                                     [Virtual Private Network Daemon]
[Image]
                               Main Site (Denmark)      Mirror Site (Canada)
[Image]
[I[Image]Overview                            [[[I[Image]Mailing List                                     [Image]
[Image]                                      [I[Image]
[Image]                                      [I[Image]
  The virtual private network daemon vpnd is     In case of questions send mail to vpnd@sunsite.auc.dk.
  a daemon which connects two networks on        To subscribe send an empty mail to
  network level either via TCP/IP or a           vpnd-subscribe@sunsite.auc.dk and follow the
  (virtual) leased line attached to a serial     instructions given in the reply.
  interface. All data transfered between the
  two networks are encrypted using the           [Image]CVS Archive
  unpatented free Blowfish encryption
  algorithm.
                                                 You can get the vpnd package through anonymous read-only
             [vpnd Usage Overview]               CVS. Th only prerequisite you need is a recent copy of
                                                 cvs client binary. Run the command:
  vpnd is not intended as a replacement of
  existing secured communications software       cvs -d :pserver:cvs@sunsite.auc.dk:/pack/anoncvs login
  like ssh or tunneling facilities of the
  operating system. It is, however, intended     and enter cvs when prompted for the password. Then
  as a means of securing transparent network     change to a convenient directory where cvs should create
  interconnection across potentially             the vpnd directory and run the command:
  insecure channels.
                                                 cvs -d :pserver:cvs@sunsite.auc.dk:/pack/anoncvs co vpnd
  A functional overview of vpnd is available
  which explains how vpnd basically works.       After running this command you will find the whole vpnd
                                                 distribution tree in the newly created vpnd directory.
  vpnd is distributed under the GPL/LGPL,        You can always update this distribution by making the
  the use in commercial environments is          vpnd directory your working directory and executing:
  explicitely allowed. See the README file
  and the headers of the individual source       cvs update -d -P
  files for details.
                                                 [Image]Configuration and Operation
  [Image]Operating Systems and Download
                                                 vpnd requires a configuration file (default is
  The following operating systems are            /etc/vpnd.conf) for operation. When used in serial line
  supported:                                     mode, an additional modem initialization chat command
                                                 file (default is /etc/vpnd.chat) is required. In
  [ILinux 1.2.x (1.2.9 tested)                   addition a file containing the shared secret of both
  [ILinux 2.0.x (2.0.35 tested)                  peers involved in the communication is required (default
  [ILinux 2.2.x (2.2.1 tested)                   is either /etc/vpnd.key if the basic key file format is
                                                 chosen or vpnd.lcl.key or vpnd.rmt.key if the extended
  You can download the following versions        key file format is chosen). For details see the README,
  here:                                          vpnd.conf and vpnd.chat files contained in the package
                                                 as well as the example configurations in the samples
  [Ivpnd-1.0.8.tar.gz (Unix browsers, faster     directory of the package.
    crypto code, optional host name lookups)
  [Ivpnd-1.0.8.tar.zip (Windows browsers,        vpnd creates a SLIP interface on the local system and
    faster crypto code, optional host name       adds up to nine static routes to hosts and/or networks
    lookups)                                     to the interface. It connects to its remote peer either
  [Ivpnd-1.0.7.tar.gz (Unix browsers, HMAC,      over TCP/IP
    serial line lock file, additional            or a serial line.
    options)
  [Ivpnd-1.0.7.tar.zip (Windows browsers,        vpnd transfers data blocks encrypted with Blowfish in
    HMAC, serial line lock file, additional      CFB mode and uses a 256 byte whitening ring buffer to
    options)                                     make brute force plaintext/ciphertext attacks more
  [Ivpnd-1.0.6.tar.gz (Unix browsers,            difficult.
    portability fixes)
  [Ivpnd-1.0.6.tar.zip (Windows browsers,        The key length of the keys used for encryption and
    portability fixes)                           decryption is user definable and ranges from 0 to 576
  [Ivpnd-1.0.5.tar.gz (Unix browsers, new        bits (default is 576 bits) to suit any legal
    options, extended master key file            requirements (0 bits is just plain and unencrypted
    format, lots of optimizations)               SLIP).
  [Ivpnd-1.0.5.tar.zip (Windows browsers,
    new options, extended master key file        [Image]Future Plans
    format, lots of optimizations)
  [Ivpnd-1.0.4.tar.gz (Unix browsers, new        vpnd will incorporate key management in the future which
    options, important bug fixes, x86            will take quite a while to implement, especially as vpnd
    Blowfish assembler)                          is currently a one man gang project and I got to spend
  [Ivpnd-1.0.4.tar.zip (Windows browsers,        some time on my job :-). I would appreciate it if vpnd
    new options, important bug fixes, x86        could become a combined effort of security aware
    Blowfish assembler)                          non-U.S. software developers (sorry, the U.S. export
  [Ivpnd-1.0.3.tar.gz (Unix browsers, new        restrictions just make it illegal for the U.S. folks to
    options, dynamic IP client sample)           work on the project). If you can spend some time on vpnd
  [Ivpnd-1.0.3.tar.zip (Windows browsers,        development please let me know.
    new options, dynamic IP client sample)
  [Ivpnd-1.0.2.tar.gz (Unix browsers,            [Image]A Final Word
    routing fixes and new TCP/IP options)
  [Ivpnd-1.0.2.tar.zip (Windows browsers,
    routing fixes and new TCP/IP options)        vpnd was developed in Germany and the Web Servers are
  [Ivpnd-1.0.1.tar.gz (Unix browsers, minor      located in Denmark and Canada, so no U.S. export
    fixes for higher portability between         restrictions apply. As the code is put in the 'public
    various distributions)                       domain' in the Wassenaar sense, the Wassenaar treaty
  [Ivpnd-1.0.1.tar.zip (Windows browsers,        doesn't apply, either.
    minor fixes for higher portability
    between various distributions)               When you rely only on vpnd to secure your communications
  [Ivpnd-1.0.0.tar.gz (Unix browsers,            - just better don't use vpnd at all. If one of the two
    initial release)                             systems involved in the vpnd communication gets
  [Ivpnd-1.0.0.tar.zip (Windows browsers,        compromised the whole bridged LAN may be compromised and
    initial release)                             at least all traffic painfully transfered encrypted can
                                                 be easily sniffed in the plain version.
  After downloading, unzip (or uncompress)
  and untar the distribution. If you want to     Secure your systems first, then use vpnd!
  use compression make sure that either
  libgz.a/libz.a and zlib.h or the zlib
  package are installed on your system. cd
  into the distribution directory, do a
  ./configure and type make. This should
  compile the included source code and
  create the executable binary file vpnd
  (and randomd for Linux 1.2.x) in the
  distribution directory.

  [Image]Version History

  If you are interested you can have a look
  at the version history file.
[Image]
[I[Image][Home Page][Image][Image][Send Mail to anstein@crosswinds.net][Image][Image][Top of Page][Image][Image]
[Image]
