Category

decentralised vpn

Golang — C++ interoperability in VPN network

The reincarnation of OpenVPN’s C++ library

What is a VPN configuration? And how does understanding this help you protect your digital rights? Find out more here.

At Mysterium Network we are working on the world’s 1st decentralized VPN. Our project is built on Golang (Go). Go is a statically compiled language, which offers a rich standard library. Go is syntactically similar to C but comes out as the winner when it comes to memory safety, garbage collection, structural typing, and CSP style concurrency.

There are many libraries written in C or C++. When you wish to use these libraries within Golang, there are two approaches:

Rewrite the library in Golang

Several projects have gone down this road. Wireguard® has done this, check out some of their libraries.

Reuse the code in a way that Golang can call it.

There are other tools that can help with calling java or objective C code into Golang, but everything goes through an intermediary. At a fundamental level, there is interoperability between C and Golang.

What is VPN configuration? Integrating C++ OpenVPN 3 library into a Golang Mysterium Node.

As mentioned above, we are using OpenVPN under the hood. This was our first protocol and it was used as an external binary (executable file).

What does this mean for VPN configuration? This basically means that a Mysterium Node and OpenVPN are two different processes which communicate using OpenVPN config and IPC (local sockets to be exact).

Now, this has some limitations — for example, software distribution becomes complicated as you also need to distribute OpenVPN binary with each Mysterium Node — two steps, never great for UX.

It was workable for a proof of concept or very early versions, but as we moved to mobile platforms, this approach became very complicated or even not feasible — especially when considering iOS.

To solve this challenge, we decided to find a way to integrate OpenVPN into our Golang project directly. Also, we decided that this package could be useful for others, that’s how this library was born.

Openvpn3 to the rescue.

Openvpn3 is the official library maintained by OpenVPN team and is being used in almost all platforms as client or connector to OpenVPN server. Also, it’s written in C++ which came with some obstacles we needed to solve.

Golang and C++ don’t get along

Our first obstacle was that C++ code cannot be directly called by Golang (Cgo to be exact).
We needed to make small changes to the OpenVPN library itself to export OpenVPN Client as C callable code. This can be found here, and it’s basically a go compatible entry point to the OpenVPN library.

Then there is how Golang treats C code itself (cgo).
The problem was that Golang and it’s package management systems expect that all libraries are source files (i.e. there is no or very limited binary package management). And OpenVPN3 library build process was very over complicated and not easily expressed in a Go way.

What is a VPN configuration without some interoperability? So our decision was to compile that library in advance for all platforms we currently support or produce binaries for (arm family (android ios), amd64 family (Windows, Linux, some simulators). As we use Linux for our automatic build system, we had to set up all compilers and SDKs in one place — but that’s for another blog post. Sign up to our newsletter to hear more about what we’re building.

Our heavily patched docker image is heavily borrowed from Karalabe. The result was a single header file (very simple) and a bunch of static libraries for each platform/OS we needed.

We also had to ensure that these binaries were Go gettable (the go way to fetch a library from GitHub).
We simply committed those libraries to Go repo along with all supporting Go code (which is available at mysterium.network/go-openvpn/openvpn3). Not the best way to distribute the software, but our target was a go gettable library.

Now the easy part 😏 — to call Openvpn3 functions from Go.

It’s quite easily doable. The following examples are simple calls of C functions exported by OpenVPN library (our C wrapper):

And here come problems:

  1. First of all, strict rules as to what can and cannot be passed to C code and vice versa, for example — you cannot pass go function reference to C code.
  2. The openvpn3 client also depends heavily on callback functions. One way to approach this was to use only static functions for callbacks. However, this would have limited the flexibility and usability of the library.
    A hybrid solution was to define customisable callback functions in Go and register them in a map with function ids. Static functions in the OpenVPN3 client would then dispatch respective callbacks to registered functions with corresponding ids.
    Here is how it works (let’s take state event callback function as an example):

User defines normal go structures with methods, which satisfies interfaces expected by callback registry:

Structure is passed to callback registry which is essentially global id -> callback map:

What happens next, callbacks registry inserts user provided structure with methods, and creates a C structure, ready to be passed to C code, but instead of passing go function reference to C code, it passes id which is simply key to callback map and an exported go function (with special comment).

