Convert Figma logo to code with AI

jedisct1 logodsvpn

A Dead Simple VPN.

5,164
391
5,164
1
View on GitHub

Top Related Projects

WireGuard's avatar

wireguard-go

3,028

Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go

OpenVPN's avatar

openvpn

10,821

OpenVPN is an open source VPN daemon

pritunl's avatar

pritunl

4,404

Enterprise VPN server

SoftEtherVPN's avatar

SoftEtherVPN

11,470

Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.

trailofbits's avatar

algo

28,868

Set up a personal VPN in the cloud

StreisandEffect's avatar

streisand

23,178

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

Quick Overview

DSVPN is a minimalist VPN (Virtual Private Network) solution designed for simplicity and ease of use. It aims to provide a secure and efficient way to connect remote devices or networks with minimal configuration and overhead.

Pros

  • Simple setup and configuration process
  • Lightweight and efficient, with minimal resource usage
  • Cross-platform compatibility (Linux, macOS, Windows)
  • No dependencies required, making it easy to deploy

Cons

  • Limited features compared to more comprehensive VPN solutions
  • May not be suitable for large-scale enterprise deployments
  • Lacks advanced security options found in some other VPN software
  • Documentation could be more extensive for troubleshooting and advanced use cases

Getting Started

To get started with DSVPN, follow these steps:

  1. Clone the repository:

    git clone https://github.com/jedisct1/dsvpn.git

  2. Compile the project:

    cd dsvpn
make

  3. On the server, run:

    ./dsvpn server vpn.key auto 1959

  4. On the client, run:

    ./dsvpn client vpn.key <server_ip> 1959

Replace <server_ip> with the actual IP address of your server. Make sure to use the same vpn.key file on both the server and client.

Note: You may need to adjust firewall settings and configure routing tables on both the server and client to enable proper traffic flow through the VPN.

Competitor Comparisons

WireGuard logo

wireguard-go

3,028

Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go

Pros of wireguard-go

  • More robust and feature-rich VPN solution
  • Better performance and lower latency
  • Wider adoption and community support

Cons of wireguard-go

  • More complex setup and configuration
  • Requires kernel support for optimal performance
  • Larger codebase and potentially more resource-intensive

Code Comparison

wireguard-go

func (device *Device) RoutineHandshake() {
    for {
        select {
        case <-device.signals.stop:
            return
        default:
        }
        device.RoutineHandshakeIteration()
    }
}

dsvpn

static void
client_reconnect(void)
{
    for (;;) {
        if (client_connect() == 0) {
            break;
        }
        sleep(1);
    }
}

The code snippets show different approaches to connection handling. wireguard-go uses a more sophisticated routine with signal handling, while dsvpn employs a simpler reconnection loop.

wireguard-go offers a more comprehensive VPN solution with better performance and wider adoption. However, it comes with increased complexity and resource requirements. dsvpn, on the other hand, provides a simpler, lightweight alternative that may be easier to set up and use in certain scenarios, albeit with potentially fewer features and less robust performance.

OpenVPN logo

openvpn

10,821

OpenVPN is an open source VPN daemon

Pros of OpenVPN

  • Widely adopted and well-established VPN solution
  • Extensive documentation and community support
  • Flexible configuration options for various use cases

Cons of OpenVPN

  • Complex setup and configuration process
  • Larger codebase, potentially more vulnerabilities
  • Higher resource consumption

Code Comparison

OpenVPN (server configuration example):

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120

DSVPN (server configuration example):

./dsvpn server vpn.key auto 1959

DSVPN offers a significantly simpler configuration process, requiring only a single command line to set up the server. OpenVPN, while more complex, provides greater flexibility and customization options.

OpenVPN's larger codebase and extensive features contribute to its wider adoption and versatility. However, this complexity can lead to a steeper learning curve and potentially more security vulnerabilities.

DSVPN, being a lightweight alternative, focuses on simplicity and ease of use. It sacrifices some advanced features for a streamlined setup process and smaller attack surface. This makes it an attractive option for users seeking a straightforward VPN solution with minimal configuration overhead.

pritunl logo

pritunl

4,404

Enterprise VPN server

Pros of Pritunl

  • Feature-rich web-based interface for easy management
  • Supports multiple VPN protocols (OpenVPN, WireGuard, IPsec)
  • Scalable for enterprise use with multi-server support

Cons of Pritunl

  • More complex setup and configuration
  • Requires more system resources
  • Steeper learning curve for beginners

Code Comparison

DSVPN (server setup):

int
dsvpn_server(void)
{
    char *ext_ip = NULL;
    char *ext_port = DEFAULT_PORT_S;
    char *vpn_ip = DEFAULT_VPN_IP_S;
    char *vpn_ip_client = DEFAULT_VPN_IP_CLIENT_S;
    char *vpn_cidr = DEFAULT_VPN_CIDR_S;

Pritunl (server setup):

def setup_server():
    logger.info('Starting server setup...')
    setup_local()
    setup_server_cert()
    setup_server_key()
    setup_server_dh_params()
    setup_server_ip_pool()
    setup_server_routes()

The code snippets show that DSVPN has a simpler, C-based setup process, while Pritunl uses Python and involves more complex configuration steps. DSVPN focuses on minimal, straightforward implementation, whereas Pritunl offers more extensive features and customization options.

