All Projects → kanocz → Lcvpn

kanocz / Lcvpn

Licence: mit
Decentralized VPN in golang

Programming Languages

31211 projects - #10 most used programming language
3204 projects


Projects that are alternatives of or similar to Lcvpn

Free Ssr V2ray Vpn
Stars: ✭ 330 (-22.35%)
Mutual labels:  vpn
Simple command to manage a centralised wireguard VPN. Think wg-quick but quicker: key generation + address allocation.
Stars: ✭ 365 (-14.12%)
Mutual labels:  vpn
科学上网/翻墙梯子/自由上网/SS/SSR/V2Ray/Brook 搭建教程 免费机场、VPN工具
Stars: ✭ 4,515 (+962.35%)
Mutual labels:  vpn
Meshbird is open-source cloud-native multi-region multi-cloud distributed private networking.
Stars: ✭ 3,401 (+700.24%)
Mutual labels:  vpn
Proxy List
Get PROXY List that gets updated everyday
Stars: ✭ 347 (-18.35%)
Mutual labels:  vpn
Warp Plus Cloudflare
Script for getting unlimited GB on Warp+ ( )
Stars: ✭ 381 (-10.35%)
Mutual labels:  vpn
Container based media tools configuration
Stars: ✭ 325 (-23.53%)
Mutual labels:  vpn
Docker Ipsec Vpn Server
Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Stars: ✭ 4,356 (+924.94%)
Mutual labels:  vpn
Local development against a remote Kubernetes or OpenShift cluster
Stars: ✭ 4,491 (+956.71%)
Mutual labels:  vpn
Android Vpn
VPN and video downloader for Android
Stars: ✭ 396 (-6.82%)
Mutual labels:  vpn
Orchid: VPN, Personal Firewall
Stars: ✭ 333 (-21.65%)
Mutual labels:  vpn
🔧 Create macOS VPNs programmatically (L2TP & Cisco)
Stars: ✭ 348 (-18.12%)
Mutual labels:  vpn
Stars: ✭ 391 (-8%)
Mutual labels:  vpn
Kube Openvpn
🔐 Kubernetes native OpenVPN
Stars: ✭ 331 (-22.12%)
Mutual labels:  vpn
The easiest, most secure way to use WireGuard and 2FA.
Stars: ✭ 6,157 (+1348.71%)
Mutual labels:  vpn
Gnirehtet provides reverse tethering for Android
Stars: ✭ 3,962 (+832.24%)
Mutual labels:  vpn
Official git repo for iodine dns tunnel
Stars: ✭ 3,950 (+829.41%)
Mutual labels:  vpn
Chromium browser with SSL VPN. Use this browser to unblock websites.
Stars: ✭ 4,041 (+850.82%)
Mutual labels:  vpn
Arch Delugevpn
Docker build script for Arch Linux base with Deluge, Privoxy and OpenVPN
Stars: ✭ 404 (-4.94%)
Mutual labels:  vpn
2021年 中国翻墙软件、VPN推荐指南,对比VPS搭建梯子、SSR机场、蓝灯、WireGuard、V2ray、老王VPN等科学上网软件与翻墙方法,中国最新科学上网翻墙VPN梯子下载推荐,稳定好用。
Stars: ✭ 390 (-8.24%)
Mutual labels:  vpn

LCVPN - Light decentralized VPN in golang

Originally this repo was just an answer on a question "how much time it'll take to write my own simple VPN in golang" (answer is about 3 hours for first prototype), but now it used in production in different environments.

So, LCVPN is

  • Very light and easy (one similar config on all hosts)
  • Use same config for all hosts (autedetect local params) - useful with puppet etc
  • Uses AES-128, AES-192 or AES-256 encryption (note that AES-256 is much slower than AES-128 on most computers) + optional HMAC-SHA256 or (super secure! 😅 ) NONE encryption (just copy without modification)
  • Communicates via UDP directly to selected host (no central server)
  • Works only on Linux (uses TUN device)
  • Support of basic routing - can be used to connect several networks
  • Multithread send and receive - scaleable for big traffc
  • Due to use so_reuseport better result in case of bigger number of hosts
  • It's still in beta stage, use it on your own risk (and please use only versions marked as "release")

alt tag

Install and run

You need golang (at least 1.5) installed and configured:

$ go get -u

if you have config in /etc/lcvpn.conf

$ sudo $GOPATH/bin/lcvpn

if you want to specify different location of config (or if you need to run several instances)

$ sudo $GOPATH/bin/lcvpn -config lcvpn.conf

if you host is hidden behind firewall (with udp port forward) lcvpn is unable to detect which "remote" is localhost. In this case use next syntax:

$ sudo $GOPATH/bin/lcvpn -local berlin -config lcvpn.conf

Config example

port = 23456
encryption = aescbc
mainkey = 4A34E352D7C32FC42F1CEB0CAA54D40E9D1EEDAF14EBCBCECA429E1B2EF72D21
altkey = 1111111117C32FC42F1CEB0CAA54D40E9D1EEDAF14EBCBCECA429E1B2EF72D21
broadcast =
netcidr = 24
recvThreads = 4
sendThreads = 4

[remote "prague"]
ExtIP =
LocIP =
route =
route =
route =

[remote "berlin"]
ExtIP =
LocIP =
route =

[remote "kiev"]
ExtIP =
LocIP =

where port is UDP port for communication
encryption is aescbc for AES-CBC, aescbchmac for AES-CBC+HMAC-SHA245 or none for no encryption
for aescbc mainkey/altkey is hex form of 16, 24 or 32 bytes key (for AES-128, AES-192 or AES-256)
for aescbchmac mainkey/altkey is 32 bytes longer for none mainkey/altkey mainkey/altkey is just ignored number of remotes is virtualy unlimited, each takes about 256 bytes in memory

Config reload

Config is reloaded on HUP signal. In case of invalid config just log message will appeared, previous one is used.
P.S.: listening udp socket is not reopened for now, so on port change restart is needed

Online key change

altkey configuration option allows specify alternative encryption key that will be used in case if decription with primary one failed. This allow to use next algoritm to change keys without link going offline:

  • In normal state only mainkey is set (setting altkey is more cpu-consuming)
  • Set altkey to new key on all hosts and send HUP signal
  • Exchange altkey and aeskey on all hosts and send HUP signal
  • Remove altkey (with old key) from configs on all hosts and send HUP signal again
  • We are running with new key :)


  • 100% unit test coverage
  • please let me know if you need anything more
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].