When C code wants to inform user of state changes, it calls static go function and one of the parameters is id. That id is then passed to callback registry to find and call apprioprate user defined callback.

It compiled. At least the Go part — that means that C code is reachable, and all headers are ok.

Most of the dragons started rearing their heads when it came to linking the Go packages with OpenVPN static libraries.

The biggest issue was that — the library was built with C++ compiler, but golang cgo used C compiler by default. As a result, all weird and ugly errors began to raise at the linking stage. So if you see similar errors as in example — you are not alone:

After hours of stack overflow exploration, a simple workaround was to put a empty .cpp file inside the package which uses “C” imports. That way cgo was tricked into using the c++ linker which already had c++ library by default.

There are several other issues we faced in rewiring what VPN configuration looks like without a centralised element. But that again is for another blog post. Stay tuned.

In conclusion

When using new technologies like Golang you have to sometimes go off-chain to find solutions that will help you use existing libraries so that you don’t have to start everything from scratch. However, as most solutions in IT, it’s not a silver bullet.

Key takeaways

  • Precompiled libraries on their own poses security risk — potential library users cannot be sure what is exactly compiled in, as there is no code to review
  • Each OS and architecture combination has to have a separate version of the same library
  • iOS framework problem — iOS framework lib (provided by gomobile tool) is a static library itself. So any other dependencies are linked but not combined into the framework — need to do it as a separate step
  • It’s simply not a go way — golang usually expects all source needed for the package, to be in one place.

Connect with our project

Please be sure to follow and subscribe to the following:

Website — https://mysterium.network

Twitter — https://twitter.com/MysteriumNet

Telegram — https://t.me/Mysterium_Network

Reddit — https://www.reddit.com/r/MysteriumNetwork

Facebook — https://www.facebook.com/MysteriumNet

Steemit — https://steemit.com/@mysteriumnetwork

Bitcointalk — https://bitcointalk.org/index.php?topic=1895626.0

Please join the Telegram groups most relevant to you and engage with our team. We want to hear from you.

English — https://t.me/Mysterium_Network

Rules & FAQ — https://t.me/MysteriumRulesAndFAQ

Announcements — https://t.me/MysteriumOfficialAnnouncements

Node Testing — https://t.me/mysterium_network_nodes

MysteriumVPN Testing — https://t.me/joinchat/I5-aG0z_3SA6PLgQBCOXlA

中文 / Chinese — https://t.me/MysteriumChineseChat

русский / Russian https://t.me/mystRU

Español / Spanish — https://t.me/mysterium_network_espanol

And finally, if you’d like to see more of these types of updates give us some claps and let us know.

*WireGuard” and the “WireGuard” logo are registered trademarks of Jason A. Donenfeld.

Mysterium Network 2018 round up

cybersecurity tips

Happy New Year from Team Mysterium! We’re building a dVPN. What is a VPN service? And why do you need one? We break it down what’s happening in today’s internet, and how they affect your digital rights in this deep dive, “What happened to the Internet?“.

It’s time for a quick update from our team to round up 2018, and our last quarter. It’s been busy, and we’re excited to share some of the milestones that the project has reached.

First things first, here are some fun facts from 2018:

A quick snapshot from: https://testnet.mysterium.network/
  • Over +6,000 unique users used Mysterium Network
  • This made for over +28907 successful sessions — with more than 10.82TB transferred across our network, and average session times of 5 hours and 32 minutes.
  • Our last quarter accounted for over 70% of unique users & successful connections
  • We launched MysteriumVPN app on desktop and mobile. Download MysteriumVPN for Windows, Mac and Android.
  • MysteriumVPN Android app has over 1000 installs with an average of ~50% conversion rate and a 4.3 rating on GooglePlay since our launch on the 19th of December 2018.
  • Launched Mysterium Wallet on Testnet, more on that below.

