Hi Renato, > A key novel aspect of the SocialVPN is its ability to avoid > conflicts between the VPN and a host's existing IPv4 network > by using private networks and dynamic address translation, > a technique described in the COPS workshop this year.
For what it's worth - the technique of double-NAT'ing node-to-node traffic exactly the way it's described in Section 2.2 of your paper is well-known and it is routinely used in traditional VPN setups. It is essentially the *only* option of resolving IP conflicts that occur in a "roaming user" scenarios, so it's only natural that you converged to the same solution :) The biggest issue with this approach though is the very presence of the NAT in the picture. Simple NAT that operates just on IP/UDP/TCP headers breaks a bunch of application protocols, most notably - FTP (which you have listed as unsupported on the website), H.323, SIP, some Oracle stuff and parts of Windows SMB. That's not to mention various broken-by-design multiplayer gaming protocols. As such, the use of double-NAT'ing technique requires NAT engine to support so-called ALGs - "add-on" modules that take care of properly adjusting IPs that may be embedded into an application protocol. This in turn requires NAT engine to be stateful, i.e. it should keep track of the state of all TCP connections that go through it. It is needed because the application data adjustments may cause latter to grow or contract and so the NAT engine needs to compensate for that by adjusting TCP sequence numbers. Needless to say that this is far from being trivial. Alex ---- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renato Figueiredo Sent: July 31, 2008 8:08 PM To: theory and practice of decentralized computer networks Subject: [p2p-hackers] Announcing: P2P social VPN Dear list members, We have developed SocialVPN (socialvpn.org), a P2P virtual network that uses social network infrastructures to seamlessly bootstrap VPN links between social peers. The SocialVPN builds upon the open-source Brunet P2P library. We have extended the IPOP (IP-over-P2P) virtual network, a structured P2P system which features decentralized UDP hole punching, optimizations tailored to IP tunneling, and support for multicast DNS (Bonjour/Avahi). A key novel aspect of the SocialVPN is its ability to avoid conflicts between the VPN and a host's existing IPv4 network by using private networks and dynamic address translation, a technique described in the COPS workshop this year. Our current implementation runs on Windows or Linux and uses the Facebook API, and bootstraps with an overlay deployed on PlanetLab. We are planning on implementations for other platforms and to support the OpenSocial API. If you are interested in using this software or develop applications around it, you can find documentation and downloads at http://socialvpn.org. Regards, --rf _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
