IETF Logo Mail Archive

Re: [EToSat] Integrated VPN/PEP software

"Su, Chi-Jiun" <Chi-Jiun.Su@hughes.com> Mon, 22 March 2021 13:15 UTC

Return-Path: <prvs=571534bdac=chi-jiun.su@hughes.com>
X-Original-To: etosat@ietfa.amsl.com
Delivered-To: etosat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 311D73A1450 for <etosat@ietfa.amsl.com>; Mon, 22 Mar 2021 06:15:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hughes.com header.b=a/pQMryt; dkim=pass (1024-bit key) header.d=hughes.com header.b=U66l8rbA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNkRk73yEmbU for <etosat@ietfa.amsl.com>; Mon, 22 Mar 2021 06:15:11 -0700 (PDT)
Received: from mx0a-00115402.pphosted.com (mx0a-00115402.pphosted.com [148.163.150.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C572E3A144E for <etosat@ietf.org>; Mon, 22 Mar 2021 06:15:06 -0700 (PDT)
Received: from pps.filterd (m0118426.ppops.net [127.0.0.1]) by mx0a-00115402.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12MDE8JI012178; Mon, 22 Mar 2021 13:14:46 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hughes.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=3152018; bh=gcT6Fk+Xf6AO1klGDMd2idTepms3Cfit0J+6mkO9tTg=; b=a/pQMrytdAmNLWZZrHxulwppI8o03BYyr+WS/emD2/V0nj7JDO7AKIf6Ex0g3P39Ngnc XDE2pp/RHn3sJEGmUUy7B1lvZg/Rz2qeoudQE3S1JR99Yi5orBRTAvsUJfzZfhBplKVA 84EW9talq/auFraOlgMk3FuDx8HPaKY5YENsOjc4VgtnCoO07AIps6ZCLxkufj9zpyBq X+9Bic/nNal6qRx2+Lr+YIqCUDHx7Wphl/Oe1PC3CFbHr92RVEqJoiDkemCwGv4D+0J1 qErXdEXAnEFAEvwNB7en1tn5vg9QA7SwuWLoSMdyXykVTdtGfibI6r9tD1SjYcKlqhd6 mg==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx0a-00115402.pphosted.com with ESMTP id 37d9ddepx7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 Mar 2021 13:14:45 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c9bXsbDcO6OMxwMNXs+sDlGbesVlyHxmQX62TzfP7Tq/sIXq3TPJU1SklJk9e/XMTKxKNpQcu3FtmWXxMqB+pH3qcVVXbG3TcAueo9G2hLjYuZ2WR3vZ0WvhTVT9HA0VBIMMuBn8ydOkfcVFnHp8kBQeNh4T5GBPGsllNfEgCVprd4vadCEEZik6o8jwbScbhMvWT22QZJg84HlYpdaaBW2qlrUv3RebNwjD5ob8u8RP7wknLuu4LXpXS6L2LErKNFQp0U+7g2g+1HQKmw1K6BQKW0wtFhbPFDP9venGvCLDN4jEL2XPhdoQfsUfrERC07yzlSp2bsHzQpflm625Rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gcT6Fk+Xf6AO1klGDMd2idTepms3Cfit0J+6mkO9tTg=; b=cSHVx6S74vdShhLEYoiof7YPhP/BmdtGx/BG/H4P7+axHrG+l+FjpmrU8/90a8+wch5Qkvrk3Ib7gtAroTDUGSe6ue1nS5a6sEc+TB4Hytx7CKZiV3YfdGcTS1IQN1gBfJ8iHAgMR4sOUImspxP7z1gk3xhI5BIfbGoSMQ+5RhJ+LXdjHmZkhxwFKf4lxpArBD26SyIjCswYSSIwsKDDW5w1ZW2nEmZDNFusRQJ67kIAMpshoqEpPOYUMJ2xlLFzMSOW3+FpxqmhmgBBKJYfqa8VdSIE6gIAt39chz4WVzWvJUE6S0eLTCV1CrbIB4j1Dj6bLF+G2zPmSyb3hRCBUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hughes.com; dmarc=pass action=none header.from=hughes.com; dkim=pass header.d=hughes.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hughes.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gcT6Fk+Xf6AO1klGDMd2idTepms3Cfit0J+6mkO9tTg=; b=U66l8rbAQrM7l6KTV1Igfr+OORibzZHtyEvMewdYeM+WsGE1jt1AEGS7z3Rg7Okq6Z8TEh8OpWcT2R1juOYwMcmMTOEslZyQwwexsRDGnsZf/BOer876zBr/ys8P8HcnZuj197ivkph45iEklOrDjr2F4+WlwBLBxO7rV+bo83U=
