Category

developers

VPN vs Tor vs dVPN – what’s the difference?

VPN vs Tor

VPN vs Tor vs dVPN - What are the real differences?

In this article we will break down the fundamental differences between three different types of technologies that protect your privacy online.

Not a reader? Check out this video where one of our contributors sums up the ways in which the technical architecture of VPN, Tor and dVPNs differ.

What is Tor, and how is it different to a distributed VPN (dVPN)?

The internet was not built to be private and secure by default. Its flexible protocols allow people to build unique software and applications, but these still need to be protected. In this VPN vs Tor comparison, we will look at the various ways the technologies are similar and different.

Tor is a project designed to protect users since 2002. It’s an open-source browser which enables anonymous communication online. It was first developed by Syverson and computer scientists Roger Dingledine and Nick Mathewson, who originally called it The Onion Routing (Tor) project, due to its “layers” of encryption.

Tor browser and VPNs are similar in their aims but not in their technological approach. While both will hide your identity and ensure your browsing activity is kept private and encrypted, there are certain advantages and disadvantages to each. That’s why using the two systems together is your safest bet for securing your digital privacy.

VPN vs Tor

How Tor works

Tor utilises a system that was originally developed by the US Navy to protect intelligence communications. It “bundles” your data into smaller, encrypted packets before it begins routing these through its vast network of nodes, which can be run by anyone. The chosen path is randomised and predetermined, and your traffic will pass through a minimum of three relay nodes before it reaches a final exit node.

Each time your traffic passes through a relay node, a “layer” of encryption is removed, revealing which relay node the traffic should be sent to next. Each relay node will only be able to decrypt enough data to identify the location of the next relay, and the one before it who passed on the traffic.

Exit nodes, however, remove the last layer of encryption. It can’t see your location or IP address, but it is possible for an exit node to see your activity if you visit an unsecure website (one that is not HTTPS).

VPN vs Tor

How does a VPN work?

A regular VPN seems much simpler, because there is a third party involved. Your VPN provider will encrypt all of your data and browsing activity, directing all your traffic to a remote server owned or hired by them. You can usually choose from a list of servers located across the world, so you’re able to unlock your content based on where the website is based.

A decentralized VPN mimics the architecture of Tor more closely. As a peer to peer system, you plug into a global network of nodes run by people voluntarily. However, all nodes are paid for providing the VPN service and keeping the network powered. In the case of Mysterium Network, you can select your connection from a list of nodes (as most of them provide residential IP addresses) from around the world. Traffic is encrypted and directed through the network, and you pay the node for the minutes you are connected and the traffic you’re sending through them. Mysterium has built its own micropayments system specifically to accommodate these fast, frequent and small P2P transactions.

Let’s now dive into VPN vs Tor vs dVPN so you can see how they compare.

How does a VPN work?

Mysterium Network

A global collection of nodes (usually run in people homes) power a VPN network by sharing their bandwidth P2P in exchange for cryptocurrency.

Users can easily become a node and also download the VPN app to select from a global menu of node IDs

Tor

The main goal of Tor is privacy and anonymity. It’s a browser which anonymizes your web browsing by sending your traffic through various nodes, which can be hosted by anyone. Your traffic cannot be traced as each node encrypts traffic and hides the source IP.

VPN

Not a network, but more a global centralised VPN service which uses dedicated data center servers around the world in hundreds of different locations. Such VPN companies provide, centralized VPNs also allow P2P traffic on certain servers and can additionally provide  Dedicated IP address, Double VPN, Onion Over VPN and connection to the Tor anonymity network.

How are nodes incentivised or rewarded?

Mysterium Network

Pilot program

Monthly bounties which reward nodes in cryptocurrency. Only a crypto wallet on Ethereum blockchain is required.

P2P payment network
(coming soon)

Nodes set their own price based on supply and demand. This unique micropayments system utilises cryptocurrency payments, so nodes can sell their bandwidth in small intervals, ensuring security and convenience.

Tor

Tor doesn’t have node incentivisation. All nodes are operated by volunteers.

This lack of incentivisation for nodes in the network has meant it remains relatively small (after 10+ years of development, it still only has 6500 exit nodes).

VPN

Nodes are not incentivized in centralized VPNs as these businesses own the infrastructure and charge end users for the service.

Node onboarding

Mysterium Network

Anyone can run a node using their laptop, or even mini computers such as a Raspberry Pi. In future, even mobile devices are planned to be supported to run node). Link a node to their Ethereum wallet address via an easy to use dashboard, and track earnings at My.Mysterium.Network.

Tor

Anyone can create and run a Tor node. However, there are various technical requirements and it’s recommended that you do not run a relay (non-exit) node from a consumer-level route, as it may overwhelm it.

VPN

VPN companies manage their own servers/exit nodes, so all setup and maintenance is done by company’s employees.

By paying for the service, users get access to the VPN service, but do not help power it.

Node onboarding costs & fees

Mysterium Network

While on testnet, Mysterium VPN is currently free to use.

Once live, users will pay in cryptocurrency for only the bandwidth they consume on a pay-per-use model.

Nodes earn cryptocurrency directly from users of this VPN service. They will pay a small fee to their “accountant” for validation of their payments, similar to paying miners for processing your transactions in a blockchain network.

Tor

Tor is free to use.

VPN

Monthly subscription model, rather than a pay-as-you-go structure. Sometimes users are even motivated to pay for a 3 year subscription in advance.

User Security

Mysterium Network

Mysterium is a fast and scalable security layer to reinvent privacy via VPN. It’s built so that different protocols can be plugged into the node network.

Mysterium is also working on a traffic slicing solution which could send traffic to different services via different nodes.

Thanks to Wireguard and OpenVPN protocols, user’s traffic is encrypted, so even ISPs can’t see what is in there.

Tor

While Tor has better privacy/anonymity properties and is great at hiding your browsing activity, your ISP can still see that you’re connected to Tor. This could lead to surveillance, as US government agencies (FBI/NSA) are constantly trying to crack Tor and discover its users activity.

The owner of the entry node will be able to see your real IP address. After this node hides your address, the rest of the nodes will no longer know who you are. The last node will see what you’re looking at, but not your identity.

This presents some risks when using the network, but in terms of privacy, it is the best available option at the moment.

VPN

Traditional VPN services route all users’ internet traffic through a remote server, hiding IP addresses and encrypting all incoming and outgoing data. For encryption, they use the OpenVPN and Internet Key Exchange v2/IPsec technologies in their applications.

One company admits their servers were hacked due to an expired internal private key being exposed, potentially allowing anyone to spin out their own servers imitating their own.

Additionally, a VPN exit node knows both a user’s IP and destination addresses. If that destination is not encrypted (e.g. not using HTTPS), they can see the content you’re accessing.

Logging policy

Mysterium Network

No centralised logs! The distributed architecture of Mysterium Network removes any technical possibility for collecting or storing logs centrally.

Tor

Some hypothesize that a number of nodes are run by malicious actors (eg. the NSA) who could potentially control enough nodes to effectively track users’ activity. The network itself is unable to store logs, however a Tor entry and exit node may be able to see your traffic or IP address, but actually piecing the information together to identify you would require a lot of effort.

VPN

In theory, a centralized VPN *could* keep logs of a user’s activity, but many state they are committed to a zero-logs policy. However, nobody can be really sure that they’re not cooperating with governments or not selling user’s browsing data to 3rd parties.

Node Security

Mysterium Network

Mysterium allows users to select whitelisted traffic only, designed to protect nodes. However nodes can choose to accept any kind of traffic and increase their earning potential. They’ll soon identify and block bad actors from the network through the use of registered identities and reputation system.

We are currently in R&D for a traffic slicing solution which will allow node runners to preselect the type of traffic they are willing to run through their node – i.e. social media, blogging, streaming, etc. while the remaining traffic could be sent forward into Tor or rejected.

Tor

Running a node can be risky, as you can potentially receive a lot of shady outbound traffic as an exit node. Being an exit node comes with the highest legal exposure and risk, so you should not run a node from your home. Your ISP may disconnect your service and you may receive some letters from various authorities.

VPN

Nodes are protected as the centralized VPN assumes all security and legal risks.

Ease of Use

Mysterium Network

VPN is simple to use via desktop or mobile application.

New nodes can get set up in just 5 minutes and 5 steps via a simple, user-friendly dashboard. There is a knowledgebase and support team on hand to help.

Users will need to have some basic understanding of cryptocurrency and must have an Ethereum wallet set up (or have a crypto exchange account) to receive payments.

Learn more about our network and development.

Tor

Anyone can download and install Tor browser to connect to the internet (similar to any other browser).

However, browsing is slow (as all your traffic has to pass through numerous nodes first). Its practical usability suffers (e.g. not being able to  unblock media content) but this drawback is the exchange for better anonymity.

For nodes, a Tor relay must be able to host a minimum of 100 GByte of outbound traffic (and the same amount of incoming traffic) per month.

VPN

Some VPNs have smart algorithms which automatically select the best server for you based on location, loads, or your special requirements.

Centralised VPN apps are also easier to use, allow convenient payment methods (eg. via credit card) and have 24/7 user support.

Scalability

Mysterium Network

As with most P2P infrastructure, the more participants which join the network, the stronger and more robust it becomes.

Mysterium’s micropayments system is a homegrown Layer 2 solution. It was built to handle large volumes of users and transactions, making the network fast and more scalable.

Tor

Tor is currently used by a couple million of users. Due to its distributed nature, the network can (in theory) grow larger. However it would require a much higher number of nodes. Unfortunately, despite its millions of users, Tor has not had huge growth in nodes due to its being a free service run by volunteers. Without incentivisation for nodes, it can only grow so fast.

VPN

Depends on high bandwidth throughput and fast connection speeds to provide an optimal service for their users. Often use multiple tunneling protocols to ensure their network can scale and can adapt to various needs.

Compatible with

Mysterium Network

Android, Mac, Windows, Linux.

Tor

Tor for android, Windows, Mac, Linux and as a separate tab in Brave browser.

VPN

Android, Windows, Mac, iOS, Chrome/Firefox extension, Linux.

Open Source?

Mysterium Network

Sure! Transparent and collaborative from Ground Zero – check out Myst codebase.

Tor

Yes – open source pioneer.

VPN

No – centralized VPNs are proprietary and closed source.You can only imagine what they do with your collected data stored in their servers.

Decentralized?

Mysterium Network

You bet.

Tor

Yes, but it doesn’t use blockchain for payments.

VPN

Nope. Decentra-what?

Network Status

Mysterium Network

Testnet live – 900 residential nodes, with more than 500 live at any given point.

Tor

Approx. 6500 exit nodes.

VPN

Depends on size of VPN provider, but biggest can provide over 5200 servers in 59 countries.

So, Tor or VPN - why not both?

Tor and VPNs are complementary privacy solutions, so they can work together to enhance your security and anonymity even more.

There are two methods for merging Tor with VPN:

VPN over Tor: connect to the Tor browser, then activate your VPN. This is a more complex method as it requires some manual configuration. As your VPN’s server acts as the final exit node, Tor’s own exit nodes will not be able to peel back the final layer of encryption to reveal your activity. While your ISP can tell that you’re using Tor, it would be able to trace your activity and keeps your IP address hidden from your VPN service.

Tor over VPN: Connect to your VPN, then open your Tor browser. Your VPN will encrypt all of your traffic before it enters the Tor network, and also hides your IP address. It also hides the fact you’re using Tor from your ISP. However, if your VPN provider chooses to keep logs, it can see that you’re using Tor. This is why it’s best that you use a decentralised VPN, which cannot keep user logs.

Both Mysterium and Tor can be pieced together to ensure full privacy coverage. One of Mysterium’s most considered features is to extend our whitelisting in such a way so that your traffic would only exit via a Mysterium node’s IP, while the rest of the traffic would be forwarded throughout the Tor network. In this way, Mysterium users will get to un-geoblock content, and our node runners will not risk unwanted content going through their node.

how to build a blockchain app

The Bigger Picture

Mysterium and Tor Network are both grassroots, open source technologies who have managed to grow large community-driven technologies without any corporate backing or support. However, we have one point of difference; while regular VPNs offer to protect their users (for a price), we believe the fight against surveillance, censorship and cybercrime is a shared one. Regular VPNs do nothing to address the infrastructural flaws of the internet, instead they apply a quick fix solution. We want to rebuild the internet itself, creating people-powered networks that are immune to corporate or government control.

Tor helped kickstart this grassroots anonymity revolution and now we’re taking it even further. Our trustless, P2P payment network (currently on testnet) will be the first of its kind. It allows users of our global, distributed VPN to pay each other in short and frequent intervals, whenever they “rent” a VPN service from each other. We believe this is the missing link for current privacy solutions – mutual incentivisation, and the goal of restoring the internet to its former glory.

Try our free dVPN app for Android. You can also decide which tor browser for android to use.

Try our free dVPN app for Android. You can also decide which tor browser for android to use.

Join the Mysterium Army here

Opensource VPN partnership alert 🚨🎉 Portals builds on Mysterium Network

open source vpn

Portals VPN builds on top of Mysterium Network

We’re excited to announce the first project building on Mysterium Network! Mysterium Network is building a decentralised VPN, but we are also fundamentally an open source VPN. 

Portals has built on top of our open-source infrastructure to bring consumer VPN users into Mysterium ecosystem.

To celebrate this new milestone, Portals is offering a discount to all Mysterium users who’d like to sign up and give their Android application a go.

Related: What is a VPN connection? And why is it needed as our internet splinters apart?

What is Portals?

Portals is a dVPN application that plugs directly into Mysterium Network’s pool of nodes. Yes, you heard correct – a business, building on our infrastructure and sending traffic to our node network. And it doesn’t stop there.

Portals are focused on consumer adoption. They offer a subscription service, with monthly or annual payments. This means that Portals users can pay not just with cryptocurrencies, but with cold hard credit cards. Under the hood, this will drive traffic into Mysterium Network and tokens into Mysterium node runners’ pockets. Once a user signs up for Portals, all they need to do is pick the country they’d like to connect to. Portals’ built-in algorithm selects the best nodes for them to connect to based on quality, and the service the user is looking to access. 

Portals also offer live chat, which means anyone with issues getting their dVPN application up and running will have a helping hand.

A small step for dApps, a giant step towards mass adoption.

With Portals, users will be able to access the benefits of Mysterium Network’s pool of residential IPs without having to even know what ETH or MYST is! More users and traffic will flow into Mysterium Network, without all that crypto mumbo jumbo needing to be explained to people who just want an app that’s easy to use.

Portals app is available on Android, Mac and Windows. Check them out here.

open source vpn

Check out PORTALS VPN,
30% off all plans with
code STOPSPY

Get Portals VPN

Why are decentralized VPNs important?

Centralized VPNs today have full access to the history and metadata of what we consume online.

“The websites we browse, torrents we download, movies we watch on Netflix, the time we spend playing games, watching Youtube, idling on social networks – we can only imagine (and know from certain instances) how this data is used to track us and eventually influence our behaviour,” says the team behind Portals VPN.  

“This influence is so strong yet so concealed, that we have the right to replace the term “influence” to the term “control” in this context.”

Portals VPN is built on the belief that the more Internet users become aware of this control that centralized VPN providers have, the more they will turn to decentralized solutions. 

Why is this step important to Mysterium Network?

Mysterium Network is building a distributed VPN node network. 

While we have a reference implementation of our technology available, as an open-source VPN one of our goals is to help create tooling that allows for easy integration into our node network.

This means that we can continue to focus on building our node software, nurturing our community of nodes and helping developers build apps that drive traffic through the network.

Portals building on top of Mysterium is an important step for us as it will help us with the following:

  • Getting feedback on our developer documentation to ease future open source adoption of our technology;
  • Building processes to help onboard open-source talent more seamlessly into first learning about Mysterium technology, and then building on top of it;
  • Gaining a new channel through which traffic will enter our network and gets distributed across our node runners.

An open Internet for all

Portals and Mysterium are just two of the many projects pioneering decentralization. The ecosystem is made up of a range of companies, initiatives and projects all working together to create a better Internet for all. 

The magic of decentralized technology means that different platforms complement each other, merging to form a new Internet that is as accessible, interoperable and open – as if it were one. 

Related: Read our behind-the-scenes look into how networks like these are built.

Stay tuned for our developer bounties

Portals is the first of many projects that we hope will join us in building Mysterium’s wider ecosystem.

We will be announcing developer bounties on the 1st of March through our blog and community channels, so stay tuned to find out how you can contribute to a more free, more open Internet – and earn while you do it.

Decentralised VPN (dVPN) Comparison 2020

dvpn comparison

Decentralised VPN (dVPN) Comparison

The following is a continually dVPN comparison is a resource tracking the differences between emerging decentralised virtual privacy networks in the market.

Last updated: 19 May 2020

If you would like to see an additional dVPN compared here, please do get them to reach out to us, we’d love to continue to develop this as an educational resource for end-users to make educated decisions on their digital lives.

Related: Tor vs VPN vs dVPN – what are the differences?

Network Design

Mysterium Network

A global collection of nodes power a VPN network by sharing bandwidth P2P in exchange for cryptocurrency.

Users can easily become a node and also download the free VPN app to select from a global menu of IP addresses/bandwidth providers.

Orchid

VPN users connect to bandwidth sellers (nodes) using a directory. Node providers stake tokens to advertise these services.

Users install the Orchid VPN, add OXT to their wallet, and can then access the internet through their preferred path (single or multi-hop).

Sentinel

P2P VPN network also functioning as an SDK. Allows anybody to become a “resource node” by selling their unutilized computing resources in the marketplace.

Users mask their Internet traffic through a series of nodes.

VPN

A global VPN service which can provide Dedicated IP address, Double VPN, Onion Over VPN and connection to the Tor anonymity network. 

As well as dedicated data centre servers around the world, centralized VPNs also allow P2P traffic on certain servers  – there are hundreds of them in different locations around the world, optimized for file sharing.

How are nodes incentivised or rewarded?

Mysterium Network

Pilot program
Monthly bounties for UK, US, Italian and German participants, earning up to $600 in ETH per year. Only an email and IP address is required.

P2P payment network
(coming soon)
Nodes set their own price based on supply and demand. This unique micropayments system utilises cryptocurrency payments, so nodes can sell their bandwidth in small intervals, ensuring security and convenience.

Orchid

Stake-weighting
Anyone can operate an Orchid Node, but must first stake (lock up as collateral) the native OXT cryptocurrency. The more OXT that is staked, the more traffic they can receive, and the greater the chances of reward in the Network.

Orchid uses an advanced payments architecture known as probabilistic nanopayments for per-packet network payments.

Sentinel

Resource Nodes can earn the native $SENT token in return for contributing network bandwidth and other resources by hosting a Service Node for the dVPN Service.

VPN

Nodes are not incentivized in centralized VPNs as these businesses own the infrastructure and charge end users for the service.

Node Onboarding

Mysterium Network

Anyone can run a node using their computer, mining equipment or compatible hardware such as a Raspberry Pi. Link your node to your Ethereum wallet address via an easy to use dashboard, My.Mysterium.Network to track your earnings.

No staking is required to be a node – sign up is free.

Orchid

Anyone can run a node by signing up to the stake registry and provider directory on the blockchain.

However, all new nodes must purchase and stake OXT to start receiving traffic.

Sentinel

Running a node requires technical knowledge of how to install a docker and configure a node. At present there is no user-friendly dashboard or application for download.

VPN

No need to onboard. By paying for the service, users get access to the VPN service, but do not help power it.

Costs & fees

Mysterium Network

While on testnet, the VPN is currently free to use.

Once live, users will pay in cryptocurrency for only the bandwidth they consume on a pay-per-use model.

Nodes pay no fees and earn cryptocurrency directly from users of this VPN service.

Orchid

Users pay for the bandwidth in OXT.

Nodes pay OXT to advertise their services.

Sentinel

Using their on-chain, inbuilt ‘Token Swap’ feature, users can privately purchase $SENT tokens to access any service on the Sentinel network.

Running a node is free.

VPN

Monthly subscription model, rather than a pay-as-you-go structure. Users get access to a VPN service where they can select from IP addresses based all over the world to suit their browsing needs.

