The future of exovpn #150
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Depends on
#147 Investigate exozyme API security issues
exozyme/exozyme
Reference: exozyme/exozyme#150
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently exovpn is broken and requires a major overhaul. It needs to be rewritten to use the new exozyme API for adding and removing VPN connections and we also need to set up Wireguard on the MIT VPS. However, I don't have the time to do the rewrite myself or maintain the MIT VPS, so does anyone want to step in to help? Otherwise, we'll have to discontinue exovpn and remove it from our wiki and website.
I consider exovpn a great feature of the server. However I wasn't using it yet. I would propose to ”freeze“ the project and archive all the files in order to restart it if we have got more time. Or does rewrite mean setting up the VPN from scratch?
The tricky part about exovpn is that we are using WireGuard which is "just" a secure tunnel. To provide a useful service to users, we need some way for users to update the WireGuard server configuration in a secure way. For that, I propose we add a new endpoint to the exozyme API for doing that, which requires writing some code. Does that make sense @codedotjs?
Unfortunately I haven't been working with APIs and self hosted VPNs at all by now so I don't know if it makes sense.
Basically, to set up a WireGuard tunnel, you have to modify the config file on both the server and client. Since we don't want users to be able to freely edit the server's config file (for obvious security reasons), we need to write an API that lets them modify the file in a safe way.
I'm closing this issue now since we don't have anyone to maintain exovpn but also, no one uses it. We'll leave exovpn on our website and wiki for now, and if you're someone from the future that would like to maintain exovpn, please reopen this issue!
https://github.com/tonarino/innernet might be worth looking into.