The build instructions need to be clarified that on Linux-y systems it's totally unnecessary to do the teapot build phase of things, and also currently impossible (no teapot build filters in the party file).

What is needed is a list of apt packages to install on various distros.

For Ubuntu/Debian/Mint the list seems to be:

apt-get install libboost-dev-all libcurl4-openssl-dev

so far. I plan to get started on spinning up some apt packages soon so I suspect I'll find more.

Hi

log message:

Tap adapter "tun100" opened in mode tun with a MTU set to: 1500

ip addr:

tun100: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1446 qdisc pfifo_fast state UNKNOWN group default qlen 100

config:

mtu=auto

We currently rely on tuntaposx to be installed for freelan to work.

This assumption is painful for the user: Viscosity and Tunnelblick both embed their own tuntaposx packaged extensions (with custom version string so they do not collide with the legacy one).

Viscosity also seems to dynamically load the extension whenever needed and unloads it if it was him that loaded it in the first place. That would be a nice behavior to have in freelan. (See #6)

See http://stackoverflow.com/questions/12827143/using-c-c-how-do-you-print-to-stdout-in-color-but-only-if-the-terminal-suppo for information.

Hi all,

Using Microsoft Windows 7 x64, I tried to set the security path to the installation path and I have an issue.
After some tests, it appears that FreeLAN doesn't realy like the keys signature_certificate_file, signature_private_key_file, authority_certificate_file if there contains some spaces.

Configuration :
OS : Microsoft Windows 7 Enterprise / Professional SP1 x64bits
Installation Path : C:\Program Files\FreeLAN
Binary Path : C:\Program Files\FreeLAN\bin
Config File : C:\Program Files\FreeLAN\config\freelan.cfg

Tests & results :
1-
signature_certificate_file=C:\ProgramData\FreeLAN\laptop-nxo.crt
signature_private_key_file=C:\Program Files\FreeLAN\config\laptop-nxo.key
authority_certificate_file=C:\ProgramData\FreeLAN\ca.crt

• CLI : KO
  c:\Program Files\FreeLAN\bin>freelan.exe -c ..\config\freelan.cfg
  Reading configuration file at: "c:\Program Files\FreeLAN\bin..\config\freelan.cfg"
  Error: the argument ('C:\Program Files\FreeLAN\config\laptop-nxo.key') for option 'security.signature_private_key_file' is invalid
• Windows Service : KO

2-
signature_certificate_file=C:\ProgramData\FreeLAN\laptop-nxo.crt
signature_private_key_file="C:\Program Files\FreeLAN\config\laptop-nxo.key"
authority_certificate_file="C:\Program Files\FreeLAN\config\ca.crt"

• CLI : KO
  c:\Program Files\FreeLAN\bin>freelan.exe -c ..\config\freelan.cfg
  Reading configuration file at: "c:\Program Files\FreeLAN\bin..\config\freelan.cfg"
  Error: No such file: "C:\Program Files\FreeLAN\bin\Program Files\FreeLAN\config\ca.crt"
• Windows Service : KO

3-
signature_certificate_file=C:\ProgramData\FreeLAN\laptop-nxo.crt
signature_private_key_file=C:\ProgramData\FreeLAN\laptop-nxo.key
authority_certificate_file=..\config\ca.crt

• CLI : OK
• Windows Service : KO

4-
signature_certificate_file=C:\ProgramData\FreeLAN\laptop-nxo.crt
signature_private_key_file=C:\ProgramData\FreeLAN\laptop-nxo.key
authority_certificate_file="..\config\ca.crt"

• CLI : KO
  c:\Program Files\FreeLAN\bin>freelan.exe -c ..\config\freelan.cfg
  Reading configuration file at: "c:\Program Files\FreeLAN\bin..\config\freelan.cfg"
  Error: No such file: c:\Program Files\FreeLAN\bin"..\config\ca.crt"
• Windows Service : KO

In fact it's not realy a problem because I used to put this kind of file in C:\ProgramData... but it can be a problem since the example on the site include this "bug".

Regards.

To provide for a casual P2P VPN discovery, some sort of global rendeavouz server is needed. Probably by far the biggest network providing this type of function is the network of BitTorrent trackers + the Mainline DHT Kademlia implementation.

The idea here is a new contact mode called "bittorrent" could be added to Freelan to take advantage of this to do peer discovery and CA distribution.

Each freelan node would boot itself up as a Bittorrent client, and loading either a torrent file or magnet URI that would point to the public CA certificate for a network. Each node then joins the network by downloading or seeding the CA certificate for other nodes - this allows new nodes to acquire the CA, and existing nodes to hole-punch through to other peers.

Remotely adding nodes could then be accomplished by a node sending a certificate signing request to the freelan network, which can then be signed by whoever holds the CA private key.

This allows a P2P mode of operation for doing key exchange without needing to use OpenSSL PSK and which solves the bootstrap problem of casual users needing at least 1 peer with a direct internet connection and reliably known hostname.

On Linux it's not possible for a regular user to create a tuntap device, or configure it in anyway (bring it up/down, set the IP address etc.) but freelan uses the user's home directory to perform operations and store configuration.

It would be good to break out the code which opens tuntap devices from the code which configures them, so the latter could be added as a binary/daemon which runs as setuid root, allowing the main freelan2 executable to then be run by ordinary user accounts.

A first step would simply be detecting and handling the case of running without root but with an accessible tuntap device appropriately.

In a Hamachi-like use-case, a single tuntap device would be more then enough - Hamachi firewalled network segments from each other but used the same address range.

We are still using calls to external process on Linux to add/delete routes while we now have the NETLINK messaging base-code.

Here is a list of possibilities of NETLINK messaging.

We may want to replace these calls with more reliable/portable NETLINK calls.

Hi,

Please, tell - does freelan vpn supports auth using radius server/plugins/anything?

2014-05-30T09:02:55.337913 [DEBUG] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
terminate called after throwing an instance of 'cryptoplus::error::cryptographic_exception'
  what():  error:10071065:elliptic curve routines:EC_POINT_cmp:incompatible objects

After building freelan from source on Ubuntu 14.04 I'm seeing this error from the freelan2 binary when the servers try to connect.

I have openssl 1.0.1f-1ubuntu2.1 installed.

when installing Freelan on Windows 7 x86 the TAP adapter does not get installed.

in the console windows that pops up i get the following error: https://dl.dropboxusercontent.com/u/4210971/freelan.png

The reason i think it could be is that the files in the folder C:\Program Files\FreeLAN\driver are empty after installation (size 0kb).
The same files are also empty on github on the x86 version (https://github.com/freelan-developers/freelan-all/tree/master/packaging/windows/files) but are not empty for amd64.

The old core.cpp file still contains some code for the HTTP client that hasn't been migrated to the new core design.

We need to finish porting that code to get rid of the old files and merge the (badly named) cppnetlib branch back to master.

The DHCP proxy does currently not reply to ARP requests, this also troubles Windows higher than XP as their screwed up networking requires a default gateway to be set on ones network to identify it and allowing traffic across it.

Hi, I try to install freelan from sources on virtual debian machine before install on rpi.
my install is with debian-7.4.0-amd64-netinst.iso.
I install all requirements
sudo apt-get install python-setuptools
sudo apt-get install gcc-4.7
sudo apt-get install build-essential
sudo apt-get install git-core zip
sudo wget http://prdownloads.sourceforge.net/scons/scons-2.3.3.zip
sudo python setup.py install
wget -c 'http://sourceforge.net/projects/boost/files/boost/1.55.0/boost_1_55_0.tar.bz2/download'
./bootstrap.sh
./b2 install
sudo apt-get install libboost-dev
git clone https://github.com/freelan-developers/freelan-all.git
scons
and I have errors
....
g++ -o build/release/apps/freelan/src/tools.o -c -Wno-missing-field-initializers --std=c++11 -Wall -Wextra -Werror -pedantic -Wshadow -O3 -isystem third-party/install/include -Ibuild/release/include build/release/apps/freelan/src/tools.cpp
In file included from build/release/include/cryptoplus/x509/../error/helpers.hpp:47:0,
from build/release/include/cryptoplus/x509/certificate_revocation_list.hpp:50,
from build/release/include/freelan/configuration.hpp:60,
from build/release/include/freelan/core.hpp:49,
from build/release/apps/freelan/src/tools.hpp:54,
from build/release/apps/freelan/src/tools.cpp:47:
build/release/include/cryptoplus/x509/../error/error.hpp:47:25: fatal error: openssl/err.h: No such file or directory
compilation terminated.
scons: *** [build/release/apps/freelan/src/tools.o] Error 1
scons: building terminated because of errors.

what is the problem ?
thank you

I am using freelan client from home and adding dynamic_contact_file line when it needed is really uncomfortable. The more certificates the more complicated this situation becomes. It would be easier to use one folder instead fol multiple files

The current relay mode implies that the relay be part of the mesh and thus can decode messages it relays (LAN emulation).

We'd also need a mode where the relay is oblivious of the content of the messages and just acts as a relay for a given pair of hosts.

To do that I suggest the following implementation :

If A & B want to connect to each other but can't, yet can connect to C, they can ask a third node to act as a transparent relay and to open a channel for them:

• Both send a reservation request to C, containing their desired target endpoint (for A, the address:port of B, and for B, the address:port of A).
• If C accepts, and receive a matching pair of requests (both A and B requests with each-other address:port pairs), it can decide to create a channel for A and B. It then replies to both host with the channel information.
• If the channel is not used during a (configurable) period of time, it gets destroyed (and no message is sent to A or B).

Conditions of success

• A new message for reservation requests is described in the RFC.
• A new message for reservation acceptance is described in the RFC.
• A configuration option must be added to indicate if the transparent relay mode is supported.
• A configuration option must be added to indicate how many channels one host will accept (we can actually merge this one with the previous one).
• The mechanism to create a pair of UDP sockets (a channel) for the relay must be implemented.
• Message transmited on the channel must be valid, that is: they must originate from one of the registrating hosts (both address and port must match).
• Channel must have an expiry timeout period that gets refreshed whenever a valid message is sent on the pair.
• A bidirectional-map of remote_address:port/proxy_addresses:ports must be added such that internal calls don't have to be changed. The translation should happen transparently.
• Note that several channels (on different relays) can be established at the same time and that, and that the implementation should support it nicely (any channel can be used). This allows for cases where A use C to communicate with B but B prefers to use D to communicate back with A.
• Nodes must be able to detect that connectivity with a given host has failed for a given period of time (a timer should be added).
• A configuration option must be added to indicate the time treshold after which the establishment of a channel should be tried.
• Registration requests must expire after some time if not matched into a channel.