SoftEtherVPN logo

SoftEtherVPN

11,470

Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.

Pros of SoftEtherVPN

  • More feature-rich, supporting multiple VPN protocols (OpenVPN, IPsec, L2TP, MS-SSTP)
  • Cross-platform compatibility (Windows, Linux, macOS, FreeBSD, Solaris)
  • Graphical user interface for easier management

Cons of SoftEtherVPN

  • Larger codebase, potentially more complex to set up and maintain
  • Higher resource consumption due to additional features
  • May have a steeper learning curve for beginners

Code Comparison

DSVPN (simple configuration):

#define DEFAULT_MTU 1500
#define DEFAULT_PORT 443
#define DEFAULT_IDLE_TIMEOUT 300

SoftEtherVPN (more complex configuration):

#define SE_DEFAULT_PORT_TCP 443
#define SE_DEFAULT_PORT_UDP 500
#define SE_DEFAULT_PORT_IPSEC 4500
#define SE_DEFAULT_HUB_NAME "DEFAULT"
#define SE_DEFAULT_PACKET_SIZE 1500

DSVPN focuses on simplicity with minimal configuration options, while SoftEtherVPN offers more extensive customization and protocol support. DSVPN is designed for quick deployment with less overhead, whereas SoftEtherVPN provides a comprehensive VPN solution with advanced features and multi-protocol support.

trailofbits logo

algo

28,868

Set up a personal VPN in the cloud

Pros of algo

  • More comprehensive VPN solution with support for multiple protocols (WireGuard, IPsec/IKEv2)
  • Automated setup process for various cloud providers
  • Actively maintained with regular updates and security improvements

Cons of algo

  • More complex setup and configuration compared to dsvpn
  • Requires more system resources due to its comprehensive feature set
  • May be overkill for users seeking a simple, lightweight VPN solution

Code comparison

algo (setup.sh):

#!/usr/bin/env bash
set -e

SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd "${SCRIPT_DIR}"

python3 -m virtualenv --python="$(command -v python3)" env

dsvpn (dsvpn.c):

#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>

algo offers a more feature-rich and automated VPN solution, while dsvpn provides a simpler, lightweight alternative. algo is better suited for users requiring a comprehensive VPN setup across multiple platforms, whereas dsvpn may be preferable for those seeking a minimalist, easy-to-deploy VPN option.

StreisandEffect logo

streisand

23,178

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

Pros of Streisand

  • Supports multiple VPN protocols (OpenVPN, WireGuard, etc.)
  • Automated setup process for various cloud providers
  • Includes additional privacy-enhancing tools (Tor, DNSCrypt, etc.)

Cons of Streisand

  • More complex setup and maintenance
  • Requires more server resources
  • Potentially overwhelming for users who need a simple VPN solution

Code Comparison

Streisand (Python):

def get_ip():
    ip = urllib2.urlopen('https://api.ipify.org').read().decode('utf-8')
    return ip.strip()

DSVPN (C):

static int
tcp_listener(const char *address, const char *port)
{
    struct addrinfo hints, *res;
    int             sockfd;

Summary

Streisand offers a comprehensive suite of privacy tools with automated deployment, making it suitable for users seeking a robust, multi-protocol solution. However, its complexity and resource requirements may be excessive for those needing a simple VPN. DSVPN, on the other hand, provides a lightweight, single-protocol option that's easier to set up and maintain, but lacks the extensive features of Streisand.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

DSVPN

GitHub CI status CodeQL scan

DSVPN is a Dead Simple VPN, designed to address the most common use case for using a VPN:

[client device] ---- (untrusted/restricted network) ---- [vpn server] ---- [the Internet]

Features:

  • Runs on TCP. Works pretty much everywhere, including on public WiFi where only TCP/443 is open or reliable.
  • Uses only modern cryptography, with formally verified implementations.
  • Small and constant memory footprint. Doesn't perform any heap memory allocations.
  • Small (~25 KB), with an equally small and readable code base. No external dependencies.
  • Works out of the box. No lousy documentation to read. No configuration file. No post-configuration. Run a single-line command on the server, a similar one on the client and you're done. No firewall and routing rules to manually mess with.
  • Works on Linux (kernel >= 3.17), macOS and OpenBSD, as well as DragonFly BSD, FreeBSD and NetBSD in client and point-to-point modes. Adding support for other operating systems is trivial.
  • Doesn't leak between reconnects if the network doesn't change. Blocks IPv6 on the client to prevent IPv6 leaks.

