VPN/TrustTunnel
1
0
Fork 0
mirror of https://github.com/TrustTunnel/TrustTunnel.git synced 2026-04-24 03:30:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pull request 82: Update project name to TrustTunnel

Browse Source 
Squashed commit of the following:

commit 8fbda7737e693a3ec1abebd0cba30619b6b352ef
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 18:54:10 2025 +0400

    Update store links

commit 01f2fc438571bffa45f06352c40496fb105f3a9c
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 18:53:46 2025 +0400

    Use logo from cdn

commit 59daf7ed7c2cdfa0162845cafb8af18fecb8e66d
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 18:17:41 2025 +0400

    Add docs about creating client config

commit 496c499924f8614221a397e7061b36e752f60a03
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 18:17:31 2025 +0400

    Add make script to generate client config

commit e1db0bc5e2b9a73fd3f6b5db437faf82b678c704
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 17:36:06 2025 +0400

    Add docs about makefile configuration variables

commit 06461b7523a5f6b2cfa76a4635433e30fa40eb1f
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 17:00:21 2025 +0400

    Update prerequisites

commit ba84d71efb5cfeed4d6b2169d3f533b22382a902
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 16:51:10 2025 +0400

    Fix docker

commit f65f8f7107bcb8a449b7fcee4ce329d3b1c171a6
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 15:11:07 2025 +0400

    Introduce logo

commit 987dee12108062a59c158737f9ffb660c9d9163c
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 15:10:48 2025 +0400

    Remove todo about logo in subdir readme

commit 3456080654dc7c79d12573ecc00621281394a94a
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 15:09:53 2025 +0400

    Remove outdated todo

commit ca5319e4da74f7ae5acc5b293491dbc6a70ca758
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Thu Dec 11 12:48:06 2025 +0400

    Add logo

commit f956fc6938dbd24ddd626915081556d1ec9ba2c5
Author: Sergey Fionov <sfionov@adguard.com>
Date:   Wed Dec 10 19:28:33 2025 +0300

    Applied suggestion

commit e91bc88b55dfe11d0aa3ca59ca0d6d4b5ea636a7
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Wed Dec 10 18:00:41 2025 +0400

    Remove mentioning adguard vpn protocol

commit b7e69ded4717737e887900fa2a5a14fe2b9eab44
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Mon Dec 8 23:05:45 2025 +0400

    Fix benchs

commit 3e9b6ebdb3e5f288dafdb6693a2a6c0c54db6409
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Fri Dec 5 19:17:17 2025 +0400

    Fix arg name

commit 4e8095581d77310815cc31279197f804d342b913
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Fri Dec 5 16:30:55 2025 +0400

    Update root readme

commit 86de84533e3354c20e8e273f27621e4b888fff28
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Fri Dec 5 16:30:35 2025 +0400

    Rebrand sub readmes

commit 498f1fd6fc4ef53d9daeff3df2999c6a7e4b7816
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Fri Dec 5 16:30:10 2025 +0400

    Rebrand make and docket

commit 4a0ff086a01ef5722ce809bd9db7b86c3d31ad3e
Author: Andrey Yakushin <a.yakushin@adguard.com>
Date:   Fri Dec 5 16:28:53 2025 +0400

    Rebrand bench
This commit is contained in:
Andrey Yakushin
2025-12-15 17:10:10 +03:00
parent 770c20eb40
commit dee39c3b41
15 changed files with 199 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile
View File

@@ -1,11 +1,11 @@
# syntax=docker/dockerfile:1
FROM python:3.11-slim-bullseye AS build
ARG ENDPOINT_DIR_NAME="VpnLibsEndpoint"
ARG RUST_DEFAULT_VERSION="1.77"
FROM python:3.13-slim-bullseye AS build
ARG ENDPOINT_DIR_NAME="TrustTunnel"
ARG RUST_DEFAULT_VERSION="1.85"
WORKDIR /home
# Install needed packets
RUN apt update && \
apt install -y build-essential cmake curl make git
apt install -y build-essential cmake curl make git libclang-dev
# Install Rust and Cargo
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain $RUST_DEFAULT_VERSION -y
ENV PATH="/root/.cargo/bin:$PATH"
@@ -22,7 +22,7 @@ RUN make endpoint/build-wizard
# Copy binaries
FROM debian AS vpn-endpoint
ARG ENDPOINT_DIR_NAME="VpnLibsEndpoint"
ARG ENDPOINT_DIR_NAME="TrustTunnel"
ARG LOG_LEVEL="info"
COPY --from=build /home/$ENDPOINT_DIR_NAME/target/release/setup_wizard /bin/
COPY --from=build /home/$ENDPOINT_DIR_NAME/target/release/vpn_endpoint /bin/

