IrcVPN - Irc Virtual Public Network =================================== This is an ethernet tunnel providing basic hubbed or switchet networks via Irc. Warning: If you use this software on a "real" (read: not your own) network: 1. You may run into various flood protections 2. Your IRC-OP may (should?) kill you for that Furthermore: All of your data will go kind-of plaintext over an Irc-channel. While this is a rather uncommon way of IP transit, everybody who is able to join the channel may be able to eavesdrop. Installation and requirements ============================= * python-irclib * ether2any For configuration take a look at conf.py, it has some comments to give you a hint of what the settings will do. Some of the security settings are rather untested, keep that in mind. After configuration, start the tunnel with python ircvpn.py. A tap device will open and the tunnel should be ready to run. What it does and how it works ============================= IrcVPN uses an Irc channel as its transport medium. When starting this tunnel, it makes a connection to the configured Irc server, joins a channel and starts pushing all outgoing network traffic (base64 encoded with a small header) into that channel. The nick will be a combination of the configured prefix and the TAP interfaces MAC address. There are two network modes available: .Hubbed Network In a hubbed network topology all the clients share one broadcast medium, the Irc channel. .Switchet Network In a switched network topology still all the clients join the irc channel and use it for broadcast messages but unicast traffic goes directly to the user to whom it is addressed, as it is sent to the nick-prefix-MAC-address combination. Wether the user with the specific mac actually IS in the network is not checked. Flood protection is kind of the biggest issue for the IrcVPN: After a configured amount of messages most irc servers queue the incoming messages and send them out throttled to one message per second. If the send queue is flooded over its capacity the responsible user gets kicked from the server. So this tunnel is not going to perform very well on normal servers out there. When setting up your own server, the flood protection CAN be turned off but irc servers with configurable flood protections tend to allow flooding only in channels (rendering switched networks unusable) and only if the user has either voice, half-op or op permissions in that channel. This is where voicebot.py comes in: The voicebot voices everyone who utters a certain phrase. Therefore it is kind of ensured that every bot has permission to flood "the ether" with network packets as much as it wants. Irc's right management can always be used to mute, rate-limit or remove spamming or otherwise unwanted clients. Header Format ============= The *fragmentation flag* can be either of o, b, c, e. *o* stands for oneliner, which means that afterwards there is a complete ethernet frame (no fragmentation). *b*, *c*, *e* stand for begin, continue, end and mark packets which are broken into several pieces (as irc does not support infinite line length). The packet id is just a random generated number between 0, 99999 (inclusive). What could be done ================== * replace base64 with something more suitable for Irc * test security settings * find static linkable irc server, patch out flood protection * VVLAN - a Virtual VLAN between irc channels/servers