Social VPN

A free and open-source P2P VPN that connects you to your friends


Who develops and maintains SocialVPN?

The SocialVPN project is part of the ACIS P2P Research Group at the University of Florida. Here are the individuals involved:

  • Pierre St Juste (Social Application) ptony82 at ufl dot edu
  • David Wolinsky (IPOP)
  • Arijit Ganguly (IPOP)
  • Arjun Prakash (Windows Install Scripts)
  • Benjamin Woodruff (UPNP Support)
  • P. Oscar Boykin (Brunet/P.I.)
  • Renato Figueiredo (P.I.)

How is this software useful to me?

If you ever wanted an easy way to share their files privately with their friends and not worry about error-prone, non-intuitive router/NAT port configurations will find this software useful. If you would like to use Windows RDP or VNC to access multiple computers you use, you should download this software.

What are some of the supported/tested applications and protocols?

  • RDP/VNC (Remote access for Windows/Linux)
  • SSH/SFTP (remote shell access)
  • SMB/CIFS (Windows file share)
  • Zeroconf (Bonjour/Avahi)
  • iTunes: share your music libraries with your friends
  • Pidgin: chat application through automatic discovery
  • HTTP: run a web server on your PC that can access by only your friends
  • SIP/VoIP (voice-over-IP tested with Ekiga)
  • Multi-user games (Tested with 3D FPS Warsow also Half-life/CounterStrike)

What are some of the protocols that are NOT supported?

Currently, FTP does not work. Please contact us if you discovered other protocols that do not work.

How secure is this application? Isn’t P2P software insecure?

P2P software is not inherently insecure; the problem with many P2P file sharing systems is that you are never sure if the files you obtain (from untrusted users) can be trusted. In our system, you trust the users you are sharing with, because you decide on who is in your network. The P2P component of our system just handles efficient exchange of messages over the Internet – akin to Skype, but we have an open system that not limited to voice calls and supports a variety of TCP/IP applications.

Ok, good, so only the people who I am friends with can connect to me. How do you guarantee that?

We use a public key cryptography (PKI) based framework for authentication and encryption. Users outside your friends list will not be able to access your machine because its connectivity will be protected cryptographically; yet, the complexity of setting up this security infrastructure is hidden from you, and is extremely simple to use. Just like when you open a secure Web connection you don’t worry about setting up cryptography, in our application this is all transparent from you.

In more depth: The approach is based on public key cryptography and follows protocols akin to those usedĀ  in IPsec and SSL, which are widely used in VPN and Web e-commerce. The first time it runs, your SocialVPN application generates a private/public RSA key pair and publishes the public key to the social networking web site, which acts as a trusted third party. Your friends find your public keys (and you find theirs) using data access APIs provided by the social networking site. Before you and each of your friends communicate over the SocialVPN, authentication is performed to ensure that each peer demonstrates they hold the private RSA key associated with the public key that their peer holds. Once a network connection is authenticated, each and every packet is encrypted with the 3DES algorithm using symmetric keys exchanged during a Diffie-Helman key exchange protocol. The implementation of our security infrastructure builds on C# crypto libraries and is open-source.

Certificate Exchange

Certificate Exchange

How is this different from other related software?

  • Skype is a P2P network that enables users to communicate directly even if behind NATs; the kinds of applications it supports is limited, and it is closed-source. Our system is open and supports a wide variety of TCP/IP applications, including multicast resource discovery.
  • Wippien is also a free, open-source P2P VPN. Our system has differences which include integration with Google Chat, virtual DNS, and a mechanism for dynamic IP address translation that allows your virtual network to grow without worries of colliding IP address spaces with your peers or your existing network.
  • Hamachi is a P2P virtual network that also provide an easy-to-setup VPN; it is closed source, the free version is limited to 16 machines, does not interface to social networking sites, and it does not provide virtual DNS. Our system is free and open-source, it does not pose a cap on number of machines per user, and it seamlessly integrates with a social network to find peers and to generate user-friendly DNS names.
  • OpenVPN is a widely-used open-source VPN. It is not peer-to-peer: it’s not as simple to set up and keep an ad-hoc virtual network as it is in our system.

What information do you collect?

In order to enable research and development that will lead to more efficient algorithms and services in the future, the SocialVPN network is periodically monitored to collect performance and topology information necessary for modeling the P2P social graph. We only collect P2P addresses, number of SocialVPN links, and statistics on the latency and amount of data transferred on SocialVPN links.

Written by pstjuste

April 25, 2008 at 6:15 am

%d bloggers like this: