Version 2.1.0 released

[dswd]

VpnCloud version 2.1.0 has just been released 🎉

In this post, I want to summarize all the changes in the new version.

📦 Installation packages can be found on the release page and installation instructions are given on the project homepage. As usual, the packages will be put on the repositories in a few days.

📋 Changes

💡 New feature: Websocket Proxy mode

VpnCloud now supports a websocket proxy mode where an instance uses a proxy to communicate instead of sending and receiving packets directly. Since the communication protocol with the proxy is HTTP, this proxy tunnel can pass through many firewalls and even forced HTTP proxies that would block normal VpnCloud traffic.

Users can start a websocket proxy via the ws-proxy subcommand. This will run just the websocket proxy, that can be used by VpnCloud instances, it will not run an instance on that node.

$proxy-server> vpncloud ws-proxy --listen 8080

To use a remote websocket proxy to communicate, users have to configure the proxy URL as listen parameter. VpnCloud will then use the proxy as a kind of remote UDP port and connect to other nodes just like normal. For other nodes, this is completely transparent: they communicate with the node via the proxy as if it was running on the proxy machine.

$node> vpncloud --listen ws://my.proxy.server:8080 --password ...

In the next weeks I will write a more detailed tutorial for this feature.

💡 New feature: Hook scripts to react on events

This release enables hook scripts that can be configured and will be executed when certain events occur. Users can configure one script to handle all events or multiple scripts to handle individual events. The scripts receive information on the event via environment variables.

Currently VpnCloud triggers hook scripts when the VPN starts or shuts down, when the virtual device is being configured or when other nodes connect and disconnect. In the future more events can be added to this functionality.
I am not sure what users will use this functionality for but I think it will help to enable some special use cases.

💡 New feature: Generate shell completions

The library that VpnCloud uses to parse command line arguments can generate shell completions for the major shells.
This release adds a new subcommand completion that exposes this functionality. The subcommand prints the completion code for the selected shell (bash, zsh or fish). This code can then be used to enable completions in the respective shell (how this works depends on the shell).

$node> vpncloud completion --shell bash

I might add the completions for bash and zsh to the packaging, so they are installed in the system automatically.

🪲 Bugfix: Added missing peer address propagation

As mentioned in #122 the intended behavior is that nodes determine a list of their addresses (from their interfaces and from the NAT gateway) and send this list to other nodes who then pass it on to their peers. As a result, nodes on the same network can contact each other via their local IPs. However, this feature has been removed on accident during the refactoring for the version 2 branch. Version 2.1.0 adds this functionality for VpnCloud version 2. This should fix some problems with nodes not finding each others.

🪲 Bugfix: Fixed problem with peer addresses without port

A bug caused peer addresses without port numbers (e.g. peer.example.com instead of peer.example.com:3210) to cause errors on startup. This release fixes this issue. Addresses without ports now assume the default port number of 3210.

⬆️ Updated dependencies

The builds have been updated to use Rust 1.49.

All dependencies have been updated to their latest versions, except for the time crate. The time crate had a security issue when multi-threaded applications modify their environment variables while retrieving the local time. As a mitigation, the crate deactivated the local time feature completely until a proper fix has been implemented. Since VpnCloud uses this feature but is not affected by the bug (not multi-threaded and not modifying environment variables) it uses the last version that still has the feature enabled.

📊 Performance

All of the micro benchmarks are within ±3% to the last release, except for the benchmark for ChaCha20 encryption which had a throughput improvement of +30%. This might be due to an improvement in the updated ring crate.

I also performed a quick speed test to see how much performance a websocket proxy setup can achieve. I expected to see numbers in the order of 100 MBit/s since the proxy setup introduces an additional hop that needs to read and write all the data from the websocket to a UDP socket and back again. Also I expected the HTTP protocol as a wrapper for websocket traffic to eat away a lot of performance. However, my first tests on AWS show that this setup can achieve 2.5 GBit/s (normal VpnCloud without proxy: 4.2 GBit/s).

[alpauna]

I just put this short How To together for VpnCloud 2 let me know if more are needed or any others I can help on. Love the simplicity of setup and would like to talk about maybe some added features to really get your mesh network flying. Things similar to https://www.tailscale.com/
Here is the link to my Howto:
https://wp.alshowto.com/build-a-vpn-between-servers/

[dswd]

Hi there,

thanks a lot for the tutorial. Unfortunately "You have been blocked from visiting this site by WordPress Zero Spam due to detected spam activity.". I will check back tomorrow, maybe by then my DSL provider got removed from the blacklist.

For the feature request and your specific use case, please open a separate thread or contact me directly.

[alpauna]

So, that was interesting! I think the issue was wordfence. I was locked out of my own site by it. You can try again I am just setting this wordpress up and that plugin I just installed today.

…

On Sun, Feb 7, 2021 at 4:35 AM dswd ***@***.***> wrote: Hi there, thanks a lot for the tutorial. Unfortunately "You have been blocked from visiting this site by WordPress Zero Spam due to detected spam activity.". I will check back tomorrow, maybe by then my DSL provider got removed from the blacklist. For the feature request and your specific use case, please open a separate thread or contact me directly. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#155 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIS5KBEX4OKS6GMV7S4RLFTS5ZUHXANCNFSM4XGJUL5A> .

[dswd]

That tutorial looks great! If you are ok with it, I will list it in the documentation.
I already reformatted the example config file to address some of the issues you had.
Please contact me for any other feature requests.

[dswd]

@alpauna The next release will contain a config wizard.

Here are some previews:

• https://asciinema.org/a/391714
• https://asciinema.org/a/391716
• https://asciinema.org/a/391715