Total Pageviews

Wednesday, 17 July 2024

OpenP2P

 OpenP2P is a lightweight P2P sharing network. Support Cone,Symmetric(NAT1-NAT4),UPNP,IPv6,both UDP&TCP punch. You can build you private sharing network, or uses the public sharing network.

English|中文

Website: openp2p.cn

What is OpenP2P

It is an open source, free, and lightweight P2P sharing network. Your devices will form a private P2P network, in which devices can directly access other members, or indirectly access through other members forwarding data. If the private network cannot complete the communication, it will go to the public P2P network to find a shared node to assist in the communication. Compared with the BT network used to share files, the OpenP2P network is used to share bandwidth. Our goal is to make full use of bandwidth, use shared nodes to relay data, and build a common infrastructure for remote connections.

Why OpenP2P

1. Free

Totaly free, fullfills most of users(especially free-rider). Unlike other similar products, OpenP2p doesn't need a server with public IP, and doesn't need to pay for services.By understanding its principle, you can understand why it can be done for free.

2. Share

Your devices will form a private P2P network, share bandwidth between them, and provide network data forwarding services. When there is no node that can provide forwarding services in your private P2P network, you will try to find forwarding nodes in the public P2P network. 10mbps is its default setting of share speed limit. Only when you have shared their nodes, you are allowed to use others' shared nodes. This is very fair, and it is also the original intention of this project. We recommend that you join a shared network in a place with sufficient bandwidth (such as an office or home with 100M optical fiber). If you are not willing to contribute any node to the OpenP2P share network, please refer to the usage for your own setting.

3. Safe

The code is open source, the P2P tunnel uses TLS1.3+AES double encryption, and the shared node temporarily authorizes the use of the TOTP one-time password

details

4. Lightweight

2MB+ filesize, 2MB+ memory. It could only runs at application layer, or uses wintun driver for SDWAN.

5. Cross-platform

Benefit from lightweight, it easily supports most of major OS, like Windows, Linux, MacOS, also most of CPU architecture, like 386、amd64、arm、arm64、mipsle、mipsle64、mips、mips64、s390x、ppc64le.

6. Efficient

P2P direct connection lets your devices make good use of bandwidth. Your device can be connected in any network environments, even supports NAT1-4 (Cone or Symmetric),UDP or TCP punching,UPNP,IPv6. Relying on the excellent congestion algorithm of the Quic protocol, high bandwidth and low latency can be obtained in a bad network environment.

7. Integration

Your applicaiton can call OpenP2P with a few code to make any internal networks communicate with each other.

Get Started

Just 4 simple steps to use. Here's an example of remote work: connecting to an office Windows computer at home. (Another quick started vedio https://www.bilibili.com/video/BV1Et4y1P7bF/)

1.Register

Go to https://console.openp2p.cn register a new user

image

2.Install

Download on local and remote computers and double-click to run, one-click installation

image

By default, Windows will block programs that have not been signed by the Microsoft's certificate, and you can select "Run anyway".

image

image

3.New P2PApp

image

image

image

4.Use P2PApp

You can see the P2P application you just created on the "MyHomePC" device, just connect to the "local listening port" shown in the figure below.

image

On MyHomePC, press Win+R and enter MSTSC to open the remote desktop, input 127.0.0.1:23389 /admin

image

image

Usage

Here describes how to run manually

Scenarios

Especially suitable for large traffic intranet access.

  • Remote work: Windows MSTSC, VNC and other remote desktops, SSH, various ERP systems in the intranet
  • Remote access ERP systems in the intranet
  • Remote access NAS: Manage a large number of videos and pictures
  • Remote access camera
  • Remote flashing phone
  • Remotely data backup

Overview Design

Prototype

image

Client architecture

image

P2PApp

P2PAPP is the most import concept in this project, one P2PApp is able to map the remote service(mstsc/ssh) to the local listening. The main job of re-development or restful API we provide is to manage P2PApp.

image

Safety

The nodes which have joined the OpenP2P share network can vist each other by authentications. Shared nodes will only relay data, and others cannot access any resources in the intranet.

1. TLS1.3+AES

The communication data between the two nodes uses the industry's most secure TLS1.3 channel. The communication content will also use AES encryption, double security, the key is exchanged through the server. Effectively prevent man-in-the-middle attacks.

2. Will the shared node capture my data?

That's right, the relay node is naturally an man-in-middle, so AES encryption is added to ensure the security of the communication content. The relay node cannot obtain the plaintext.

3. How does the shared relay node verify the authority?

The server side has a scheduling model, which calculate bandwith, ping value,stability and service duration to provide a well-proportioned service to every share node. It uses TOTP(Time-based One-time Password) with hmac-sha256 algorithem, its theory as same as the cellphone validation code or bank cipher coder.

Build

go version go1.18.1+
cd root directory of the socure code and execute

make

build specified os and arch.
All GOOS values:

"aix", "android", "darwin", "dragonfly", "freebsd", "hurd", "illumos", "ios", "js", "linux", "nacl", "netbsd", "openbsd", "plan9", "solaris", "windows", "zos"

All GOARCH values:

"386", "amd64", "amd64p32", "arm", "arm64", "arm64be", "armbe", "loong64", "mips", "mips64", "mips64le", "mips64p32", "mips64p32le", "mipsle", "ppc", "ppc64", "ppc64le", "riscv", "riscv64", "s390", "s390x", "sparc", "sparc64", "wasm"

For example linux+amd64

export GOPROXY=https://goproxy.io,direct
go mod tidy
CGO_ENABLED=0 env GOOS=linux GOARCH=amd64 go build -o openp2p --ldflags '-s -w ' -gcflags '-l' -p 8 -installsuffix cgo ./cmd

RoadMap

Short-Term:

  1. Support IPv6.(100%)
  2. Support auto run when system boot, setup system service.(100%)
  3. Provide free servers to some low-performance network.(100%)
  4. Build website, users can manage all P2PApp and devices via it. View devices' online status, upgrade, restart or CURD P2PApp .(100%)
  5. Provide wechat official account, user can manage P2PApp nodes and deivce as same as website.
  6. Provide WebUI on client side.
  7. Support private server, open source server program.(100%)
  8. Optimize our share scheduling model for different network operators.
  9. Provide REST APIs and libary for secondary development.(100%)
  10. Support UDP at application layer, it is easy to implement but not urgent due to only a few applicaitons using UDP protocol.(100%)
  11. ~~Support KCP protocol underlay, currently support Quic only. KCP focus on delay optimization,which has been widely used as game accelerator,it can sacrifice part of bandwidth to reduce timelag. ~~(100%)
  12. Support Android platform, let the phones to be mobile gateway.(100%)
  13. Support SMB Windows neighborhood.(100%)
  14. Direct connection on intranet, for testing.(100%)
  15. Support UPNP.(100%)
  16. Support Android(100%)
  17. Support IOS

Long-Term:

  1. Use blockchain technology to decentralize, so that users who share equipment have benefits, thereby promoting more users to share, and achieving a positive closed loop.
  2. Enterprise-level product can well manage large scale equipment and ACL.

from https://github.com/openp2p-cn/openp2p

 --------------------------------------------------------------

Get started

Run your self-hosting openp2p gateway with 4 STEP. It demonstrates how to YOUR-PC1--->YOUR-PC2

Firewall rules

Protocol Port
TCP 27180
TCP 27181
TCP 27183
UDP 27182
UDP 27183

1. Run gateway program

Run with docker(Recommend)

docker run -d --restart always --net=host -e OPENP2P_USER=YOUR-NAME -e OPENP2P_PASSWORD=YOUR-PASSWORD  --mount type=bind,src=/etc/localtime,dst=/etc/localtime,ro --name openp2p-gateway openp2pcn/openp2p-gateway:latest