Now to get a little more granular as to what we’ve been up to in the last three months:

Mysterium API updates

Completed mobile API for OpenVPN

We are using OpenVPN under the hood. What is OpenVPN service? Find out more here. This was the first protocol — external binary (executable file). We didn’t see any problems until we started building for mobile.
This is because you are very restricted as to what you can run as an external process in mobile. This is due to operating system limitations. So we decided we needed to use OpenVPN, not as an external process but by having it embedded into our nodes.

Mobile API for Wireguard®

WireGuard brings cutting-edge cryptography to the MysteriumVPN. Running inside the Linux Kernel, it aims to be faster, simpler and leaner than IPsec. It also intends to perform much faster than OpenVPN. Our Mobile API for Wireguard means that this protocol will available on MysteriumVPN on Android and iOS (coming soon).

Node filtering using node connections statistics

We are now able to analyse successful / failed connections and depending on this ratio we decide on the priority by which to suggest nodes for clients. While node filtering hasn’t been implemented yet, what we have done is improve the visibility of stable nodes by showing at the top of the available list on MysteriumVPN, thereby ensuring better service for all our users.

Other Improvements

  • OpenVPN connection stability improvements
  • OpenVPN re-connect call used for mobile migration between 4G and Wifi networks
  • Code refactoring to accommodate pluggable node services

What is a VPN service? Mysterium VPN updates

Launched MysteriumVPN on Android.

We’re really excited to have launched MysteriumVPN for Android and are powering towards our iOS release. We’d love your feedback on the product. Please download and give us feedback on our dedicated alpha testing telegram channel.

Check out some of the reviews we’ve had so far:

Deployed Mysterium Wallet on Testnet 

The long-awaited Mysterium Wallet is finally here. Check out detailed instructions on how you can register your Mysterium ID using our wallet here. Please note — currently registering identity works on Ethereum Ropsten Testnet only. Test it, and let us know what you think!

Deployed Mysterium ID

Mysterium ID has been deployed internally. To get into more detail check out our dedicated post about how Mysterium ID will work within Mysterium Network.

Marketing updates

YouTube Interview:

Mysterium Network Founder Robertas Visinskis — Cryptocurrency Virtual Summit YouTube interview: “Anonymity and privacy are not the same thing”.

Tech Podcast

Mysterium Network Founder Robert Visinskis talks about restoring our privacy with the first decentralized VPN blockchain project.
https://techblogwriter.co.uk/mysterium-network/

We’ve been talking about VPN service on blockchain at these events and conferences:

Hard Fork Decentralized 2018

Mysterium Network Business Development Lead Andra attended Hard Fork Decentralized 2018 conference in London to discuss privacy, security and decentralization.

https://thenextweb.com/conference/

ETHSingapore: ASEAN’s 1st Ethereum Hackathon

Mysterium Head of Marketing Sharmini was present in ETHSingapore: ASEAN’s 1st Ethereum Hackathon with prominent crypto industry members like Vitalik Buterin in attendance.

https://ethsingapore.co/

Black Hat Europe 2018

Mysterium Business Development Lead Andra was present in Black Hat Europe 2018 in London. Mysterium was looking for synergies with other cybersecurity companies at the event. Black Hat provides attendees with the very latest in research, development, and trends in Information Security.

https://www.blackhat.com/eu-18/

Mysterium Business Development Lead Andra (left) networking with OWASP (The Open Web Application Security Project) at Black Hat Europe 2018.

BlockShow Asia 2018

Mysterium Head of Marketing Sharmini participated in BlockShow Asia 2018 in Singapore.

100+ Speakers. 2000+ Attendees. 76% Senior management. 200+ Journalists. 50+ Countries. Entrepreneurs, investors, talents, developers, startups — all in one place. BlockShow is a major international event for showcasing established blockchain solutions.

Blockshow was a great opportunity to understand the way Asian blockchain works. It was great to speak with and find ways to collaborate with companies across the world. — Sharmini

https://blockshow.com/

During our time at these conferences and in reaching out to the wider community we’ve begun identifying the partners whose values align with ours and we have a series of partnerships lined up for 2019.

