Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
punchVPN-dansk
Search
Claus Lensbøl
May 13, 2013
Programming
1
240
punchVPN-dansk
Danish walk-through of the punchVPN program
Claus Lensbøl
May 13, 2013
Tweet
Share
Other Decks in Programming
See All in Programming
LangChainでWebサイトの内容取得やGitHubソースコード取得
shukob
0
160
エンジニア1年目で複雑なコードの改善に取り組んだ話
mtnmr
3
2k
私のEbitengineの第一歩
qt_luigi
0
450
実践!難読化ガイド
mitchan
0
230
Kotlin 2.0 and Beyond
antonarhipov
2
150
Method Swizzlingを行うライブラリにおけるマルチモジュール設計
yoshikma
0
120
Hermes: Better Performance with Bytecode Translation (React Universe 2024)
tmikov2023
0
100
GoのIteratorに詳しくなってしまう
inatonix
1
210
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
0
130
A New Era of Testing
mannodermaus
2
520
Some more adventure of Happy Eyeballs
coe401_
2
190
watsonx.ai Dojo #2 生成AIを使ったアプリ開発入門編
oniak3ibm
PRO
0
240
Featured
See All Featured
Music & Morning Musume
bryan
46
6k
Building Your Own Lightsaber
phodgson
101
6k
Principles of Awesome APIs and How to Build Them.
keavy
125
16k
Building Adaptive Systems
keathley
36
2.1k
Automating Front-end Workflow
addyosmani
1365
200k
What's in a price? How to price your products and services
michaelherold
242
11k
Agile that works and the tools we love
rasmusluckow
327
20k
Docker and Python
trallard
39
3k
Designing on Purpose - Digital PM Summit 2013
jponch
114
6.8k
No one is an island. Learnings from fostering a developers community.
thoeni
18
2.9k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
1
55
Producing Creativity
orderedlist
PRO
340
39k
Transcript
punchVPN p2p VPN tunneler bag NAT
Facts • Klient - Python3.2 • Server - Python2.7 Kommende
Win32+OSX+UNIX support
Hvad skal det til for? • Sikkerhed • Anonymitet •
Direkte forbindelse
✘ Skidt måde at snakke sammen på A B 3.
part ☠ Forbindelse via 3. part Krypteret eller ukrypteret
✔ God måde at snakke sammen på A B 3.
part ☠ Direkte krypteret forbindelse udenom 3. part
Verdensbillede A B punch VPN Server Internet FW FW
Klient A -> Server A B punch VPN Server Internet
FW FW 1.
Klient B -> Server A B punch VPN Server Internet
FW FW 1. 2.
Klient A <-> Klient B A B punch VPN Server
Internet FW FW 1. 2. 3.
Forbindelsesmetoder A B punch VPN Server Internet FW FW 1.
2. 3. NAT-PMP UPnP-IGD UDP-HolePunch
Hvem kan forbinde? NAT-PMP UPnP-IGD Direct mapping Random mapping NAT-PMP
✔ ✔ ✔ ✔ UPnP-IGD ✔ ✔ ✔ ✔ Direct mapping ✔ ✔ ✔ ✘ Random mapping ✔ ✔ ✘ ✘
[code] punchVPNd/punchVPNd.py:108
NAT-PMP Dynamisk firewall
Hvordan virker det? • Simpel protokol • Apple-Bonjour
Bed om den eksterne IP adresse Data der skal sendes:
0b0000000000000000 Modtaget data: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Vers = 0 | OP = 128 + 0 | Result Code (net byte order) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Seconds Since Start of Epoch (in network byte order) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | External IPv4 Address (a.b.c.d) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Revisionerne, det nye def create_payload(self, local_port, external_port, lifetime): return pack('>2B3HI',
0, 1, 0, local_port, external_port, lifetime)
[code] natPMP/natPMP.py:49 natPMP/natPMP.py:70
Greenlets og Gevent Micro threads og long polling
Greenlets • Micro Threading • God scheduling
Gevent • Modul på libevent • Bruger Greenlets • Monkey-patcher
Python • Webserver
Long polling • Lange HTTP(S) kald • Næsten en socket
while(1): new_request_event.wait() if me.peer: msg = {'status': 'READY'} msg = json.dumps(msg) return msg new_request_event.set() new_request_event.clear()
[code] punchVPNd/punchVPNd.py:71 punchVPNd/punchVPNd.py:132
Et eksempel
Server og klient Hvordan hænger det sammen
JSON • Nemt at udvide • Ensartet syntax { "me.VPNaddr"
: "169.254.45.221", "me.mode" : "p2p", "peer.VPNaddr" : "169.254.45.222", "peer.ip" : "130.225.204.238", "peer.lport" : 15544, "status" : "READY" }
Demonstration Ellers er det jo bare en masse ord
UDP hole punching
[demo]
Spørgsmål? • https://github.com/cmol/punchVPN/ • https://twitter.com/lensboel • https://speakerdeck.com/cmol/punchvpn- dansk