Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wangyu-/tinyfecvpn

A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
https://github.com/wangyu-/tinyfecvpn

fec proxy reed-solomon vpn

Last synced: 25 days ago
JSON representation

A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.

Awesome Lists containing this project

README

        

# tinyfecVPN

A Lightweight VPN with Build-in Forward Error Correction Support(or A Network Improving Tool which works at VPN mode). Improves your Network Quality on a High-latency Lossy Link.

![image](/images/tinyFecVPN3.PNG)

tinyfecVPN uses Forward Error Correction(Reed-Solomon code) to reduce packet loss rate, at the cost of additional bandwidth usage.

Assume your local network to your server is lossy. Just establish a VPN connection to your server with tinyfecVPN, access your server via this VPN connection, then your connection quality will be significantly improved. With well-tuned parameters , you can easily reduce IP or UDP/ICMP packet-loss-rate to less than 0.01% . Besides reducing packet-loss-rate, tinyfecVPN can also significantly improve your TCP latency and TCP single-thread download speed.

tinyfecVPN uses same lib as [UDPspeeder](https://github.com/wangyu-/UDPspeeder), supports all FEC features of UDPspeeder. tinyfecVPN works at VPN mode,while UDPspeeder works at UDP tunnel mode.

[tinyfecVPN wiki](https://github.com/wangyu-/tinyfecVPN/wiki)

[简体中文](/doc/README.zh-cn.md)

##### Note
UDPspeeder's repo:

https://github.com/wangyu-/UDPspeeder

# Efficacy
Tested on a link with 100ms roundtrip and 10% packet loss at both direction. You can easily reproduce the test result by yourself.

### Ping Packet Loss
![](/images/en/ping_compare2.PNG)

### SCP Copy Speed
![](/images/en/scp_compare2.PNG)

# Supported Platforms
Linux host (including desktop Linux,Android phone/tablet, OpenWRT router, or Raspberry PI).Binaries for `amd64` `x86` `mips_be` `mips_le` `arm` are provided.

For Windows and MacOS, You can run tinyfecVPN inside [this](https://github.com/wangyu-/udp2raw-tunnel/releases/download/20171108.0/lede-17.01.2-x86_virtual_machine_image.zip) 7.5mb virtual machine image.

Need root or at least CAP_NET_ADMIN permission to run, for creating tun device.

# How does it work

tinyfecVPN uses FEC(Forward Error Correction) to reduce packet loss rate, at the cost of additional bandwidth usage. The algorithm for FEC is called Reed-Solomon.

![](/images/FEC.PNG)

### Reed-Solomon

`
In coding theory, the Reed–Solomon code belongs to the class of non-binary cyclic error-correcting codes. The Reed–Solomon code is based on univariate polynomials over finite fields.
`

`
It is able to detect and correct multiple symbol errors. By adding t check symbols to the data, a Reed–Solomon code can detect any combination of up to t erroneous symbols, or correct up to ⌊t/2⌋ symbols. As an erasure code, it can correct up to t known erasures, or it can detect and correct combinations of errors and erasures. Reed–Solomon codes are also suitable as multiple-burst bit-error correcting codes, since a sequence of b + 1 consecutive bit errors can affect at most two symbols of size b. The choice of t is up to the designer of the code, and may be selected within wide limits.
`

![](/images/en/rs.png)

Check wikipedia for more info, https://en.wikipedia.org/wiki/Reed–Solomon_error_correction

# Getting Started

### Installing

Download binary release from https://github.com/wangyu-/tinyfecVPN/releases

### Running

Assume your server ip is `44.55.66.77`, you have a service listening on udp/tcp port `0.0.0.0:7777`.

```
# Run at server side:
./tinyvpn -s -l0.0.0.0:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0

# Run at client side
./tinyvpn -c -r44.55.66.77:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0
```

Now, use `10.22.22.1:7777` to connect to your service,all traffic will be improved by FEC. If you ping `10.22.22.1`, you will get ping reply.

##### Note

`-f20:10` means sending 10 redundant packets for every 20 original packets.

`-k` enables simple XOR encryption

To create tun device, you need root or cap_net_admin permission. Its suggested to run tinyfecVPN as non-root, check [this link](https://github.com/wangyu-/tinyfecVPN/wiki/run-tinyfecVPN-as-non-root) for more info.

Currently one server supports only one client. For multiple clients, start multiple servers.

