Simple VPN

In notebook:
FrontEndMasters Networking and Streams
Created at:
2017-09-24
Updated:
2017-09-24
Tags:
backend Node JS JavaScript

Question: if we add encryption to this, we could build a VPN?

Totally, let's do it!

  //	****		vpn.js		****

var net = require('net')
var crypto = require('crypto') // provides streaming endpoints
var pump = require('pump') // ☛  a cleaner method to pump pipes
var pw = 'abc123'

net.createServer(function (stream) {
  // **** 3. the final version uses pump
  // instead of .pipe chaining ↴
  pump(
    stream,
    // **** 1. use the cipher  ↴
    crypto.createDecipher('aes192',pw),
    net.connect(5000,'localhost'),
    // **** 2.need also to decipher it  ↴
    crypto.createCipher('aes192',pw),
    // **** 4. so each line is a .pipe step  ↴
    // it still ends with the same stream
    // so it's still a duplex stream
    stream,
    function (err) {
      console.error(err)
    }
  )
}).listen(5005)

npm install -g readme so that you have access to readmes, offline in the terminal

$ readme crypto

Replay attacks

The above implementation is vulnerable to replay attacks. When someones sends a transaction, you capture that packet and send again several times, the server will accept it and redo the transaction. So you would for example need to change each time something in the packet so it's not the same.

creating the vpn client

  //	****		vpn-client.js		****

var net = require('net')
var crypto = require('crypto')
var pw = 'abc123'

// **** 1. we create our serve  ↴
var stream = net.connect(5005,'localhost')
// **** 2. takes stdin  ↴
process.stdin
  // **** 3. swap the other of cipher/decipher  ↴
  .pipe(crypto.createCipher('aes192',pw))
  .pipe(stream)
  .pipe(crypto.createDecipher('aes192',pw))
  .pipe(process.stdout)

Now $ node echo.js and $ node vpn.js

and finally $ node vpn-client.js

At this stage, the crypto is buffering so it looks like no data is coming out. So when you add a lot of text, it will start (the echo server) giving you back what you typed.

To recap

The vpn server connects to the echo server. It de-encrypts the text sent to it, sends it to the echo server. The echo server sends back the response, and the vpn server encrypts back the text and sends it to the client.

The vpn client takes input from the stdin (what we type), encrypts it, sends it (streams it) to the vpn server (localhost:5005) and decrypts the response coming back and writes to stdout.