VPN password related - WeOnlyDo Discussion board

VPN password related (wodVPN)

by taliasimoneaux01, Sunday, March 02, 2014, 22:04 (3919 days ago)

Hello, we have succeeded in making a auto installing windows service, but we have a problem with wodVPN1.Password, we don't want to hard code the password in the applications, and we have a couple of questions:

1. Can we use wodVPN1.Password = ""; for both peers? or the VPN is not encrypted anymore?
2. For what is that password used?
3. Can we just use unique users like User000001 and still have a secure VPN?

And one more thing, we will have VPN tunnels with some of our affiliates, we can't control the peer on their side, what is a reliable way to have a peer on our public server waiting for their connection? Or do we have to keep a peer open all the time?

Let me explain:
PC1,PC2,PC3 ... = any PC on a private network
PS = Our public server, we can both use our server as a mediator on port 8000 or as a peer when needed, or both in the same time.

When PC1,PC2 and PC3 is trying to make a VPN with our PS can we modify the php script that acts as a mediator to open a local peer on our server if it is unable to locate the remote peer? or based on the name the PC1 peer is looking for? or the remote peer must be already active and registered on the mediator when some other peer is looking for it?

Something like this
PC1 (a a peer named Affiliate00001) is trying to make a VPN with a peer named Server0001, the mediator based on the searched peer(Server0001) can do 2 things:
1. forward the peer to another peer located in our private network that is waiting for the connection
2. Open a peer locally on the same PS and complete the VPN allowing PC1 to access put Public Server resources.

Can the WODVPNCOMLib.wodVPNComClass() be used in a multi threading environment?
So i can just spawn a new thread when a new peer is needed so i don't have to keep 100 instances running and do i need to create a new instance of
wodVPN1 = new WODVPNCOMLib.wodVPNComClass();
in each thread or can i just reuse it?

Is this scenario possible without modifying the wodVPN dll?

Also can we make a peer retry a connection until it succeeds?
How can i check if a

wodVPN1.Search(WODVPNCOMLib.SearchEnum.SrchUDPDouble, "Server0001", "x.x.x.x", 8000, null);

found a peer or not?

Do i have to use _IwodVPNComEvents_SearchDoneEventHandler for that? or wodVPN1.Search returns true or false?


And the last question:

If a tunnel is created, how long can it be active without using it and what system resources does it use for just staying in the idle connected state?
Can i just open a VPN and leave it open all day/week? until one or both peers are closed? and if just one is closed can the other just wait for connections until the closed peer tries to connect again?

Thanks and sorry if i ask too many questions, but i need to explain the whole process to my project manager and programmers and i need to understand it first.

VPN password related

by wodSupport, Sunday, March 02, 2014, 22:50 (3919 days ago) @ taliasimoneaux01

Hello, we have succeeded in making a auto installing windows service, but we have a problem with wodVPN1.Password, we don't want to hard code the password in the applications, and we have a couple of questions:

1. Can we use wodVPN1.Password = ""; for both peers? or the VPN is not encrypted anymore?

No encryption is used if you don't set the password. Even if it would, password is so default that it makes no sense.

2. For what is that password used?

To setup AES key for encryption

3. Can we just use unique users like User000001 and still have a secure VPN?

Hmm. I'd not suggest that. You should somehow agree for the password using 3rd party protocol (such as XMPP, or something else). If it's not agreed before the connection, in theory anyone could connect to you.


And one more thing, we will have VPN tunnels with some of our affiliates, we can't control the peer on their side, what is a reliable way to have a peer on our public server waiting for their connection? Or do we have to keep a peer open all the time?

I would suggest using some other way of finding peers. If you checked Wippien (www.wippien.com) whcih is based on wodVPN, it uses XMPP protocol to negotiate connection and agree on password, and then both sides open new instance of wodVPN and establish direct connection. It's too long to explain why it's not that good idea to connect to mediator and then wait for peer to arrive more than a minute(s).


Let me explain:
PC1,PC2,PC3 ... = any PC on a private network
PS = Our public server, we can both use our server as a mediator on port 8000 or as a peer when needed, or both in the same time.

If it's mediator, then it can host other service you create to negotiate passwords for both, right? Why not use it like that?

When PC1,PC2 and PC3 is trying to make a VPN with our PS can we modify the php script that acts as a mediator to open a local peer on our server if it is unable to locate the remote peer? or based on the name the PC1 peer is looking for? or the remote peer must be already active and registered on the mediator when some other peer is looking for it?

Both must be active and registered. Mediator isn't very smart, there are no registrations. WHen connection from PEER1 arrives and asks for PEER2, it just checks if it has (in last 15 seconds) informationa botu PEER2. If it does, it exchanges IP/Port and some custom data to both sides, and does nothing else.

Can the WODVPNCOMLib.wodVPNComClass() be used in a multi threading environment?
So i can just spawn a new thread when a new peer is needed so i don't have to keep 100 instances running and do i need to create a new instance of
wodVPN1 = new WODVPNCOMLib.wodVPNComClass();
in each thread or can i just reuse it?

It's apartment threaded, so intialize and use in same thread, and make sure thread lives as long as wodVPN Is needed.

Is this scenario possible without modifying the wodVPN dll?

Yes, it is.


Also can we make a peer retry a connection until it succeeds?
How can i check if a

wodVPN1.Search(WODVPNCOMLib.SearchEnum.SrchUDPDouble, "Server0001", "x.x.x.x", 8000, null);

found a peer or not?

In theory yes, but I would not suggest it. You can re-create instance after each expire so "fresh" port is assigned on your gateway/router/firewall for that outgoing connection. It may be very important.


Do i have to use _IwodVPNComEvents_SearchDoneEventHandler for that? or wodVPN1.Search returns true or false?

Search will not return anything related to finding a peer, since it's async function and could took 15 seconds to complete, so wait for SearchDone event.

And the last question:

If a tunnel is created, how long can it be active without using it and what system resources does it use for just staying in the idle connected state?

No timeout. wodVPN internally sends ping packets to keep connection alive.

Can i just open a VPN and leave it open all day/week? until one or both peers are closed? and if just one is closed can the other just wait for connections until the closed peer tries to connect again?

Yes, you can. You can reconnect after it's closed (for whatever reason).

Thanks and sorry if i ask too many questions, but i need to explain the whole process to my project manager and programmers and i need to understand it first.

Sure, no problems, we're happy to help!

Regards,
Kreso