EPS (virtual network) for BeagleBone

Stephane_Charette · April 29, 2017, 4:14pm

I have a large number of Beaglebone (black, green, green wireless) deployed at various customer locations, and needed to stay in touch with each of these devices. For example, to continue to update the software, make sure they’re running correctly, etc.

So I compiled EPS Conduits for Beaglebone’s ARM7 chipset. The .deb file works on both Debian and Ubuntu. I’ve been using it for over a year, but recently made some updates to it which is why I wanted to announce it.

EPS is open source. Clients (e.g., the Beaglebones) connect to a server on the internet and form a virtual network. All communication is encrypted. On this virtual network they create, I can then SSH back into each Beaglebone as if it was on my local network, regardless of where in the world the device has been moved, client firewalls in between, etc.

Documentation is here: https://www.ccoderun.ca/eps/api/index.html

Download is here: https://www.ccoderun.ca/download/?C=M;O=D

Stéphane

William_Hermans · April 29, 2017, 8:31pm

Sounds like a cool little project. however I have issues with it. Mainly, I do not know who you are, or what your code is. Is this important to you ? I do not know, is it important for you that I use your software ? anyone else ?

Stephane_Charette · April 30, 2017, 12:10am

Feel free to do as you wish. The whole thing is open source. You can choose to compile yourself, download a .deb or .rpm, modify it or not, or just ignore it.

I was simply posting it here because I’m using it on my Beaglebones and it helps me out with all my devices installed at various client sites, and thought perhaps others might like it as well.

Stéphane

William_Hermans · April 30, 2017, 12:46am

The whole idea sounds interesting to me. I know there are ways this can be
done with existing tools in Linux though. I just do not know exactly how,
at this moment. Because I have not invested to time to learn how to do that
yet.

What I'd really like to see is a "mission statement". Something that tells
me what this software is capable of, and perhaps why it is better than
something else. From where I sit, I do not know if this does the same thing
as a VPN, or if it's different somehow in better, or worse ways. Now
whether or not you're willing to put the effort into such a document, I do
not know, and I would understand if you didn't. We're all busy, including
myself, so I can sympathize in that aspect.

Another thing that bothers me is security. It can be hard implementing
something such as this, and keeping it bullet proof secure. I did notice
while glancing at some of the method documentation, there is a function, or
functions that seem to be used for encryption. What this, or these are used
for I can only assume if's for packet encryption, or the like.

Stephane_Charette · April 30, 2017, 2:01am

What I'd really like to see is a "mission statement".

Best I have is the documentation I already wrote:
https://www.ccoderun.ca/eps/api/index.html#introduction

In that first image, EPS is the IP addresses in "green". Note how they're
all on the same network, even if they're physically spread across different
networks. So from my computer, I can always access all my beaglebone
devices as if they're right here on my desk.

Now whether or not you're willing to put the effort into such a document, I

do not know, and I would understand if you didn't. We're all busy,
including myself, so I can sympathize in that aspect.

Open source software. Anyone can contribute. But as you wrote, everyone
is busy. I already spent a huge amount of my personal time not only
writing the software, the installation tools, making builds available,
hosting the builds, and writing up the documentation that exists. All of
which is open source for people to do whatever they want.

(For the record, my other BeagleBone software is also free and open source:
CCR BeagleBone Tools: BeagleBone Tools )

If someone is willing to put some of their own time and/or money to fix
something or write more documentation, I'd be happy. If you have a feature
request you want to make, go ahead, but I don't promise anything since I'm
doing this on my own free time.

It can be hard implementing something such as this, and keeping it bullet

proof secure. I did notice while glancing at some of the method
documentation, there is a function, or functions that seem to be used for
encryption. What this, or these are used for I can only assume if's for
packet encryption, or the like.

Every data packet in the virtual network is encrypted using AES from
OpenSSL. The encryption key and initialization vector are set in the
configuration file when first setting up the server, and these two unique
values is what allow EPS devices to communicate together. If the wrong key
or initialization vector is used, then packets cannot be decrypted, and the
peers drop the connection.

This isn't my first encrypted communication project -- I'm also the author
of FC++, a commercial product that encrypts network communications between
two end points. And yes, I agree with you and the general community
statement that encryption can be difficult to implement correctly. To
reduce (but not remove) potential problems, I use OpenSSL's standard AES
encryption/decryption routines.

   - If curious about the encryption/decryption, start here in the source
   code:
   EPS Conduits: EPS::Cipher Namespace Reference
   - If still in doubt refer to the standard 2-clause BSD open source
   license file included in EPS Conduits, which in part states:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

Stéphane

William_Hermans · April 30, 2017, 2:22am

As it is, we’re on two separate network in our place here, both with their own internet, so at some point when I get time I can test drive this. No guarantee as to when, or even if. I’m not a big fan of C++, but can deal with it most of the time. Hopefully you’re not using any crazy template or generics scheme, and then I should be alright. If you are, well then that’s my problem

I can see something like this being really useful in the right situation, but those “round-to-its” sure are elusive . . .

William_Hermans · April 30, 2017, 2:36am

However, from the outside not knowing the possibilities, it seems as though there may have to be an additional system outside either of our networks with a static public IP. Which would be very similar to reverse ssh in usage . . .