Hi

These log are from a fedora 20 (not) connecting to an openwrt

Fedora freelan log

2014-04-14T23:02:33.660161 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
terminate called after throwing an instance of 'cryptoplus::error::cryptographic_exception'
  what():  error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group

Fedora "openssl ciphers"

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5

strange thing is that even if i put one "cipher_capability" like this

#cipher_capability=ECDHE-RSA-AES256-GCM-SHA384
cipher_capability=ECDHE-RSA-AES128-GCM-SHA256

i still have 2 in the exception

Openwrt freelan log

2014-04-14T23:02:33.664424 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
terminate called after throwing an instance of 'cryptoplus::error::cryptographic_exception'
  what():  error:100AE081:lib(16):func(174):reason(129)

Openwrt 'openssl ciphers'

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5

When I run freelan in tap mode, both IPv4 and IPv6 works perfectly fine. However when I run it in tun mode, no IPv6 packets get delivered to remote peers. I've done some tracing and it looks like some internal routing issue within Freelan - built with debug enabled, I can see:

Routing 104 byte(s) of data from tap_adapter(tun0): no route.

Test shows IPv4 working OK, but IPv6 failing to be delivered:

>$ ping -c5 9.0.0.1
PING 9.0.0.1 (9.0.0.1) 56(84) bytes of data.
64 bytes from 9.0.0.1: icmp_seq=1 ttl=64 time=3.56 ms
64 bytes from 9.0.0.1: icmp_seq=2 ttl=64 time=1.99 ms
64 bytes from 9.0.0.1: icmp_seq=3 ttl=64 time=1.91 ms
64 bytes from 9.0.0.1: icmp_seq=4 ttl=64 time=1.98 ms
64 bytes from 9.0.0.1: icmp_seq=5 ttl=64 time=1.98 ms

--- 9.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 1.916/2.290/3.563/0.637 ms

$ ping6 -c5 2aa1::1
PING 2aa1::1(2aa1::1) 56 data bytes

--- 2aa1::1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms

Network config on the machines appears fine.

Sender:

$ ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1446
        inet 9.0.0.5  netmask 255.255.255.0  destination 9.0.0.0
        inet6 2aa1::2  prefixlen 8  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


$  ip -6 route | grep '2a00::/8'
2a00::/8 dev tun0  proto kernel  metric 256

Destination:

$ ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1446
        inet 9.0.0.1  netmask 255.255.255.0  destination 9.0.0.0
        inet6 2aa1::1  prefixlen 8  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 5  bytes 420 (420.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5  bytes 420 (420.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

$ ip -6 route | grep '2a00::/8'
2a00::/8 dev tun1  proto kernel  metric 256

Doing packet dumps can see that traffic is sent out via the right interface on the sender side, but never appears on the interface on the recipent side. Have checked that IPv6 packet forwarding is enabled on both machines.

Tested against master branch as of 25th Jan (30dd397) between two CentOS 7 machine on x86_64.

Full startup log of one machine with debug/trace build enabled:

