Yavipind is a secure tunnel aka 2 peers securely forwarding packets toward each other. It forwards any kind of packet (IPv4, IPv6 or other) sent over the virtual point-to-point device (e.g. tun0). It fully runs in linux userspace.
Features:Network efficiency:
- small packet overhead: 26bytes (e.g. ESP with DES MD5 is 32byte)
- Packet compression: Forwarded packets may be compressed using deflate (gzip). (WORK: add stat about efficiency)
- NAT compatible: yavipin's tunnel may be establish over NAT as all packets of a tunnel are sent over a single UDP/IPv4 connection. Moreover the peer unreachability detection periodically send packets which prevent the NAT engine from timing out the connection state.
- Peer unreachabilty detection: If the other peer becomes unreachable, it will be detected. It is done ala IPv6 neighbours discovery (rfc2461.7).
- Gracefull shutdown: If a peer purposely stops, it will notify the other which is immediatly aware of it.
Usage's simplicity:
- Fully in userspace: No need to recompile the kernel
- reuse existing tools: As yavipin use a virtual device, it is possible to apply to the tunnel any tool designed for network device. For example, it is possible to set up a firewall using ipchains/netfilter or to do traffic shapping using the kernel's traffic control (see tc).
Security's strength:
- packet security: each packet exchanged during the connection is encrypted using blowfish CFB and authenticated with HMAC-MD5 96bits.
- protection against packet replay: It uses strict anti-replay and no packet can be accepted twice. A eavedropper can't take a packet, keep it for a while and make it accept a second time by the destination.
- Efficient session key renewal: It uses hash chains for efficiency. It allows smooth key transition not to cause any packet loss during the renewal. It provides forward secrecy inside the connection.
- Protect DoS ala TCP syn : It uses cookie exchange (rfc2522.3) during the connection establishement.
- Forward secrecy : Even if the attacker cracks the box, he won't be able to decrypt network traffic older than a given delay (default 10min). The diffie-hellman private key and the session key are periodically renewed and securely erased from memory.
Top 4 Download periodically updates information of Yavipind 0.9.6 script from the developer, but some information may be slightly out-of-date.
Our script download links are directly from our mirrors or publisher's website. Yavipind 0.9.6 torrent files or shared files from free file sharing and free upload services, including Rapidshare, MegaUpload, YouSendIt, MailBigFile, DropSend, HellShare, HotFile, FileServe, MediaMax, zUpload, MyOtherDrive, SendSpace, DepositFiles, Letitbit, LeapFile, DivShare or MediaFire, are not allowed!
Free Download
