Skip to content

KusakabeShi/RootlessRouter-UML

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
pics
pics
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

RootlessRouter-UML

The continue of https://github.com/KusakabeSi/RootlessRouter, but use User mode linux instead of VPP

Node list

Here is the list of all my nodes with this architecture.
Please consider to peer with me if you are a DN42 player!
Choose the nearest node to you, then click Auto Peer button to peer with me.

Peering info

https://dn42.kskb.eu.org/

Node Status

https://42status.kskb.eu.org

What is this?

DN42 is a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc) for educational and amateur scientific research purposes. Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec, Wireguard) and exchange routes thanks to the BGP. DN42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in DN42 is fun!

The first thing we need to do is setup a router which running a BGP daemon such as BIRD/FRRouting in it. Most people choose a regular linux machine as their router. In this setup, we enable the ip_forward option in linux kernel to make it become a router, then the BGP daemon exahange routes with other peer and write all route tables to the kernel. Which means we need the root permission to setup all things.

But I'm thinking, do we really need that? Technically, we are just receives wireguard encrypted udp packet -> decrypt it -> do BGP routing -> encrypt -> send to another peer. Do we need root permission to do that? I don't think so. That's why this project here.

This RootlessRouter project aims to build a software stack which can establish multiple wireguard sessions with other DN42 players and act as a boarder router for them, but all processes are done in the userspace. So that the whole router can run as a normal user without root or in an unprivileged docker container.

Architecture

Based on my current plan, the software stack of my nodes looks like this: Node

As you can see, there are no component running in the kernel mode.

I will host multiple node to form a cluster, like this Node

Related projects:

Active

  1. https://github.com/KusakabeSi/RootlessRouterDocker
  2. https://github.com/KusakabeSi/EtherGuard-VPN
  3. https://github.com/KusakabeSi/DN42-AutoPeer
  4. https://github.com/KusakabeSi/slirpnetstack
  5. https://github.com/KusakabeSi/bird-lg-go
  6. https://github.com/KusakabeSi/UML-Config

Decprecated:

  1. https://github.com/KusakabeSi/bird-vpp-route-syncer
  2. https://github.com/KusakabeSi/wireguard-go-vpp
  3. https://github.com/KusakabeSi/RootlessRouter
  4. https://github.com/KusakabeSi/BIRD-vpp
  5. https://github.com/KusakabeSi/vpp

Private:

  1. https://github.com/KusakabeSi/RRstate

About

A boarder router running in a unprivileged container.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

10 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published