Received: from BL0PR11MB3089.namprd11.prod.outlook.com (2603:10b6:208:79::13) by BL1PR11MB5352.namprd11.prod.outlook.com (2603:10b6:208:311::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Mon, 22 Mar 2021 13:14:42 +0000
Received: from BL0PR11MB3089.namprd11.prod.outlook.com ([fe80::a0a9:7a5d:92ed:eb1d]) by BL0PR11MB3089.namprd11.prod.outlook.com ([fe80::a0a9:7a5d:92ed:eb1d%3]) with mapi id 15.20.3955.027; Mon, 22 Mar 2021 13:14:41 +0000
From: "Su, Chi-Jiun" <Chi-Jiun.Su@hughes.com>
To: Joerg Deutschmann <joerg.deutschmann@fau.de>, Kuhn Nicolas <Nicolas.Kuhn@cnes.fr>
CC: "etosat@ietf.org" <etosat@ietf.org>
Thread-Topic: [EToSat] Integrated VPN/PEP software
Thread-Index: AQHXG2xCjq3Ldl7wzkOmfZ5ilAVkaaqJWxoAgAAQYICABpc2LA==
Date: Mon, 22 Mar 2021 13:14:41 +0000
Message-ID: <BL0PR11MB30891868A0D8A0664386C439CE659@BL0PR11MB3089.namprd11.prod.outlook.com>
References: <974cd7a2-e006-5ef3-1108-ece07f3ad19f@fau.de> <F3B0A07CFD358240926B78A680E166FF29ED55B0@TW-MBX-P03.cnesnet.ad.cnes.fr>, <629a2b48-6c45-9a27-1683-71328d6c7c31@fau.de>
In-Reply-To: <629a2b48-6c45-9a27-1683-71328d6c7c31@fau.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: fau.de; dkim=none (message not signed) header.d=none;fau.de; dmarc=none action=none header.from=hughes.com;
x-originating-ip: [96.255.2.218]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a4f8c481-f10c-42d6-ae1c-08d8ed347464
x-ms-traffictypediagnostic: BL1PR11MB5352:
x-microsoft-antispam-prvs: <BL1PR11MB5352A20AF83CFA58E5736EBFCE659@BL1PR11MB5352.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sl4Ujq0EpagWoUXAamLhCgbtWxsDXT7yd85zVNIO8hK4tzR+0YCUeRB71MD5PkCAGjpt3swHh4NJubfZd2pt4WpV/v7TjcV4Z+iWCYL+IUI9/MLpppalf5rPQ2sphwxPEYJgtCIk9ahIuc2vHUVLMwRtnViMUEb5/8YHDLJQ7dRLaFw7TEcMMvjHdz2gYLiJ8K2Z8v/QCAHcRyT//3s8Ps5221+CHVmDYU/NxlLE2UPfGlfT9ddAGkKFpstkA7UWz8Tih3WJtfL7LHAgaeyCHvkdOGLg4f/gR3yZpSQGI8fjjghFkCs2ci9WwexaVKX5F/NF8cAqFbxiK2x3fAIfLJQ7ym15RDxTFuqUML2WZQhfvUzCBIt1bmD7O/CgSDpHRt9sdvl5rXwGJW6aQwWH9Kf7OZgZKPjB3Zr5uEpOZb+GcFVINrTZkLIFy228qAFftOnd1fMEELw7Dk+vhm+j0az3xiyfwN6VZV2HBO4fRe+2nUN+X+yaLaas5bDPHSM5I4qN9DsK7GgCexG7XKjFbKlV1hKSauxwQzhZ/Rv4JRmry+ojvwZiJQTtZZPO+oj/rrSvmaSYH39gu1/w1KncOkUHadPn59g3mQJsmrBlYnKBDzXOJMvCVaUGdJ6MKGKMxr1T6G9ODVD3stda4pEoxAR+uJNQLH5K2y5Arii13nEEW1tzXD3OLTc14CBPnpSjC+xOTtLAmKX3AdHfvqekT8SsnJ/RPTzc6lkWgdPRBPA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3089.