Reading configuration file at: "/etc/freelan/freelan.cfg"
2015-03-07T23:15:00.192012 [DEBUG] Opening core...
2015-03-07T23:15:00.192132 [INFORMATION] Starting FSCP server...
2015-03-07T23:15:00.192256 [IMPORTANT] Core set to listen on: 0.0.0.0:12000
2015-03-07T23:15:00.192292 [INFORMATION] Building CA store...
2015-03-07T23:15:00.192410 [DEBUG] Resolving 192.168.1.2:12000 for potential contact...
2015-03-07T23:15:00.192537 [DEBUG] Resolving 192.168.1.1:12000 for potential contact...
2015-03-07T23:15:00.192623 [INFORMATION] FSCP server started.
2015-03-07T23:15:00.193065 [IMPORTANT] Tap adapter "tun0" opened in mode tun with a MTU set to: 1446
2015-03-07T23:15:00.193120 [INFORMATION] IPv4 address: 9.0.0.5/24
2015-03-07T23:15:00.193150 [INFORMATION] IPv6 address: 2aa1::2/8
2015-03-07T23:15:00.193183 [INFORMATION] No IPv4 remote address configured. Using a default of: 9.0.0.0
2015-03-07T23:15:00.193433 [INFORMATION] Putting interface into the connected state.
2015-03-07T23:15:00.193689 [INFORMATION] Advertising the following routes: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.193734 [DEBUG] Core opened.
2015-03-07T23:15:00.193807 [INFORMATION] Using 2 thread(s).
2015-03-07T23:15:00.193831 [IMPORTANT] Execution started.
2015-03-07T23:15:00.194292 [DEBUG] Thread #0 started.
2015-03-07T23:15:00.194448 [DEBUG] No session exists with 192.168.1.2:12000 (at 192.168.1.2:12000). Contacting...
2015-03-07T23:15:00.194490 [DEBUG] Sending HELLO to 192.168.1.2:12000
2015-03-07T23:15:00.194694 [DEBUG] No session exists with 192.168.1.1:12000 (at 192.168.1.1:12000). Contacting...
2015-03-07T23:15:00.194731 [DEBUG] Sending HELLO to 192.168.1.1:12000
2015-03-07T23:15:00.195142 [DEBUG] Received HELLO_REQUEST from 192.168.1.2:12000.
2015-03-07T23:15:00.195883 [DEBUG] Received HELLO_RESPONSE from 192.168.1.2:12000 at 192.168.1.2:12000. Latency: 00:00:00.000663
2015-03-07T23:15:00.196176 [DEBUG] Received PRESENTATION from 192.168.1.2:12000: C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected].
2015-03-07T23:15:00.196539 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=Wellington CA/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.196814 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.196950 [INFORMATION] Accepting PRESENTATION from 192.168.1.2:12000 (C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected]): first presentation.
2015-03-07T23:15:00.197015 [DEBUG] Sending SESSION_REQUEST to 192.168.1.2:12000.
2015-03-07T23:15:00.197468 [TRACE] Sending session request message to 192.168.1.2:12000 (next_session_number: 0, local_host_identifier: e1a8a88580b5d54052ae81b65d8512098d22968c32a256ec5ff7d4183fa7d9c2)
2015-03-07T23:15:00.202409 [DEBUG] Received HELLO_RESPONSE from 192.168.1.1:12000 at 192.168.1.1:12000. Latency: 00:00:00.007007
2015-03-07T23:15:00.202804 [DEBUG] Received PRESENTATION from 192.168.1.1:12000: C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=management/name=VPN/[email protected].
2015-03-07T23:15:00.202964 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=Wellington CA/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.203148 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=management/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.203210 [INFORMATION] Accepting PRESENTATION from 192.168.1.1:12000 (C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=management/name=VPN/[email protected]): first presentation.
2015-03-07T23:15:00.203246 [DEBUG] Sending SESSION_REQUEST to 192.168.1.1:12000.
2015-03-07T23:15:00.203628 [TRACE] Sending session request message to 192.168.1.1:12000 (next_session_number: 0, local_host_identifier: 6fdeec09ee5c01263b631ada804f5a391f3875dc1b21ac7565ceb13b26bc8119)
2015-03-07T23:15:00.204577 [DEBUG] Thread #1 started.
2015-03-07T23:15:00.204724 [DEBUG] Received PRESENTATION from 192.168.1.2:12000: C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected].
2015-03-07T23:15:00.204877 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=Wellington CA/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.205060 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.205121 [INFORMATION] Accepting PRESENTATION from 192.168.1.2:12000 (C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected]): same presentation.
2015-03-07T23:15:00.205158 [DEBUG] Sending SESSION_REQUEST to 192.168.1.2:12000.
2015-03-07T23:15:00.206191 [TRACE] Sending session request message to 192.168.1.2:12000 (next_session_number: 0, local_host_identifier: e1a8a88580b5d54052ae81b65d8512098d22968c32a256ec5ff7d4183fa7d9c2)
2015-03-07T23:15:00.208378 [DEBUG] Received SESSION_REQUEST from 192.168.1.2:12000 (default: accept).
2015-03-07T23:15:00.208414 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-07T23:15:00.208454 [DEBUG] Elliptic curve capabilities: secp384r1
2015-03-07T23:15:00.208498 [TRACE] Received a SESSION_REQUEST from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_secp384r1. No current session exist: preparing one and sending it.
2015-03-07T23:15:00.213091 [TRACE] Sending session message to 192.168.1.2:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.215400 [DEBUG] Received SESSION_REQUEST from 192.168.1.1:12000 (default: accept).
2015-03-07T23:15:00.215437 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-07T23:15:00.215461 [DEBUG] Elliptic curve capabilities: secp384r1
2015-03-07T23:15:00.215497 [TRACE] Received a SESSION_REQUEST from 192.168.1.1:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_secp384r1. No current session exist: preparing one and sending it.
2015-03-07T23:15:00.219811 [TRACE] Sending session message to 192.168.1.1:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.221963 [DEBUG] Received SESSION_REQUEST from 192.168.1.2:12000 (default: accept).
2015-03-07T23:15:00.221999 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-07T23:15:00.222055 [DEBUG] Elliptic curve capabilities: secp384r1
2015-03-07T23:15:00.222157 [TRACE] Received a SESSION_REQUEST from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_secp384r1. No current session exist: preparing one and sending it.
2015-03-07T23:15:00.222198 [TRACE] Sending session message to 192.168.1.2:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.224525 [DEBUG] Received SESSION from 192.168.1.1:12000 (default: accept).
2015-03-07T23:15:00.224560 [DEBUG] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.224581 [DEBUG] Elliptic curve: secp384r1
2015-03-07T23:15:00.226277 [TRACE] Session established with 192.168.1.1:12000. Sending acknowledgement session message back.
2015-03-07T23:15:00.226376 [TRACE] Sending session message to 192.168.1.1:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.229530 [IMPORTANT] Session established with 192.168.1.1:12000.
2015-03-07T23:15:00.229596 [INFORMATION] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.229648 [INFORMATION] Elliptic curve: secp384r1
2015-03-07T23:15:00.229873 [DEBUG] Sending routes request to 192.168.1.1:12000.
2015-03-07T23:15:00.229941 [DEBUG] Received SESSION from 192.168.1.2:12000 (default: accept).
2015-03-07T23:15:00.229996 [DEBUG] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.230217 [DEBUG] Elliptic curve: secp384r1
2015-03-07T23:15:00.230134 [INFORMATION] Added system route: eth0 - 192.168.1.1/32 - metric 0
2015-03-07T23:15:00.231768 [TRACE] Session established with 192.168.1.2:12000. Sending acknowledgement session message back.
2015-03-07T23:15:00.231818 [TRACE] Sending session message to 192.168.1.2:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.234185 [IMPORTANT] Session established with 192.168.1.2:12000.
2015-03-07T23:15:00.234224 [INFORMATION] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.234259 [INFORMATION] Elliptic curve: secp384r1
2015-03-07T23:15:00.234417 [DEBUG] Sending routes request to 192.168.1.2:12000.
2015-03-07T23:15:00.234546 [TRACE] Received a SESSION from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-07T23:15:00.234596 [TRACE] Received a SESSION from 192.168.1.1:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-07T23:15:00.234823 [TRACE] Received a SESSION from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-07T23:15:00.234844 [INFORMATION] Added system route: lo - 192.168.1.2/32 - metric 0
2015-03-07T23:15:00.235285 [DEBUG] Received routes request from 192.168.1.1:12000. Replying with version 0: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.235333 [DEBUG] Sending routes to 192.168.1.1:12000: version 0 (9.0.0.5/32, 2aa1::2/128).
2015-03-07T23:15:00.235430 [DEBUG] Received routes request from 192.168.1.2:12000. Replying with version 0: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.235471 [DEBUG] Sending routes to 192.168.1.2:12000: version 0 (9.0.0.5/32, 2aa1::2/128).
2015-03-07T23:15:00.237421 [INFORMATION] Received routes from 192.168.1.1:12000 (version 0) were applied: 9.0.0.1/32, 2aa1::1/128
2015-03-07T23:15:00.237562 [WARNING] Received system routes from 192.168.1.1:12000 (version 0) but none matched the system route acceptance policy (none, limit 1): 9.0.0.1/32, 2aa1::1/128
2015-03-07T23:15:00.237802 [INFORMATION] Received routes from 192.168.1.2:12000 (version 0) were applied: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.238002 [WARNING] Received system routes from 192.168.1.2:12000 (version 0) but none matched the system route acceptance policy (none, limit 1): 9.0.0.5/32, 2aa1::2/128
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.

