

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
etc
 
 
m4
 
 
 
 
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Firetunnel

Firetunnel is a free and open-source program for connecting multiple Firejail sandboxes on a virtualized Ethernet network. Applications include virtual private networks (VPN), overlay networks, peer-to-peer applications.

The tunnel encapsulates Ethernet frames in UDP packets. Each packet is authenticated independently with BLAKE2 cryptographic hash function (https://blake2.net/). The keys are derived from a common secret file installed on both client and server.

The traffic is not encrypted. On Linux, several excellent programs are already providing military-grade encryption. Among them OpenVPN, stunnel, Wireguard. If this is what you are looking for, Firetunnel should not be your choice. However, we do some light-weight bit scrambling. Our goal is to avoid the data collection and the blacklist-based traffic shaping going on some ISP networks.

Setup and configuration are extremely easy. For every single aspect of the tunnel we provide sensible defaults. Everything is integrated seamlessly with Firejail.

Features

  • Fast and easy to use.

  • Runs on any Linux system with a kernel 3.5 or newer.

  • Minimal attack surface, seccomp support.

  • Ethernet transport over UDP.

  • Strong built-in authentication system based on Blake2 hash function.

  • Traffic scrambling, plugin support (C programable).

  • Layer 2/3/4 header compression based on RFC 2507.

  • In-tunnel DNS support and speed test.

  • Firewall friendly.

  • Network address translation in the firewall on the server side.

  • Automatic network configuration for client and sandboxes based on RFC 5227 and our tunnel configuration protocol.

  • License: GPLv2

Software install

Compile-time dependencies: libseccomp (https://github.com/seccomp/libseccomp)

On Debian/Ubuntu run "sudo apt-get install build-essential git libseccomp-dev"

Compile and install:

$ git clone https://github.com/netblue30/firetunnel.git
$ cd firetunnel
$ ./configure && make && sudo make install-strip



Usage



network diagram

The server and the client must have the time synchronized within 10 seconds. This shouldn't be a problem, by default most Linux distributions are running the NTP daemon. Start by setting a common secret file in /etc/firetunnel/firetunnel.secret:

# cp summer.jpg /etc/firetunnel/firetunnel.secret

Any file will do as long as the same file is installed on both computers. \We recommend you configure the access permissions as follows:

# chmod 600 /etc/firetunnel/firetunnel.secret

SSH into your remote computer and start the server:

# firetunnel --server

In a different terminal on your home computer start the client:

# firetunnel 198.51.100.23

198.51.100.23 is in this example the remote server IP address. By default we are using UDP port 1119. In a few seconds you will see the client connecting and receiving the tunnel configuration:

2018-08-01 21:09:01 198.51.100.23:1119 connected
2018-08-01 21:09:01 Tunnel: 10.10.20.0/24, default gw 10.10.20.1, mtu 1434
2018-08-01 21:09:01 Tunnel: DNS 1.1.1.1, 208.67.222.222, 9.9.9.9

All the commands above are entered as root. Time to switch back to your regular user and start a few sandboxes:

$ firejail --tunnel firefox &
$ firejail --tunnel transmission-qt &

Multiple clients can connect to the same server machine. For each client we start an independent server. All the servers are using the same bridge device, basically joining the client networks. Example:



network diagram

Project status: version 0.8, beta testing

About

Tunneling program for Firejail sandboxes

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published