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(6029001)(366004)(396003)(39850400004)(346002)(376002)(136003)(186003)(2906002)(4326008)(26005)(52536014)(86362001)(316002)(66446008)(8936002)(64756008)(66476007)(16799955002)(5660300002)(8676002)(66556008)(66946007)(71200400001)(9686003)(7696005)(110136005)(76116006)(53546011)(478600001)(6506007)(83380400001)(66574015)(166002)(55016002)(38100700001)(966005)(19627405001)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: jKlcK6d4oVcKPrGiOKjkO3aZjgeyKWGDlWCp9+1RuMU0J373FlNrGxO5jNK+N8XmkBxG1EfCW87A+K//UBKdXZWPX5hd1dtvcWDriUT/oGx2QvVRffEufTP0YW98XMyjAxVtPXHEv1ZxyxAQy6ZcKf8IQsyh2HxL8TtdlJTNTsDNBEOQn0tm7nwXXrBuyrDYfhpWmoYK7QmC5mmz1ItuBZeM0cKcpXF292/LM/jqWt7Q+6pm6mPChe7Zwz69pArtSbSt1kwTDRBpTu7knAsnUEpNlJfqeX8Cfu3pP0Yc2k+hz3V8hGaZLarNZbqcsXDn9Y824MCNLcrT8sP16qz5R3l060MDbJsJYnp+ILyWPkzUpbg8LgwJQn2E122blpnUksyspPNb5rJAzZDszl+4rPhCGPqpNL+SxUUzQ1+SRpTRb4oZlz9h/i6Botv2cWI3V9P+GVWIUJ1jKXu+HYtt9v+D3TlWzi4rjki6/A8pRAiu5eKWK0nCej4P2DwucM+6PKXZhlhE/sKQDGWjsErj6+I2hJ6nmct8qlRIEX7JU0OQYB3IoxsV99r5Pm4l/J/8+jqBaJPhoAUPsujiNBxoR2n5GL3AaFBBxBVThQNy5ItmkYW/6lf8x62Vf8RHfMFqTPVBEJ/wCsz1sra7WWjcAFCB3JUPDW2R3HTqGceyTAoCSUk7wu3UsMZu7ZU77yfeluULLPPu0kdrihcZNwo74Lvr2jrAgwMMMVbQUGXYiHIkEoo0l92GHcw+ble828/wTjYsRQE7DDtTOISjGPGK3+eKtz4qzH7H3Oo9YzjJ3C2I6127D7ydNxCzy0hQkjYpgEVfMpKv84C2v0t/KAl6l3WbqHb5B+CBUX/SWvbAoEx9MSRMytHDBBTLr7ynP8jQCanI0mPbeUE4Oso/k5sGcMsmja5ReJ+E4tbCPqqFXVVo0C5XTy4JrNzmtdhjL3OH6f8Cl/eGHRmf/7ozTMauIt55xHr2GqxMJ2nh7lLXMdygvu4eMe8e1+K88AlKuS0ItRP6PruHg72TgY1OAoe55YXu2Awk0Bh5yQjxOOzwVmIy3MPbXMzRz7eYIwbibcHXjPz1W+LDHlutCVTtlSSXD+7Nps3O6dlq88fRk6VMh0NNwG61cOhRD9S4ZYvW7uWA4j1B0PDkBNk6sVtLom1b/zBQVikw1i1NcW1vXuWIKoNDvc65eVerWKXiwHy6Pe0bqLggkL4dnlW1CqqKueHHZqUvkhdmkBbUpa0d5xF8S7IWfkGbLfx5pkpdry+tIgKBwpWjr+Q1N9FAl6x4hbVzv0Ij7IzlVGYjFcBHRK/13/I=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR11MB30891868A0D8A0664386C439CE659BL0PR11MB3089namp_"
MIME-Version: 1.0
X-OriginatorOrg: hughes.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3089.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a4f8c481-f10c-42d6-ae1c-08d8ed347464
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2021 13:14:41.8183 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e1f3187-4610-4ce2-bad1-b92f4ba36ab3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YRu31366xuZR7YKLIiCOyD0e/IIXJqkul7VXntFmgKXJQtM2iP8SsigaH5IQeMUWgYHI+P1xCJHO/9of4ND19Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5352
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-22_07:2021-03-22, 2021-03-22 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/etosat/LWSdQ0b__QSwXKAZ7Ue1YSkw28U>
Subject: Re: [EToSat] Integrated VPN/PEP software
X-BeenThere: etosat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "The EToSat list is a non-WG mailing list used to discuss performance implications of running encrypted transports such as QUIC over satellite." <etosat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/etosat>, <mailto:etosat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/etosat/>
List-Post: <mailto:etosat@ietf.org>
List-Help: <mailto:etosat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/etosat>, <mailto:etosat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 13:15:18 -0000

