Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/wangyu-/tinyfecvpn
A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
https://github.com/wangyu-/tinyfecvpn
fec proxy reed-solomon vpn
Last synced: 25 days ago
JSON representation
A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
- Host: GitHub
- URL: https://github.com/wangyu-/tinyfecvpn
- Owner: wangyu-
- License: mit
- Created: 2017-10-28T05:54:31.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2023-06-05T01:45:53.000Z (over 1 year ago)
- Last Synced: 2024-10-14T21:20:52.131Z (25 days ago)
- Topics: fec, proxy, reed-solomon, vpn
- Language: C++
- Homepage:
- Size: 2.26 MB
- Stars: 2,332
- Watchers: 104
- Forks: 459
- Open Issues: 66
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-network-stuff - **1489**星 - in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link. (<a id="d62a971d37c69db9f3b9187318c3921a"></a>工具 / <a id="8ea8f890cf767c3801b5e7951fca3570"></a>公网访问局域网)
README
# tinyfecVPN
A Lightweight VPN with Build-in Forward Error Correction Support(or A Network Improving Tool which works at VPN mode). Improves your Network Quality on a High-latency Lossy Link.
![image](/images/tinyFecVPN3.PNG)
tinyfecVPN uses Forward Error Correction(Reed-Solomon code) to reduce packet loss rate, at the cost of additional bandwidth usage.
Assume your local network to your server is lossy. Just establish a VPN connection to your server with tinyfecVPN, access your server via this VPN connection, then your connection quality will be significantly improved. With well-tuned parameters , you can easily reduce IP or UDP/ICMP packet-loss-rate to less than 0.01% . Besides reducing packet-loss-rate, tinyfecVPN can also significantly improve your TCP latency and TCP single-thread download speed.
tinyfecVPN uses same lib as [UDPspeeder](https://github.com/wangyu-/UDPspeeder), supports all FEC features of UDPspeeder. tinyfecVPN works at VPN mode,while UDPspeeder works at UDP tunnel mode.
[tinyfecVPN wiki](https://github.com/wangyu-/tinyfecVPN/wiki)
[简体中文](/doc/README.zh-cn.md)
##### Note
UDPspeeder's repo:https://github.com/wangyu-/UDPspeeder
# Efficacy
Tested on a link with 100ms roundtrip and 10% packet loss at both direction. You can easily reproduce the test result by yourself.### Ping Packet Loss
![](/images/en/ping_compare2.PNG)### SCP Copy Speed
![](/images/en/scp_compare2.PNG)# Supported Platforms
Linux host (including desktop Linux,Android phone/tablet, OpenWRT router, or Raspberry PI).Binaries for `amd64` `x86` `mips_be` `mips_le` `arm` are provided.For Windows and MacOS, You can run tinyfecVPN inside [this](https://github.com/wangyu-/udp2raw-tunnel/releases/download/20171108.0/lede-17.01.2-x86_virtual_machine_image.zip) 7.5mb virtual machine image.
Need root or at least CAP_NET_ADMIN permission to run, for creating tun device.
# How does it work
tinyfecVPN uses FEC(Forward Error Correction) to reduce packet loss rate, at the cost of additional bandwidth usage. The algorithm for FEC is called Reed-Solomon.
![](/images/FEC.PNG)
### Reed-Solomon
`
In coding theory, the Reed–Solomon code belongs to the class of non-binary cyclic error-correcting codes. The Reed–Solomon code is based on univariate polynomials over finite fields.
``
It is able to detect and correct multiple symbol errors. By adding t check symbols to the data, a Reed–Solomon code can detect any combination of up to t erroneous symbols, or correct up to ⌊t/2⌋ symbols. As an erasure code, it can correct up to t known erasures, or it can detect and correct combinations of errors and erasures. Reed–Solomon codes are also suitable as multiple-burst bit-error correcting codes, since a sequence of b + 1 consecutive bit errors can affect at most two symbols of size b. The choice of t is up to the designer of the code, and may be selected within wide limits.
`![](/images/en/rs.png)
Check wikipedia for more info, https://en.wikipedia.org/wiki/Reed–Solomon_error_correction
# Getting Started
### Installing
Download binary release from https://github.com/wangyu-/tinyfecVPN/releases
### Running
Assume your server ip is `44.55.66.77`, you have a service listening on udp/tcp port `0.0.0.0:7777`.
```
# Run at server side:
./tinyvpn -s -l0.0.0.0:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0# Run at client side
./tinyvpn -c -r44.55.66.77:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0
```Now, use `10.22.22.1:7777` to connect to your service,all traffic will be improved by FEC. If you ping `10.22.22.1`, you will get ping reply.
##### Note
`-f20:10` means sending 10 redundant packets for every 20 original packets.
`-k` enables simple XOR encryption
To create tun device, you need root or cap_net_admin permission. Its suggested to run tinyfecVPN as non-root, check [this link](https://github.com/wangyu-/tinyfecVPN/wiki/run-tinyfecVPN-as-non-root) for more info.
