MirageVPN
Robust OpenVPN client and server, and QubesOS client
OpenVPN is a virtual private network protocol which is still widely used. We will extend the existing MirageOS OpenVPN implementation in three aspects: develop a unikernel suitable for QubesOS, develop an OpenVPN server, and add recent features (e.g. tls-crypt v2) .
The project builds on top of MirageOS: a library operating system developed in OCaml — a memory-safe functional programming language. In MirageOS, each service is a separate unikernel with a minimal attack surface that only contains the code required to run it. These unikernels are normally executed as a virtualized machine such as KVM, VirtIO, Xen. MIrageOS also supports using a strict security feature of the Linux kernel called seccomp.
The elliptic curve primitives used in this project are correct by construction (and free of timing side channels), and have been developed in Coq as part of the Fiat-Crypto project.
- The project's own website: https://robur.coop/Our%20Work/Projects#miragevpn
Run by Center for the Cultivation of Technology
This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.