One software from github if you have not seen this yet....

github: https://github.com/ssloxford/qpep

NDSS paper and video:
https://www.ndss-symposium.org/ndss-paper/qpep-an-actionable-approach-to-secure-and-performant-broadband-from-geostationary-orbit/

"1Source code and documentation for both our QPEP implementation and our OpenSAND-based testbed environment are available publicly (https://github. com/ssloxford/qpep). Example python scripts used to run all of the simulation scenarios presented in this paper are provided."

________________________________
From: EToSat <etosat-bounces@ietf.org> on behalf of Joerg Deutschmann <joerg.deutschmann@fau.de>
Sent: Thursday, March 18, 2021 4:31 AM
To: Kuhn Nicolas <Nicolas.Kuhn@cnes.fr>
Cc: etosat@ietf.org <etosat@ietf.org>
Subject: Re: [EToSat] Integrated VPN/PEP software

**EXTERNAL EMAIL**

Dear Nicolas,

that combination was also what I had in mind: PEPsal (/the/ open source PEP) and OpenVPN (commonly used VPN software). And thanks for pointing to the net4sat project (which I'm aware of, great work).

A skilled computer or networking professional probably could set this up on his own. However, IMHO an average system administrator may need some more user-friendly setup. Maybe a compiled PEPsal package and some scripts to administrate PEPsal considering the OpenVPN configuration. And some documentation/HowTo. Ideally, OpenVPN would integrate the PEPsal code so that one could simply turn on the PEP functionality via a configuration switch.

I'd be very interested in your results. Maybe I'll find some time or volunteers to repeat your experiments and/or create a similar setup. In the meantime, also pointers to proprietary software would be interesting.

Thanks,
Joerg


On 18.03.21 08:33, Kuhn Nicolas wrote:
> Dear Joerg,
>
> We are currently running experiments using VPN and PEP.
> Our current approach is to combine PEPSal [https://wiki.net4sat.org/doku.php?id=pepsal:index] and OpenVPN [https://openvpn.net/].
>
> We propose an experimental open-source orchestrator, OpenBACH, to run all our tests [https://wiki.net4sat.org/doku.php?id=openbach:index].
> It can currently be used to orchestrate the tests you are describing using PEPSal [https://wiki.net4sat.org/doku.php?id=openbach:exploitation:jobs:pep_1.1] and OpenVPN [https://wiki.net4sat.org/doku.php?id=openbach:exploitation:jobs:openvpn_1.0].
> An example on how to use OpenBACH on a simple platform can be found here : https://forge.net4sat.org/kuhnn/openbach-example-4-agent
> Let me know if you are interested in having more information.
>
> Cheers,
>
> Nicolas
>
> -----Message d'origine-----
> De : EToSat <etosat-bounces@ietf.org> De la part de Joerg Deutschmann
> Envoyé : mercredi 17 mars 2021 21:29
> À : etosat@ietf.org
> Objet : [EToSat] Integrated VPN/PEP software
>
> Dear all,
>
> with the increased demand for home office, the problem of VPNs and the non-applicability of geostationary satellite PEPs has shown up more frequently. Can you give me some hints regarding software and/or tutorials which combines VPN client/server and "user-provided" PEPs?
>
> As illustrated by "C" here:
> https://www7content.cs.fau.de/~deutschmann/Figure-VPN-PEP.png
>
> Please mention open source as well as proprietary software (although the former is preferred). Pointers to papers are also highly appreciated.
>
> Thanks and best regards,
> Joerg
>
> --
> Computer Science, Chair for Computer Networks and Communication Systems Universität Erlangen-Nürnberg Martensstr. 3, D-91058 Erlangen, Germany
> e-mail: joerg.deutschmann@fau.de
>
>
> _______________________________________________
> EToSat mailing list
> EToSat@ietf.org
> https://www.ietf.org/mailman/listinfo/etosat
>

v2.23.0 | Report a Bug | By Email