dswd
/
vpncloud
mirror of https://github.com/dswd/vpncloud.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Changed readme

This commit is contained in:
Dennis Schwerdel 2016-06-01 21:51:22 +02:00
parent b73415b48c
commit 3359176380
2 changed files with 17 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -15,8 +15,7 @@ between two nodes can be as easy as:
vpncloud -c REMOTE_HOST:PORT --ifup 'ifconfig $IFNAME 10.0.0.1/24 mtu 1400 up' vpncloud -c REMOTE_HOST:PORT --ifup 'ifconfig $IFNAME 10.0.0.1/24 mtu 1400 up'
``` ```
More details can be found in [the manpage](vpncloud.md). For more information, please see the [Wiki](wiki).
Some performance measurements can be found [here](performance.md).
### Project Status ### Project Status
@ -25,21 +24,30 @@ This project is still [under development](CHANGELOG.md) but has reached a
somewhat stable state. VpnCloud features the following functionality: somewhat stable state. VpnCloud features the following functionality:
* Setting up tunnels between two networks via Ethernet (TAP) and IP (TUN) * Setting up tunnels between two networks via Ethernet (TAP) and IP (TUN)
* Connecting multiple networks with multiple forwarding behaviors (Hub, Switch, Router) * Connecting multiple networks with multiple forwarding behaviors (Hub, Switch,
Router)
* Encrypted connections using [libsodium](https://github.com/jedisct1/libsodium) * Encrypted connections using [libsodium](https://github.com/jedisct1/libsodium)
* Automatic peer-to-peer meshing, no central servers * Automatic peer-to-peer meshing, no central servers
* NAT and (limited) firewall traversal using hole punching * NAT and (limited) firewall traversal using hole punching
* Automatic reconnecting when connections are lost * Automatic reconnecting when connections are lost
* Non-native forwarding modes, e.g. IP based learning switch and prefix routed Ethernet networks. * Non-native forwarding modes, e.g. IP based learning switch and prefix routed
* High throughput and low additional latency (see [performance page](performance.md)) Ethernet networks.
* High throughput and low additional latency (see [performance page](wiki/Performance-Measurements))
* Support for tunneled VLans (TAP device) * Support for tunneled VLans (TAP device)
However there are some open issues:
* Encryption has not been formally reviewed, use with care. ### Contributions welcome
* The tests might be missing some corner cases and more field tests would be nice.
Please feel free to help and contribute code. There are several areas in which still some work has to be done and where
contributions are very welcome:
* **Linux packages**: VpnCloud is stable enough to be packaged for Linux
distributions.
* **Security review**: The security has been implemented with strong security
primitives but it would great if a cryptography expert could verify the
system.
* **Feedback on use cases**: Some feedback on how VpnCloud is being used and
maybe some tutorials covering common use cases would be nice.
### Semantic Versioning ### Semantic Versioning

87
performance.md
View File

@ -1,87 +0,0 @@
Performance Tests
-----------------
### Test setup
Sender node:
* Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz
* 8 GiB Ram
* Intel 82579LM Gigabit Network
* Ubuntu 14.04 (Kernel 3.13.0-65-generic)
Receiver node:
* Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
* 16 GiB Ram
* Realtek RTL8111/8168/8411 Gigabit Network
* Ubuntu 14.04 (Kernel 3.13.0-63-generic)
VpnCloud version: `VpnCloud v0.5.0, protocol version 1, libsodium 1.0.10 (AES256: true)`
The sender runs the following command:
```
$> ./vpncloud -t tap -l 3210 -c RECEIVER:3210 --ifup 'ifconfig $IFNAME 10.0.0.1/24 mtu 1400 up' &
```
and the receiver runs:
```
$> ./vpncloud -t tap -l 3210 -c SENDER:3210 --ifup 'ifconfig $IFNAME 10.0.0.2/24 mtu 1400 up' &
$> iperf -s &
$> top
```
For encrypted tests, `--shared-key test --crypto METHOD` is appended.
For increased MTU tests `mtu 7000` is used in `--ifup`.
### Throughput
The throughput is measured with the following command:
```
$> iperf -c DST -t 30
```
The test is run in 3 steps:
* Native throughput without VpnCloud (`DST` is the native address of the receiver)
* Throughput via VpnCloud (`DST` is `10.0.0.2`)
* Encrypted throughput via VpnCloud (`DST` is `10.0.0.2`)
| Throughput test | Bandwidth | CPU usage (one core) |
| --------------------------------------- | ------------- | -------------------- |
| Without VpnCloud | 923 Mbits/sec | - |
| Unencrypted VpnCloud | 881 Mbits/sec | 85% / 95% |
| Encrypted VpnCloud (ChaCha20) | 820 Mbits/sec | 90% / 90% |
| Encrypted VpnCloud (AES256) | 832 Mbits/sec | 85% / 85% |
| Unencrypted VpnCloud (MTU 7000) | 942 Mbits/sec | 75% / 75% |
| Encrypted VpnCloud (ChaCha20, MTU 7000) | 923 Mbits/sec | 75% / 75% |
| Encrypted VpnCloud (AES256, MTU 7000) | 926 Mbits/sec | 75% / 75% |
### Latency
The latency is measured with the following command:
```
$> ping DST -c 30000 -i 0.001 -s SIZE -U -q
```
For all the test, the second best average RTT out of 5 runs is selected.
The latency is assumed to be half of the RTT.
| Payload size | 100 bytes | 500 bytes | 1000 bytes |
| ----------------------------- | --------------- | --------------- | --------------- |
| Without VpnCloud | 159 µs | 167 µs | 174 µs |
| Unencrypted VpnCloud | 223 µs (+64 µs) | 233 µs (+66 µs) | 245 µs (+71 µs) |
| Encrypted VpnCloud (ChaCha20) | 236 µs (+12 µs) | 250 µs (+17 µs) | 266 µs (+21 µs) |
| Encrypted VpnCloud (AES256) | 230 µs ( +7 µs) | 239 µs ( +6 µs) | 258 µs (+13 µs) |
### Conclusion
* VpnCloud achieves over 850 MBit/s with default MTU settings.
* In encrypted mode, VpnCloud reaches over 800 MBit/s with default MTU settings.
* With increased MTU, VpnCloud reaches over 900 Mbit/s, encrypted and unencrypted.
* VpnCloud adds about 70µs to the latency.
* Encryption adds an additional latency up to 20µs.