I have decided to write my own light weight VPN server in Java. From a programming standpoint it appears to me a VPN server is just a pass-through proxy that encrypts traffic from the client, and decrypts it on the server. Can someone point me to a skeleton of writing this sort of server?
I know there are many out of the box and even open source ones, but unfortunately even though I know several web programming languages the C code examples I have seen is not documented/structured in such a way that I can understand it.
The parts I would Imagine I need are:
- A thread factory for client objects
- A socket connector for clients
- Method for creating IPSec Authentication Header (AH)
- Method for creating IPSec Encapsulating Security Payload (ESP)
- Something for Internet Security Association and Key Management Protocol (ISAKMP)
- An Internet Key Exchange (IKE)
- PKI Certificate Authentication modules
- A Certificate Repository (SQLLite)
- Oakley key generation (for IKE and ISAKMP)
- Some Anti-replay prevention of packets
The parts I plan to use generic modules for (and create adapters for) are the Cryptographic Algorythms (AES preferably although it appears that windows like DES / 3DES -- Noobs)
If someone can add more detail to the parts that are necessary for an IPSec vpn server please feel free to contribute. Since it is necessary to run this on older linux hardware from what I can tell, the server should be IPSec as opposed to an SSLVPN hotness. The target platform is an old 1.5 Ghz intel box that I pumped up with 2 GB of DDR2 ram, mirrored 100 GB hard drive and 2 Gigabit Nic's.
On the bright side since there are so many types of client-side VPN's I am pretty sure that do not need to make one for my needs.
Answer
I'd start by looking at OpenVPN source code. It's not java, but should be enough to understand the principles.