EPS (virtual network) for BeagleBone

[Stephane Charette]

I have a large number of Beaglebone (black, green, green wireless) deployed at various customer locations, and needed to stay in touch with each of these devices.  For example, to continue to update the software, make sure they're running correctly, etc.

So I compiled EPS Conduits for Beaglebone's ARM7 chipset.  The .deb file works on both Debian and Ubuntu.  I've been using it for over a year, but recently made some updates to it which is why I wanted to announce it.

EPS is open source.  Clients (e.g., the Beaglebones) connect to a server on the internet and form a virtual network.  All communication is encrypted.  On this virtual network they create, I can then SSH back into each Beaglebone as if it was on my local network, regardless of where in the world the device has been moved, client firewalls in between, etc.

Documentation is here:  https://www.ccoderun.ca/eps/api/index.html

Download is here:  https://www.ccoderun.ca/download/?C=M;O=D

Stéphane

[William Hermans]

Sounds like a cool little project. however I have issues with it. Mainly, I do not know who you are, or what your code is. Is this important to you ? I do not know, is it important for you that I use your software ? anyone else ?

--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/9c7fbd98-73f4-4074-ab1d-bd8b3d48bc5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Stéphane Charette]

Feel free to do as you wish.  The whole thing is open source.  You can choose to compile yourself, download a .deb or .rpm, modify it or not, or just ignore it.  :)

I was simply posting it here because I'm using it on my Beaglebones and it helps me out with all my devices installed at various client sites, and thought perhaps others might like it as well.

Stéphane

You received this message because you are subscribed to a topic in the Google Groups "BeagleBoard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/beagleboard/E-s9NQwvsjI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to beagleboard+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CALHSORorTi%3DMPgv7jkW7ZGjqFDB0Hf%2BRo9jmqRZ%3DNuf%2B6MFjqw%40mail.gmail.com.

[William Hermans]

On Sat, Apr 29, 2017 at 5:10 PM, Stéphane Charette <stephane...@gmail.com> wrote:

Feel free to do as you wish.  The whole thing is open source.  You can choose to compile yourself, download a .deb or .rpm, modify it or not, or just ignore it.  :)

I was simply posting it here because I'm using it on my Beaglebones and it helps me out with all my devices installed at various client sites, and thought perhaps others might like it as well.

Stéphane

The whole idea sounds interesting to me. I know there are ways this can be done with existing tools in Linux though. I just do not know exactly how, at this moment. Because I have not invested to time to learn how to do that yet.

What I'd really like to see is a "mission statement". Something that tells me what this software is capable of, and perhaps why it is better than something else. From where I sit, I do not know if this does the same thing as a VPN, or if it's different somehow in better, or worse ways. Now whether or not you're willing to put the effort into such a document, I do not know, and I would understand if you didn't. We're all busy, including myself, so I can sympathize in that aspect.

Another thing that bothers me is security. It can be hard implementing something such as this, and keeping it bullet proof secure. I did notice while glancing at some of the method documentation, there is a function, or functions that seem to be used for encryption. What this, or these are used for I can only assume if's for packet encryption, or the like.

[Stéphane Charette]

What I'd really like to see is a "mission statement".

Best I have is the documentation I already wrote:  https://www.ccoderun.ca/eps/api/index.html#introduction

In that first image, EPS is the IP addresses in "green".  Note how they're all on the same network, even if they're physically spread across different networks.  So from my computer, I can always access all my beaglebone devices as if they're right here on my desk.

Now whether or not you're willing to put the effort into such a document, I do not know, and I would understand if you didn't. We're all busy, including myself, so I can sympathize in that aspect.

Open source software.  Anyone can contribute.  But as you wrote, everyone is busy.  I already spent a huge amount of my personal time not only writing the software, the installation tools, making builds available, hosting the builds, and writing up the documentation that exists.  All of which is open source for people to do whatever they want.

(For the record, my other BeagleBone software is also free and open source: https://www.ccoderun.ca/bbtools/doc/bbtools.html )

If someone is willing to put some of their own time and/or money to fix something or write more documentation, I'd be happy.  If you have a feature request you want to make, go ahead, but I don't promise anything since I'm doing this on my own free time.

It can be hard implementing something such as this, and keeping it bullet proof secure. I did notice while glancing at some of the method documentation, there is a function, or functions that seem to be used for encryption. What this, or these are used for I can only assume if's for packet encryption, or the like.

Every data packet in the virtual network is encrypted using AES from OpenSSL.  The encryption key and initialization vector are set in the configuration file when first setting up the server, and these two unique values is what allow EPS devices to communicate together.  If the wrong key or initialization vector is used, then packets cannot be decrypted, and the peers drop the connection.

This isn't my first encrypted communication project -- I'm also the author of FC++, a commercial product that encrypts network communications between two end points.  And yes, I agree with you and the general community statement that encryption can be difficult to implement correctly.  To reduce (but not remove) potential problems, I use OpenSSL's standard AES encryption/decryption routines.

• If curious about the encryption/decryption, start here in the source code:  https://www.ccoderun.ca/eps/api/namespaceEPS_1_1Cipher.html#details
  
• If still in doubt refer to the standard 2-clause BSD open source license file included in EPS Conduits, which in part states:
  

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

:)

Stéphane

[William Hermans]

As it is, we're on two separate network in our place here, both with their own internet, so at some point when I get time I can test drive this. No guarantee as to when, or even if. I'm not a big fan of C++, but can deal with it most of the time. Hopefully you're not using any crazy template or generics scheme, and then I should be alright. If you are, well then that's my problem ;)

I can see something like this being really useful in the right situation, but those "round-to-its" sure are elusive . . .

--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CA%2BHxBUJQioUiomxzZQVsSbAKjqWHaVB9%3D-yoL6uHaq80eMvYZw%40mail.gmail.com.

[William Hermans]

However, from the outside not knowing the possibilities, it seems as though there may have to be an additional system outside either of our networks with a static public IP. Which would be very similar to reverse ssh in usage . . .