Social VPN

A free and open-source P2P VPN that connects you to your friends


What is a Social VPN?

A Social Virtual Private Network is a peer-to-peer (P2P) virtual private network connecting your own personal computers and your friends’ computers. Friendship is determined through a social backend such as a an XMPP server (i.e. Google chat). It provides direct IP connectivity and multicast support between computers by bypassing NATs/routers/firewalls without any administrative configurations. As a result, TCP/IP-based applications running behind NATs/routers can communicate directly. You can share files with SFTP or Samba, stream audio/video with iTunes or VLC, gain remote access through SSH, VNC or RDP. It also supports ZeroConf (Bonjour/Avahi) service discovery, Pidgin instant messaging over Bonjour, multi-user games, network printer access, and much more. For example, you can run your own HTTP server (your own website) on your local machine and have all of your friends get access to that website (with an easy to use name, for example

How does it work?

This software consists of three major components. The first component is a Peer-to-Peer overlay called Brunet. Brunet is a P2P library which allows for the creation of P2P based software; it is different from many other systems because it supports transparent traversal for most typical NATs found in residential and wireless gateways. Therefore, applications behind NATs can talk to each other without any special configuration, which is usually needed for full connectivity in P2P applications – no port fowarding is needed.

The second component is IPOP (IP over P2P). IPOP allocates an IP address to a virtual network interface. With an IP address, unmodified applications can use the P2P network to route IP packets. The process is as follows: 1) an application sends a packet to an IP address mapped to another P2P node, 2) the operating system encapsulates it into an IP packet, then into an Ethernet frame, 3) the Ethernet frame is sent to the virtual network device, 4) our software captures the Ethernet frame, it extracts the IP packet and routes it through the overlay. That same process is done in reverse on the receiving side. Hence, you have full IP connectivity.

The third component is the social networking API. Currently, we are using the Jabber-Net XMPP API. The XMPP backend serves as a trusted social backend which 1) authenticates users, 2) maintains a list of friends for each user, and 3) provides a secure , out-of-band communication channel (TLS) for X.509 certificate exchange.


IPOP - IP over P2P

Written by pstjuste

April 26, 2008 at 8:07 am

%d bloggers like this: