Re: [EToSat] Integrated VPN/PEP software
Joerg Deutschmann <joerg.deutschmann@fau.de> Thu, 18 March 2021 08:32 UTC
Return-Path: <joerg.deutschmann@fau.de>
X-Original-To: etosat@ietfa.amsl.com
Delivered-To: etosat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8373A24A1 for <etosat@ietfa.amsl.com>; Thu, 18 Mar 2021 01:32:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.421
X-Spam-Level:
X-Spam-Status: No, score=-4.421 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fau.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qxhu2qo8u5W9 for <etosat@ietfa.amsl.com>; Thu, 18 Mar 2021 01:32:12 -0700 (PDT)
Received: from mx-rz-2.rrze.uni-erlangen.de (mx-rz-2.rrze.uni-erlangen.de [131.188.11.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 350303A24A2 for <etosat@ietf.org>; Thu, 18 Mar 2021 01:32:12 -0700 (PDT)
Received: from mx-rz-smart.rrze.uni-erlangen.de (mx-rz-smart.rrze.uni-erlangen.de [IPv6:2001:638:a000:1025::1e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by mx-rz-2.rrze.uni-erlangen.de (Postfix) with ESMTPS id 4F1KyK38pKzPl00; Thu, 18 Mar 2021 09:32:09 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fau.de; s=fau-2013; t=1616056329; bh=l8RF3FEtM9krL2trPCNhZzqL8B3gSYCsT4RCUx7TozE=; h=Subject:To:References:From:Cc:Date:In-Reply-To:From:To:CC: Subject; b=AZ7uhfQXEE80y0q+jlHyliP/KTJV8hRrEUVMtsIHPXXuNxIw8pJOsgjRHg3n0TYif DzzKSq+gCrarSd7AVohzV4whl4I12NXgiIxRC5vyf2Hx3O52x4hbjE4tLZGvcjOMoV FKN1kXFHPwGGAV3ulnr4HR7HQd0xFewY8f6oBwbdQukXvJPS8FvCW0iUyHbkOSxPgA mwtMH1PV4n7jdQJT4Wkc4MR/3264yykv4DAgeCFOsRHx2S3djv3ki85Xib5Bocco3T +vvjqhq07SWNR5URI7WAn4LO+ATEaZ0JApvy01G24fCLCJQ8MouWuI9/DmjX/y4iee dkIgp6x5fGamA==
X-Virus-Scanned: amavisd-new at boeck5.rrze.uni-erlangen.de (RRZE)
X-RRZE-Flag: Not-Spam
X-RRZE-Submit-IP: 131.188.37.210
Received: from faui7s0.informatik.uni-erlangen.de (faui7s0.informatik.uni-erlangen.de [131.188.37.210]) by mailhub.rrze.uni-erlangen.de (Postfix) with ESMTP id 4F1KyG4g55zPjpf; Thu, 18 Mar 2021 09:32:06 +0100 (CET)
Received: from [192.168.178.58] (dynamic-077-007-036-092.77.7.pool.telefonica.de [77.7.36.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by faui7s0.informatik.uni-erlangen.de (Postfix) with ESMTPSA id 7325B40FDE91; Thu, 18 Mar 2021 09:32:06 +0100 (CET)
To: Kuhn Nicolas <Nicolas.Kuhn@cnes.fr>
References: <974cd7a2-e006-5ef3-1108-ece07f3ad19f@fau.de> <F3B0A07CFD358240926B78A680E166FF29ED55B0@TW-MBX-P03.cnesnet.ad.cnes.fr>
From: Joerg Deutschmann <joerg.deutschmann@fau.de>
Cc: "etosat@ietf.org" <etosat@ietf.org>
Message-ID: <629a2b48-6c45-9a27-1683-71328d6c7c31@fau.de>
Date: Thu, 18 Mar 2021 09:31:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <F3B0A07CFD358240926B78A680E166FF29ED55B0@TW-MBX-P03.cnesnet.ad.cnes.fr>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010407040206040002080000"
Archived-At: <https://mailarchive.ietf.org/arch/msg/etosat/gotF7Zw7ptp0ucEAj1B8EtUJqAg>
Subject: Re: [EToSat] Integrated VPN/PEP software
X-BeenThere: etosat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "The EToSat list is a non-WG mailing list used to discuss performance implications of running encrypted transports such as QUIC over satellite." <etosat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/etosat>, <mailto:etosat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/etosat/>
List-Post: <mailto:etosat@ietf.org>
List-Help: <mailto:etosat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/etosat>, <mailto:etosat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 08:32:15 -0000
Dear Nicolas, that combination was also what I had in mind: PEPsal (/the/ open source PEP) and OpenVPN (commonly used VPN software). And thanks for pointing to the net4sat project (which I'm aware of, great work). A skilled computer or networking professional probably could set this up on his own. However, IMHO an average system administrator may need some more user-friendly setup. Maybe a compiled PEPsal package and some scripts to administrate PEPsal considering the OpenVPN configuration. And some documentation/HowTo. Ideally, OpenVPN would integrate the PEPsal code so that one could simply turn on the PEP functionality via a configuration switch. I'd be very interested in your results. Maybe I'll find some time or volunteers to repeat your experiments and/or create a similar setup. In the meantime, also pointers to proprietary software would be interesting. Thanks, Joerg On 18.03.21 08:33, Kuhn Nicolas wrote: > Dear Joerg, > > We are currently running experiments using VPN and PEP. > Our current approach is to combine PEPSal [https://wiki.net4sat.org/doku.php?id=pepsal:index] and OpenVPN [https://openvpn.net/]. > > We propose an experimental open-source orchestrator, OpenBACH, to run all our tests [https://wiki.net4sat.org/doku.php?id=openbach:index]. > It can currently be used to orchestrate the tests you are describing using PEPSal [https://wiki.net4sat.org/doku.php?id=openbach:exploitation:jobs:pep_1.1] and OpenVPN [https://wiki.net4sat.org/doku.php?id=openbach:exploitation:jobs:openvpn_1.0]. > An example on how to use OpenBACH on a simple platform can be found here : https://forge.net4sat.org/kuhnn/openbach-example-4-agent > Let me know if you are interested in having more information. > > Cheers, > > Nicolas > > -----Message d'origine----- > De : EToSat <etosat-bounces@ietf.org> De la part de Joerg Deutschmann > Envoyé : mercredi 17 mars 2021 21:29 > À : etosat@ietf.org > Objet : [EToSat] Integrated VPN/PEP software > > Dear all, > > with the increased demand for home office, the problem of VPNs and the non-applicability of geostationary satellite PEPs has shown up more frequently. Can you give me some hints regarding software and/or tutorials which combines VPN client/server and "user-provided" PEPs? > > As illustrated by "C" here: > https://www7content.cs.fau.de/~deutschmann/Figure-VPN-PEP.png > > Please mention open source as well as proprietary software (although the former is preferred). Pointers to papers are also highly appreciated. > > Thanks and best regards, > Joerg > > -- > Computer Science, Chair for Computer Networks and Communication Systems Universität Erlangen-Nürnberg Martensstr. 3, D-91058 Erlangen, Germany > e-mail: joerg.deutschmann@fau.de > > > _______________________________________________ > EToSat mailing list > EToSat@ietf.org > https://www.ietf.org/mailman/listinfo/etosat >
- [EToSat] Integrated VPN/PEP software Joerg Deutschmann
- Re: [EToSat] Integrated VPN/PEP software Kuhn Nicolas
- Re: [EToSat] Integrated VPN/PEP software Joerg Deutschmann
- Re: [EToSat] Integrated VPN/PEP software Su, Chi-Jiun