Re: IPOP/OpenVPN questions

[P. Oscar Boykin]

First, may I suggest this mailing list:
http://groups.google.com/group/acisp2pusers

But, I'll also try to quickly answer...

2010/8/10 Igor Cabral Corrêa <igorc...@gmail.com>:

> I'm from Brazil, and I'm trying to build a OpenVPN environment for
> study purposes, but it lacks of documentation. The only contact I've
> found in the site are yours, so I'm writing asking for some aid. Can
> you help me clarifying some conceptual points?

Since you're from Brazil, I should really let our resident Brazilian
(which I only now just realized how closely that sounds to an huge
fake number in english).

> 1) OpenVPN uses IPOP to create a isolated network over a P2P
> environment. There's any tracker in this P2P scenario? How the nodes
> know each other in the VPN?

I guess you mean socialvpn?

There is no tracker. A main goal of our P2P research is to build
completely distributed systems with no central points of failure, and
personally, I like uniform systems such that all nodes follow the same
algorithm.

Of course, that means when starting, each node must know about some
other nodes (by giving a list of IP end points to try connecting to),
or discover other nodes on the local network by broadcast/multicast.

> 2) Given the following scenario:
>     A
>   /  \ \
>  B  C/
>   \ / /
>   D
>
> Supose that A, B, C and D are computer in a network, and A is directly
> connected to B, C and D (but they're not in the same physical
> network).
> A-D link have a poor bandwidth, and B-D, C-D, A-B, A-C have a large
> bandwidth. The TCP packets from A to D packed inside IPOP will have a
> tendency to arrive from A to D travelling by A-D-B and A-C-D (large
> bandwith) than for A-D directly (less bandwidth)?

Well, that is an interesting research area (even though in practice,
I'm not sure how often it comes up). Now, our code will tend to
reduce the number of HOPS without any specific measurement of
bandwidth, so in this case, most IPOP traffic (almost all unless there
are bugs) would be routed from A-D.

> And in the case that A-D link goes down? The IPOP layer will detect
> and transmit the TCP by the others? The topology of the P2P network
> can change and IPOP handle that automatically?

Yes. This is all correct (modulo bugs, which is of course always a
caveat of any software system).

> Thanks in advance,

You are welcome in retrospect.
--
P. Oscar Boykin                            http://boykin.acis.ufl.edu
Assistant Professor, Department of Electrical and Computer Engineering
University of Florida

[Renato Figueiredo]

Hello, Igor, thanks for the interest.

Here is the resident 'bazillion' chipping in

2010/8/10 Igor Cabral Corrêa <igorc...@gmail.com>

Hi Oscar!

First, thanks a lot for your attention!

2010/8/10 P. Oscar Boykin <boy...@pobox.com>:

> I guess you mean socialvpn?

I've made a mistake with the VPN names! I mean GroupVPN, the
application that's included in the grid-appliance VM I've downloaded.

In fact I'm looking for a general-purpose VPN to create a secure
private network between a group of machines, with the capability of
balancing the TCP traffic between some host A to some host B in a P2P
approach. In other words, I want to make a secure network group in
which is possible to send some packages from a machine A to a machine
B, using the other members of the vpn group as some kind of "relays"
to reach the B node (I don't know if it's possible to do with open
source projects, and this is how I've found the grid-computer.org and
you).

IPOP/GroupVPN deals with creating secure private network links and supports relays - through one or more hops in the network. There is also ongoing work where we allow the creation of virtual private overlays for VPN groups - David, is this something that's available in the code for others to play with?

As for splitting the traffic if you have multiple paths between A and B, we haven't considered this case yet. One challenge I expect is that you will start to see more out-of-order packets, I'm not sure in the end you will get an actual improvement in bandwidth.
 

I figured an hypothetical VPN solution over P2P (and I'm testing
OpenVPN and SocialVPN to know if they are that solution that I'm
looking), where there's no need to have a physical network path
between A and B. If there's another path between then passing
indirectly through other nodes of the group, that parallel paths could
be used to deliver the packages from A to B and vice-versa, in a
balanced way using IPOP to encapsulate the TCP traffic over the P2P
layer. I didn't studied yet the IPOP framework and didn't read
carefully the papers in that area, because I'm trying first to find
some VPN solutions based upon IPOP to assure I'm in the right
direction.

If you use IPOP as-is, it does give you the baseline functionality you are looking for of automatically finding either a direct or a relayed overlay path to send packets, handling node join/departure and topology changes, and encrypting/authenticating packets end-to-end. It will not have the feature of using parallel paths to deliver packets.
 

There's some videos in youtube showing how to configure OpenVPN, and
how to deploy the config files, but I didn't found the web application
UI showed in the video to generate the config files of OpenVPN. I
didn't found any reference of syntax of that files (the project were
discontinued?). There's a link for downloading a Web UI VM in the
wiki, but it's broken. Seeking for the Web UI in the
http://www.grid-appliance.org/files/appliances/, I've found a
webui.zip file. I've downloaded and runned it successfully, but didn't
find any user/passwords for this VM.

Igor, it looks like a matter of incomplete/stale documentation, but the project is still active.
David, can you please fix the direct download link and provide more information to Igor on how to get the Web UI VM setup?
 

