Send in your ideas. Deadline October 1, 2024
Source code :
Theme fund: Internet Hardening Fund
Start: 2017-12
End: 2019-05


A fast IPSEC-based VPN gateway

VPN technology is a key enabler for end user security in insecure environments. Vita aims to achieve high performance (beyond 10G speeds) on commodity server hardware. Vita is intended to be both simple in terms of code, as well as in terms of deployment, and non-invasive to deploy in existing networks. Vita also strives to be affordable, in terms of both energy footprint and cost of maintenance: its goal is to make the best possible use of commodity hardware while remaining easy to deploy safely.

Why does this actually matter to end users?

VPN's tend to be hard to configure, and standards based (IPsec) ones in particular. Vita runs on commodity hardware, implements IPsec for IPv4, specifically "IP Encapsulating Security Payload", or ESP) in tunnel mode. It uses optimized AES-GCM 128-bit encryption based on a reference implementation by Intel for their AVX2 (generation-4) processors.

It is suitable for 1-Gigabit, 10-Gigabit (and beyond?) Ethernet. Vita delivers automated key exchange and rotation, with perfect forward secrecy (PFS) and dynamic reconfiguration (meaning it can update routes while running.

If you are operating a Vita node, you can easily access relevant statistics of your running Vita node .

Logo NLnet: abstract logo of four people seen from above Logo Netherlands Ministry of Economic Affairs and Climate Policy

This project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.