1
0
Fork
You've already forked vula
0
forked from vula/vula
automatic local network encryption
  • Python 54.9%
  • Go 27.5%
  • TeX 6.2%
  • Shell 4.1%
  • Makefile 3.4%
  • Other 3.9%
2025年07月15日 16:08:24 +02:00
.github/workflows adopt the NGIpkgs packaging and rebase 2025年05月12日 23:59:09 +07:00
configs Increase systemd constraints 2025年06月16日 15:29:59 +02:00
contrib Add basic tamarin proof 2025年07月15日 15:28:07 +02:00
debian Update highctidh 2025年05月12日 16:50:15 +02:00
misc Add basic tamarin proof 2025年07月15日 15:28:07 +02:00
nix adopt the NGIpkgs packaging and rebase 2025年05月12日 23:59:09 +07:00
podman Add basic tamarin proof 2025年07月15日 15:28:07 +02:00
test Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
vula tray fix 2025年06月15日 13:16:57 +02:00
www-vula Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
.coveragerc initial public release 0.1.2 2021年04月05日 23:11:34 +02:00
.gitignore adopt the NGIpkgs packaging and rebase 2025年05月12日 23:59:09 +07:00
.gitlab-ci.yml Update Pipfile and .gitlab-ci.yml 2025年04月03日 15:23:35 +02:00
.pre-commit-config.yaml Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
.woodpecker.yml Adds golang implementation of vula 2025年06月15日 12:27:29 +02:00
flake.lock adopt the NGIpkgs packaging and rebase 2025年05月12日 23:59:09 +07:00
flake.nix adopt the NGIpkgs packaging and rebase 2025年05月12日 23:59:09 +07:00
INSTALL.md Future-proofing package names 2025年04月04日 16:12:30 -07:00
LICENSE initial public release 0.1.2 2021年04月05日 23:11:34 +02:00
Makefile Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
Pipfile Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
Pipfile.lock remove python3-hkdf dependency 2025年04月20日 15:01:12 +02:00
pyproject.toml Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
pytest.ini pytest: add --showlocals option 2025年04月05日 20:57:36 +02:00
README-docs.md Adding README-docs.md and revising the Makefile that runs hugo 2025年04月10日 14:51:41 +00:00
README.md New introduction, image source corrections, minor fixes 2025年03月31日 10:14:48 -07:00
requirements.txt move requirements to pipenv file. 2021年11月03日 15:19:34 +01:00
setup.cfg Prepare for release 2023年11月01日 18:12:44 +01:00
setup.py Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
STATUS.md Files rearranged, some merged, links adjusted, edited, spell-checked 2025年03月28日 23:07:32 +00:00
TODO.md Add type checking and fix all mypy --strict errors in vula and test 2025年06月13日 13:31:30 +02:00
tox.ini initial public release 0.1.2 2021年04月05日 23:11:34 +02:00

Vula: automatic local network encryption

Requiring zero configuration, vula automatically encrypts IP communications between hosts on a local area network. The encryption is forward-secret, transitionally post-quantum, and protective against passive eavesdropping.

Vula will additionally protect against interception by active adversaries with the addition of manual key verification and/or automatic key pinning, along with manual resolution of IP or hostname conflicts.

If the local gateway to the internet is a vula peer, internet-destined traffic will also be encrypted on the LAN.

How does it work?

Automatically.

Vula combines WireGuard for forward-secret point-to-point tunnels with mDNS and DNS-SD for local service announcements, and enhances the confidentiality of WireGuard tunnels by using CTIDH implemented by highctidh, a post-quantum non-interactive key exchange primitive, to generate a peer-wise pre-shared key for each tunnel configuration.

Vula's advantages over other solutions include:

  • The Vula design avoids single points of failure (SPOFs).
  • Vula uses existing IP addresses inside and outside of tunnels, allowing seamless integration into existing LAN environments using DHCP and/or manual addressing.
  • Vula avoids handshake attempts with non-participating hosts.
  • Vula does not require additional configuration to disrupt passive surveillance adversaries.
  • Vula provides simple verification with QR codes to disrupt active surveillance adversaries.

See Comparison of LAN tunneling tools for a detailed comparison of Vula to related projects.

Current status

status-badge

Vula is functional today, although with issues documented in STATUS.md. It is ready for daily use by people who are proficient with Linux networking and the command line.

See INSTALL.md for installation and usage instructions.

See hacking.md for tips on opening the hood and dependency information about internal and external python modules.

Security contact

We consider this project to currently be alpha pre-release, experimental, research-quality code. It is not yet suitable for widespread deployment. It has not yet been audited by an independent third party and should be treated with caution.

If you or someone you know finds a security issue, please open an issue or feel free to send an email to the security at vula dot link.

Authors

The authors of vula are anonymous for now, while our paper is undergoing peer review.

Acknowledgements

operation-vula.md has some history about the name Vula.

Vula is not associated with or endorsed by the WireGuard project. WireGuard is a registered trademark of Jason A. Donenfeld.

This project is funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet program. Learn more on the NLnet project page.