Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

webassembly platform #139

Open
unicomp21 opened this issue Aug 9, 2020 · 16 comments
Open

webassembly platform #139

unicomp21 opened this issue Aug 9, 2020 · 16 comments

Comments

@unicomp21
Copy link

Wow, amazing stuff. Why can't we create a webassembly based virtual nic which runs in the browser? Route the packets over websocket. Doesn't Rust compile to webassembly?

My intention in submitting this issue is to figure out if I'm crazy or not.

@unicomp21
Copy link
Author

Eventually, it should also be possible to route packets over the QUIC RTCDataChannel getting added to Chrome.

@unicomp21
Copy link
Author

This would also create the need for a webassembly implementation of the HTTP2, HTTP3(QUIC), and websocket protocols. Initially, I think websocket protocol (over wireguard) should be pretty quick/simple. The others could follow later.

@vkrasnov
Copy link
Contributor

That doesn't sound crazy at all. There is also a Rust implementation of QUIC https://github.com/cloudflare/quiche
So yeah, that is definitely doable, with a simple NAT.

@unicomp21
Copy link
Author

Yes! Let's do it! Does this need to be approved as a feature or something? Once we have a webassembly build, I'm thinking another repo could be dedicated to the layers on top of wasm-boringtun-client, such as http-vpn, ws-vpn, etc. In addition there would be the ws-wireguard-vpn proxy (which forwards wireguard packets) for the wasm-boringtun-client to connect with.

@unicomp21
Copy link
Author

If we get this thing working, and it catches on, it will beg a very large question. Browsers might be forced to introduce a vpn_wireguard_url w/ a vpn client embedded in the browser. Exciting times.

@unicomp21
Copy link
Author

Wow, the future is starting to look a LOT simpler from a security perspective.

@unicomp21
Copy link
Author

I wonder if we could get Mozilla to jump on board early.

@vkrasnov
Copy link
Contributor

Ha, your excitement is contagious! Yeah it doesn’t seem super complicated, definitely doable. Obviously if you want to send the packets over ws you need a server that can accept them, but this is almost trivial.

@unicomp21
Copy link
Author

Lol, to quote someone, "You wanna make a dent in the planet?"

@Mohsen7s
Copy link

I guess this will be the first VPN client over wasm since no other VPN protocol implemented to wasm. Is there any hope or its forgotten ?

@Noah-Kennedy
Copy link
Collaborator

This issue was largely forgotten, but if there is interest, this can be pursued. I do not have the bandwidth to pursue this sadly, but contributions are welcome. If someone wants to look into what would be required to make this work, that would be a good first step here.

@unicomp21
Copy link
Author

I think the CheerpX guys have something working internally over RTCDatachannel. Wouldn't this effort be best served by webtransport? Does cloudflare support webtransport yet? I think webtransport just went GA in chrome recently?

@Noah-Kennedy
Copy link
Collaborator

This would be interesting with webtransport. I don't have the bandwidth to do this right now, but I would welcome any PRs.

@XChikuX
Copy link

XChikuX commented Feb 1, 2023

I hear that WebAssembly is going to support 'components' i.e. a secure way for different webassembly applications to securely talk to each other in the browser.
Not sure if that would kill the need for a virtual nic.

@jeffparsons
Copy link

jeffparsons commented Feb 2, 2023

@XChikuX That's not quite what Wasm Components are for, and they don't obviate the need for a virtual NIC. If anything, a virtual VPN-integrated NIC would be implemented as a Wasm Component, and could be inserted at link time between an "application component" and the underlying runtime without the application component needing to have any knowledge of this.

(EDIT: you could think of this use case as LD_PRELOAD on steroids.)

@justin13888
Copy link

Wondering if there are any updates on this?? Would porting boringtun to webassembly be too much of a technical effort given scope of the project?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants