[GSoC 2023] VPN Support Project | Haiku Project | Haiku Project

Haiku · May 11, 2023, 6:47am

Hello everyone! My name is Sean Brady, and I am currently in my Sophomore year at Oregon State University studying Computer Science. In early January of this year, I decided to become a contributor for a Google Summer of Code (GSoC) project focused on operating systems where I researched Haiku and its projects which interested me and the VPN Support Project in particular. From what I can tell, interest in bringing a VPN to Haiku has been in the works since the BeOS days and more recently the tun.cpp file about 4 years ago.

This is a companion discussion topic for the original entry at https://www.haiku-os.org/blog/pairisto/2023-05-08_gsoc_2023_vpn_support_project__haiku_project/

Begasus · May 11, 2023, 9:00am

Wishing you all the best with GSoC Sean!

rjzak · May 11, 2023, 2:53pm

Fantastic! Looking forward to this.

Andrea · May 11, 2023, 5:18pm

It would be fantastic to have OpenVPN on Haiku

win8linux · May 11, 2023, 5:34pm

Wouldn’t Wireguard be easier to port first before OpenVPN, due to being smaller? I do use OpenVPN more FWIW, but Wireguard is also being used more over time.

dakota · May 11, 2023, 6:00pm

IIRC Haiku needs several things in the kernel before we can get either working. That being said, I feel like OpenVPN is relatively portable since it runs on about any Unix-like, and I’m sure with our POSIX layer we’ll get similar results.

PulkoMandy · May 11, 2023, 6:26pm

Wireguard is written in Go (at least parts of it) so we would need a working Go port first. That’s why OpenVPN was selected as the first goal.

win8linux · May 11, 2023, 6:29pm

Oh thanks, it makes sense now.

x68k · May 11, 2023, 9:11pm

Great project. VPNs are very important these days.

marcoapc · May 11, 2023, 9:51pm

Wireguard works in kernel mode, this is a problem for future maintenance and additions, OpenVPN works in user mode, it is easier to maintain and has a wider support base!

marcoapc · May 11, 2023, 9:59pm

Mixing C with GO can cause problems in the code, same goes for Rust:

gist.github.com

https://gist.github.com/dwbuiten/c9865c4afb38f482702e

CGO.md

Problems & Solutions for Interaction Between C and Go
=====================================================

At [Vimeo](https://vimeo.com), on the transcoding team, we work a lot with Go, and a lot with C, for various tasks such as media ingest. This means we use [CGO](https://golang.org/cmd/cgo/) quite extensively, and consequently, have run into bits that are perhaps not very well documented, if at all. Below is my effort to document some of the problems we've run into, and how we fixed or worked around them.

Many of these are obviously wrong in retrospect, but hindsight is 20/20, and these problems do exist in many codebases currently.

Some are definitely ugly, and I much welcome better solutions! Tweet me at [@daemon404](https://twitter.com/daemon404) if you have any, or have your own CGO story/tips, please! I'd love to learn of them.

**Table of Contents**

This file has been truncated. show original

wotef · May 12, 2023, 5:21am

but apart from the tun we need tap interface also, is the student going to support it too?

cb88 · June 2, 2023, 2:26pm

I agree with the general sentiment but , there is also the implementation from FreeBSD which as I understand it has seen some security review (they completely axed the first version due to this) as well as not being written in Go. There is also commercial support behind that implementation so I’d expect it to continue being developed and could get updates similar to imported wifi drivers on Haiku.

wireguard-freebsd - WireGuard implementation for the FreeBSD kernel Appears to be quite small and C only.
GitHub - WireGuard/wireguard-tools: Mirror only. Official repository is at https://git.zx2c4.com/wireguard-tools is also quite small an C only.

Just linking these for reference and in case some interest gets piqued… OpenVPN support would already be awesome.

Another good one to have eventually would be StrongSwan which implements IPSEC VPN.

Akakor · June 2, 2023, 8:32pm

How about OpenVPN-NL? Many insecure and less secure OpenVPN options stripped, hardened, otherwise unchanged. Uses mbed TLS instead of OpenSSL.

OpenVPN-NL

Begasus · June 3, 2023, 6:28am

openvpn is pretty straight forward on getting to build and packaged, took the liberty to check it out and already pushed a branch for that to my github account, you could take a look there if you are interested.
Not sure if underlying patches are needed, but looked ok so far launching the binary (no crashes).