VPN Security

Mysterium Network

Layered protection protocols built to protect any individual or organization. Mysterium is a fast and scalable transport security layer to reinvent privacy via VPN. Traffic is encrypted and sharded into separate pieces, filtered in an unrecognisable form through the distributed node network — without the possibility of being traced or censored.

Orchid

Users can select single- or multi-hop onion routed circuits by selecting nodes randomly weighted on stake and filtered by price, location, etc. A single hop route has the benefits of a normal VPN connection, creating a tunnel to route your traffic over a public network or your ISP, while a multi-hop connection provides additional privacy benefits by securing your network data from any one provider.

Sentinel

Swixer is Sentinel’s first utility that allows anybody to simply convert their cryptocurrency tokens online while keeping their data away from prying eyes.

User’s privacy is enhanced by Swixer’s cross-chain swaps between the Ethereum chain and other blockchains which possess a working zero-knowledge protocol or privacy layer within the protocol.

VPN

Traditional VPN services route all users’ internet traffic through a remote server, hiding IP addresses and encrypting all incoming and outgoing data. For encryption, they use the OpenVPN and Internet Key Exchange v2/IPsec technologies in their applications.

One company admits their servers were hacked due to an expired internal private key being exposed, potentially allowing anyone to spin out their own servers imitating their own.

Logging policy

Mysterium Network

no logs! Mysterium protocol removes any technical possibility for collecting or storing logs centrally.

Orchid

No logs.

Sentinel

No logs.

VPN

In theory, a centralized VPN *could* keep logs, but most state they are committed to a zero-logs policy.

Node Security

Mysterium Network

Mysterium allows users to select whitelisted traffic only, designed to protect nodes. However nodes can choose to accept any kind of traffic and increase their earning potential. They’ll soon identify and block bad actors from the network through the use of registered identities and reputation system.

Orchid

Users can prevent certain kinds of attacks from malicious exit nodes by using a default exit node whitelist consisting of trusted VPN partners. Users can use their own whitelists, and eventually well known third parties will emerge as whitelist curators.

Sentinel

Sentinel is developing a relay network, where participants in the network can choose to be a relay or an exit node on which encrypted tunnels traffic between the VPN paid user and an exit node.

It will also involve the use of governance nodes which will dictate path of packet transmission between user and exit node.

VPN

Nodes are protected as the centralized VPN assumes all security and legal risks.

Ease of Use

Mysterium Network

VPN is a simple to use and free desktop or mobile application.

New nodes can get set up in just 5 minutes and 5 steps via a simple, user-friendly dashboard. There is a knowledgebase and support team on hand to help.

Users will need to have some basic understanding of cryptocurrency and must have an Ethereum wallet set up to receive payments.

Learn more about upcoming features.

Orchid

VPN app designed for mobile and desktop. People wishing to be nodes must register and have some prior knowledge of cryptocurrency and staking.

Sentinel

Sentinel is not user-friendly and is better suited to more technically proficient users or those intuitive with Ethereum DApps and blockchain platforms.

VPN

Smart algorithms automatically select the best VPN server for you based on location, loads, or your special requirements.

They also have a dedicated support team.

Scalability

Mysterium Network

As with most P2P infrastructure, the more participants which join the network, the stronger and more robust it becomes.

Mysterium’s micropayments system is a homegrown Layer 2 solution. It was built to handle large volumes of users and transactions, making the network faster and more scalable.

Orchid

Orchid uses a probabilistic payment system which scales to millions of transactions per second, enabling a highly liquid bandwidth market without a trusted central party.

Sentinel

Sentinel’s “multi-chain architecture” secures data exchange between people and both centralized and decentralized applications meaning. This is meant to solve problems with infrastructure and scaling.

VPN

Depends on high bandwidth throughput and fast connection speeds to provide an optimal service for their users. Often use multiple tunneling protocols to ensure their network can scale and can adapt to various needs.

Social following

Mysterium Network

11.3K Twitter Followers

2000 Medium Followers

2088 Telegram Members

Orchid

27.1 K Twitter Followers

235 Medium Followers

4381 Telegram Members

Sentinel

3,392 Twitter Followers

336 Medium Followers

2946 Telegram Members

VPN

Not applicable.

Compatible with

Mysterium Network

Android, Mac, Windows, Linux.