14
Makefile
View File

@@ -5,12 +5,12 @@ endif
LOG_LEVEL ?= trace
CONFIG_FILE ?= vpn.toml
HOSTS_CONFIG_FILE ?= hosts.toml
DOCKER_IMAGE_NAME ?= adguard-vpn-endpoint
ENDPOINT_URL ?= git@github.com:AdguardTeam/VpnLibsEndpointPrivate.git
DOCKER_IMAGE_NAME ?= trusttunnel-endpoint
ENDPOINT_URL ?= git@github.com:TrustTunnel/TrustTunnel.git
ENDPOINT_VERSION ?= master
ENDPOINT_HOSTNAME ?= vpn.endpoint
DOCKER_DIR = docker
DOCKER_ENDPOINT_DIR = vpn-libs-endpoint
DOCKER_ENDPOINT_DIR = TrustTunnel
DOCKER_ENDPOINT_CONFIG_DIR = config
LISTEN_ADDRESS ?= 0.0.0.0
LISTEN_PORT ?= 443
@@ -41,6 +41,14 @@ endpoint/run: endpoint/build
cargo run $(CARGO_BUILD_TYPE) --bin vpn_endpoint -- \
-l "$(LOG_LEVEL)" "$(CONFIG_FILE)" "$(HOSTS_CONFIG_FILE)"
.PHONY: endpoint/gen_client_config
## Generate the config for specified client to be used with vpn client and exit
endpoint/gen_client_config:
$(if $(CLIENT_NAME),,$(error CLIENT_NAME is not set. Specify the client name to generate the config for))
$(if $(ENDPOINT_ADDRESS),,$(error ENDPOINT_ADDRESS is not set. Set it to `ip:port` that client is going to use to connect to the endpoint))
cargo run $(CARGO_BUILD_TYPE) --bin vpn_endpoint -- \
-c "$(CLIENT_NAME)" --address "$(ENDPOINT_ADDRESS)" "$(CONFIG_FILE)" "$(HOSTS_CONFIG_FILE)"
.PHONY: endpoint/clean
## Clean cargo artifacts
endpoint/clean:

106
README.md
View File

@@ -1,21 +1,30 @@
# AdGuard VPN Endpoint
<p align="center">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://cdn.adguardcdn.com/website/github.com/TrustTunnel/logo_dark.svg" width="300px" alt="TrustTunnel" />
<img src="https://cdn.adguardcdn.com/website/github.com/TrustTunnel/logo_light.svg" width="300px" alt="TrustTunnel" />
</picture>
</p>
[![AdGuardVPN.com](https://img.shields.io/badge/AdGuardVPN.com-Visit-007BFF)](https://adguard-vpn.com/)
Free, fast, open-source, and secure self-hosted VPN server.
<p align="center"><a href="https://github.com/TrustTunnel/TrustTunnelClient">Console client</a>
· <a href="https://github.com/TrustTunnel/TrustTunnelFlutterClient">Flutter-based app</a>
· <a href="https://agrd.io/ios_trusttunnel">App store</a>
· <a href="https://agrd.io/android_trusttunnel">Play store</a>
</p>
---
## Table of Contents
- [Introduction](#introduction)
- [Why AdGuard VPN?](#why-adguard-vpn)
- [Getting Started](#getting-started)
- [Server Features](#server-features)
- [Client Features](#client-features)
- [Getting Started with the endpoint](#getting-started)
- [Prerequisites](#prerequisites)
- [Building](#building)
- [Usage](#usage)
- [Quick Start](#quick-start)
- [Customized Configuration](#customized-configuration)
- [Generate client config](#generate-client-config)
- [Companion Client Repository](#companion-client-repository)
- [Roadmap](#roadmap)
- [License](#license)
@@ -24,54 +33,66 @@ Free, fast, open-source, and secure self-hosted VPN server.
## Introduction
Welcome to the AdGuard VPN Endpoint repository!
This comprehensive and efficient solution allows you to set up and manage your own VPN server.
The repository includes the following components:
Welcome to the TrustTunnel repository!
1. **VPN Endpoint Library**: A highly efficient, versatile, and reliable Rust library that
implements the VPN endpoint.
TrustTunnel is free, fast secure and fully self-hosted VPN solution powered by its own unique VPN protocol.
2. **VPN Endpoint Binary**: A standalone application that makes it easy for any user to set
up their own VPN server.
TrustTunnel project includes VPN endpoint (this repository), [library and CLI for client](https://github.com/TrustTunnel/TrustTunnelClient) and [GUI application](https://github.com/TrustTunnelFlutterClient)
3. **Setup-Wizard Tool**: A user-friendly tool that simplifies the configuration process by guiding
you through the necessary steps.
## Server Features
## Why AdGuard VPN?
- **AdGuard Protocol**: AdGuard VPN utilizes
[the AdGuard protocol](https://adguard-vpn.com/kb/general/adguard-vpn-protocol/),
which is compatible with HTTP/1.1, HTTP/2, and QUIC.
- **VPN Protocol**: The library implements the VPN protocol compatible
with HTTP/1.1, HTTP/2, and QUIC.
By mimicking regular network traffic, it becomes more difficult for government regulators to
detect and block.
- **Flexible Traffic Tunneling**: AdGuard VPN can tunnel TCP, UDP, and ICMP traffic to and
- **Flexible Traffic Tunneling**: TrustTunnel can tunnel TCP, UDP, and ICMP traffic to and
from the client.
- **Platform Compatibility**: It is compatible with Linux and macOS systems.
- **Platform Compatibility**: Server is compatible with Linux and macOS systems. Client exists for Android, Apple, Windows and Linux platforms.
- **Companion Client Repository**: An accompanying client is available in a separate repository,
allowing you to connect to your VPN server seamlessly.
---
## Getting Started
## Client Features
- **Traffic Tunneling**: The library is capable of tunneling TCP, UDP, and ICMP traffic from the
client to the endpoint and back.
- **Cross-Platform Support**: It supports Linux, macOS, and Windows platforms, providing a
consistent experience across different operating systems.
- **System-Wide Tunnel and SOCKS5 Proxy**: It can be set up as a system-wide tunnel, utilizing a
virtual network interface, as well as a SOCKS5 proxy.
- **Split Tunneling**: The library supports split tunneling, allowing users to exclude connections
to certain domains or hosts from routing through the VPN endpoint, or vice versa, only routing
connections to specific domains or hosts through the endpoint based on an exclusion list.
- **Custom DNS Upstream**: Users can specify a custom DNS upstream, which is used for DNS queries
routed through the VPN endpoint.
---
## Getting Started with the endpoint
### Prerequisites
Before proceeding, ensure that you have Rust installed on your system.
Visit the [Rust installation page](https://www.rust-lang.org/tools/install) for
detailed instructions.
The minimum supported version of the Rust compiler is 1.67.
The minimum supported version of the Rust compiler is 1.85.
`libclang` library 9.0 or higher is also required.
This project is compatible with Linux and macOS systems.
### Building
To install AdGuard VPN Endpoint, follow these steps:
To install TrustTunnel Endpoint, follow these steps:
1. Clone the repository:
```shell
git clone https://github.com/AdguardTeam/VpnLibsEndpoint.git
cd VpnLibsEndpoint
git clone https://github.com/TrustTunnel/TrustTunnel.git
cd TrustTunnel
```
2. Build the binaries using Cargo:
@@ -89,10 +110,12 @@ To install AdGuard VPN Endpoint, follow these steps:
To quickly configure and launch the VPN endpoint, run the following commands:
```shell
make endpoint/setup # You can skip it if you have already configured the endpoint earlier
make ENDPOINT_HOSTNAME="example.org" endpoint/setup # You can skip it if you have already configured the endpoint earlier
make endpoint/run
```
Check `Makefile` for available configuration variables.
These commands perform the following actions:
1. Build the wizard and endpoint binaries.
@@ -116,7 +139,7 @@ docker run -it vpn-endpoint:latest --name vpn-endpoint # create docker container
