OpenP2P is a lightweight P2P sharing network. Support Cone,Symmetric(NAT1-NAT4),UPNP,IPv6,both UDP&TCP punch. You can build you private sharing network, or uses the public sharing network.
English|中文
Website: openp2p.cn
It is an open source, free, and lightweight P2P sharing network. Your devices will form a private P2P network, in which devices can directly access other members, or indirectly access through other members forwarding data. If the private network cannot complete the communication, it will go to the public P2P network to find a shared node to assist in the communication. Compared with the BT network used to share files, the OpenP2P network is used to share bandwidth. Our goal is to make full use of bandwidth, use shared nodes to relay data, and build a common infrastructure for remote connections.
Totaly free, fullfills most of users(especially free-rider). Unlike other similar products, OpenP2p doesn't need a server with public IP, and doesn't need to pay for services.By understanding its principle, you can understand why it can be done for free.
Your devices will form a private P2P network, share bandwidth between them, and provide network data forwarding services. When there is no node that can provide forwarding services in your private P2P network, you will try to find forwarding nodes in the public P2P network. 10mbps is its default setting of share speed limit. Only when you have shared their nodes, you are allowed to use others' shared nodes. This is very fair, and it is also the original intention of this project. We recommend that you join a shared network in a place with sufficient bandwidth (such as an office or home with 100M optical fiber). If you are not willing to contribute any node to the OpenP2P share network, please refer to the usage for your own setting.
The code is open source, the P2P tunnel uses TLS1.3+AES double encryption, and the shared node temporarily authorizes the use of the TOTP one-time password
2MB+ filesize, 2MB+ memory. It could only runs at application layer, or uses wintun driver for SDWAN.
Benefit from lightweight, it easily supports most of major OS, like Windows, Linux, MacOS, also most of CPU architecture, like 386、amd64、arm、arm64、mipsle、mipsle64、mips、mips64、s390x、ppc64le.
P2P direct connection lets your devices make good use of bandwidth. Your device can be connected in any network environments, even supports NAT1-4 (Cone or Symmetric),UDP or TCP punching,UPNP,IPv6. Relying on the excellent congestion algorithm of the Quic protocol, high bandwidth and low latency can be obtained in a bad network environment.
Your applicaiton can call OpenP2P with a few code to make any internal networks communicate with each other.
Just 4 simple steps to use. Here's an example of remote work: connecting to an office Windows computer at home. (Another quick started vedio https://www.bilibili.com/video/BV1Et4y1P7bF/)
Go to https://console.openp2p.cn register a new user
Download on local and remote computers and double-click to run, one-click installation
By default, Windows will block programs that have not been signed by the Microsoft's certificate, and you can select "Run anyway".
You can see the P2P application you just created on the "MyHomePC" device, just connect to the "local listening port" shown in the figure below.
On MyHomePC, press Win+R and enter MSTSC to open the remote desktop, input 127.0.0.1:23389 /admin
Here describes how to run manually
Especially suitable for large traffic intranet access.
- Remote work: Windows MSTSC, VNC and other remote desktops, SSH, various ERP systems in the intranet
- Remote access ERP systems in the intranet
- Remote access NAS: Manage a large number of videos and pictures
- Remote access camera
- Remote flashing phone
- Remotely data backup
P2PAPP is the most import concept in this project, one P2PApp is able to map the remote service(mstsc/ssh) to the local listening. The main job of re-development or restful API we provide is to manage P2PApp.
The nodes which have joined the OpenP2P share network can vist each other by authentications. Shared nodes will only relay data, and others cannot access any resources in the intranet.
The communication data between the two nodes uses the industry's most secure TLS1.3 channel. The communication content will also use AES encryption, double security, the key is exchanged through the server. Effectively prevent man-in-the-middle attacks.
That's right, the relay node is naturally an man-in-middle, so AES encryption is added to ensure the security of the communication content. The relay node cannot obtain the plaintext.
The server side has a scheduling model, which calculate bandwith, ping value,stability and service duration to provide a well-proportioned service to every share node. It uses TOTP(Time-based One-time Password) with hmac-sha256 algorithem, its theory as same as the cellphone validation code or bank cipher coder.
go version go1.18.1+
cd root directory of the socure code and execute
make
build specified os and arch.
All GOOS values:
"aix", "android", "darwin", "dragonfly", "freebsd", "hurd", "illumos", "ios", "js", "linux", "nacl", "netbsd", "openbsd", "plan9", "solaris", "windows", "zos"
All GOARCH values:
"386", "amd64", "amd64p32", "arm", "arm64", "arm64be", "armbe", "loong64", "mips", "mips64", "mips64le", "mips64p32", "mips64p32le", "mipsle", "ppc", "ppc64", "ppc64le", "riscv", "riscv64", "s390", "s390x", "sparc", "sparc64", "wasm"
For example linux+amd64
export GOPROXY=https://goproxy.io,direct
go mod tidy
CGO_ENABLED=0 env GOOS=linux GOARCH=amd64 go build -o openp2p --ldflags '-s -w ' -gcflags '-l' -p 8 -installsuffix cgo ./cmd
Short-Term:
Support IPv6.(100%)Support auto run when system boot, setup system service.(100%)Provide free servers to some low-performance network.(100%)Build website, users can manage all P2PApp and devices via it. View devices' online status, upgrade, restart or CURD P2PApp .(100%)- Provide wechat official account, user can manage P2PApp nodes and deivce as same as website.
