| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141 |
- <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
- <channel>
- <title>EdgeVPN – Concepts</title>
- <link>https://mudler.github.io/edgevpn/docs/concepts/</link>
- <description>Recent content in Concepts on EdgeVPN</description>
- <generator>Hugo -- gohugo.io</generator>
-
- <atom:link href="https://mudler.github.io/edgevpn/docs/concepts/index.xml" rel="self" type="application/rss+xml" />
-
-
-
-
-
-
-
- <item>
- <title>Docs: Overview</title>
- <link>https://mudler.github.io/edgevpn/docs/concepts/overview/</link>
- <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
-
- <guid>https://mudler.github.io/edgevpn/docs/concepts/overview/</guid>
- <description>
-
-
- <p>EdgeVPN have a simplified model of a blockchain embedded. The model is actually simplified on purpose as the blockchain is used to store merely network and services metadata and not transaction, or content addressable network.</p>
- <p>The only data stored in the blockchain is:</p>
- <ul>
- <li>Network Peer IDs, Service IDs, File IDs</li>
- <li>Healthchecks, DNS records and IP allocation</li>
- </ul>
- <p>However, the ledger is freely accessible via API, allowing for external coordination to use the blockchain mechanism as a shared memory access (which can be optionally persisted on disk).</p>
- </description>
- </item>
-
- <item>
- <title>Docs: Architecture</title>
- <link>https://mudler.github.io/edgevpn/docs/concepts/architecture/</link>
- <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
-
- <guid>https://mudler.github.io/edgevpn/docs/concepts/architecture/</guid>
- <description>
-
-
- <h2 id="introduction">Introduction</h2>
- <p>EdgeVPN uses <a href="https://github.com/libp2p/go-libp2p">libp2p</a> to establish a decentralized, asymmetrically encrypted gossip network which propagate a (symmetrically encrypted) blockchain states between nodes.</p>
- <p>The blockchain is lightweight as:</p>
- <ul>
- <li>There is no PoW mechanism</li>
- <li>It is in memory only, no DAG, CARv2, or GraphSync protocol - the usage is restricted to hold metadata, and not real addressable content</li>
- </ul>
- <p>EdgeVPN uses the blockchain to store Services UUID, Files UUID, VPN and other metadata (such as DNS records, IP, etc.) and co-ordinate events between the nodes of the network. Besides, it is used as a mechanism of protection: if nodes are not part of the blockchain, they can&rsquo;t talk to each other.</p>
- <p>The blockchain is ephemeral and on-memory, optionally can be stored on disk.</p>
- <p>Each node keeps broadcasting it&rsquo;s state until it is reconciled in the blockchain. If the blockchain would get start from scratch, the hosts would re-announce and try to fill the blockchain with their data.</p>
- <ul>
- <li>Simple (KISS) interface to display network data from the blockchain</li>
- <li>asymmetric p2p encryption between peers with libp2p</li>
- <li>randezvous points dynamically generated from OTP keys</li>
- <li>extra AES symmetric encryption on top. In case randezvous point is compromised</li>
- <li>blockchain is used as a sealed encrypted store for the routing table</li>
- <li>connections are created host to host and encrypted asymmetrically</li>
- </ul>
- <h3 id="connection-bootstrap">Connection bootstrap</h3>
- <p>Network is bootstrapped with libp2p and is composed of 3 phases:</p>
- <div class="card rounded p-2 td-post-card mb-4 mt-4" style="max-width: 954px">
- <img class="card-img-top" src="https://mudler.github.io/edgevpn/edgevpn/docs/concepts/architecture/edevpn_bootstrap_hu8e61a09dccbf3a67bf1fc604ae4924fd_64246_1200x550_fit_catmullrom_3.png" width="944" height="412">
-
- <div class="card-body px-0 pt-2 pb-0">
- <p class="card-text">
- </p>
- </div>
-
- </div>
- <p>In the first phase, nodes do discover each others via DHT and a randevouz secret which is automatically generated via OTP.</p>
- <p>Once peers know about each other a gossip network is established, where the nodes exchange a blockchain over an p2p e2e encrypted channel. The blockchain is sealed with a symmetric key which is rotated via OTP that is shared between the nodes.</p>
- <p>At that point a blockchain and an API is established between the nodes, and optionally start the VPN binding on the tun/tap device.</p>
- </description>
- </item>
-
- <item>
- <title>Docs: Token</title>
- <link>https://mudler.github.io/edgevpn/docs/concepts/token/</link>