docker start -i vpn-endpoint # if you need to start your vpn endpoint again
```
The generated certificate (by default, it resides in `certs/cert.pem` or `/VpnLibsEndpoint/certs/cert.pem` inside your docker volume) should be delivered to the client-side in some way. See the [Companion Client Repository](#companion-client-repository) for
The generated certificate (by default, it resides in `certs/cert.pem` or `/TrustTunnel/certs/cert.pem` inside your docker volume) should be delivered to the client-side in some way. See the [Companion Client Repository](#companion-client-repository) for
details.
### Customized Configuration
@@ -136,11 +159,28 @@ file.
> including descriptions.
> You can freely customize them if you are confident in your understanding of the configuration.
### Generate client config
The endpoint binary is capable of generating the client configuration for a particular user.
This configuration contains all necessary information that is required to connect to the endpoint.
To generate the configuration run the following command:
```shell
# <client_name> - name of the client those credentials will be included in the configuration
# <public_ip_and_port> - `ip:port` that the user will use to connect to the endpoint
cargo run --bin vpn_endpoint -- <lib-settings> <host-settings> -c <client_name> -a <public_ip_and_port>
# or
make endpoint/gen_client_config CLIENT_NAME="<client_name>" ENDPOINT_ADDRESS="<public_ip_and_port"
```
This will print the configuration with the credentials for client with name <client_name>
## Companion Client Repository
To connect to your newly set-up VPN server, you need a client.
The companion client's code can be found
in [this repository](https://github.com/AdguardTeam/VpnLibs.git).
You have a choice to use a [CLI client](https://github.com/TrustTunnel/TrustTunnelClient.git) or a [GUI client](https://github.com/TrustTunnel/TrustTunnelFlutterClient.git)
## Roadmap

4
bench/.gitignore vendored
View File

@@ -1,3 +1,3 @@
results
vpn-libs
vpn-libs-endpoint
trusttunnel-endpoint
trusttunnel-client

23
bench/Dockerfile
View File

@@ -1,13 +1,28 @@
# syntax=docker/dockerfile:1
FROM python:3.11-slim-bullseye
FROM python:3.13-slim-bullseye
ARG RUST_CHANNEL=1.67
ARG RUST_CHANNEL=1.85
ARG LLVM_MAJOR_VER=17
# Install the required utilities
RUN apt update && \
apt install -y build-essential cmake curl git gnupg lsb-release iperf3 iproute2 \
net-tools software-properties-common wget
apt install -y build-essential curl git gnupg lsb-release iperf3 iproute2 \
net-tools software-properties-common wget tar libssl-dev
RUN curl -OL https://github.com/Kitware/CMake/releases/download/v3.31.10/cmake-3.31.10.tar.gz && \
tar -zxf cmake-3.31.10.tar.gz && cd cmake-3.31.10 && \
./bootstrap -- -DCMAKE_BUILD_TYPE:STRING=Release && \
make -j3 && make install && cd .. \
rm cmake-3.31.10.tar.gz && rm -rf cmake-3.31.10
## Install LLVM
RUN curl -O https://apt.llvm.org/llvm.sh && \
chmod +x llvm.sh && \
./llvm.sh $LLVM_MAJOR_VER && \
rm ./llvm.sh && \
apt install -y libc++-${LLVM_MAJOR_VER}-dev && \
apt install -y libclang-17-dev && \
ln -s libc++abi.so.1 /usr/lib/llvm-$LLVM_MAJOR_VER/lib/libc++abi.so
# Install Rust and Cargo
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_CHANNEL}
ENV PATH="/root/.cargo/bin:${PATH}"

16
bench/README.md
View File

@@ -3,7 +3,7 @@
The benchmark consists of 3 isolated parts:
* `remote-side` - acts as HTTP and iperf servers for the benchmark
* `middle-box` - acts as a VPN endpoint host, either WireGuard or AdGuard
* `middle-box` - acts as a VPN endpoint host, either WireGuard or TrustTunnel
* `local-side` - acts as a benchmark running host, can establish tunnels to the server
residing on the remote side through the VPN endpoint
@@ -14,7 +14,7 @@ The benchmark consists of 3 isolated parts:
1) Build docker images
```shell
cd ./bench
./single_host.sh build --client=<vpn-libs.git> --endpoint=<vpn-libs-endpoint.git>
./single_host.sh build --client=<TrustTunnelClient.git> --endpoint=<TrustTunnel.git>
```
This command prepares all the parts to run on the current host. To see the full set of
@@ -45,7 +45,7 @@ Assume IP addresses of `host_1`, `host_2` and `host_3` are 1.1.1.1, 2.2.2.2 and
2) Running `host_2` as a middle box
```shell
scp Dockerfile user@2.2.2.2:~
git clone <vpn-libs-endpoint.git> ./middle-box/adguard-rust/vpn-libs-endpoint
git clone <TrustTunnel.git> ./middle-box/trusttunnel-rust/trusttunnel-endpoint
scp -r middle-box user@2.2.2.2:~
ssh user@2.2.2.2
docker build -t bench-common .
@@ -59,11 +59,11 @@ Assume IP addresses of `host_1`, `host_2` and `host_3` are 1.1.1.1, 2.2.2.2 and
-p 51820:51820/udp \
bench-mb-wg
```
* AdGuard
* TrustTunnel
```shell
docker build \
--build-arg ENDPOINT_HOSTNAME=endpoint.bench \
-t bench-mb-ag ./middle-box/adguard-rust/
-t bench-mb-ag ./middle-box/trusttunnel-rust/
docker run -d \
--cap-add=NET_ADMIN --cap-add=SYS_MODULE --device=/dev/net/tun \
-p 4433:4433 -p 4433:4433/udp \
@@ -72,7 +72,7 @@ Assume IP addresses of `host_1`, `host_2` and `host_3` are 1.1.1.1, 2.2.2.2 and
3) Run the benchmark from `host_3`
```shell
scp Dockerfile user@3.3.3.3:~
git clone <vpn-libs.git> ./local-side/adguard/vpn-libs
git clone <TrustTunnel.git> ./local-side/trusttunnel/trusttunnel-endpoint
scp -r local-side user@3.3.3.3:~
ssh user@3.3.3.3
docker build -t bench-common .
@@ -88,8 +88,8 @@ Assume IP addresses of `host_1`, `host_2` and `host_3` are 1.1.1.1, 2.2.2.2 and
docker build -t bench-ls-wg ./local-side/wireguard
./local-side/bench.sh wg bridge 1.1.1.1 results/wg 2.2.2.2
```
* AdGuard
* TrustTunnel
```shell
docker build -t bench-ls-ag ./local-side/adguard
docker build -t bench-ls-ag ./local-side/trusttunnel
./local-side/bench.sh ag bridge 1.1.1.1 results/ag 2.2.2.2 endpoint.bench
```