Run directly

export GOPROXY=https://goproxy.io,direct
go mod tidy
go build
export OPENP2P_USER=YOUR-NAME 
export OPENP2P_PASSWORD=YOUR-PASSWORD
./openp2p-gateway

2. Login

with user+password return jwt+token

curl --insecure "https://YOUR-SERVER:10008/api/v1/user/login" -X POST -d '
{
    "user": "YOUR-NAME",
    "password": "YOUR-PASSWORD"
}'

response:

{
    "error":0,
    "nodeToken":"xxxxxxxxxxxxxxxx",  // for client install
    "token":"xxxxxxxxxxxxxxxx"  // for api call
}

3. Install client

download openp2p client on https://github.com/openp2p-cn/openp2p/releases

on PC1

wget https://github.com/openp2p-cn/openp2p/releases/download/v3.6.11/openp2p3.6.11.linux-amd64.tar.gz
tar xvf openp2p3.6.11.linux-amd64.tar.gz 
./openp2p -node YOUR-PC1 -serverhost YOUR-SERVER -token YOUR-TOKEN

-serverhost: is your server domain or ip

-token: is the nodeToken in STEP 2 login response

on PC2

wget https://github.com/openp2p-cn/openp2p/releases/download/v3.6.11/openp2p3.6.11.linux-amd64.tar.gz
tar xvf openp2p3.6.11.linux-amd64.tar.gz 
./openp2p -node YOUR-PC2 -serverhost YOUR-SERVER -token YOUR-TOKEN

on YOUR-SERVER, when 2 node can't p2p connect, they need a relay node, so install a openp2p client as relay node on your server is recommand.

wget https://github.com/openp2p-cn/openp2p/releases/download/v3.6.11/openp2p3.6.11.linux-amd64.tar.gz
tar xvf openp2p3.6.11.linux-amd64.tar.gz 
./openp2p -node YOUR-SERVER -serverhost YOUR-SERVER -token YOUR-TOKEN

4. New app

Call api with jwt token in http header

Return 2XX is success, otherwise failed

Example:
YOUR-PC1:localhost:23389--->YOUR-PC2:localhost:22

curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/app" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
        "appName": "RemoteDesktop",
        "protocol": "tcp",
        "srcPort": 23389,
        "peerNode": "YOUR-PC2",
        "dstHost": "localhost",
        "dstPort": 22
}'

YOUR-TOKEN is the token in STEP 2 login response

API reference

List all apps

curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/apps" -H 'Authorization: YOUR-TOKEN' 

Edit app

//protocol0+srcPort0 is the old p2papp's id edit the tcp+23389 app

local:23389--->YOUR-PC2:localhost:22 change to local:55555--->YOUR-PC2:localhost:22

curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/app" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
        "appName": "RemoteSSH",
        "protocol": "tcp",
        "srcPort": 55555,
        "protocol0": "tcp",  
        "srcPort0": 23389,
        "peerNode": "YOUR-PC2",
        "dstHost": "localhost",
        "dstPort": 22
}'

Delele app

curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/app" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
        "protocol0": "tcp",  
        "srcPort0": 55555,
        "dstPort": 22
}'

Enable/Disable app

Enable

curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/switchapp" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
        "protocol": "tcp",
        "srcPort": 55555,
        "enabled": 1
}'

Disable

curl --insecure "https://YOUR-SERVER:10008/api/v1/device/YOUR-PC1/switchapp" -X POST -H 'Authorization: YOUR-TOKEN' -d '
{
        "protocol": "tcp",
        "srcPort": 55555,
        "enabled": 0
}'

self-signed cert

openssl req -newkey rsa \
            -x509 \
            -sha256 \
            -days 3650 \
            -nodes \
            -out api.crt \
            -keyout api.key \
            -subj "/C=CN/ST=BJ/L=BJ/O=Security/OU=IT Department/CN=openp2p.cn"
from https://github.com/openp2p-cn/gateway-lite 

 

No comments:

Post a Comment