Update, 2020.Feb.08
Updated the version of libressl
Introduction
I came across PeerVPN fairly recently, via the RadioTux podcast in the April 2018 edition, and afterwards spent some time doing a setup. I must say that it’s a very nice tool. I’ve used OpenVPN for a long time to set up private VPNs linking various servers and systems I use. PeerVPN offers two principal advantages over the traditional setup:
-
Some resiliance to the loss of a server, doesn’t depend on a core machine
-
Packets are not all routed through the central server, so if you’ve machines that are local to each other, they can talk directly
For me, the second is the key advantage. It means that the network speed between machines on my home network is very close to optimal, while still having the advantage of being able to use consistent addressing and a network that includes both home network machines and remote servers.
Links
Anyway, rest of this post is a collection of links/documentation that I don’t want to lose, might also be helpful to someone else
-
Project site, https://peervpn.net/ , including a basic tutorial
-
Github repository: https://github.com/peervpn
-
Discussion on Ycombinator hacker news: https://news.ycombinator.com/item?id=9025792
-
Blog entry on setting up PeerVPN: https://lauri.võsandi.com/lan/peervpn.html
-
Another documented setup article, what’s nice on this one is the full walkthrough of systemd config
-
How one might use DNSMasq on such a VPN
-
peervpn init script (was handy as I had one machine still using init scripts not systemd).
Installation
Downloaded peervpn (0-044 version), and extracted archive. Then ran script as follows
#!/bin/sh
#libressl_version=libressl-2.5.1
#libressl_version=libressl-3.0.2 # Updated 2020.Feb.08
libressl_version=libressl-3.3.3 # Updated 2021.Aug.15
libressl_archive=${libressl_version}.tar.gz
if [ -f ${libressl_archive} ]
then
:
else
wget -O ${libressl_archive} https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${libressl_archive}
fi
if [ -f ${libressl_archive} ]
then
:
else
echo wget failed.
return -1
fi
libressl_lib=${libressl_version}/crypto/.libs/libcrypto.a
if [ -f $libressl_lib ]
then
:
else
tar -xzf ${libressl_archive}
cd ${libressl_version} && ./configure && make && cd ..
fi
#cc -O2 -I${libressl_version}/include -lpthread peervpn.c -o peervpn \
# Note change from -lpthread to -pthread which should be more portable
# (build was failing in Aug 2021 on Debian Bullseye with -lpthread).
cc -O2 -I${libressl_version}/include -pthread peervpn.c -o peervpn \
${libressl_version}/crypto/.libs/libcrypto.a && echo success!Further steps required:
cd /usr/local/bin/
ln -s $(HOME)src/peervpn/peervpn-0-044/peervpn
mkdir /etc/peervpnsystemd setup:
# in /etc/systemd/system/peervpn.service
[Unit]
Description=PeerVPN network service
After=network-online.target
[Service]
ExecStart=/usr/local/bin/peervpn /etc/peervpn/configfile.conf
[Install]
WantedBy=multi-user.targetOther resources
There are other options, and other relevant info
-
https://github.com/Kuebler-IT/MeshVPN , MeshVPN is an offshoot of PeerVPN AFAIK, also a tutorial