31
bench/local-side/adguard/ssl_verify.patch
View File

@@ -1,31 +0,0 @@
diff --git a/core/src/vpn_manager.cpp b/core/src/vpn_manager.cpp
index ed53a3d..c72bfbd 100644
--- a/core/src/vpn_manager.cpp
+++ b/core/src/vpn_manager.cpp
@@ -635,16 +635,16 @@ void vpn_process_client_packets(Vpn *vpn, VpnPackets packets) {
static int ssl_verify_callback(const char *host_name, const sockaddr *host_ip, X509_STORE_CTX *ctx, void *arg) {
const Vpn *vpn = (Vpn *) arg;
- X509 *cert = X509_STORE_CTX_get0_cert(ctx);
- if ((host_name != nullptr || (host_ip != nullptr && host_ip->sa_family != AF_UNSPEC))
- && (host_name == nullptr || !tls_verify_cert_host_name(cert, host_name))
- && (host_ip == nullptr || host_ip->sa_family == AF_UNSPEC
- || !tls_verify_cert_ip(cert, sockaddr_to_str(host_ip).c_str()))) {
- log_vpn(vpn, err, "Server host name or IP doesn't match certificate");
- SSL *ssl = (SSL *) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
- SSL_send_fatal_alert(ssl, SSL_AD_CERTIFICATE_UNKNOWN);
- return 0;
- }
+ // X509 *cert = X509_STORE_CTX_get0_cert(ctx);
+ // if ((host_name != nullptr || (host_ip != nullptr && host_ip->sa_family != AF_UNSPEC))
+ // && (host_name == nullptr || !tls_verify_cert_host_name(cert, host_name))
+ // && (host_ip == nullptr || host_ip->sa_family == AF_UNSPEC
+ // || !tls_verify_cert_ip(cert, sockaddr_to_str(host_ip).c_str()))) {
+ // log_vpn(vpn, err, "Server host name or IP doesn't match certificate");
+ // SSL *ssl = (SSL *) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+ // SSL_send_fatal_alert(ssl, SSL_AD_CERTIFICATE_UNKNOWN);
+ // return 0;
+ // }
int result = 0;
VpnVerifyCertificateEvent event = {ctx, 0};

2
bench/local-side/bench.sh
View File

@@ -183,7 +183,7 @@ run_through_ag() {
local set_up_test_suite_cmd="docker run -it -d --add-host=$endpoint_hostname:$endpoint_ip --network=$network $LOCAL_IMAGE"
local tear_down_test_suite_cmd=""
echo "Running bench through AdGuard http1 proxy..."
echo "Running bench through TrustTunnel http1 proxy..."
run_through_proxy "$set_up_test_suite_cmd" "$tear_down_test_suite_cmd" "$output_dir/http1/" \
"$remote_ip" "$endpoint_hostname"
echo "...done"

43
bench/local-side/adguard/Dockerfile → bench/local-side/trusttunnel/Dockerfile
View File

