News AI
August 11th, 2024

Shortwire: The smallest VPN that connects two computers via the Internet

shortwire is a minimal VPN daemon for Linux that enables secure peer-to-peer connections by creating a virtual NIC, requiring installation of `libwebsockets` and a 16-byte encryption key.

Read original articleLink Icon
Shortwire: The smallest VPN that connects two computers via the Internet

shortwire is a minimal VPN daemon designed for Linux that facilitates a peer-to-peer (P2P) connection between two computers. It creates a virtual Network Interface Card (NIC) that allows applications such as SSH, NFS, and HTTP servers to utilize the P2P connection seamlessly while ensuring packet encryption for security. To install shortwire, users must have the `libwebsockets` library and follow specific build steps using Git and Meson. The installation process involves cloning the repository, setting up the build environment, and compiling the project. For usage, users need to generate a 16-byte encryption key and place it on both the server and client machines. The server is initiated with a command that includes the username and server address, while the client is started with similar parameters. Successful execution on both ends results in the creation of NICs with designated IP addresses. Connectivity can be verified by pinging the respective IP addresses from each machine. This setup provides a secure VPN connection between two Linux systems.

- shortwire is a minimal VPN daemon for Linux that enables P2P connections.

- It creates a virtual NIC for applications to use the P2P connection transparently.

- Installation requires `libwebsockets` and involves cloning the repository and building the project.

- Users must generate a 16-byte encryption key for secure communication.

- Successful setup allows for secure communication between two Linux machines.

Related

Link Icon 8 comments
By @axoltl - 6 months
I took a quick look at the crypto design here, and it is deeply flawed. Please don't use this.

The key exchange is simply an XOR of the pre-shared key with the session key instead of a proper key wrapping, there's no chaining mode specified for the AES encryption as far as I can see and perhaps most critically none of the data is authenticated.

A great example of "don't roll your own crypto".

By @suprjami - 6 months
Not sure why this needs to exist. Wireguard is quicker and easier, and apparently has much better security.
By @johnklos - 6 months
tinc [1] is very lightweight and simple to set up. There's also ssh -w for quick and easy tun-over-Internet connections.

[1] https://www.tinc-vpn.org

By @fulafel - 6 months
You can also use IPSec with manual keys which works out of the box tools and is standard, interops with other platforms as well, even with router OSes. On linux side eg like this: https://unix.stackexchange.com/questions/638436/rekey-ipsec-...
By @jwr - 6 months
This is a good time to mention vpncloud, a fantastic Linux-daemon solution for connecting several cloud machines together without relying on cloud provider dependent VPNs. I've been using vpncloud in production for several years now and it has been rock solid and reliable.
By @mojyack - 6 months
I've made some improvements to shortwire, including support for ChaCha20-Poly1305 in addition to AES.

It may not perfect, but I think it's a lot better.

By @aborsy - 6 months
Here is a dead simple VPN, by the developer of libsodium

https://github.com/jedisct1/dsvpn

By @firesteelrain - 6 months
This looks alot like stunnel to me which is a much more mature and better product.