Vula Author 2
The second parent of this merge contains: - all of the podman integration work so far - added "make rpm" target - setup.py fixes, which, among other things, allow "pypi-install vula" to work now: - include postinst using sdist, instead of via Makefile - allow running setup.py when not in a git checkout - fixed schema tests to work with v0.7.3, which fedora ships - remove unused dbus imports - update install instructions I am re-merging this so that "git log --first-parent" on main will omit the many recent commits pushed to main which relate to the above changes.
|4 hours ago|
|configs||2 days ago|
|misc||1 day ago|
|multipass-tests||1 day ago|
|packer||6 months ago|
|podman||24 hours ago|
|test||2 days ago|
|vula||3 hours ago|
|www-vula||2 months ago|
|.coveragerc||6 months ago|
|.gitignore||6 months ago|
|COMPARISON.md||4 months ago|
|HACKING.md||5 days ago|
|INSTALL.md||1 day ago|
|LICENSE||6 months ago|
|Makefile||2 days ago|
|NOTES.md||5 months ago|
|OPERATION_VULA.md||6 months ago|
|Pipfile||6 months ago|
|README.md||4 months ago|
|STATUS.md||6 months ago|
|TODO.md||5 days ago|
|pyproject.toml||6 months ago|
|pytest.ini||6 months ago|
|requirements.txt||4 hours ago|
|setup.cfg||6 months ago|
|setup.py||2 days ago|
|tox.ini||6 months ago|
vula: automatic local network encryption
With zero configuration, vula automatically encrypts IP communication between hosts on a local area network in a forward-secret and transitionally post-quantum manner to protect against passive eavesdropping.
With manual key verification and/or automatic key pinning and manual resolution of IP or hostname conflicts, vula will additionally protect against interception by active adversaries.
When the local gateway to the internet is also vula peer, internet-destined traffic will also be encrypted on the LAN.
How does it work?
Vula combines WireGuard for forward-secret point-to-point tunnels with mDNS and DNS-SD for local service announcements, and enhances the confidentiality of WireGuard tunnels by using CSIDH, a post-quantum non-interactive key exchange primitive, to generate a peer-wise pre-shared key for each tunnel configuration.
Vula's advantages over some other solutions include:
- design is absent of single points of failure (SPOFs)
- uses existing IP addresses inside and outside of the tunnels, allowing seamless integration into existing LAN environments using DHCP and/or manual addressing
- avoids needing to attempt handshakes with non-participating hosts
- does not require any configuration to disrupt passive surveillance adversaries
- simple verification with QR codes to disrupt active surveillance adversaries
Vula is functional today, although it has some known issues documented in
STATUS.md. It is
ready for daily use by people who are proficient with Linux networking and the
command line, but we do not yet recommend it for people who are not.
installation and usage instructions.
some tips on opening the hood.
We consider this project to currently be alpha pre-release, experimental, research quality code. It is not yet suitable for widespread deployment. It has not yet been audited by an independent third party and it should be treated with caution.
If you or someone you know finds a security issue - please open an
issue or feel free to send an email
security at vula dot link.
Our current bug bounty for security issues is humble. We will treat qualifying reporters to a beverage after the COVID-19 crisis has ended; ojalá. Locations limited to qualifying CCC events such as the yearly Congress.
The authors of vula are anonymous for now, while our paper is undergoing peer review.
has some history about the name Vula.