The requirement to setup X509 certificates is fairly burdensome for users - OpenSSL includes support for pre-shared key ciphersuites out of the box (don't know if the C++ wrapper in Freelan does though).

It would be great to support setting a pre-shared key in the freelan2.cfg file, to use the VPN in a "group password" mode (similar to Hamachi) and a much more comprehensible use-case for users.

Hi there,

Thanks for all your work on Freelan. It's a great P2P VPN.

I've installed Freelan 1.0 on Ubuntu and everything is running great.

I tried updating to Freelan 1.1, but noticed the dependencies for 1.1 require libbost 1.49.

Unfortunately, libboost 1.49 isn't available for 12.04. Is there anyway to support Ubuntu 12.04 and libboost 1.46 or 48?

user@host:~# lsb_release -a
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.2 LTS
Release:        12.04
Codename:       precise

user@host:~# apt-cache show libboost1.4
libboost1.46-all-dev  libboost1.46-dev      libboost1.48-all-dev  libboost1.48-dev
libboost1.46-dbg      libboost1.46-doc      libboost1.48-dbg      libboost1.48-doc

Thanks,
Brian

The repository lacks the Mac OS X installer files.

As it stands nobody can rebuild the Mac OS X installer as its source files are not available.

Creating build machine for each of the operating system would be nice.

http://buildbot.net/ seems like a good candidate for that.

In libs/asiotap/src/posix/posix_system.cpp, you're calling /bin/ip,
but on fedora/openwrt, ip is at /usr/sbin/ip
and on ubuntu, ip is at /sbin/ip
I'm not even sure they will all produce exact same result ...

We should use netlink calls
some links
https://github.com/miguelfreitas/twister-core/blob/master/libtorrent/src/enum_net.cpp
https://github.com/berkus/libnat/blob/master/lib/maidsafe_gateway.cc
https://www.google.fr/search?q=boost+RTM_GETROUTE

We now have NETLINK functions and classes but the current implementation of exception here is crappy.

We need to fix that.

I uninstalled Freelan on my Windows box using the uninstall tool, and it removed my OpenVPN TAP adapter, in addition to the Freelan TAP device. The version I used was v1.1.

Expected behaviour: the uninstaller removes its own TAP device only, and leaves the TAP driver installed, in case other applications are using it.

On my Ubuntu machine:

$ ./install/bin/freelan2 --version
freelan 2.0.0 (1.1-osx-2825-gb799941) Mon 16 Mar 2015

Hello,

I have installed FreeLan on a Windows XP SP3 Virtual Machine.

Installation seem to be correct but when i'm going on "Windows services" I can't see "FreeLan Service" in the list.

The command : net start "freelan service" in a prompt, return a error which say that the service is not valid.

Hope this Issue help !

Best Regards,
Vincent

Hi

Freelan 2 will be unable to talk to Freelan 1 nodes, so it can be cool to be able to install both at the same time?
To avoid any conflicts I suggest adding the major version number at the end of freelan binary (-> freelan2), and also default directories (/etc/freelan2, ~/.freelan2, ...)

What do you think about this?

The client gets stuck and also prevents the app from shuting down.

Hi,

First, as always, thanks for your good work.
This is a long term feature request :) (freelan 3?)

I've asked in the past why not using DTLS and this was a bit buggy, maybe too soon.