Installation

make

On Raspberry Pi 3 and 4, use the following command instead to enable NEON optimizations:

env OPTFLAGS=-mfpu=neon make

Alternatively, if you have zig installed, it can be used to compile DSVPN:

zig build -Drelease

On macOS, DSVPN can be installed using Homebrew: brew install dsvpn.

Secret key

DSVPN uses a shared secret. Create it with the following command:

dd if=/dev/urandom of=vpn.key count=1 bs=32

And copy it on the server and the client.

If required, keys can be exported and imported in printable form:

base64 < vpn.key
echo 'HK940OkWcFqSmZXnCQ1w6jhQMZm0fZoEhQOOpzJ/l3w=' | base64 --decode > vpn.key

Example usage on the server

sudo ./dsvpn server vpn.key auto 1959

Here, I use port 1959. Everything else is set to the default values. If you want to use the default port (443), it doesn't even have to be specified, so the parameters can just be server vpn.key

Example usage on the client

sudo ./dsvpn client vpn.key 34.216.127.34 1959

This is a macOS client, connecting to the VPN server 34.216.127.34 on port 1959. The port number is optional here as well. And the IP can be replaced by a host name.

That's it

You are connected. Just hit Ctrl-C to disconnect.

Evaggelos Balaskas wrote a great blog post walking through the whole procedure: A Dead Simple VPN.

He also maintains systemd service files for DSVPN. Thank you Evaggelos!

A note on DNS

If you were previously using a DNS resolver only accessible from the local network, it won't be accessible through the VPN. That might be the only thing you may have to change. Use a public resolver, a local resolver, or DNSCrypt.

Or send a pull request implementing the required commands to change and revert the DNS settings, or redirect DNS queries to another resolver, for all supported operating systems.

Advanced configuration

dsvpn   "server"
        <key file>
        <vpn server ip or name>|"auto"
        <vpn server port>|"auto"
        <tun interface>|"auto"
        <local tun ip>|"auto"
        <remote tun ip>"auto"
        <external ip>|"auto"

dsvpn   "client"
        <key file>
        <vpn server ip or name>
        <vpn server port>|"auto"
        <tun interface>|"auto"
        <local tun ip>|"auto"
        <remote tun ip>|"auto"
        <gateway ip>|"auto"
  • server|client: use server on the server, and client on clients.
  • <key file>: path to the file with the secret key (e.g. vpn.key).
  • <vpn server ip or name>: on the client, it should be the IP address or the hostname of the server. On the server, it doesn't matter, so you can just use auto.
  • <vpn server port>: the TCP port to listen to/connect to for the VPN. Use 443 or anything else. auto will use 443.
  • <tun interface>: this is the name of the VPN interface. On Linux, you can set it to anything. Or macOS, it has to follow a more boring pattern. If you feel lazy, just use auto here.
  • <local tun ip>: local IP address of the tunnel. Use any private IP address that you don't use here.
  • <remote tun ip>: remote IP address of the tunnel. See above. The local and remote tunnel IPs must the same on the client and on the server, just reversed. For some reason, I tend to pick 192.168.192.254 for the server, and 192.168.192.1 for the client. These values will be used if you put auto for the local and remote tunnel IPs.
  • <external ip> (server only): the external IP address of the server. Can be left to "auto".
  • <gateway ip> (client only): the internal router IP address. The first line printed by netstat -rn will tell you (gateway).

If all the remaining parameters of a command would be auto, they don't have to be specified.

Related projects

Why

I needed a VPN that works in an environment where only TCP/80 and TCP/443 are open.

WireGuard doesn't work over TCP.

GloryTun is excellent, but requires post-configuration and the maintained branch uses UDP.

I forgot about VTUN-libsodium. But it would have been too much complexity and attack surface for a simple use case.

OpenVPN is horribly difficult to set up.

Sshuttle is very nice and I've been using it a lot in the past, but it's not a VPN. It doesn't tunnel non-TCP traffic. It also requires a full Python install, which I'd rather avoid on my router.

Everything else I looked at was either too difficult to use, slow, bloated, didn't work on macOS, didn't work on small devices, was complicated to cross-compile due to dependencies, wasn't maintained, or didn't feel secure.

TCP-over-TCP is not as bad as some documents describe. It works surprisingly well in practice, especially with modern congestion control algorithms (BBR). For traditional algorithms that rely on packet loss, DSVPN couples the inner and outer congestion controllers by lowering TCP_NOTSENT_LOWAT and dropping packets when congestion is detected at the outer layer.

Cryptography

The cryptographic primitives used in DSVPN are available as a standalone project: Charm.

Guarantees, support, feature additions

None.

This is not intended to be a replacement for GloryTun or WireGuard. This is what I use, because it solves a problem I had. Extending it to solve different problems is not planned, but feel free to fork it and tailor it to your needs!