[Virtual Private Network Daemon] [Image] Main Site (Denmark) Mirror Site (Canada) [Image] [I[Image]Overview [[[I[Image]Mailing List [Image] [Image] [I[Image] [Image] [I[Image] The virtual private network daemon vpnd is In case of questions send mail to vpnd@sunsite.auc.dk. a daemon which connects two networks on To subscribe send an empty mail to network level either via TCP/IP or a vpnd-subscribe@sunsite.auc.dk and follow the (virtual) leased line attached to a serial instructions given in the reply. interface. All data transfered between the two networks are encrypted using the [Image]CVS Archive unpatented free Blowfish encryption algorithm. You can get the vpnd package through anonymous read-only [vpnd Usage Overview] CVS. Th only prerequisite you need is a recent copy of cvs client binary. Run the command: vpnd is not intended as a replacement of existing secured communications software cvs -d :pserver:cvs@sunsite.auc.dk:/pack/anoncvs login like ssh or tunneling facilities of the operating system. It is, however, intended and enter cvs when prompted for the password. Then as a means of securing transparent network change to a convenient directory where cvs should create interconnection across potentially the vpnd directory and run the command: insecure channels. cvs -d :pserver:cvs@sunsite.auc.dk:/pack/anoncvs co vpnd A functional overview of vpnd is available which explains how vpnd basically works. After running this command you will find the whole vpnd distribution tree in the newly created vpnd directory. vpnd is distributed under the GPL/LGPL, You can always update this distribution by making the the use in commercial environments is vpnd directory your working directory and executing: explicitely allowed. See the README file and the headers of the individual source cvs update -d -P files for details. [Image]Configuration and Operation [Image]Operating Systems and Download vpnd requires a configuration file (default is The following operating systems are /etc/vpnd.conf) for operation. When used in serial line supported: mode, an additional modem initialization chat command file (default is /etc/vpnd.chat) is required. In [ILinux 1.2.x (1.2.9 tested) addition a file containing the shared secret of both [ILinux 2.0.x (2.0.35 tested) peers involved in the communication is required (default [ILinux 2.2.x (2.2.1 tested) is either /etc/vpnd.key if the basic key file format is chosen or vpnd.lcl.key or vpnd.rmt.key if the extended You can download the following versions key file format is chosen). For details see the README, here: vpnd.conf and vpnd.chat files contained in the package as well as the example configurations in the samples [Ivpnd-1.0.8.tar.gz (Unix browsers, faster directory of the package. crypto code, optional host name lookups) [Ivpnd-1.0.8.tar.zip (Windows browsers, vpnd creates a SLIP interface on the local system and faster crypto code, optional host name adds up to nine static routes to hosts and/or networks lookups) to the interface. It connects to its remote peer either [Ivpnd-1.0.7.tar.gz (Unix browsers, HMAC, over TCP/IP serial line lock file, additional or a serial line. options) [Ivpnd-1.0.7.tar.zip (Windows browsers, vpnd transfers data blocks encrypted with Blowfish in HMAC, serial line lock file, additional CFB mode and uses a 256 byte whitening ring buffer to options) make brute force plaintext/ciphertext attacks more [Ivpnd-1.0.6.tar.gz (Unix browsers, difficult. portability fixes) [Ivpnd-1.0.6.tar.zip (Windows browsers, The key length of the keys used for encryption and portability fixes) decryption is user definable and ranges from 0 to 576 [Ivpnd-1.0.5.tar.gz (Unix browsers, new bits (default is 576 bits) to suit any legal options, extended master key file requirements (0 bits is just plain and unencrypted format, lots of optimizations) SLIP). [Ivpnd-1.0.5.tar.zip (Windows browsers, new options, extended master key file [Image]Future Plans format, lots of optimizations) [Ivpnd-1.0.4.tar.gz (Unix browsers, new vpnd will incorporate key management in the future which options, important bug fixes, x86 will take quite a while to implement, especially as vpnd Blowfish assembler) is currently a one man gang project and I got to spend [Ivpnd-1.0.4.tar.zip (Windows browsers, some time on my job :-). I would appreciate it if vpnd new options, important bug fixes, x86 could become a combined effort of security aware Blowfish assembler) non-U.S. software developers (sorry, the U.S. export [Ivpnd-1.0.3.tar.gz (Unix browsers, new restrictions just make it illegal for the U.S. folks to options, dynamic IP client sample) work on the project). If you can spend some time on vpnd [Ivpnd-1.0.3.tar.zip (Windows browsers, development please let me know. new options, dynamic IP client sample) [Ivpnd-1.0.2.tar.gz (Unix browsers, [Image]A Final Word routing fixes and new TCP/IP options) [Ivpnd-1.0.2.tar.zip (Windows browsers, routing fixes and new TCP/IP options) vpnd was developed in Germany and the Web Servers are [Ivpnd-1.0.1.tar.gz (Unix browsers, minor located in Denmark and Canada, so no U.S. export fixes for higher portability between restrictions apply. As the code is put in the 'public various distributions) domain' in the Wassenaar sense, the Wassenaar treaty [Ivpnd-1.0.1.tar.zip (Windows browsers, doesn't apply, either. minor fixes for higher portability between various distributions) When you rely only on vpnd to secure your communications [Ivpnd-1.0.0.tar.gz (Unix browsers, - just better don't use vpnd at all. If one of the two initial release) systems involved in the vpnd communication gets [Ivpnd-1.0.0.tar.zip (Windows browsers, compromised the whole bridged LAN may be compromised and initial release) at least all traffic painfully transfered encrypted can be easily sniffed in the plain version. After downloading, unzip (or uncompress) and untar the distribution. If you want to Secure your systems first, then use vpnd! use compression make sure that either libgz.a/libz.a and zlib.h or the zlib package are installed on your system. cd into the distribution directory, do a ./configure and type make. This should compile the included source code and create the executable binary file vpnd (and randomd for Linux 1.2.x) in the distribution directory. [Image]Version History If you are interested you can have a look at the version history file. [Image] [I[Image][Home Page][Image][Image][Send Mail to anstein@crosswinds.net][Image][Image][Top of Page][Image][Image] [Image]