@@ -1,48 +1,27 @@
# syntax=docker/dockerfile:1
FROM bench-ls
ARG CONAN_VER=1.54
ARG GOLANG_VER=1.18.3
ARG LLVM_MAJOR_VER=14
ARG CONAN_VER=2.23.0
ARG GOLANG_VER=1.25.4
ARG LLVM_MAJOR_VER=17
ARG VPN_LIBS_DIR=vpn-libs
ARG CLIENT_DIR=TrustTunnelClient
ARG NLC_URL="https://github.com/AdguardTeam/NativeLibsCommon.git"
ARG DNS_LIBS_URL="https://github.com/AdguardTeam/DnsLibs.git"
RUN arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) && \
apt install -y iptables ninja-build && \
pip install conan~=$CONAN_VER && \
## Install LLVM
curl -O https://apt.llvm.org/llvm.sh && \
chmod +x llvm.sh && \
./llvm.sh $LLVM_MAJOR_VER && \
rm ./llvm.sh && \
apt install -y libc++-${LLVM_MAJOR_VER}-dev && \
ln -s libc++abi.so.1 /usr/lib/llvm-$LLVM_MAJOR_VER/lib/libc++abi.so && \
## Install Go
curl https://dl.google.com/go/go${GOLANG_VER}.linux-${arch}.tar.gz -o /tmp/go.tar.gz && \
rm -rf /usr/local/go && tar -C /usr/local -xzf /tmp/go.tar.gz && rm /tmp/go.tar.gz
ENV PATH="/usr/lib/llvm-$LLVM_MAJOR_VER/bin:/usr/local/go/bin:$PATH"
COPY $VPN_LIBS_DIR/scripts/bootstrap_conan_deps.py \
$VPN_LIBS_DIR/conanfile.py \
$VPN_LIBS_DIR/conandata.yml \
$VPN_LIBS_DIR/conan/profiles/linux-clang \
/tmp/bench-bootstrap/
WORKDIR /tmp/bench-bootstrap/
COPY $CLIENT_DIR /bench/$CLIENT_DIR
WORKDIR /bench/$CLIENT_DIR/build
RUN pipreqs . && \
pip install -r requirements.txt && \
./bootstrap_conan_deps.py conandata.yml $NLC_URL $DNS_LIBS_URL && \
conan install . \
-pr=linux-clang \
-s compiler.version=${LLVM_MAJOR_VER} \
-s compiler.libcxx=libc++ \
-g=cmake \
--build=missing && \
rm -rf /tmp/bench-bootstrap
COPY $VPN_LIBS_DIR /bench/$VPN_LIBS_DIR
WORKDIR /bench/$VPN_LIBS_DIR/build
pip install -r ../scripts/requirements.txt && \
../scripts/bootstrap_conan_deps.py
RUN cmake .. -DCMAKE_BUILD_TYPE=Release -G "Ninja" \
-DCMAKE_C_COMPILER="clang" \
-DCMAKE_CXX_COMPILER="clang++" \
@@ -51,11 +30,11 @@ RUN cmake .. -DCMAKE_BUILD_TYPE=Release -G "Ninja" \
# fixme: for some reason certificate CN check fails with non-rust endpoint
COPY ssl_verify.patch /bench/
WORKDIR /bench/$VPN_LIBS_DIR
WORKDIR /bench/$CLIENT_DIR
RUN patch -p1 < /bench/ssl_verify.patch && \
cd build && \
ninja standalone_client && \
mv ./standalone_client/standalone_client /bench/
ninja trusttunnel_client && \
mv ./trusttunnel/trusttunnel_client /bench/
COPY entrypoint.sh /bench/

10
bench/local-side/adguard/entrypoint.sh → bench/local-side/trusttunnel/entrypoint.sh
View File

@@ -13,7 +13,7 @@ fi
COMMON_CONFIG=$(
cat <<-END
loglevel = "info"
loglevel = "debug"
vpn_mode = "general"
killswitch_enabled = true
exclusions = [
@@ -36,7 +36,7 @@ iptables -I OUTPUT -o eth0 -d "$ENDPOINT_IP" -j ACCEPT || echo "Failed to allow
iptables -A OUTPUT -o eth0 -j DROP || echo "Failed to set iptables firewall"
if [[ "$MODE" == "tun" ]]; then
cat >>standalone_client.toml <<EOF
cat >>trusttunnel_client.toml <<EOF
$COMMON_CONFIG
[listener.tun]
@@ -48,16 +48,16 @@ included_routes = [
excluded_routes = []
mtu_size = 1500
EOF
./standalone_client >>/tmp/vpn.log 2>&1
./trusttunnel_client >>/tmp/vpn.log 2>&1
else
for port in $(seq "$SOCKS_PORT_FIRST" "$SOCKS_PORT_LAST"); do
cat >>"standalone_client-$port.conf" <<EOF
cat >>"trusttunnel_client-$port.conf" <<EOF
$COMMON_CONFIG
[listener.socks]
address = "127.0.0.1:$port"
EOF
./standalone_client --config "./standalone_client-$port.conf" >>"/tmp/vpn-$port.log" 2>&1 &
./trusttunnel_client --config "./trusttunnel_client-$port.conf" >>"/tmp/vpn-$port.log" 2>&1 &
done
wait