Orchid

iOS, Android, Mac, Linux, and (soon) Windows.

Sentinel

Mac, Windows, Linux, Android.

VPN

Android, Windows, Mac, iOS, Chrome/Firefox extension, Linux.

Decentralised?

Mysterium Network

You bet.

Orchid

Of course.

Sentinel

Of course.

VPN

Nope. Decentra-what?

Network status

Mysterium Network

Testnet live – 900 residential nodes, with more than 300 live at any given point.

Orchid

Between five and 10 node providers at launch, including players from both the traditional VPN world and “new entrants from the crypto space.”

Sentinel

83 nodes in the network, with an average of 28 at any time

VPN

Choose from over 5200 servers in 59 countries.

Also – several cases of being hAcKEd

Open Source?

Mysterium Network

Transparent and collaborative from Ground Zero – check out Myst codebase.

Orchid

Duh. Everything to see here.

Sentinel

Yep. Peek under the hood here.

VPN

No – centralized VPNs are proprietary and closed source.

What is Mysterium Network?

Mysterium Network is one of several emerging networks enabling decentralisation of the internet. Find out how you can contribute by running a node. Or download our dVPN and give it a whirl.

Related: Tor vs VPN vs dVPN – what are the differences?

Golang — C++ interoperability in VPN network

The reincarnation of OpenVPN’s C++ library

What is a VPN configuration? And how does understanding this help you protect your digital rights? Find out more here.

At Mysterium Network we are working on the world’s 1st decentralized VPN. Our project is built on Golang (Go). Go is a statically compiled language, which offers a rich standard library. Go is syntactically similar to C but comes out as the winner when it comes to memory safety, garbage collection, structural typing, and CSP style concurrency.

There are many libraries written in C or C++. When you wish to use these libraries within Golang, there are two approaches:

Rewrite the library in Golang

Several projects have gone down this road. Wireguard® has done this, check out some of their libraries.

Reuse the code in a way that Golang can call it.

There are other tools that can help with calling java or objective C code into Golang, but everything goes through an intermediary. At a fundamental level, there is interoperability between C and Golang.

What is VPN configuration? Integrating C++ OpenVPN 3 library into a Golang Mysterium Node.

As mentioned above, we are using OpenVPN under the hood. This was our first protocol and it was used as an external binary (executable file).

What does this mean for VPN configuration? This basically means that a Mysterium Node and OpenVPN are two different processes which communicate using OpenVPN config and IPC (local sockets to be exact).

Now, this has some limitations — for example, software distribution becomes complicated as you also need to distribute OpenVPN binary with each Mysterium Node — two steps, never great for UX.

It was workable for a proof of concept or very early versions, but as we moved to mobile platforms, this approach became very complicated or even not feasible — especially when considering iOS.

To solve this challenge, we decided to find a way to integrate OpenVPN into our Golang project directly. Also, we decided that this package could be useful for others, that’s how this library was born.

Openvpn3 to the rescue.

Openvpn3 is the official library maintained by OpenVPN team and is being used in almost all platforms as client or connector to OpenVPN server. Also, it’s written in C++ which came with some obstacles we needed to solve.

Golang and C++ don’t get along

Our first obstacle was that C++ code cannot be directly called by Golang (Cgo to be exact).
We needed to make small changes to the OpenVPN library itself to export OpenVPN Client as C callable code. This can be found here, and it’s basically a go compatible entry point to the OpenVPN library.

Then there is how Golang treats C code itself (cgo).
The problem was that Golang and it’s package management systems expect that all libraries are source files (i.e. there is no or very limited binary package management). And OpenVPN3 library build process was very over complicated and not easily expressed in a Go way.

What is a VPN configuration without some interoperability? So our decision was to compile that library in advance for all platforms we currently support or produce binaries for (arm family (android ios), amd64 family (Windows, Linux, some simulators). As we use Linux for our automatic build system, we had to set up all compilers and SDKs in one place — but that’s for another blog post. Sign up to our newsletter to hear more about what we’re building.

Our heavily patched docker image is heavily borrowed from Karalabe. The result was a single header file (very simple) and a bunch of static libraries for each platform/OS we needed.

