HusarnetisaPeer-to-PeerVPNtoconnectyourlaptops,serversandmicrocontrollersovertheInternetwithzeroconfiguration.
Keyfeatures:
LowLatency-thankstoPeer-to-Peerconnectionbetweendevices.Afterestablishingaconnection,HusarnetInfrastructure(HusarnetBaseServers)isusedonlyasafailoverproxyifP2Pconnectionisnotpossible.ZeroConfiguration-afterinstallingHusarnetClient,youcanaddnewdevicestoyournetworkwithasinglecommandhusarnetjoin<YOUR_JOINCODE>mydevname(onLinux.Seedocsforotherplatforms).LowReconfigurationTime-incaseofanetworktopologychange(eg.transitionbetweentwoWi-Fihotspots),Husarnetneedsusually1-3secondstoreastablishanewPeer-to-Peerconnection.Lightweight-itworksnotonlyonpopularOSes(currentlyonlyLinuxversionisreleased,Windows,MacOS,Androidcomingsoon)butevenonESP32microcontrollers.ThatmeansyoucanP2PaccessyourthingswithoutIoTserveratall!Secure&Private-packetsneverleaveconnecteddevicesunencrypted,PerfectForwardSecrecy(PFC)enabledbydefault.Husarnet,init'score,isonebig,automaticallyrouted,IPv6network.RunningHusarnetdaemoncreatesavirtualnetworkinterface(hnet0)withanuniqueHusarnetIPv6addressandassociatedfc94::/16route.Ifyouchoosetodisablethepermissionsystem,anynodecanreachyournodeusingIPv6fc94:...address,butifyouchoosetoleaveitenabled,we'vepreparedanextensivepermissionssystemforyou.Youcanhavemultiplevirtualislands/networks,yourdevicescanaccessmultiplenetworksoryoucanevenshareaccesstothosenetworkswithotherusers!
Thenodesareidentifiedbytheir112-bitIPv6addresses,thatarebasedonthepublickeysofthenode.AllconnectionsarealsoauthenticatedbytheIPv6address.Thispropertymakesitpossibletoestablishconnectionauthenticitywithoutanytrustedthirdparty,basingonlyontheIPv6address!Theconnectionsarealsoalwaysencrypted.
Cryptography:HusarnetusesX25519fromlibsodiumforkeyexchange,withephemeralCurve25519keysforforwardsecrecy.ThehashofinitialpublickeyisvalidatedtomatchtheIPv6address.Thepacketsareencryptedusinglibsodium'sChaCha20-Poly1305secretboxconstructionwitharandom192-bitnonce.
Runtimesafety:HusarnetiswritteninC++usingmodernmemory-safeconstructs.Linuxversiondropsallcapabilitiesafterinitialization.Itonlyretainsaccessto/etc/hostsand/etc/hostnameviaahelperprocess.
IfHusarnetinstanceisnotconnectedtotheHusarnetDashboard,thewhitelist(thinkofitasacrudefirewall)andhostnametablecanonlybechangedbyalocalrootuser.AlltheotherconfigurationcanbechangedusingtheHusarnetDashboardafteryoujoinyourdevicetoanetworkthere.
ThisisthemaindevelopmentrepositoryforalloftheHusarnetClientapps.
FormoregenericinformationpleasehavealookattheHusarnetDocs.
TypicalissuespreventingPeer-to-Peerconnection(thusenjoingalow-latency)andtheirworkaroundsaredescribedintheTroubleshootingGuide.
Repositoryorganizationutildirectory-allthescriptsandutilitiesusedforbuildingandtesting.CIconfigshouldbereferencingthoseinordertomakelocaltestingeasierunixdirectory-maindirforunixplatformcodetestsdirectory-unit(andother)tests(unittestswillrunonx86_64unixplatform)deploydirectory-variousfilesneededfordeployment-likethestaticfilesinourrepositoriesBuildingandpublishing./util/build-prepare.sh-willinstallallrequiredtoolchains,etc-testedonUbuntu20.10Ifyouwanttobumpthecurrentversion(i.e.asapreparationforrelease)-./util/version-bump.py(keepinmindthatallmerges/commitstothedefaultbranchwilltothatautomatically)Ifyouwanttobuild:allplatforms:./util/build-all.shspecificplatform:platformsusingcmake:./util/build-cmake.sh<architecture><platform>CIwillbedoingthesestepsautomaticallywhenranondefaultbranch:bumpandcommitthenewversion"number"buildforallplatformsandarchitectures(whenavailable)testallplatformsandarchitectures(whenavailable)publishtotheinternalrepositorieswaitformanualconfirmationtopublishinthepublicrepoCIwillbedoingthesestepsthenranonanyotherbranch:buildforallplatformsandarchitectures(whenavailable)testallplatformsandarchitectures(whenavailable)Runningtests./util/test-prepare.sh-willinstallrequiredtools./util/test-all.sh-willrunALLtests./util/test-cppcheck.sh-willruncppcheck./util/test-unit.sh-willbuildandrununittests.Assumeshostmachineisx86andrunssomeformofUnixCIextranotes./util/prepare-all.sh-thiswillpreparebothbuildandtestenvironmentsContributorsThisprojectwaspossiblethanksto:
@zielmicha@m4tx@andrzejwl@pidpawel@konradprLicenseHusarnetisdual-licensed:
GNUPublicLicense-forderivativeprojects-eg.exposingagenericVPNfunctionality.MozillaPublicLicense-forprojectswhereyoulinkHusarnetClientcodewithdifferentprojecttypethanmentionedabove-eg.usingHusarnetClientSDKinESP32IoTproject.SeeLICENSE.txtfordetails.
评论