Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany

Bootstrapping P2P VPN

Felix Weißl

Chair for Network Architectures and Services Department for Computer Science Technische Universität München

April 3, 2014 Outline

1 Motivation 2 Network Classification 3 Terms 4 Bootstrapping 1 In unstructured Peer-to-Peer networks 2 In structured Peer-to-Peer-networks 5 Related work 6 Conclusion

Felix Weißl: Bootstrapping P2P VPN 2 Motivation Client / Server Peer-to-Peer

centralized decentralized server dependent self-organizing single point of failure robust shared resources (bandwidth, CPU) server is bottle-neck scalable secure standard protocols privacy / security issues easy connection establishment bootstrapping problem easy file management network speed usually low

source: http://upload.wikimedia.org/wikipedia/commons/f/fb/Server-based-network.svg http://upload.wikimedia.org/wikipedia/commons/3/3f/P2P-network.svg Felix Weißl: Bootstrapping P2P VPN 3 Network Classification

Virtual Private Networks

Unstructured Structured: Distributed Hash Table e.g. GroupVPN, BitTorrent's distributed tracker Centralized Decentralized e.g. OpenVPN e.g. Tinc

Hybrid: Super Nodes e.g. N2N

Felix Weißl: Bootstrapping P2P VPN 4 Terms

“P2P VPN”: - decentralized virtual private network - popular applications: Hamachi, N2N, P2PVPN, Wippien, freelan

Bootstrapping: process of a new peer joining the network

Felix Weißl: Bootstrapping P2P VPN 5 Bootstrapping

1. Peer discovery: - discover the network - request one or more well-known entry points 2. Rendezvous: - try connecting to a peer - traversal of NAT devices 3. Relay: - scenario: NAT traversal fails - third party relays traffic

Felix Weißl: Bootstrapping P2P VPN 6 Bootstrapping N2N

N2N: - encrypted Layer 2 over Layer 3 private P2P network - super nodes build “backbone” of the network

?

Source: http://www.ntop.org/wp-content/uploads/2011/08/n2n_network.png Felix Weißl: Bootstrapping P2P VPN 7 Bootstrapping N2N

- Peer discovery: - Required: Global IP address of one super nodes - Peer list through broadcast messages - Rendezvous: - “Peer registration” - connection attempt - Relay through super nodes ? as a fall-back method

Felix Weißl: Bootstrapping P2P VPN 8 Bootstrapping GroupVPN

- Idea: Usage of an existing public network for configuration exchange, e.g. XMPP, BitTorrent, Gnutella, Brunet

- Brunet: - self-organizing ring-structured network - nodes organized in well-defined topology - nodes addressable with internal PeerIDs - Distributed Hash Table

Felix Weißl: Bootstrapping P2P VPN 9 Bootstrapping GroupVPN

Distributed Hash Table - distributed data over large P2P network - quick search time for given item - keys mapped to nodes - get / put operations - e.g. “get FOOBAR”

Felix Weißl: Bootstrapping P2P VPN 10 Bootstrapping GroupVPN

Bootstrapping

Peer wants to connect to P2P VPN “Private”

Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN

Bootstrapping

1. Peer discovery: peer queries DHT for private network peers

Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN

Bootstrapping

2. Rendevouz: Exchange connection messages, NAT Traversal Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN

Bootstrapping

2. Rendevouz: Exchange connection messages, NAT Traversal Felix Weißl: Bootstrapping P2P VPN 11 Bootstrapping GroupVPN

Network Address Translation (NAT): - overcome shortage of IPv4 addresses - separation of private and public address space - breaks end-to-end principle - blocks new incoming connections → P2P problem

NAT A NAT B

Source: J. Buford, H. Yu, and E. K. Lua. P2P Networking and Applications. Morgan Kaufmann, 2008. Felix Weißl: Bootstrapping P2P VPN 12 Bootstrapping GroupVPN

NAT Traversal scenario:

Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages 179-192, 2005. Felix Weißl: Bootstrapping P2P VPN 13 Bootstrapping GroupVPN

UDP Hole Punching

Source: B. Ford, P. Srisuresh, and D. Kegel. Peer-to-peer communication across network address translators. In USENIX Annual Technical Conference, General Track, pages 179-192, 2005. Felix Weißl: Bootstrapping P2P VPN 14 Related work

Other techniques for peer discovery: - Social networks: IRC, XMPP - Dynamic DNS - Random Access Probing

Other NAT traversal techniques: - manual: port forwarding - TCP hole punching - Autonomous NAT traversal

Felix Weißl: Bootstrapping P2P VPN 15 Conclusion

- NAT still a main issue in P2P bootstrapping - pure “P2P VPNs” very rare - security mechanisms in existing applications often neglected

Felix Weißl: Bootstrapping P2P VPN 16 Questions

Felix Weißl: Bootstrapping P2P VPN 17