- <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
-
- <guid>https://mudler.github.io/edgevpn/docs/concepts/token/</guid>
- <description>
-
-
- <p>A network token represent the network which edgevpn attempts to establish a connection among peers.</p>
- <p>A token is created by encoding in base64 a network configuration.</p>
- <h2 id="generating-tokens">Generating tokens</h2>
- <p>To generate a network token, run in the console:</p>
- <pre tabindex="0"><code>edgevpn -b -g
- </code></pre><p>This will print out in screen a base64 token which is ready to be shared on nodes that you wish to join on the same network.</p>
- <h2 id="generating-configuration-files">Generating configuration files</h2>
- <p>EdgeVPN can read both tokens and network configuration files.</p>
- <p>To generate a configuration file, run in the console:</p>
- <pre tabindex="0"><code>edgevpn -g
- </code></pre><p>To turn out a config to a token, you must encode in base64:</p>
- <pre tabindex="0"><code>TOKEN=$(edgevpn -g | base64 -w0)
- </code></pre><p>which is equivalent to run <code>edgevpn -g -b</code>.</p>
- <h2 id="anatomy-of-a-configuration-file">Anatomy of a configuration file</h2>
- <p>A typical configuration file looks like the following:</p>
- <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#204a87;font-weight:bold">otp</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">dht</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">interval</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">9000</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">key</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">LHKNKT6YZYQGGY3JANGXMLJTHRH7SW3C</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">length</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">32</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">crypto</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">interval</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">9000</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">key</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">SGIB6NYJMSRJF2AJDGUI2NDB5LBVCPLS</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">length</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">32</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">room</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ubONSBFkdWbzkSBTglFzOhWvczTBQJOR</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">rendezvous</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">exoHOajMYMSPrHhevAEEjnCHLssFfzfT</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">mdns</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">VoZfePlTchbSrdmivaqaOyQyEnTMlugi</span><span style="color:#f8f8f8;text-decoration:underline">
- </span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">max_message_size</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">20971520</span><span style="color:#f8f8f8;text-decoration:underline">
- </span></code></pre></div><p>The values can be all tweaked to your needs.</p>
- <p>EdgeVPN uses an otp mechanism to decrypt blockchain messages between the nodes and to discover nodes from DHT, this is in order to prevent bruteforce attacks and avoid bad actors listening on the protocol.
- See <a href="">the Architecture section</a> for more information.</p>
- <ul>
- <li>The OTP keys (<code>otp.crypto.key</code>) rotates the cipher key used to encode/decode the blockchain messages. The interval of rotation can be set for both DHT and the Blockchain messages. The length is the cipher key length (AES-256 by default) used by the sealer to decrypt/encrypt messages.</li>
- <li>The DHT OTP keys (<code>otp.dht.key</code>) rotates the discovery key used during DHT node discovery. A key is generated and used with OTP at defined intervals to scramble potential listeners.</li>
- <li>The <code>room</code> is a unique ID which all the nodes will subscribe to. It is automatically generated</li>
- <li>Optionally the OTP mechanism can be disabled by commenting the <code>otp</code> block. In this case the static DHT rendezvous will be <code>rendezvous</code></li>
- <li>The <code>mdns</code> discovery doesn&rsquo;t have any OTP rotation, so a unique identifier must be provided.</li>
- <li>Here can be defined the max message size accepted for the blockchain messages with <code>max_message_size</code> (in bytes)</li>
- </ul>
- </description>
- </item>
-
- </channel>
- </rss>
|
