pvpn 0.2.5

Description:

pvpn 0.2.5

VPN Server implemented in pure Python. (For Research Purposes Only)

Introduction
All VPN softwares are stupid, clumsy and hard to configure. So comes python-vpn.

NO app install needed
NO server configuration file
NO network interface added
NO iptables or “/etc” modified

Press “RETURN” to start, “CTRL+C” to stop.


QuickStart
$ pip3 install pvpn
Successfully installed pvpn-0.2.1
$ pvpn -p yourpassword
Serving on UDP :500 :4500...
^C
$ pvpn -wg 9000
Serving on UDP :500 :4500...
Serving on UDP :9000 (WIREGUARD)...
^C
Open server’s UDP port :500 :4500 to your device. In device’s system setting, add an “IPSec” (iOS) or “IPSec IKE PSK” (Android) node, write down the server address and password “yourpassword”. Connect.
If you prefer wireguard VPN, specify “-wg (port)” parameter and open server’s (port) UDP port to your device. Paste the printed server public key to wireguard client settings, write down the server address:port. Connect.
You should modify the default password “test” with a good one. See “pvpn -h” for more options.


Features

Clean, lightweight
IKEv1, IKEv2, L2TP auto-detection
WireGuard
TCP stack
TCP/UDP tunnel
DNS cache



Protocols


Protocol Name
Name in iOS
Name in Android
Name in MacOS
Name in Windows



L2TP PSK ✔
L2TP
“L2TP/IPSec PSK”
L2TP/IPSec
L2TP

IKEv1 PSK ✔
IPsec [1]
“IPSec Xauth PSK”
Cisco IPSec
IPSec

IKEv2 PSK ✔
IKEv2 [2]
“IPSec IKEv2 PSK”
IKEv2
IKEv2

WireGuard ✔
WireGuard App [3]




[1] Do not use certificates
[2] Turn off “user authentication”
[3] Turn off “preshared key”



Examples

TCP Tunnel
If the remote host match in file "rules.country", tunnel through http proxy.

$ pvpn -r http://remote_server:port?rules.country

UDP Tunnel
Redirect all DNS requests to 8.8.8.8.

$ pvpn -ur tunnel://8.8.8.8:53?{53}




Specifications
IPSec/ESP

RFC2406 IP Encapsulating Security Payload (ESP)
RFC3947 Negotiation of NAT-Traversal in the IKE
RFC3948 UDP Encapsulation of IPsec ESP Packets

IKE/ISAKMP

RFC2407 The Internet IP Security Domain of Interpretation for ISAKMP
RFC2408 Internet Security Association and Key Management Protocol (ISAKMP)
RFC2409 The Internet Key Exchange (IKE)
IANA_01 Internet Key Exchange (IKE) Attributes
IANA_02 “Magic Numbers” for ISAKMP Protocol
DRAFT_1 The ISAKMP Configuration Method
DRAFT_2 Extended Authentication within IKE (XAUTH)

IKEv2

RFC7296 Internet Key Exchange Protocol Version 2 (IKEv2)
IANA_03 Internet Key Exchange Version 2 (IKEv2) Parameters
RFC3748 Extensible Authentication Protocol (EAP)
RFC5106 The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method

Diffie Hellman

RFC3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
RFC5903 Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2
RFC5114 Additional Diffie-Hellman Groups for Use with IETF Standards

L2TP

RFC2661 Layer Two Tunneling Protocol “L2TP”
RFC3193 Securing L2TP using IPsec
RFC1549 PPP in HDLC Framing
RFC1661 The Point-to-Point Protocol (PPP)
RFC1332 The PPP Internet Protocol Control Protocol (IPCP)

WireGuard

RFC7748 Elliptic Curves for Security
WireGuard Protocol Specification