##### Note2

You can use udp2raw with tinyfecVPN together to get better speed on some ISP with UDP QoS(UDP throttling).

udp2raw's repo:

https://github.com/wangyu-/udp2raw-tunnel

# Advanced Topic

### Usage
```
tinyfecVPN
git version: b03df1b586 build date: Oct 31 2017 19:46:50
repository: https://github.com/wangyu-/tinyfecVPN/

usage:
run as client: ./this_program -c -r server_ip:server_port [options]
run as server: ./this_program -s -l server_listen_ip:server_port [options]

common options, must be same on both sides:
-k,--key key for simple xor encryption. if not set, xor is disabled
main options:
--sub-net specify sub-net, for example: 192.168.1.0 , default: 10.22.22.0
--tun-dev sepcify tun device name, for example: tun10, default: a random name such as tun987
-f,--fec x:y forward error correction, send y redundant packets for every x packets
--timeout how long could a packet be held in queue before doing fec, unit: ms, default: 8ms
--mode fec-mode,available values: 0, 1; 0 cost less bandwidth, 1 cost less latency;default: 0)
--report turn on send/recv report, and set a period for reporting, unit: s
--keep-reconnect re-connect after lost connection,only for client.
advanced options:
--mtu mtu. for mode 0, the program will split packet to segment smaller than mtu_value.
for mode 1, no packet will be split, the program just check if the mtu is exceed.
default value: 1250
-j,--jitter simulated jitter. randomly delay first packet for 0~ ms, default value: 0.
do not use if you dont know what it means.
-i,--interval scatter each fec group to a interval of ms, to protect burst packet loss.
default value: 0. do not use if you dont know what it means.
--random-drop simulate packet loss, unit: 0.01%. default value: 0
--disable-obscure disable obscure, to save a bit bandwidth and cpu
developer options:
--tun-mtu mtu of the tun interface,most time you shouldnt change this
--disable-mssfix disable mssfix for tcp connection
--fifo use a fifo(named pipe) for sending commands to the running program, so that you
can change fec encode parameters dynamically, check readme.md in repository for
supported commands.
-j ,--jitter jmin:jmax similiar to -j above, but create jitter randomly between jmin and jmax
-i,--interval imin:imax similiar to -i above, but scatter randomly between imin and imax
-q,--queue-len max fec queue len, only for mode 0
--decode-buf size of buffer of fec decoder,u nit: packet, default: 2000
--fix-latency try to stabilize latency, only for mode 0
--delay-capacity max number of delayed packets
--disable-fec completely disable fec, turn the program into a normal udp tunnel
--sock-buf buf size for socket, >=10 and <=10240, unit: kbyte, default: 1024
log and help options:
--log-level 0: never 1: fatal 2: error 3: warn
4: info (default) 5: debug 6: trace
--log-position enable file name, function name, line number in log
--disable-color disable log color
-h,--help print this help message

```
### FEC Options

The program supports all options of UDPspeeder,check UDPspeeder repo for details:

https://github.com/wangyu-/UDPspeeder

### Addtional Options

##### `--tun-dev`

Specify a tun device name to use. Example: `--tun-dev tun100`.

If not set,tinyfecVPN will randomly chose a name,such as `tun987`.

##### `--sub-net`

Specify the sub-net of VPN. Example: `--sub-net 10.10.10.0`, in this way,server IP will be `10.10.10.1`,client IP will be `10.10.10.2`.

The last number of option should be zero, for exmaple `10.10.10.123` is invalild, and will be corrected automatically to `10.10.10.0`.

##### `--keep-reconnect`

Only works at client side.

tinyfecVPN server only handles one client at same time,the connection of a new client will kick old client,after being kicked,old client will just exit by default.

If `--keep-reconnect` is enabled , client will try to get connection back after lost connection or being kicked.

# Performance Test(throughput)

Server is a Vulr VPS in japan,CPU: single core 2.4GHz,ram: 512mb. Client is a Bandwagonhost VPS in USA,CPU: single core 2.0GHZ,ram: 96mb. To put pressure on the FEC algorithm, an additional 10% packet-loss rate was introduced at both direction.

### Test command

```
Server side:
./tinyvpn_amd64 -s -l 0.0.0.0:5533 --mode 0 -f20:10
iperf3 -s

Client side:
./tinyvpn_amd64 -c -r 44.55.66.77:5533 --mode 0 -f20:10
iperf3 -c 10.22.22.1 -P10
```

### Test result

![image](/images/performance2.PNG)

Note: the performance is mainly limited by the RS code lib.

# Other

As a VPN software may contradict with local regulations, I had to introduce an intended restriction in the pre-released binaries: you can only use tinyfecVPN to access your own server.

You can easily get rid of this restriction by compiling the source code by yourself (take a look at the makefile). This restriction exits only at server side, only the server side binary needs to be compiled by yourself.

(If you want to compile by yourself, use `git clone --recursive` instead of `git clone`, otherwise the submodule wont be cloned)