wvpn is a small free software solution for setting up a vpn between a gateway and various client by using OpenPGP/GnuPG as an authentication method and OpenVPN as an encrypted network tunnel method. The main purpose is to create wireless vpn tunnel in a simple and secure way.
Don't hesitate to contact me (email@example.com), if you want to share ideas, enhance the software...
The security of the wvpn system depends on this process, so this is really important that you make a correct handling of the process described.
The Gateway (GW) must generate a new GnuPG key pair and stores his private key in a well secured part of the gateway or on another specific device. (This is done when you start wvpn-server if they are no existing keys)
The private key of the GW will sign the public key of the client in order to create a trust between the client that can be connected and the client that cannot be connected to the GW. The process is very similar of a keysigning because the owner of the GW will make a physical verification in order to guarantee the client. (The owner of the gateway will use wvpn-server-signkey in order to accept new client.)
Notes : The process could be extended to the client or other GW are signing the public of the GW but this is not the case for this testing version)
The wvpn-client is handling the connection to the Gateway by using XML-RPC request to the wvpn-server.
The wvpn-server is a small XML-RPC server running various methods to make the connection setup. Here is the various methods provided by the server :
wvpnRequestVPN is a method to create a VPN connection with the server. The message is an armored OpenPGP message encrypted with the public key of the server (gateway). The message encrypted is a simple xml format message :<wvpn> <key></key> <signature></signature> </wvpn>
Return the port number for setting up the OpenVPN connection.
wvpnCloseVPN is a method to close the current VPN connection. The method closed the connection with the TCP/UDP port listening on the wvpn-server.
(string port) port is the string port returned by the wvpnRequestVPN.
wvpnRequestPublicKey is a simple method to request the Public Key of a server. This method should be used with great care as the client must verify the fingerprint of the wvpn-server giving the public key.
Return the public key in an armored openpgp message.
wvpnTestEcho is a simple method to test the connectivity to the wvpn-server.
(string message) is used to echo the same message.
Return the message string.
On the server side, you need Perl, GnuPG and OpenVPN.
On the client side, you need Perl, GnuPG and OpenVPN. (The usage of various software can be reduced on the client by a custom XML-RPC client)
Copyright (C) 2003 Alexandre Dulaunoy <firstname.lastname@example.org> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
$Id: wvpn-index.wiki,v 1.1 2003/08/29 11:12:04 adulau Exp adulau $Copyrights (C) 2002,2003 Alexandre Dulaunoy - released under the GNU Free Documentation license without any options