Currently one server supports only one client. For multiple clients, start multiple servers.
##### Note2
You can use udp2raw with tinyfecVPN together to get better speed on some ISP with UDP QoS(UDP throttling).
udp2raw's repo:
https://github.com/wangyu-/udp2raw-tunnel
# Advanced Topic
### Usage
```
tinyfecVPN
git version: b03df1b586 build date: Oct 31 2017 19:46:50
repository: https://github.com/wangyu-/tinyfecVPN/usage:
run as client: ./this_program -c -r server_ip:server_port [options]
run as server: ./this_program -s -l server_listen_ip:server_port [options]common options, must be same on both sides:
-k,--key key for simple xor encryption. if not set, xor is disabled
main options:
--sub-net specify sub-net, for example: 192.168.1.0 , default: 10.22.22.0
--tun-dev sepcify tun device name, for example: tun10, default: a random name such as tun987
-f,--fec x:y forward error correction, send y redundant packets for every x packets
--timeout how long could a packet be held in queue before doing fec, unit: ms, default: 8ms
--mode fec-mode,available values: 0, 1; 0 cost less bandwidth, 1 cost less latency;default: 0)
--report turn on send/recv report, and set a period for reporting, unit: s
--keep-reconnect re-connect after lost connection,only for client.
advanced options:
--mtu mtu. for mode 0, the program will split packet to segment smaller than mtu_value.
for mode 1, no packet will be split, the program just check if the mtu is exceed.
default value: 1250
-j,--jitter simulated jitter. randomly delay first packet for 0~ ms, default value: 0.
do not use if you dont know what it means.
-i,--interval scatter each fec group to a interval of ms, to protect burst packet loss.
default value: 0. do not use if you dont know what it means.
--random-drop simulate packet loss, unit: 0.01%. default value: 0
--disable-obscure disable obscure, to save a bit bandwidth and cpu
developer options:
--tun-mtu mtu of the tun interface,most time you shouldnt change this
--disable-mssfix disable mssfix for tcp connection
--fifo use a fifo(named pipe) for sending commands to the running program, so that you
can change fec encode parameters dynamically, check readme.md in repository for
supported commands.
-j ,--jitter jmin:jmax similiar to -j above, but create jitter randomly between jmin and jmax
-i,--interval imin:imax similiar to -i above, but scatter randomly between imin and imax
-q,--queue-len max fec queue len, only for mode 0
--decode-buf size of buffer of fec decoder,u nit: packet, default: 2000
--fix-latency try to stabilize latency, only for mode 0
--delay-capacity max number of delayed packets
--disable-fec completely disable fec, turn the program into a normal udp tunnel
--sock-buf buf size for socket, >=10 and <=10240, unit: kbyte, default: 1024
log and help options:
--log-level 0: never 1: fatal 2: error 3: warn
4: info (default) 5: debug 6: trace
--log-position enable file name, function name, line number in log
--disable-color disable log color
-h,--help print this help message```
### FEC OptionsThe program supports all options of UDPspeeder,check UDPspeeder repo for details:
https://github.com/wangyu-/UDPspeeder
### Addtional Options
##### `--tun-dev`
Specify a tun device name to use. Example: `--tun-dev tun100`.
If not set,tinyfecVPN will randomly chose a name,such as `tun987`.
##### `--sub-net`
Specify the sub-net of VPN. Example: `--sub-net 10.10.10.0`, in this way,server IP will be `10.10.10.1`,client IP will be `10.10.10.2`.
The last number of option should be zero, for exmaple `10.10.10.123` is invalild, and will be corrected automatically to `10.10.10.0`.
##### `--keep-reconnect`
Only works at client side.
tinyfecVPN server only handles one client at same time,the connection of a new client will kick old client,after being kicked,old client will just exit by default.
If `--keep-reconnect` is enabled , client will try to get connection back after lost connection or being kicked.
# Performance Test(throughput)
Server is a Vulr VPS in japan,CPU: single core 2.4GHz,ram: 512mb. Client is a Bandwagonhost VPS in USA,CPU: single core 2.0GHZ,ram: 96mb. To put pressure on the FEC algorithm, an additional 10% packet-loss rate was introduced at both direction.
### Test command
```
Server side:
./tinyvpn_amd64 -s -l 0.0.0.0:5533 --mode 0 -f20:10
iperf3 -sClient side:
./tinyvpn_amd64 -c -r 44.55.66.77:5533 --mode 0 -f20:10
iperf3 -c 10.22.22.1 -P10
```### Test result
![image](/images/performance2.PNG)
Note: the performance is mainly limited by the RS code lib.
# Other
As a VPN software may contradict with local regulations, I had to introduce an intended restriction in the pre-released binaries: you can only use tinyfecVPN to access your own server.
You can easily get rid of this restriction by compiling the source code by yourself (take a look at the makefile). This restriction exits only at server side, only the server side binary needs to be compiled by yourself.
(If you want to compile by yourself, use `git clone --recursive` instead of `git clone`, otherwise the submodule wont be cloned)