robur collective - MirageVPN

Robust OpenVPN client and server, and QubesOS client

Network infrastructure, P2P and VPN

Can you introduce yourself and your project?

We are robur, a collective established in early 2018. We are working on getting MirageOS unikernels deployed.

MirageOS unikernels are virtual machines with a specific purpose: each unikernel is an operating system which - unlike Linux, macOS or windows - serves only one purpose. And it is developed in the high-level functional programming language OCaml, which is memory-safe and type-safe.

A MirageOS unikernel allows us to focus the development on the actual functionality without having to consider file system, user management, etc. - which is around in a common general purpose operating system. The advantage is a much smaller attack surface (easily 25x smaller), and by using a memory safe programming language, we also exclude common attack vectors (spatial and temporal memory safety - i.e. buffer overflows, double free, etc.).

Apart from security, the benefit are much smaller virtual machine images, and they use less computing resources (memory, CPU time): they allow more green computing.

Also, since there are fewer layers and less code involved, the administration (both setup and maintenance (upgrading)) is much smoother, our goal is to enable more people and groups to host their own digital infrastructure (VPN, eMail, DNS, ...).

The project we worked on is MirageVPN, which is an OpenVPN[tm] compatible VPN service - both client and server side.

What are the key issues you see with the state of the internet today?

The locked-in apps and multinational corporations that have access to your data. We strive for a more decentralised internet.

How does your project contribute to correcting some of those issues?

By developing a VPN service, we have, apart from already established web services and DNS servers, another leg of what you can run as a MirageOS unikernel :)

What do you like most about (working on) your project?

Getting involved with potential users, measuring performance - and also figuring out the details of the VPN protocol. We also found some issues in the OpenVPN[tm] implementation that lead them to file CVE and fix their code.

Where will you take your project next?

We document how to setup MirageVPN at https://robur-coop.github.io/miragevpn-handbook/ , and will advertise this more to get more users that potentially report issues and have us fix our code.

How did NGI Assure help you reach your goals for your project?

Without NGI Assure, we wouldn't have had time to work on MirageVPN. Take a look at our blog articles for further technical details https://blog.robur.coop/tags/vpn.html.

Do you have advice for people who are considering to apply for NGI funding?

Be clear from the start for whom you're developing what, and reach out to users as quickly as possible (to get feedback and evaluate features as quick as possible).

Do you have any recommendations to improve future NGI programmes or the wider NGI initiative?

We appreciated the NGI pointer style funding, where bigger projects found a home, so we could work for more than a year on a project without having to switch to writing funding proposals.

Anything else you would like to add?

NGI and NLnet is really great to be part of. Without it, we wouldn't be at the point where we are at the moment with robur.coop.

Acknowledgements

Published on September 18, 2024

MirageVPN received funding through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.