- Provide WebUI on client side.
Support private server, open source server program.(100%)- Optimize our share scheduling model for different network operators.
Provide REST APIs and libary for secondary development.(100%)Support UDP at application layer, it is easy to implement but not urgent due to only a few applicaitons using UDP protocol.(100%)- ~~Support KCP protocol underlay, currently support Quic only. KCP focus on delay optimization,which has been widely used as game accelerator,it can sacrifice part of bandwidth to reduce timelag. ~~(100%)
Support Android platform, let the phones to be mobile gateway.(100%)Support SMB Windows neighborhood.(100%)Direct connection on intranet, for testing.(100%)Support UPNP.(100%)Support Android(100%)- Support IOS
Long-Term:
- Use blockchain technology to decentralize, so that users who share equipment have benefits, thereby promoting more users to share, and achieving a positive closed loop.
- Enterprise-level product can well manage large scale equipment and ACL.
from https://github.com/openp2p-cn/openp2p
--------------------------------------------------------------
Run your self-hosting openp2p gateway with 4 STEP
.
It demonstrates how to YOUR-PC1--->YOUR-PC2
Firewall rules
Protocol | Port |
---|---|
TCP | 27180 |
TCP | 27181 |
TCP | 27183 |
UDP | 27182 |
UDP | 27183 |
docker run -d --restart always --net=host -e OPENP2P_USER=YOUR-NAME -e OPENP2P_PASSWORD=YOUR-PASSWORD --mount type=bind,src=/etc/localtime,dst=/etc/localtime,ro --name openp2p-gateway openp2pcn/openp2p-gateway:latest
export GOPROXY=https://goproxy.io,direct
go mod tidy
go build
export OPENP2P_USER=YOUR-NAME
export OPENP2P_PASSWORD=YOUR-PASSWORD
./openp2p-gateway
with user+password return jwt+token
curl --insecure "https://YOUR-SERVER:10008/api/v1/user/login" -X POST -d '
{
"user": "YOUR-NAME",
"password": "YOUR-PASSWORD"
}'
response:
{
"error":0,
"nodeToken":"xxxxxxxxxxxxxxxx", // for client install
"token":"xxxxxxxxxxxxxxxx" // for api call
}
download openp2p client on https://github.com/openp2p-cn/openp2p/releases
on PC1
wget https://github.com/openp2p-cn/openp2p/releases/download/v3.6.11/openp2p3.6.11.linux-amd64.tar.gz
tar xvf openp2p3.6.11.linux-amd64.tar.gz
./openp2p -node YOUR-PC1 -serverhost YOUR-SERVER -token YOUR-TOKEN
-serverhost: is your server domain or ip
-token: is the nodeToken in STEP 2 login response
on PC2
wget https://github.com/openp2p-cn/openp2p/releases/download/v3.6.11/openp2p3.6.11.linux-amd64.tar.gz
tar xvf openp2p3.6.11.linux-amd64.tar.gz
./openp2p -node YOUR-PC2 -serverhost YOUR-SERVER -token YOUR-TOKEN
on YOUR-SERVER, when 2 node can't p2p connect, they need a relay node, so install a openp2p client as relay node on your server is recommand.
wget https://github.com/openp2p-cn/openp2p/releases/download/v3.6.11/openp2p3.6.11.linux-amd64.tar.gz
tar xvf openp2p3.6.11.linux-amd64.tar.gz
./openp2p -node YOUR-SERVER -serverhost YOUR-SERVER -token YOUR-TOKEN
Call api with jwt token in http header
Return 2XX is success, otherwise failed
Example:
YOUR-PC1:localhost:23389--->YOUR-PC2:localhost:22
curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/app" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
"appName": "RemoteDesktop",
"protocol": "tcp",
"srcPort": 23389,
"peerNode": "YOUR-PC2",
"dstHost": "localhost",
"dstPort": 22
}'
YOUR-TOKEN is the token in STEP 2 login response
curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/apps" -H 'Authorization: YOUR-TOKEN'
//protocol0+srcPort0 is the old p2papp's id edit the tcp+23389 app
local:23389--->YOUR-PC2:localhost:22 change to local:55555--->YOUR-PC2:localhost:22
curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/app" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
"appName": "RemoteSSH",
"protocol": "tcp",
"srcPort": 55555,
"protocol0": "tcp",
"srcPort0": 23389,
"peerNode": "YOUR-PC2",
"dstHost": "localhost",
"dstPort": 22
}'
curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/app" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
"protocol0": "tcp",
"srcPort0": 55555,
"dstPort": 22
}'
Enable
curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/switchapp" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
"protocol": "tcp",
"srcPort": 55555,
"enabled": 1
}'
Disable
curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/switchapp" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
"protocol": "tcp",
"srcPort": 55555,
"enabled": 0
}'
openssl req -newkey rsa \
-x509 \
-sha256 \
-days 3650 \
-nodes \
-out api.crt \
-keyout api.key \
-subj "/C=CN/ST=BJ/L=BJ/O=Security/OU=IT Department/CN=openp2p.cn"
from https://github.com/openp2p-cn/gateway-lite
No comments:
Post a Comment