The team behind eduVPN is keen on keeping eduVPN focussed and lean and not to add too many features. However, one of the features we have envisioned for some time is the possibility to support peer-to-peer VPNs. The main benefit of peer-to-peer VPNs is the increased efficiency when transfering (large amounts of) data between systems located in e.g. different locations over the Internet. This is what two students from the University of Amsterdam, Marijn Valks and Robin Slot, have recently been working on.
Today, eduVPN provides tunnels (using both OpenVPN and WireGuard) between clients and a central server, typically managed by the IT department of a University or an NREN. These client-server tunnels are designed to provide access to a single network, or organisation. However, this model is not ideal to connect resources located in various places, for example when researchers or students share containers or VMs across datacenters, or different (public) clouds. In such contexts, how can eduVPN help users to simply connect to those remote systems using protocols like SSH, RDP and others? And how can users keep track of all the systems they have access to?
The implementation of peer-to-peer VPN technology would allow users to form mesh networks, where each peer is directly linked. Marijn and Robin focussed on the initial technical aspects of deploying a peer-to-peer VPN. They investigated how to establish connections between peers behind firewalls and Network Address Translation (NAT), exploring their potential integration into eduVPN. This included understanding different NAT types and assessing the potential of using hole punching techniques. These techniques allow for traffic to devices behind NAT. In scenarios where hole punching is unfeasible, a central relay server is utilized.
We are impressed by Marijn and Robin’s work, which was realised during only one month! You can learn more about their research here:
Add Comment