37
bench/local-side/trusttunnel/ssl_verify.patch Normal file
View File

@@ -0,0 +1,37 @@
diff --git a/core/src/vpn_manager.cpp b/core/src/vpn_manager.cpp
index d596dee..e2b8410 100644
--- a/core/src/vpn_manager.cpp
+++ b/core/src/vpn_manager.cpp
@@ -711,18 +711,20 @@ static int ssl_verify_callback(
#endif
}
- if ((host_name != nullptr || (host_ip != nullptr && host_ip->sa_family != AF_UNSPEC))
- && (host_name == nullptr || !tls_verify_cert_host_name(ctx.cert, host_name))
- && (host_ip == nullptr || host_ip->sa_family == AF_UNSPEC
- || !tls_verify_cert_ip(ctx.cert, SocketAddress(host_ip).str().c_str()))) {
- log_vpn(vpn, err, "Server host name or IP doesn't match certificate");
-#ifdef OPENSSL_IS_BORINGSSL
- if (ctx.ssl) {
- SSL_send_fatal_alert(ctx.ssl, SSL_AD_CERTIFICATE_UNKNOWN);
- }
-#endif
- return 0;
- }
+ (void)host_name;
+ (void)host_ip;
+// if ((host_name != nullptr || (host_ip != nullptr && host_ip->sa_family != AF_UNSPEC))
+// && (host_name == nullptr || !tls_verify_cert_host_name(ctx.cert, host_name))
+// && (host_ip == nullptr || host_ip->sa_family == AF_UNSPEC
+// || !tls_verify_cert_ip(ctx.cert, SocketAddress(host_ip).str().c_str()))) {
+// log_vpn(vpn, err, "Server host name or IP doesn't match certificate");
+// #ifdef OPENSSL_IS_BORINGSSL
+// if (ctx.ssl) {
+// SSL_send_fatal_alert(ctx.ssl, SSL_AD_CERTIFICATE_UNKNOWN);
+// }
+// #endif
+// return 0;
+// }
return result;
}

3
bench/middle-box/adguard-rust/Dockerfile → bench/middle-box/trusttunnel-rust/Dockerfile
View File

@@ -1,14 +1,13 @@
# syntax=docker/dockerfile:1
FROM bench-common
ARG ENDPOINT_DIR="vpn-libs-endpoint"
ARG ENDPOINT_DIR="TrustTunnel"
ARG ENDPOINT_HOSTNAME="endpoint.bench"
ARG CONFIG_FILE="vpn.conf"
ARG TLS_HOSTS_SETTINGS_FILE="tls_hosts.conf"
ARG LOG_LEVEL="info"
COPY $ENDPOINT_DIR/lib/Cargo.toml /tmp/Cargo.toml
RUN cargo fetch --manifest-path /tmp/Cargo.toml && rm /tmp/Cargo.toml
COPY $ENDPOINT_DIR /bench/$ENDPOINT_DIR