Stay tuned for some exciting announcements.

That’s all for now, we’re gonna keep on focusing on the future we’re here to #buidl

Want to stay in the know? Subscribe to our newsletter.

Connect with our project

Please be sure to follow and subscribe to the following:

Website — https://mysterium.network
Twitter — https://twitter.com/MysteriumNet
Telegram — https://t.me/Mysterium_Network
Reddit — https://www.reddit.com/r/MysteriumNetwork
Facebook — https://www.facebook.com/MysteriumNet
Steemit — https://steemit.com/@mysteriumnetwork
Bitcointalk — https://bitcointalk.org/index.php?topic=1895626.0

Please join the Telegram groups most relevant to you and engage with our team. We want to hear from you.

English — https://t.me/Mysterium_Network

Rules & FAQ — https://t.me/MysteriumRulesAndFAQ

Announcements — https://t.me/MysteriumOfficialAnnouncements

Node Testing — https://t.me/mysterium_network_nodes

MysteriumVPN Testing — https://t.me/joinchat/I5-aG0z_3SA6PLgQBCOXlA

中文 / Chinese — https://t.me/MysteriumChineseChat

русский / Russian https://t.me/mystRU

Español / Spanish — https://t.me/mysterium_network_espanol

And finally, if you’d like to see more of these types of updates give us some claps and let us know.

*WireGuard” and the “WireGuard” logo are registered trademarks of Jason A. Donenfeld.

Why use a VPN? MysteriumVPN available on Android

why use a vpn best free vpn

Why use a VPN? Mysterium Network is a fast and scalable transport security layer. Mysterium is reinventing privacy, starting with decentralizing VPN on blockchain which means that our architecture can’t actually keep logs of your traffic. Instead, your traffic data is distributed across the network with no single node having complete access to who you are and what you are doing. We have been open source from day one. Everything is transparent. You can check our source code and even contribute.

Are VPNs Legal?

If you ask yourself “are VPNs legal”, then the answer is it’s not that simple. For the majority of the world, especially in the US, UK, Australia, Europe, and most Asian countries, VPN use is very much legal whether for personal or business reasons.

However, there are only a handful of exceptions the prohibit the use of VPN. For example, North Korea, Belarus, Turkmenistan, Iraq, and Oman have a complete ban on VPN use. This means their citizens are not permitted to use any kind of VPN provider at all. 

Furthermore, in some countries, the are VPNs legal question can be answered by: “It depends on the government.” For instance, China, Russia, Iran, Turkey, and the UAE have restrictions based on their specific government’s provisions. Restriction refers to no outright bans. However, the countries mentioned above can only use a VPN provider that’s been approved by the government.

What does this mean in relation to VPN legality? It indicates that those VPNs permitted to operate in a restricted country are also located in the same place. As such, the providers can report back the activity of their users if necessary. This provision allows government control and monitoring, which, in a way, defeats the purpose of the VPN.

As for the rest of the 185 countries around the globe, though the citizens are free to use VPN, performing illegal activities with the VPN is not permitted by law. This includes downloading copyrighted materials, engaging in cybercrime, or hacking data.

As we continue our mission to create a distributed, trust-less and sustainable network providing open access and privacy to all Internet users; our MysteriumVPN app is now available for mobile Android phones on the Google Play store. Anyone will be able to participate in the world’s first decentralized blockchain VPN network from the convenience of their Android phones and compatible devices. You can download the app and use for free during our alpha testing (also available for Windows and macOS desktop versions). Help us build, improve and continue to reinvent privacy, security and freedom on the Internet by providing your feedback.

The app is built with P2P architecture with focus on highest privacy and anonymity using powerful AES-256 encryption, reputation mechanisms, and layered protection protocols. MysteriumVPN secures your data communication channel by utilizing highest-grade AES-256 encryption with SHA384 cryptographic hashing.

