uvlan Documentation

What Tom St. Denis has to say about uvlan:

    "OMG WTF DID YOU DO TO MY NETWORK, oooh, I like this!"

Short phrases carry weight.
uvlan is public domain software.
uvlan was written using libtomcrypt by Jean-Luc Cooke and Tom St. Denis.
This doc was written as an FAQ.
Contact Jean-Luc with questions.
Your questions, his answers will appear here.
And yes, CertainKey will be selling uvlan applicances shortly.
And no, there will not be a diagram with confusing arrows.

Contents

  1. What is it?
  2. What can I do with it?
  3. How does it work?
  4. What algorithms are used?
  5. How do I install it?
  6. How do I setup my network to share files?
  7. How do I monitor it?
  8. Where do I get it?
What is it? [top]
uvlan is a User-space Virtual Local Area Network. In other words, uvlan peers act as nodes on a network switch. Routing ethernet traffic between peers inteligently. Thus allowing for multiple networks to share resources and even IP address space. Some may call it a VPN (Virtual Private Network) application, but it's much more powerful. Differences with traditional VPN technology:
  1. It is peer-to-peer
  2. It doesn't require licensing
  3. It is much simpler
  4. It operates at Layer-2 (Ethernet), VPNs generally operate at Layer-3 (IP)
    Layer-2 applications like gaming can't be supported with Layer-3 tunneling.
What can I do with it? [top]
Here are some uses of uvlan, please contact us to suggest more.
  1. Sharing files as if all your peers were on your local network.
  2. Playing xbox, PS2, PS3, PC lan games with people who are in other locations.
  3. Joining corporate networks to reduce VPN costs.
How does it work? [top]
Using the libpcap (winpcap for windows users) library, uvlan listens to a specific ethernet device. If a broadcast frame is seen, then it is sent off to all the peers so they can add it to their records and emit the broadcast on their local network. Once this happens, the device (computer, router, gaming console, etc) which sent the broadcast will be known by all the peers and remote machines will know of the device's existance and how to route traffic to it.

This behaviour is identical to a hardware switch. Only difference is - this switch is software and the backplane (the medium that passes information between switch ports) is encrypted packets on the internet.

What algorithms are used? [top]
An unblanced binary tree is used to store the set of ethernet MAC address and their respective peers.
A 256 bit ECC (Elliptic Curve Cryptography) key is used to negotiate shared secrets and simplify configuration of a large peer network.
A unique 128 bit AES key is generated for each line in the network (Peer1-to-Peer2, Peer1-to-Peer3, Peer2-to-Peer3, ...) at runtime.
Encryption and authentication of packets are done using the session keys in CCM encryption mode.

How do I install it? [top]
Windows Installation

  1. Install WinPcap
  2. Extract the binary distribution ZIP to c:\uvlan
  3. Run the batch script MakeKeys_uvlan.bat to generate your key files.
  4. Run the batch script Start_uvlan.bat, making note of the ethernet device listed in the output.
    It will look something like: \Device\NPF_{F91DEC73-F545-4071-A353-FF771FE329B9}
  5. Email all your friends your ECC public-key found in uvlan_pub.txt
  6. Edit uvlan.xml
    1. Enter your \Device\NPF... value in the <dev>...</dev> tag
    2. Enter your IP address in the <bindipaddr>...</bindipaddr> tag
    3. Enter your UDP port number in the <bindport>...</bindport> tag
    4. Enter your private-key from uvlan_pri.txt in the <privateKey>...</privateKey> tag
    5. Enter all your peers in the their own <peer>...</peer> block
Linux/Unix Installation
  1. Install libpcap
    Redhat: yum install libpcap
    Debian: apt-get install libpcap
    Ubuntu (Edgy): apt-get install libpcap0.8
    Gentoo: emerge libpcap
  2. Extract the binary distribution ZIP to where ever.
  3. Run the uvlan -G to generate your key files.
  4. Run uvlan, making note of the ethernet device listed in the output.
    It will look something like: eth0
  5. Email all your friends your ECC public-key found in uvlan_pub.txt
  6. Edit /etc/uvlan.xml using the uvlan.xml from the ZIP as a guide
    1. Enter your ethX value in the <dev>...</dev> tag
    2. Enter your IP address in the <bindipaddr>...</bindipaddr> tag
    3. Enter your UDP port number in the <bindport>...</bindport> tag
    4. Enter your private-key from uvlan_pri.txt in the <privateKey>...</privateKey> tag
    5. Enter all your peers in the their own <peer>...</peer> block
How do I setup my network to share files? [top]
Follow these steps for a typical home router (LinkSys, DLink, etc) configuration:
  1. All peers configure their routers to use a unique subnet for their LAN (192.168.0.x, 192.168.1.x, 192.168.2.x, etc)
  2. All peers install uvlan on a machine with a static IP and port (ex. 192.168.y.2:1337)
  3. All peers forward a UDP port to the machine with uvlan installed (ex. forward UDP port 1337 on your DLink to 192.168.y.2 port 1337)
  4. All file servers use static IP addresses in their LAN address space (192.168.0.x, 192.168.1.x, etc).
    Also set a subnet mask of 255.255.0.0 (or /16) so the file servers can "speak to" and "hear" any machines in the larger super-set address space of 192.168.y.x
  5. All peers share their IP address, ports, and public-keys with each other and start uvlan.
  6. Test by running "ping 192.168.y.x" to confirm proper configuration of routers, uvlans, and file servers.
How do I monitor it? [top]
The command line option -S filename will output the table containing MAC address, nickname of the peer, bandwidth consuption and a guess of its IP address to a continually updated HTML file.

Where do I get it? [top]
Source code and binaries are available:
Source uvlan_0.03_src.zip (2007-01-16 13:20:55)
uvlan_0.03_src.tar.gz (2007-01-16 13:20:55)
Binaries
Linux uvlan_0.03_linux.zip (2007-01-12 9:35:43)
uvlan_0.03_linux.tar.gz (2007-01-16 13:21:07)
Win32 uvlan_0.03_win32.zip (2007-01-04 19:11:03)


www.certainkey.com/uvlan
Last modified: 2007-03-26 19:20:48