zishuo/virtuallan
1
0
Fork 0
mirror of https://github.com/lucheng0127/virtuallan.git synced 2025-09-26 20:51:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
99 Commits 3 Branches 5 Tags
b6c51a357c7ae6ab62780e491c8c9479bc60b1bf
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
lucheng b6c51a357c Add demo for use tun 
For MacOS, it only support tun. If use tun than tap, server
should recode ip of each endpoint. And parse ipv4 header
from net connection, and forword packet according to ipv4
header dst ip. If dst ip included by vpn cidr cheack the
endpoint and forward to it. If dst ip included by vpn cidr
but no recode of endpoint, drop it do nothing. If dst ip
not included by vpn cidr, send it to server tun interface,
it will forword by server according to routes and iptables
rules.
2024-08-05 13:46:49 +08:00
.github/workflows
Tar beforce upload to release
2024-07-03 10:30:23 +08:00
config
Make index.html configurable
2024-07-05 17:03:18 +08:00
demo
Add demo for use tun
2024-08-05 13:46:49 +08:00
docs/statics
Modify README about windows support
2024-07-02 15:09:37 +08:00
pkg
Add TODO use hash map to get ip from pool
2024-08-05 09:20:04 +08:00
scripts
Add TODO use hash map to get ip from pool
2024-08-05 09:20:04 +08:00
static
Add endpoint monitor index page
2024-05-06 15:06:43 +08:00
.gitignore
Add windows support to README
2024-07-02 11:45:38 +08:00
Dockerfile
Docker image support
2024-05-07 14:54:38 +08:00
go.mod
Add demo for use tun
2024-08-05 13:46:49 +08:00
go.sum
Use errgroup to return error of goruntine
2024-07-12 09:51:43 +08:00
LICENSE
Create LICENSE
2024-05-07 11:31:51 +08:00
main.go
Use error channel to get goroutine errors
2024-07-12 11:35:45 +08:00
Makefile
Fix make default can't more than one target
2024-07-03 09:50:30 +08:00
README.md
Modify readme
2024-07-03 15:26:57 +08:00

README.md

virtuallan

Description

virtuallan is a l2vpn. It can setup an virtual Ethernet LAN network in WAN.

Features

  • Basic auth for vpn endpoint
  • AES encrypt for ethernet traffic
  • Ethernet traffic in udp
  • DHCP supported
  • Pre-configured routes supported
  • Monitor web supported

How it work

architecture

  • server create a linux bridge for each virtual ethernet network
  • server create a tap interface for each authed endpoint
  • client create a tap interface
  • encrypt ethernet traffic that on tap interface and send to udp conn
  • receive udp stream from conn and decrypt then send to tap interface
  • maintain a ip pool, endpoint get or release ip from or to it
  • generate mac from ip, make sure arp entry will not staled even when endpoint restart
  • pre-configure routes in config.yaml, and the server will multicast routes to each endpoint via 224.0.0.1:9999, when endpoint received it, sync local tap routes

An udp connection just like a cable connect dc and ep taps. And the taps became to a pair linux veth peer, connected to a linux bridge.

Build

# Build a binary, run make it will generate a random aes key in confg.yaml
make

# Build a docker image
>IMG=\<your image name>:\<tag> make build-docker

Windows support

  1. Before launch it, make sure tap-windows has been install.
  2. Install a Tap-Windows Adapter 
    .\devcon.exe install OemVista.inf tap0901
  3. Build a windows exe 
    make build-windows
  4. Launch virtuallan.exe
  5. Enjoy it

go generate will generate an random aes key

Ready to use

Config.yaml

port: 6123                 # The udp port server listened, default 6123
ip: 192.168.123.254/24                         # The ip of server
dhcp-range: 192.168.123.100-192.168.123.200    # DHCP ip range
bridge: br0                                    # Bridge name of server
log-level: info                                # Log level, default info
key: B5FFCEE73EF298A4                          # The AES key, length 16Bytes
routes:                    # Routes, To cidr via nexthop, nexthop use endpoint username
  - cidr: 172.17.15.0/24
    nexthop: SERVER        # route nexthop via virtuallan server
  - cidr: 192.168.0.0/24
    nexthop: wj            # route nexthop username, will be parse to user ip
web:                       # Web config
  enable: true             # Set to true to enable web, default false
  port: 8000               # Web server listen port

Server

➜  ~ virtuallan server -h
NAME:
   virtuallan server - run virtuallan server

USAGE:
   virtuallan server [command options] [arguments...]

OPTIONS:
   --config-dir value, -d value  config directory to launch virtuallan server, conf.yaml as config file, users as user storage
   --help, -h                    show help

config dir files:

  • config.yaml: server config file
  • users: user database csv format <username>,<user passwd base64 encode>

Endpoint

➜  ~ virtuallan client -h
NAME:
   virtuallan client - connect to virtuallan server

USAGE:
   virtuallan client [command options] [arguments...]

OPTIONS:
   --target value, -t value     socket virtuallan server listened on
   --user value, -u value       username of virtuallan endpoint
   --passwd value, -p value     password of virtuallan endpoint user
   --key value, -k value        encryption key of virtuallan
   --log-level value, -l value  log level (default: info)
   --help, -h                   show help

If not set -u and -p flags, you need to input user name and passwd in console

User manage

➜  virtuallan git:(master) ✗ ./virtuallan user list  -d ./config/users
shawn,guest
➜  virtuallan git:(master) ✗ ./virtuallan user add -h
NAME:
   virtuallan user add - add user

USAGE:
   virtuallan user add [command options] [arguments...]

OPTIONS:
   --db value, -d value      user db file loaction
   --user value, -u value    username of user
   --passwd value, -p value  password of user
   --help, -h                show help

Try it out

If enable web, it will start a http server on port 8000. Check the endpoints in index page.

monitor

Links of virtuallan server

Alpine-GW:~# ip a show br-vl
120: br-vl: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:6d:ae:1d:5b:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.138.254/24 brd 192.168.138.255 scope global br-vl
       valid_lft forever preferred_lft forever
    inet6 fe80::7c46:faff:feb5:e372/64 scope link 
       valid_lft forever preferred_lft forever
Alpine-GW:~# ip l show master br-vl
122: tap-XudE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br-vl state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 9a:6d:ae:1d:5b:47 brd ff:ff:ff:ff:ff:ff
123: tap-mDuc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br-vl state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 9e:76:5a:46:3e:37 brd ff:ff:ff:ff:ff:ff
124: tap-NFvv: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br-vl state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 5a:c1:3f:2c:2e:e8 brd ff:ff:ff:ff:ff:ff
Description
用 golang 编写的 L2VPN
vpn
Readme GPL-3.0 735 KiB
Languages
Go 93%
HTML 3.6%
Shell 2.1%
Dockerfile 0.7%
Makefile 0.6%