MysteriumVPN app for mobile Android

The MysteriumVPN mobile app uses the OpenVPN protocol. OpenVPN is a open-source commercial software that implements virtual private network techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. Future versions of the MysteriumVPN app will also integrate the WireGuard ® protocol as well.

MysteriumVPN node country Search

The first version of the app for Android will include basic functionality that will allow browsing through and connection to the list of available node countries in the decentralized network TestNet. You can also help provide a secure connection to those in need by hosting your own VPN node. You will be able to see your current IP address and connection status at the top of the screen. The bottom part of the screen shows connectivity statistics like session time duration and amount of traffic received and sent. Other functionality includes a Favorites feature (by marking the star icon) so that you can save your preferred connections for quick and easy access.

MysteriumVPN connected

Quick Access screen shortcut

The MysteriumVPN quick access screen shortcut is available at the top of the mobile phone screen in the Notifications area.

MysteriumVPN quick access screen shortcut

Quick Access screen

You can quickly and easily DISCONNECT your current VPN session in the quick access screen. Session statistics can also be conveniently seen here for monitoring.

MysteriumVPN quick access screen

Feedback form

Selecting the ? question mark icon at the top left of the main app screen opens the Feedback form. Select desired Feedback type (Bug, Connectivity issues, Positive feedback), enter Message and click on the SEND FEEDBACK button to help our team with the development process by providing us with valuable data.

MysteriumVPN Feedback form

You can also help by providing your feedback and interacting with our community. You can join our MysteriumVPN Telegram Testing group for support and communicating with our team to share your experience and thoughts.

The open source code for the mobile app will be available in our GitHub. For iPhone and iOS users we will have that version of the app available in Q1 of 2019. Additional future developments include advanced filtering for improved node country selection. We also have payment flows such as top up your identity, withdraw from your identity and micro-payments for bandwidth coming soon.

*”WireGuard” and the “WireGuard” logo are registered trademarks of Jason A. Donenfeld.

Links

Please be sure to follow and subscribe to the following:

Website — https://mysterium.network
Twitter — https://twitter.com/MysteriumNet
Telegram — https://t.me/Mysterium_Network
Reddit — https://www.reddit.com/r/MysteriumNetwork
Facebook — https://www.facebook.com/MysteriumNet
Steemit — https://steemit.com/@mysteriumnetwork
Bitcointalk — https://bitcointalk.org/index.php?topic=1895626.0

How VPN works? A look into building a dVPN

how vpn works - distributed vpns

MysteriumVPN is the client application of Mysterium Network. Dive into how VPN works, and how is it different with a dVPN.

In this article, we will discuss how VPN works, the architecture of MysteriumVPN and how it integrates with Mysterium Node to ensure an encrypted end to end flow of data through Mysterium Network.

Cross-platform architecture

Usually, you need separate builds for each platform. Now that cross-platform technology has improved, this is no longer the case.

For desktop:

Electron is a framework which allows us to build cross-platform applications using common web technologies such as HTML, CSS and Javascript. We are using Electron which allows us to develop one application for two platforms for desktop — Windows and Mac OS. Linux coming soon. Download our alpha.

Under the hood of an Electron application, sits a Chromiumbrowser; A website, rendered by an embedded browser.

For mobile:

We are kicking off our mobile development for MysteriumVPN, with Android versions set to release shortly.

For this, we are using React Native for cross-platform applications.

Most of MysteriumVPN is written in Javascript, which is run in a separate process. Javascript generates the virtual structure of the user interface. This Javascript process communicates to native mobile processes which are responsible for rendering the actual user interface as you see it.

How Mysterium VPN works? Architecture of MysteriumVPN Desktop Client Application

How MysteriumVPN works on desktop:

Since we are using Electron, we have two processes, MAIN and RENDERER.

MAIN is the first process which is started when the application starts. It is a NodeJS process which is responsible for managing the following functions:

  • Application state and internal operations
  • Tray
  • Kicking off the RENDERER process

The second process is RENDERER and it is responsible for displaying the graphical user interface for the application.