Do you think there's some solution (OpenVPN, SocialVPN) that attends
my demand? The OpenVPN web ui is available in any place at
grid-appliance.org? And the last question, if there's nothing similar
to what I need were built yet, it's possible to build something based
on IPOP framework?

I think the only functionality that is missing is sending over parallel paths. I believe you should be able to build this functionality on top of IPOP, but I'm not sure how much effort this would require. I'll let those more familiar with the code comment.

--rf
 

Thanks in advance,
Igor Correa

--
Dr. Renato J. Figueiredo
Associate Professor
ACIS Lab - ECE - University of Florida
UF Site Director, Center for Autonomic Computing
http://byron.acis.ufl.edu
ph: 352-392-6430

[David Isaac Wolinsky]

On 08/11/2010 10:09 AM, Renato Figueiredo wrote:

Hello, Igor, thanks for the interest.

Here is the resident 'bazillion' chipping in

2010/8/10 Igor Cabral Corrêa <igorc...@gmail.com>

Hi Oscar!

First, thanks a lot for your attention!

2010/8/10 P. Oscar Boykin <boy...@pobox.com>:

> I guess you mean socialvpn?

I've made a mistake with the VPN names! I mean GroupVPN, the
application that's included in the grid-appliance VM I've downloaded.

In fact I'm looking for a general-purpose VPN to create a secure
private network between a group of machines, with the capability of
balancing the TCP traffic between some host A to some host B in a P2P
approach. In other words, I want to make a secure network group in
which is possible to send some packages from a machine A to a machine
B, using the other members of the vpn group as some kind of "relays"
to reach the B node (I don't know if it's possible to do with open
source projects, and this is how I've found the grid-computer.org and
you).

IPOP/GroupVPN deals with creating secure private network links and supports relays - through one or more hops in the network. There is also ongoing work where we allow the creation of virtual private overlays for VPN groups - David, is this something that's available in the code for others to play with?

Its available in the code and works, but I haven't spent any time integrating it with the WebUI.

As for splitting the traffic if you have multiple paths between A and B, we haven't considered this case yet. One challenge I expect is that you will start to see more out-of-order packets, I'm not sure in the end you will get an actual improvement in bandwidth.
 

I figured an hypothetical VPN solution over P2P (and I'm testing
OpenVPN and SocialVPN to know if they are that solution that I'm
looking), where there's no need to have a physical network path
between A and B. If there's another path between then passing
indirectly through other nodes of the group, that parallel paths could
be used to deliver the packages from A to B and vice-versa, in a
balanced way using IPOP to encapsulate the TCP traffic over the P2P
layer. I didn't studied yet the IPOP framework and didn't read
carefully the papers in that area, because I'm trying first to find
some VPN solutions based upon IPOP to assure I'm in the right
direction.

If you use IPOP as-is, it does give you the baseline functionality you are looking for of automatically finding either a direct or a relayed overlay path to send packets, handling node join/departure and topology changes, and encrypting/authenticating packets end-to-end. It will not have the feature of using parallel paths to deliver packets.
 

There's some videos in youtube showing how to configure OpenVPN, and
how to deploy the config files, but I didn't found the web application
UI showed in the video to generate the config files of OpenVPN. I
didn't found any reference of syntax of that files (the project were
discontinued?). There's a link for downloading a Web UI VM in the
wiki, but it's broken. Seeking for the Web UI in the
http://www.grid-appliance.org/files/appliances/, I've found a
webui.zip file. I've downloaded and runned it successfully, but didn't
find any user/passwords for this VM.

Igor, it looks like a matter of incomplete/stale documentation, but the project is still active.
David, can you please fix the direct download link and provide more information to Igor on how to get the Web UI VM setup?

That's an appropriate link, though there was a minor bug in the file /home/www-data/default/components/com_p2ppool/scripts/python/JoomlaNode.py, I have uploaded a new version to http://www.grid-appliance.org/files/JoomlaNode.py or you can redownload the webui appliance http://www.grid-appliance.org/files/appliances/webui.zip

The wiki isn't stale, some of the entries were just never completed... for example, the core of WebUI is well documented, but the relationship between the pieces is not.  I suspect you went to this wiki page: http://www.grid-appliance.org/wiki/index.php/WebUI and found it quite unhelpful.  I updated that page to link to the other pages, which should hopefully help you piece things together.  Please let me know otherwise so that I can fix the pages.

 

Do you think there's some solution (OpenVPN, SocialVPN) that attends
my demand? The OpenVPN web ui is available in any place at
grid-appliance.org? And the last question, if there's nothing similar
to what I need were built yet, it's possible to build something based
on IPOP framework?

I think the only functionality that is missing is sending over parallel paths. I believe you should be able to build this functionality on top of IPOP, but I'm not sure how much effort this would require. I'll let those more familiar with the code comment.

--rf
 

Thanks in advance,
Igor Correa

--
Dr. Renato J. Figueiredo
Associate Professor
ACIS Lab - ECE - University of Florida
UF Site Director, Center for Autonomic Computing
http://byron.acis.ufl.edu
ph: 352-392-6430

--
You received this message because you are subscribed to the Google Groups "acis.p2p.users" group.
To post to this group, send email to acisp2...@googlegroups.com.
To unsubscribe from this group, send email to acisp2pusers...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/acisp2pusers?hl=en.