1 Introduction

Campagnol is a distributed IP-layer VPN software. All messages are transmitted over UDP and are authenticated and encrypted with DTLS (Datagram Transport Layer Security).

Campagnol is able to open new connections through NATs or firewalls by using UDP hole punching.

The connections are exclusively point-to-point and are opened only when needed.

1.1 IP-layer VPN

The VPN is built by tunneling the IP layer (only IPv4 for the current version) through an encrypted DTLS (Datagram Transport Layer Security) channel. The VPN is defined by its subnetwork and each host connected to the VPN is identified by its IP address on the VPN subnetwork.

The hosts of the VPN run a client software which manages the tunnels and is responsible of the sending and the receiving of the IP packets. The tunnels between the clients are direct (point-to-point) UDP connections which are dynamically created when they are needed. Because of the dynamic P2P connections, the VPN is only suited for unicast. IP broadcast are emulated by sending the packets over all the currently opened tunnels.

This is the protocol stack of the VPN:

-----------------------
      Application
-----------------------
   TCP/UDP/ICMP/...
-----------------------
 IPv4 (VPN subnetwork)
-----------------------
      DTLS record
-----------------------
         UDP
-----------------------
         IPv4
-----------------------
         ...
-----------------------

The overhead of Campagnol is variable and depends on the ciphering algorithm in use:

The additional IPv4 layer adds 20 bytes.
The UDP layer adds 8 bytes
The DTLS record layer has a 13 bytes header but the ciphered blocks also has a variable padding, a MAC and an IV. The data are not compressed so it’s possible to calculate the exact overhead. For example, this takes from 50 bytes to 65 bytes when using SHA1 and a block cipher algorithm with 16 bytes-blocks.
To calculate the exact size of the DTLS layer for a given data size, block cipher and MAC algorithm:
- Add to the data size the length of the MAC (20 bytes for SHA1, 15 bytes for MD5), the length of the block cipher’s blocks (it’s the IV of the CBC, 8 or 16 bytes depending of the algorithm) and 1 byte for the padding length’s field.
- This block need to be padded to form the fragment that will be encrypted. So add the number of byte needed to force the length of the fragment to be a multiple of the block cipher’s block length.
- Finally add 13 bytes for the DTLS record header.

1.2 Client and rendez-vous server

Campagnol VPN is made up of two parts:

a client software running on every computer taking part in the VPN. It is the software that will send/receive the packets on the VPN after authentication and encryption. This program is non-interactive and can run as a daemon.
a lightweight external server, the rendezvous server, which maintains the registrations of every clients and keep tracks of the connections.

One of the initial objective of Campagnol is to connect computers running on typical home networks (e.g. behind an ADSL modem with NAT capabilities) with as little configuration as possible. Therefore Campagnol uses a NAT traversal technique: UDP hole punching. The rendez-vous server is the central part of the hole punching. It must see the “public endpoint” of all the clients so it often must have a central position. The following drawing corresponds to the best case situation:

 [peer A] ---|NAT|---(         )
                     (         )
 [peer B] ---|NAT|---( NETWORK )--- [RDV]
                     (         )
         [peer C] ---(         )
Several clients are connected to Internet. They optionally lie behind a NAT and those NAT must accept UDP hole punching.

The rendezvous server has a public IP or may also be configured behind a NAT. It sees the public address of the clients which is enough thanks to the hole punching.

1.3 Overview

When the client is launched, it starts off with registering with the rendezvous (RDV) server. It will then regularly exchange some small messages with the RDV server in order to keep the connection alive and maintain the translation tables of the NATs. Later on the RDV server is used to initiate the UDP hole punching between two clients.

The client uses the TUN kernel driver to create a virtual network interface for the VPN and then associates a route to this interface. When a packet for a unknown peer arrives on the TUN device, Campagnol asks the RDV server for a new connection. This initiate the UDP hole punching between the two peers. Once the connection is established, the two peers open a DTLS session, authenticate each other and eventually the link is ready. This is a peer to peer connection: no data will flow through the RDV server or any other node. Connections are closed when inactive.

Campagnol uses an X.509 certificate based mutual authentication between the clients (with DTLS). Each client needs to own a valid certificate and its associated key pair. Therefore a typical usage is to have a minimum PKI to manage the VPN. You will for instance generate:

a private key (your CA) and an associated trusted root certificate distributed to all the clients
one private key and one signed certificate per client
possibly a certificate revocation list to manage the old client’s certificates

1.4 Supported platforms

Both the client and the RDV server are written in C. The supported platforms are Linux, FreeBSD, OpenBSD, NetBSD and 32 bits Windows with Cygwin.

The Cygwin port uses the TAP driver from the OpenVPN project (TAP-Win32) which is available on their website (http://openvpn.net).

Solaris is a candidate platform for a port since it also has a TUN/TAP driver.

This document was generated using texi2html 5.0.