Communication between processes:

Both the MAIN and RENDERER processes need to communicate with each other to stay in sync. For this reason, we are using a standard approach of Inter-Process Communication (IPC).

Javascript is not type-safe, which isn’t very reliable. We use Flow static type checker which adds type-safety for Javascript. This especially applies to syncing data between processes — it becomes less reliable when using out-of-the-box IPC. To improve that, with custom implementation on top to have type-safety.

MessageTransportdescribes a single typed message which is sent between processes. It creates alignment between both processes by introducing sender and receiver objects, ensuring that both sides expect the same arguments of this message.

Here is an implementation:

class MessageTransport<T> {
 _channel: string
 _messageBus: MessageBus
constructor (channel: string, messageBus: MessageBus) {
 this._channel = channel
 this._messageBus = messageBus
 }
buildSender (): MessageSender<T> {
 return new MessageSender(this._channel, this._messageBus)
 }
buildReceiver (): MessageReceiver<T> {
 return new MessageReceiver(this._channel, this._messageBus)
 }
}
class MessageSender<T> {
 _channel: string
 _messageBus: MessageBus
constructor (channel: string, messageBus: MessageBus) {
 this._channel = channel
 this._messageBus = messageBus
 }
send (data: T) {
 this._messageBus.send(this._channel, data)
 }
}
class MessageReceiver<T> {
 _channel: string
 _messageBus: MessageBus
constructor (channel: string, messageBus: MessageBus) {
 this._channel = channel
 this._messageBus = messageBus
 }
on (callback: T => void) {
 this._messageBus.on(this._channel, callback)
 }
removeCallback (callback: T => void) {
 this._messageBus.removeCallback(this._channel, callback)
 }
}

Here is an example of communication between both these MAIN and RENDERER processes:

Example: communicating country proposal updates between processes:

MAIN process is managing country proposals internally and it sends all updates:

this._countryList.onUpdate(countries => {
  this._communication.countryUpdate.send(countries)
})

RENDERER process listens for country updates,

this.rendererCommunication.countryUpdate.on(this.onCountriesUpdate)
...
onCountriesUpdate (countries) {
  this.countriesAreLoading = false
  this.countryList = countries
}

Having such an abstraction layer ensures that communication is type-safe, reliable and features around it are simple to test.

How VPN works with distributed nodes? Integrating Mysterium Node with MysteriumVPN Application.

Once we’ve rendered the application layer, we still need to connect MysteriumVPN to Mysterium Node. Mysterium Nodeis a software that connects you to Mysterium Network where you are able to exchange value for bandwidth.

MysteriumVPN is a client application of Mysterium Network. The successful running of our dVPN on the network will attract other use cases from existing or future businesses that require end-to-end encryption of data, thereby expanding Mysterium Network’s ecosystem.

We require specific information to ensure the successful running of our dVPNservice.

Operation System Service
Since we are running Mysterium Node under the MysteriumVPNapplication we need to supervise the Mysterium Node to ensure that it works.

Our Data Protection Policy
We make a clear distinction between personal data and usage data. We do not collect information on who you are. We collect data on session and connection inputs and outputs. This is important data for us as it gives us visibility on how our technology fares against the realities of cyber oppression. Check out our privacy policy for more information.

Logging
Since we are integrating Mysterium Node into the MysteriumVPNapplication, the application itself gets quite complex. That’s why we have to be prepared to log errors from everywhere, — our application, Mysterium Node, and from Electron.

That means that there are three sources of inputs. When we are inspecting something, we need to understand that these errors can happen in three different places. We need to synchronise those and collect all relevant data from these sources.

Data management in the era of web 3 is complex and we hope to do so in an ethical and fair manner. Check out how our no logs policy protects your personal data.

Build on Mysterium Network

We have an npm package that allows for you to connect to Mysterium Nodeeasily. This is the same package that the MysteriumVPN uses to connect to Mysterium Network. This can be used for any application — it’s literally plug and play.

Interested in contributing to Mysterium Network? We are an open source project focused on bringing privacy, security and freedom to web 3. Check out our Github.