44
bench/single_host.sh
View File

@@ -8,8 +8,8 @@ Usage: single_host.sh COMMAND
Commands
Build and prepare images for running
build [--client=<vpn_libs_repo_url>]
[--endpoint=<vpn_endpoint_repo_url>]
build [--client=<trusttunnel_client_repo_url>]
[--endpoint=<trusttunnel_endpoint_repo_url>]
Clean build artifacts
clean [all]
@@ -29,8 +29,8 @@ MIDDLE_WG_IMAGE="bench-mb-wg"
LOCAL_IMAGE="bench-ls"
LOCAL_AG_IMAGE="bench-ls-ag"
LOCAL_WG_IMAGE="bench-ls-wg"
ENDPOINT_DIR="vpn-libs-endpoint"
VPN_LIBS_DIR="vpn-libs"
ENDPOINT_DIR="trusttunnel-endpoint"
CLIENT_DIR="trusttunnel-client"
NETWORK_NAME="bench-network"
ENDPOINT_HOSTNAME="endpoint.bench"
RESULTS_DIR="results"
@@ -45,14 +45,14 @@ build_remote() {
build_middle_ag_rust() {
local endpoint_url="$1"
if [ ! -d "$SELF_DIR_PATH/middle-box/adguard-rust/$ENDPOINT_DIR" ]; then
git clone "$endpoint_url" "$SELF_DIR_PATH/middle-box/adguard-rust/$ENDPOINT_DIR"
if [ ! -d "$SELF_DIR_PATH/middle-box/trusttunnel-rust/$ENDPOINT_DIR" ]; then
git clone "$endpoint_url" "$SELF_DIR_PATH/middle-box/trusttunnel-rust/$ENDPOINT_DIR"
fi
docker build \
--build-arg ENDPOINT_DIR="$ENDPOINT_DIR" \
--build-arg ENDPOINT_HOSTNAME="$ENDPOINT_HOSTNAME" \
-t "$MIDDLE_AG_RUST_IMAGE" "$SELF_DIR_PATH/middle-box/adguard-rust"
-t "$MIDDLE_AG_RUST_IMAGE" "$SELF_DIR_PATH/middle-box/trusttunnel-rust"
}
build_middle_wg() {
@@ -61,18 +61,18 @@ build_middle_wg() {
}
build_local() {
local vpn_libs_url="$1"
local trusttunnel_client_url="$1"
docker build -t "$LOCAL_IMAGE" "$SELF_DIR_PATH/local-side"
if [ -n "$vpn_libs_url" ]; then
if [ ! -d "$SELF_DIR_PATH/local-side/adguard/$VPN_LIBS_DIR" ]; then
git clone "$vpn_libs_url" "$SELF_DIR_PATH/local-side/adguard/$VPN_LIBS_DIR"
if [ -n "$trusttunnel_client_url" ]; then
if [ ! -d "$SELF_DIR_PATH/local-side/trusttunnel/$CLIENT_DIR" ]; then
git clone "$trusttunnel_client_url" "$SELF_DIR_PATH/local-side/trusttunnel/$CLIENT_DIR"
fi
docker build \
--build-arg VPN_LIBS_DIR="$VPN_LIBS_DIR" \
-t "$LOCAL_AG_IMAGE" "$SELF_DIR_PATH/local-side/adguard"
--build-arg CLIENT_DIR="$CLIENT_DIR" \
-t "$LOCAL_AG_IMAGE" "$SELF_DIR_PATH/local-side/trusttunnel"
fi
docker build \
@@ -80,14 +80,14 @@ build_local() {
}
build() {
local vpn_libs_url
local vpn_endpoint_url
local trusttunnel_client_url
local trusttunnel_endpoint_url
for arg in "$@"; do
if [[ "$arg" == --client=* ]]; then
vpn_libs_url=${arg#--client=}
trusttunnel_client_url=${arg#--client=}
elif [[ "$arg" == --endpoint=* ]]; then
vpn_endpoint_url=${arg#--endpoint=}
trusttunnel_endpoint_url=${arg#--endpoint=}
else
echo "$HELP_MSG"
exit 1
@@ -96,9 +96,9 @@ build() {
docker build -t "$COMMON_IMAGE" "$SELF_DIR_PATH"
build_local "$vpn_libs_url"
if [ -n "$vpn_endpoint_url" ]; then
build_middle_ag_rust "$vpn_endpoint_url"
build_local "$trusttunnel_client_url"
if [ -n "$trusttunnel_endpoint_url" ]; then
build_middle_ag_rust "$trusttunnel_endpoint_url"
fi
build_middle_wg
build_remote
@@ -112,7 +112,7 @@ clean_local() {
docker rm -f $(docker ps -aq -f ancestor="$LOCAL_IMAGE")
if [[ "$everything" == "all" ]]; then
rm -rf "${SELF_DIR_PATH:?}/local-side/adguard/$VPN_LIBS_DIR"
rm -rf "${SELF_DIR_PATH:?}/local-side/trusttunnel/$CLIENT_DIR"
docker rmi -f "$LOCAL_AG_IMAGE"
docker rmi -f "$LOCAL_WG_IMAGE"
docker rmi -f "$LOCAL_IMAGE"
@@ -125,7 +125,7 @@ clean_middle_ag_rust() {
docker rm -f $(docker ps -aq -f ancestor="$MIDDLE_AG_RUST_IMAGE")
if [[ "$everything" == "all" ]]; then
rm -rf "${SELF_DIR_PATH:?}/middle-box/adguard-rust/$ENDPOINT_DIR"
rm -rf "${SELF_DIR_PATH:?}/middle-box/trusttunnel-rust/$ENDPOINT_DIR"
docker rmi -f "$MIDDLE_AG_RUST_IMAGE"
fi
}

4
endpoint/README.md
View File

@@ -1,6 +1,4 @@
# AdGuard VPN Endpoint Binary
[![AdGuardVPN.com](https://img.shields.io/badge/AdGuardVPN.com-Visit-007BFF)](https://adguard-vpn.com/)
# TrustTunnel Endpoint Binary
A standalone application that allows any user to easily set up their own VPN server.

5
lib/README.md
View File

@@ -1,10 +1,11 @@
# AdGuard VPN endpoint
# TrustTunnel endpoint
## Building the library
### Prerequisites
* Rust 1.67 or higher: use a preferred way from https://www.rust-lang.org/tools/install
* Rust 1.85 or higher: use a preferred way from https://www.rust-lang.org/tools/install
* libclang 9.0 or higher
### Building