DTLS 1.2 (january 2012) offer everything we need for secure udp point to point connections, including recent cyphers (elliptic curves and GCM).
It's not yet available in openssl (will be in 1.1), but is available in gnutls since v3.2 (2013-05-10) which is in:
-debian wheezy-backports
-debian jessie
-ubuntu 13.10
-ubuntu 14.04
-fedora 21 (next release, but you can install the packages on fedora 20)
-openwrt BB

It'll also allow us to use openpgp certificates.
Security is tricky, and letting thousands taking care of it is i think a good thing. Don't take me wrong, your work is amazing, but reading this paper
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
you can see that it's too complex to get it right (plain text recovery via 'subtle' timing side channels attack)

Thanks again

Did my first successful compilations, but scons does not seem to install anything much.

$ find install/ -type f
install/bin/freelan2

Is that really all?

Hi,
Are there any further clarity on the build process for a linux install..
The 'teapot build' stage fails with no 'party' files.

Any guidance greatly appreciated.

Many Thanks

Gary

I tried to build freelan in Python virtualenv.

teapot build on Python 2.7 gives:

Traceback (most recent call last):
  File "/home/vic2/src/freelan-all/venv/bin/teapot", line 9, in <module>
    load_entry_point('teapot==2.2', 'console_scripts', 'teapot')()
  File "/home/vic2/src/freelan-all/venv/local/lib/python2.7/site-packages/pkg_resources.py", line 353, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/home/vic2/src/freelan-all/venv/local/lib/python2.7/site-packages/pkg_resources.py", line 2321, in load_entry_point
    return ep.load()
  File "/home/vic2/src/freelan-all/venv/local/lib/python2.7/site-packages/pkg_resources.py", line 2048, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/home/vic2/src/freelan-all/venv/local/lib/python2.7/site-packages/teapot/__init__.py", line 6, in <module>
    import teapot.extensions.builtin
ImportError: No module named extensions.builtin

and on Python 3.4:

Traceback (most recent call last):
  File "/home/vic2/src/freelan-all/venv/bin/teapot", line 9, in <module>
    load_entry_point('teapot==2.2', 'console_scripts', 'teapot')()
  File "/home/vic2/src/freelan-all/venv/lib/python3.4/site-packages/pkg_resources.py", line 353, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/home/vic2/src/freelan-all/venv/lib/python3.4/site-packages/pkg_resources.py", line 2321, in load_entry_point
    return ep.load()
  File "/home/vic2/src/freelan-all/venv/lib/python3.4/site-packages/pkg_resources.py", line 2048, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/home/vic2/src/freelan-all/venv/lib/python3.4/site-packages/teapot/__init__.py", line 5, in <module>
    import teapot.filters.builtin
  File "/home/vic2/src/freelan-all/venv/lib/python3.4/site-packages/teapot/filters/__init__.py", line 7, in <module>
    from .filter import Filter, f, uf
  File "/home/vic2/src/freelan-all/venv/lib/python3.4/site-packages/teapot/filters/filter.py", line 7, in <module>
    from ..memoized import MemoizedObject
  File "/home/vic2/src/freelan-all/venv/lib/python3.4/site-packages/teapot/memoized.py", line 60
    print cls._INSTANCES_PARAMS[keys]
            ^
SyntaxError: invalid syntax

(apparently written for Python 2).

As required by the instructions for FreeLAN, "Freelan requires the Visual C++ 2013 runtime to operate". I have already installed this on my Windows 8 laptop, but FreeLAN returns an error pertaining to a missing Visual C++ 2013 runtime environment. It says that MSVCP120.dll is missing. But, when I searched my system for the dll, I found it in Windows\System32. I have tried to fullfill the requirements, but am baffled. Is there anything that I could have done to fix this error?

The wiki's tutorials are currently wrong as they lack the [sections] in the sample configuration files.

Those sections must be added quickly as they could confuse some users.

Please add fast way to create direct LAN without messing with horrible certs, i would like to get rid of Evolve or Hamachi and use Freelan for LAN connectivity.

Error: Missing msvcp120.dll

Fix: Install x64 VC++ 2013 Redistributable

Solution: Ship it with release?
Or instruct User to do it manually.
http://msdn.microsoft.com/en-us/library/ms235299.aspx

after install from sources on debian, I start freelan but I have a problem ping freelan localhost network works but not distant machine.

