A VPN implementation over websockets. This is the client/server implementation of a layer-2 software switch able to route packets over websockets connections. The ws-vpn is built on top of Linux's tun/tap device.
There are two config files to distinguish between client and server.
To start server execute the following command:
ws-vpn --config server.ini
client:
ws-vpn --config client.ini
You can get updated release from: https://github.com/zreigz/ws-vpn/releases
Building ws-vpn needs Go 1.1 or higher.
ws-vpn is a go-gettable package:
go get github.com/zreigz/ws-vpn
On the server the IP forwarding is needed. First we need to be sure that IP forwarding is enabled. Very often this is disabled by default. This is done by running the following command line as root:
# sysctl -w net.ipv4.ip_forward=1
# iptables -t nat -A POSTROUTING -j MASQUERADE
So, lets look at the iptables rules required for this to work.
# Allow TUN interface connections to VPN server
iptables -A INPUT -i tun0 -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT