diff --git a/README.md b/README.md index 0d02ec2..8488601 100644 --- a/README.md +++ b/README.md @@ -15,8 +15,7 @@ between two nodes can be as easy as: vpncloud -c REMOTE_HOST:PORT --ifup 'ifconfig $IFNAME 10.0.0.1/24 mtu 1400 up' ``` -More details can be found in [the manpage](vpncloud.md). -Some performance measurements can be found [here](performance.md). +For more information, please see the [Wiki](wiki). ### Project Status @@ -25,21 +24,30 @@ This project is still [under development](CHANGELOG.md) but has reached a somewhat stable state. VpnCloud features the following functionality: * Setting up tunnels between two networks via Ethernet (TAP) and IP (TUN) -* Connecting multiple networks with multiple forwarding behaviors (Hub, Switch, Router) +* Connecting multiple networks with multiple forwarding behaviors (Hub, Switch, + Router) * Encrypted connections using [libsodium](https://github.com/jedisct1/libsodium) * Automatic peer-to-peer meshing, no central servers * NAT and (limited) firewall traversal using hole punching * Automatic reconnecting when connections are lost -* Non-native forwarding modes, e.g. IP based learning switch and prefix routed Ethernet networks. -* High throughput and low additional latency (see [performance page](performance.md)) +* Non-native forwarding modes, e.g. IP based learning switch and prefix routed + Ethernet networks. +* High throughput and low additional latency (see [performance page](wiki/Performance-Measurements)) * Support for tunneled VLans (TAP device) -However there are some open issues: -* Encryption has not been formally reviewed, use with care. -* The tests might be missing some corner cases and more field tests would be nice. +### Contributions welcome -Please feel free to help and contribute code. +There are several areas in which still some work has to be done and where +contributions are very welcome: + +* **Linux packages**: VpnCloud is stable enough to be packaged for Linux + distributions. +* **Security review**: The security has been implemented with strong security + primitives but it would great if a cryptography expert could verify the + system. +* **Feedback on use cases**: Some feedback on how VpnCloud is being used and + maybe some tutorials covering common use cases would be nice. ### Semantic Versioning diff --git a/performance.md b/performance.md deleted file mode 100644 index 21563fb..0000000 --- a/performance.md +++ /dev/null @@ -1,87 +0,0 @@ -Performance Tests ------------------ - -### Test setup - -Sender node: - * Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz - * 8 GiB Ram - * Intel 82579LM Gigabit Network - * Ubuntu 14.04 (Kernel 3.13.0-65-generic) - -Receiver node: - * Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz - * 16 GiB Ram - * Realtek RTL8111/8168/8411 Gigabit Network - * Ubuntu 14.04 (Kernel 3.13.0-63-generic) - -VpnCloud version: `VpnCloud v0.5.0, protocol version 1, libsodium 1.0.10 (AES256: true)` - -The sender runs the following command: - -``` -$> ./vpncloud -t tap -l 3210 -c RECEIVER:3210 --ifup 'ifconfig $IFNAME 10.0.0.1/24 mtu 1400 up' & -``` - -and the receiver runs: - -``` -$> ./vpncloud -t tap -l 3210 -c SENDER:3210 --ifup 'ifconfig $IFNAME 10.0.0.2/24 mtu 1400 up' & -$> iperf -s & -$> top -``` - -For encrypted tests, `--shared-key test --crypto METHOD` is appended. - -For increased MTU tests `mtu 7000` is used in `--ifup`. - -### Throughput - -The throughput is measured with the following command: - -``` -$> iperf -c DST -t 30 -``` - -The test is run in 3 steps: -* Native throughput without VpnCloud (`DST` is the native address of the receiver) -* Throughput via VpnCloud (`DST` is `10.0.0.2`) -* Encrypted throughput via VpnCloud (`DST` is `10.0.0.2`) - - -| Throughput test | Bandwidth | CPU usage (one core) | -| --------------------------------------- | ------------- | -------------------- | -| Without VpnCloud | 923 Mbits/sec | - | -| Unencrypted VpnCloud | 881 Mbits/sec | 85% / 95% | -| Encrypted VpnCloud (ChaCha20) | 820 Mbits/sec | 90% / 90% | -| Encrypted VpnCloud (AES256) | 832 Mbits/sec | 85% / 85% | -| Unencrypted VpnCloud (MTU 7000) | 942 Mbits/sec | 75% / 75% | -| Encrypted VpnCloud (ChaCha20, MTU 7000) | 923 Mbits/sec | 75% / 75% | -| Encrypted VpnCloud (AES256, MTU 7000) | 926 Mbits/sec | 75% / 75% | - -### Latency - -The latency is measured with the following command: -``` -$> ping DST -c 30000 -i 0.001 -s SIZE -U -q -``` - -For all the test, the second best average RTT out of 5 runs is selected. -The latency is assumed to be half of the RTT. - - -| Payload size | 100 bytes | 500 bytes | 1000 bytes | -| ----------------------------- | --------------- | --------------- | --------------- | -| Without VpnCloud | 159 µs | 167 µs | 174 µs | -| Unencrypted VpnCloud | 223 µs (+64 µs) | 233 µs (+66 µs) | 245 µs (+71 µs) | -| Encrypted VpnCloud (ChaCha20) | 236 µs (+12 µs) | 250 µs (+17 µs) | 266 µs (+21 µs) | -| Encrypted VpnCloud (AES256) | 230 µs ( +7 µs) | 239 µs ( +6 µs) | 258 µs (+13 µs) | - - -### Conclusion - -* VpnCloud achieves over 850 MBit/s with default MTU settings. -* In encrypted mode, VpnCloud reaches over 800 MBit/s with default MTU settings. -* With increased MTU, VpnCloud reaches over 900 Mbit/s, encrypted and unencrypted. -* VpnCloud adds about 70µs to the latency. -* Encryption adds an additional latency up to 20µs.