Contributor Invite: Add support for peer-to-peer communication in OpenVPN

About this Contributor Invite:

  • Task Area: Coding
  • Effort rating: 2/5
  • Skills required: Python, Familiarity with VPN

Description of the Problem:

The problem arises under the circumstances of a specific use case: a group of friends want to have LAN party to play co-operative games over the Internet. They can use a FreedomBox and setup a virtual private network using OpenVPN. One of them sets up OpenVPN on their FreedomBox and creates user accounts for each of the group members. Group members can download the VPN profile, connect and play (while using Mumble for voice chat).

Currently, while multiple users can connect to OpenVPN like described in the use case, it is not possible for the communicate among each other because OpenVPN disables such communication by default.

What we ask of you:

Modify the OpenVPN configuration to allow peer to peer communication. There is no need to expose this as a configuration option as there is currently no known use case for disabling peer connectivity.

To modify the OpenVPN configuration in the requested way, please follow these steps:

  • Edit the default server configuration in actions/openvpn to include the option ‘peer-to-peer’ in the server configuration. This should serve users who are newly setting up openvpn.
  • In openvpn/init.py increment the version number. For existing users this will trigger the setup process again which performs and upgrade of the configuration file.
  • Test that after a fresh installation the configuration file has the ‘peer-to-peer’ option on it. Also connect multiple OpenVPN clients to FreedomBox and test that they can communicate with each other.
  • Perform fresh OpenVPN installation without your change, then apply your changes and restart FreedomBox. Observe that OpenVPN upgrade process is triggered and the new option has been added to the configuration.

Tips for testing:

  • To make the OpenVPN setup process faster, temporary edit the actions/openvpn file and replace 4096 with 2048.
  • To connect to OpenVPN running on a VirtualBox instance edit the VirtualBox network settings and forward the UDP port 1194 on host machine to UDP port 1194 on the virtual machine. Then use host_machine_ip:1194 in the openvpn client settings. Make sure the host machine does not have firewall blocking the traffic.
  • To restore OpenVPN to a pristine uninstalled state, either destroy your development VM with ‘vagrant destory; vagrant up’ or run the following command: ‘sudo apt install -y sqlite3; echo “delete from plinth_module where name=“openvpn”;” | sudo sqlite3 /vagrant/data/var/lib/plinth/plinth.sqlite3; sudo apt -y remove --purge openvpn ; sudo rm -rf /etc/openvpn/’

Link to the issue in GitLab: https://salsa.debian.org/freedombox-team/plinth/issues/1694

How to claim this Contributor Invite :

Do you want to accept this invitation to contribute? If so, follow these steps:

  1. Comment on this forum post indicating that you would like to claim the invite. This will prevent multiple people from working on the same issue at the same time.
  2. Register an account with our GitLab instance and begin making your contributions on the GitLab issue page for this task. You can use the comment section of this forum post to ask questions, but the bulk of the development discussion should happen on GitLab.

Resources:

If you need help with this issue, please feel free to ask for it from members of our core team:

  • Sunil Mohan Adapa (@sunil): Lead Developer & Code Reviewer
  • Joseph Nuthalapati (@njoseph): DevOps Engineer, Developer, & Code Reviewer
  • James Valleroy (@jvalleroy) : Release Manager, Developer, & Code Reviewer