root@debian:/usr/local/bin# freelan2 -f -d
Reading configuration file at: "/etc/freelan2/freelan.cfg"
2015-03-11T07:57:19.580066 [DEBUG] Opening core...
2015-03-11T07:57:19.580340 [INFORMATION] Starting FSCP server...
2015-03-11T07:57:19.580530 [IMPORTANT] Core set to listen on: 0.0.0.0:12000
2015-03-11T07:57:19.580684 [INFORMATION] Building CA store...
2015-03-11T07:57:19.580905 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T07:57:19.581079 [INFORMATION] FSCP server started.
2015-03-11T07:57:19.581744 [IMPORTANT] Tap adapter "tap0" opened in mode tap with a MTU set to: 1446
2015-03-11T07:57:19.581905 [INFORMATION] IPv4 address: 9.0.0.50/24
2015-03-11T07:57:19.582053 [INFORMATION] No IPv6 address configured.
2015-03-11T07:57:19.582352 [INFORMATION] Putting interface into the connected state.
2015-03-11T07:57:19.582642 [DEBUG] Core opened.
2015-03-11T07:57:19.582835 [INFORMATION] Using 1 thread(s).
2015-03-11T07:57:19.582986 [IMPORTANT] Execution started.
2015-03-11T07:57:19.583897 [DEBUG] Thread #0 started.
2015-03-11T07:57:19.584082 [DEBUG] No session exists with 10.0.200.12 (at 10.0.200.12:12000). Contacting...
2015-03-11T07:57:19.584254 [DEBUG] Sending HELLO to 10.0.200.12:12000
2015-03-11T07:57:19.584479 [DEBUG] Received HELLO_REQUEST from 10.0.200.12:12000.
2015-03-11T07:57:19.584810 [DEBUG] Received HELLO_RESPONSE from 10.0.200.12 at 10.0.200.12:12000. Latency: 00:00:00.000302
2015-03-11T07:57:19.585017 [DEBUG] Received PRESENTATION from 10.0.200.12:12000: C=FR, ST=RA, O=bono, CN=rpi.
2015-03-11T07:57:19.585273 [INFORMATION] C=FR, ST=RA, L=ville, O=org, CN=ca is valid.
2015-03-11T07:57:19.585654 [INFORMATION] C=FR, ST=RA, O=org, CN=rpi is valid.
2015-03-11T07:57:19.585944 [INFORMATION] Accepting PRESENTATION from 10.0.200.12:12000 (C=FR, ST=RA, O=org, CN=rpi): first presentation.
2015-03-11T07:57:19.586102 [DEBUG] Sending SESSION_REQUEST to 10.0.200.12:12000.
2015-03-11T07:57:19.586374 [TRACE] Sending session request message to 10.0.200.12:12000 (next_session_number: 0, local_host_identifier: 00deba6324619abd98eeb3f2188b398133817805faacd2bcea801dbc45b0907e)
2015-03-11T07:57:19.584905 [INFORMATION] Starting tap adapter's thread...
2015-03-11T07:57:19.601357 [DEBUG] Received PRESENTATION from 10.0.200.12:12000: C=FR, ST=RA, O=org, CN=rpi.
2015-03-11T07:57:19.601648 [INFORMATION] C=FR, ST=RA, L=ville, O=org, CN=ca is valid.
2015-03-11T07:57:19.602012 [INFORMATION] C=FR, ST=RA, O=org, CN=rpi is valid.
2015-03-11T07:57:19.602279 [INFORMATION] Accepting PRESENTATION from 10.0.200.12:12000 (C=FR, ST=RA, O=org, CN=rpi): same presentation.
2015-03-11T07:57:19.602515 [DEBUG] Sending SESSION_REQUEST to 10.0.200.12:12000.
2015-03-11T07:57:19.602794 [TRACE] Sending session request message to 10.0.200.12:12000 (next_session_number: 0, local_host_identifier: 00deba6324619abd98eeb3f2188b398133817805faacd2bcea801dbc45b0907e)
2015-03-11T07:57:19.612846 [DEBUG] Received SESSION_REQUEST from 10.0.200.12:12000 (default: accept).
2015-03-11T07:57:19.613015 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-11T07:57:19.613224 [DEBUG] Elliptic curve capabilities: sect571k1 secp384r1
2015-03-11T07:57:19.613418 [TRACE] Received a SESSION_REQUEST from 10.0.200.12:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_sect571k1. No current session exist: preparing one and sending it.
2015-03-11T07:57:19.618681 [TRACE] Sending session message to 10.0.200.12:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: sect571k1).
2015-03-11T07:57:19.629809 [DEBUG] Received SESSION_REQUEST from 10.0.200.12:12000 (default: accept).
2015-03-11T07:57:19.630063 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-11T07:57:19.630289 [DEBUG] Elliptic curve capabilities: sect571k1 secp384r1
2015-03-11T07:57:19.630469 [TRACE] Received a SESSION_REQUEST from 10.0.200.12:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_sect571k1. No current session exist: preparing one and sending it.
2015-03-11T07:57:19.630652 [TRACE] Sending session message to 10.0.200.12:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: sect571k1).
2015-03-11T07:57:19.638709 [DEBUG] Received SESSION from 10.0.200.12:12000 (default: accept).
2015-03-11T07:57:19.639001 [DEBUG] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-11T07:57:19.639322 [DEBUG] Elliptic curve: sect571k1
2015-03-11T07:57:19.645737 [TRACE] Session established with 10.0.200.12:12000. Sending acknowledgement session message back.
2015-03-11T07:57:19.645903 [TRACE] Sending session message to 10.0.200.12:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: sect571k1).
2015-03-11T07:57:19.653771 [IMPORTANT] Session established with 10.0.200.12:12000.
2015-03-11T07:57:19.654000 [INFORMATION] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-11T07:57:19.654206 [INFORMATION] Elliptic curve: sect571k1
2015-03-11T07:57:19.654673 [INFORMATION] Added system route: lo - 10.0.200.12/32 - metric 0
2015-03-11T07:57:19.654926 [TRACE] Received a SESSION from 10.0.200.12:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-11T07:57:19.655308 [TRACE] Received a SESSION from 10.0.200.12:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-11T07:57:49.580431 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T07:57:49.580543 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
2015-03-11T07:58:19.580857 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T07:58:19.580970 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
2015-03-11T07:58:49.581038 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T07:58:49.581110 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
2015-03-11T07:59:19.581240 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T07:59:19.581342 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
2015-03-11T07:59:49.581474 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T07:59:49.581586 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
2015-03-11T08:00:19.580500 [DEBUG] Sending routes request to all hosts.
2015-03-11T08:00:19.580915 [DEBUG] Received routes request from 10.0.200.12:12000. Replying with version 0:
2015-03-11T08:00:19.580948 [DEBUG] Sending routes to 10.0.200.12:12000: version 0 ().
2015-03-11T08:00:19.593739 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T08:00:19.593889 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
2015-03-11T08:00:19.594188 [WARNING] Received routes from 10.0.200.12:12000 (version 0) will be ignored, as the configuration requires:
2015-03-11T08:00:49.593948 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T08:00:49.594056 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
2015-03-11T08:01:19.594397 [DEBUG] Resolving 10.0.200.12 for potential contact...
2015-03-11T08:01:19.594511 [DEBUG] A session already exists with 10.0.200.12 (at 10.0.200.12:12000). Not contacting again.
^C2015-03-11T08:01:22.570665 [WARNING] Signal caught (2): exiting...
2015-03-11T08:01:22.570736 [DEBUG] Closing core...
2015-03-11T08:01:22.570811 [INFORMATION] Tap adapter's thread is now stopped.
2015-03-11T08:01:22.578302 [INFORMATION] Closing FSCP server...
2015-03-11T08:01:22.578303 [INFORMATION] FSCP server closed.
2015-03-11T08:01:22.578303 [DEBUG] Core closed.
2015-03-11T08:01:22.578355 [INFORMATION] Removed system route: lo - 10.0.200.12/32 - metric 0
2015-03-11T08:01:22.578409 [DEBUG] Thread #0 stopped.
2015-03-11T08:01:22.578476 [IMPORTANT] Execution stopped.
2015-03-11T08:01:22.578971 [ERROR] Execution aborted because of a signal (2).