We also had to ensure that these binaries were Go gettable (the go way to fetch a library from GitHub).
We simply committed those libraries to Go repo along with all supporting Go code (which is available at mysterium.network/go-openvpn/openvpn3). Not the best way to distribute the software, but our target was a go gettable library.

Now the easy part 😏 — to call Openvpn3 functions from Go.

It’s quite easily doable. The following examples are simple calls of C functions exported by OpenVPN library (our C wrapper):

And here come problems:

  1. First of all, strict rules as to what can and cannot be passed to C code and vice versa, for example — you cannot pass go function reference to C code.
  2. The openvpn3 client also depends heavily on callback functions. One way to approach this was to use only static functions for callbacks. However, this would have limited the flexibility and usability of the library.
    A hybrid solution was to define customisable callback functions in Go and register them in a map with function ids. Static functions in the OpenVPN3 client would then dispatch respective callbacks to registered functions with corresponding ids.
    Here is how it works (let’s take state event callback function as an example):

User defines normal go structures with methods, which satisfies interfaces expected by callback registry:

Structure is passed to callback registry which is essentially global id -> callback map:

What happens next, callbacks registry inserts user provided structure with methods, and creates a C structure, ready to be passed to C code, but instead of passing go function reference to C code, it passes id which is simply key to callback map and an exported go function (with special comment).

When C code wants to inform user of state changes, it calls static go function and one of the parameters is id. That id is then passed to callback registry to find and call apprioprate user defined callback.

It compiled. At least the Go part — that means that C code is reachable, and all headers are ok.

Most of the dragons started rearing their heads when it came to linking the Go packages with OpenVPN static libraries.

The biggest issue was that — the library was built with C++ compiler, but golang cgo used C compiler by default. As a result, all weird and ugly errors began to raise at the linking stage. So if you see similar errors as in example — you are not alone:

After hours of stack overflow exploration, a simple workaround was to put a empty .cpp file inside the package which uses “C” imports. That way cgo was tricked into using the c++ linker which already had c++ library by default.

There are several other issues we faced in rewiring what VPN configuration looks like without a centralised element. But that again is for another blog post. Stay tuned.

In conclusion

When using new technologies like Golang you have to sometimes go off-chain to find solutions that will help you use existing libraries so that you don’t have to start everything from scratch. However, as most solutions in IT, it’s not a silver bullet.

Key takeaways

  • Precompiled libraries on their own poses security risk — potential library users cannot be sure what is exactly compiled in, as there is no code to review
  • Each OS and architecture combination has to have a separate version of the same library
  • iOS framework problem — iOS framework lib (provided by gomobile tool) is a static library itself. So any other dependencies are linked but not combined into the framework — need to do it as a separate step
  • It’s simply not a go way — golang usually expects all source needed for the package, to be in one place.

Connect with our project

Please be sure to follow and subscribe to the following:

Website — https://mysterium.network

Twitter — https://twitter.com/MysteriumNet

Telegram — https://t.me/Mysterium_Network

Reddit — https://www.reddit.com/r/MysteriumNetwork

Facebook — https://www.facebook.com/MysteriumNet

Steemit — https://steemit.com/@mysteriumnetwork

Bitcointalk — https://bitcointalk.org/index.php?topic=1895626.0

Please join the Telegram groups most relevant to you and engage with our team. We want to hear from you.

English — https://t.me/Mysterium_Network

Rules & FAQ — https://t.me/MysteriumRulesAndFAQ

Announcements — https://t.me/MysteriumOfficialAnnouncements

Node Testing — https://t.me/mysterium_network_nodes

MysteriumVPN Testing — https://t.me/joinchat/I5-aG0z_3SA6PLgQBCOXlA

中文 / Chinese — https://t.me/MysteriumChineseChat

русский / Russian https://t.me/mystRU

Español / Spanish — https://t.me/mysterium_network_espanol

And finally, if you’d like to see more of these types of updates give us some claps and let us know.

*WireGuard” and the “WireGuard” logo are registered trademarks of Jason A. Donenfeld.

Пожалуйста, остерегайтесь мошенничества. Мы никогда не просим сообщать свои приватные ключи.

Понятно!
X