VTun
VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It is a user space implementation and doesn't need modification of any kernel parts. VTun supports IP, PPP, SLIP, Ethernet, and other tunnel types. VTun is easily and highly configurable; it can be used for various network tasks like VPN, Mobil IP, Shaped Internet access, Ethernet tunnel, IP address saving, etc.
| Tags | Internet Networking |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX BSD FreeBSD NetBSD OpenBSD Linux Solaris |
| Implementation | C |
Recent releases
- 26 Aug 2012 14:50
Release Notes: This release fixes UDP timeouts with keepalive, and various other bugs.
- 08 Feb 2008 03:18
Release Notes: Compatibility with older versions and newer LZO libraries was improved.
- 12 Jun 2007 09:52
Release Notes: LZO2 compatibility was improved.
- 11 Dec 2006 10:42
Release Notes: The VTund binary should now be a bit better behaved (and killable), should bind to specific interfaces a little more easily, and should restart tunnels a bit more easily. A few new --with and --without options were added to the configure, so it should build with less surprises. Many new ciphers have been added.
- 07 Aug 2001 11:33
Release Notes: Encryption fixes include improved challenge generation and a padding check. The config parser was fixed to disallow empty passwords. A config option to specify syslog logging facility was added. Support for the new Linux TUN/TAP driver was added. I/O (read_n/write_n) cancellation was added. Signal handling and other minor fixes were made. The Makefile was improved, and the documentation was updated.
Recent comments
simple VPN solution
i like vtun a lot, for its simplicity. no complex setup,
no NAT incompatibilities and so on ...
actually, i was looking for a program that just
bridged a stdout/stdin par (or a tcp connection) to
tun/tap, no security at all. i could then use ssh
tunneling to secure the connection. But i understand
udp makes a better protocol for tunneling, so i like
vtun.
CBC
XOR 'encryption' is only used on systems that don't have libcrypto. Michael should maybe upgrade his machine in other ways before reviewing VTund. .. and maybe explore lower case a bit more.
CBC encryption. It'll be nice, but Steinar's probably been following the discussion on vtun-devel. It'll be in 3.0.0, probably. Aldem should follow the discussion there, too, and maybe offer a few tips as well as patches.
Have I got your patch, Steinar?
More secure VTUN
I've just made a patch for VTUN, which changes its algorithms from MD5 and Blowfish/ECB to SHA1 and Twofish/CBC, respectively. It appears to work properly, but it requires a bit more testing before it's released (either as part of the official VTUN tree, or here on Freshmeat as a standalone `product'). It also eliminates the need for OpenSSL (that's a 2MB download less). So... stay tuned :-)
/* Steinar */
BlowFish? It is not enough, though :)
Well, BlowFish is good, same as a lot of other encryption algorithms, but ONLY if it is used properly.
What I've found - BlowFish in VTUN is used in ECB mode, it means, in turn, that attacker could use a very wide range of cryptoanalisys to recover the key in _extremely short_ time (say, several hours). Why? It is a little bit difficult to explain _here_, but I'd suggest to take a look on design of some protocols like SSL and SSH and (especially) explanations to what attention should be paid. Of course everyone who has experience in cryptology understand what I mean, but for those who does not:
VTUN is good enough to protect you against snifers in regular environment, but if you are going to keep in secret something _really_ significant, it will not help. For casual "hacker", of course, it provides a good protection (at least there are no public known tools to crack BlowFish encryption in ECB mode).
And last... Concerning comment above "totally insecure"... Even a XOR encryption is good enough if it is implemented in a right way, and just FYI (author of comment) - almost all encryption algorithms use XOR as final transformation over plain text. "totally insecure" mean "no security at all" - but even in first versions it was not true - protection against non-professional attacker is still protection, not good enough, but anyway...
Good luck!
lame site
Get rid of the lame windoze distribution site. Since you
are an open source developer you could get a free webspace
and a decent subdomain at netpedia.net. I can't use lynx
to download your cool programs nor can I use wget. And I
am NOT going to "upgrade" my browser to some Misc0$oftish
crap.
cnbishop
15 Dec 1998 06:56
Heartbeat
- Popularity Score
- 214.52
- Vitality Score
- 23.90
- Subscriptions
- 58