thank you

It would be nice if freelan had a way to request via upnp for routers to open a port for incoming communications. To keep the maintenance burden low on freelan it would be good to try and identify an external tool that does the job.

I believe tribler and transmission already do this. I didn't find a dependency on an external package, maybe there ought to be one. But in any case it might be possible to learn how they do this and mimic it.

Debian seems to have a lot of libraries to choose from

• libgupnp
• libhupnp
• libminiupnpc
• libupnp
• [...]

As it stands, the installer does not explain that the user has to modify the configuration file and to start the service for freelan to work.

This leads to an enormous amount of people asking "What do I do ?" and you could easily be avoided by giving instructions in the installer.

I have installed Freelan on different computers (package for Windows 7 x64), and have same problem "Not found MSVCR120.dll"

The Two hosts configuration sample could be improved to teach best-practice regarding CA certificate usage.

Actually, it tells the user to directly specify the user certificates as authority_certificate_file but providing the CA here would probably be nicer.

Am I correct to assume that everything under libs and third-party represents a courtesy code copy of other projects that freelan is compiled against? Debian doesn't like that. It would be good to push that to a separate branch (or submodule as you did in the past, something I am not so familiar with in git).

Hello I am using boost_1_55_0 for freelan I could compile all the projects on vs2013 except freelan project. and I saw error below :

error LNK1104: cannot open file 'libboost_date_time.lib' freelan

when I compiled boost libraries I get some libs with some names like below :

libboost_date_time-vc120-mt-1_55.lib
libboost_date_time-vc120-mt-gd-1_55.lib

as you see there is no 'libboost_date_time.lib' how can I find that.

I has been looking better P2P VPN,
so far I tried Hamachi, LAN Bridger, Tunngle, TeamViewer VPN and SoftEther.
These VPN quite unstable in some computer and SoftEther cause game frequent disconnect and not Direct client to client, LAN Bridger seem no longer support and not decentralized.

FreeLAN give much more faster, decentralized, lightweight and less overhead, so far none I found.

I has been tweaking FreeLAN, once session connected, I start share my internet to FreeLAN adapter, and other PC configure an manual IP Address, and have internet access!

problem is when FreeLAN exit, and re-open, it IP revert to auto.
I disable DHCP proxy, manual IP changed to follow FreeLAN configuration.

I would like to see Internet Gateway and DNS on FreeLAN configuration. So I can install on my server and other client get an Internet access while in P2P mode, just like Virtual Home!

It's because my ISP blocking port 6667 TCP cause Red Alert 3 and Crysis 2 unable to login EA network or play online, I used SoftEther and game match cannot start due Error "Kick player that have connectivity issue", FreeLAN was not... :)

Hi,

I would like to know if it's possible to connect automatically to others public freelan nodes or if, for the P2P VPN Freelan, all the configurations are manual and only with private nodes.

The refactoring caused a dramatic performance impact which needs to be addressed.

This is likely caused by the fact that io_service use a mutex internally, causing all threads to wait for it to be free (which harms the throughput).

The code needs to be changed such that all network/tap adapter operations happen in a single thread. This could mean adding a dedicated thread and/or io_service instance.

Some security specialists believe the recommended curves were chosen by the NSA (or that the people making the decisions were influenced).

In this context, it makes sense to allow the user to choose its curve.

We must change:

• The FSCP protocol specification
• The libfscp implementation
• The libfreelan implementation (configuration classes)
• The freelan implementation (default configuration, and configuration parser)

Reminder to self to do some work to compile freelan for freetz and publish the results.

First steps - How to start your first freetz package

A new version of OpenVPN's tap-adapter was released and until we can't sign our own we have to maintain and update the device driver to match, or it prevents users to install both OpenVPN and FreeLAN at the same time.