Comments (5)
Tunneldigger is using l2tp for the "data plane", but implementing its own control logic. It uses a custom protocol to negotiate an l2tp connection, but once that is set up, the kernel is doing the rest and tunneldigger is no longer involved.
l2tp/Tunneldigger provide no encryption or authentication. You could try using IPsec for this. But at that point it might be easier to just use Wireguard instead of l2tp/Tunneldigger.
from tunneldigger.
OK I thought L2TP would encrypt by default? Why would anyone not want to encrypt tunnels?
from tunneldigger.
L2TP does not support encryption, you need to either use it over an encrypted link or put an encrypted link into it.
Our usecase for Tunneldigger is the Freifunk community-run open Wifi network. The Wifi network itself is unencrypted, and the network is open so anyone can join and start doing MITM on the user traffic. Thus the additional security obtained by encrypting the l2tp link is tiny -- it does not help against any reasonable attacker model I can imagine. If the attacker is inside your layer 2 network, encrypting the transport does nothing for you -- you as the user need to use encrypted links such as https anyway.
from tunneldigger.
you as the user need to use encrypted links such as https anyway.
Yes, in general you should not be trusting your network provider, open or closed one, and should do end-to-end encryption yourself.
There is another more practical reason for not using encryption by default: it consumes a lot of CPU and some off-the-shelf routing equipment we run things on would choke doing encryption at speeds their links might be. So, given that there is little benefit of encrypting links and that encryption should be done end-to-end anyway, this is not done.
But if you want, you can use IPSec on top of these links. Tunneldigger supports hooks so that you can run a script to configure that inside the tunnel.
from tunneldigger.
This is not an actionable issue or something wrong with the software, so I am going to close it.
from tunneldigger.
Related Issues (20)
- [Docs] max_tunnels HOT 3
- Failed to send() control packet HOT 5
- High CPU load due to a single misbehaving client HOT 2
- Change rate limiting to be per-UUID HOT 1
- No releases since 2017? HOT 3
- The client can get stuck in a high-frequency retry loop despite working brokers HOT 10
- TC/Traffic Control: Error: Invalid handle. HOT 1
- Review CI Tooling HOT 19
- Newer Kernels log error "recv short packet" for every broker packet HOT 7
- TC/Traffic Control does not always work HOT 1
- Proposal: Broker usage check on reconnect
- tunneldigger-broker: connection fails with `Error: Invalid handle.` HOT 3
- Silence `tc` output when `ignore_fails` is true
- teardown script crashes tunneldigger-broker HOT 5
- broker throwing OSError on creation of timers HOT 1
- Frequent reconnection of clients HOT 70
- setup.py is deprecated HOT 4
- Broker: Wait for interface to have an IP before listening HOT 2
- Update CI to ubuntu-22.04
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tunneldigger.