Proxy / Virtual

Proxy

• https://en.wikipedia.org/wiki/Proxy_server - a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process. Instead of connecting directly to a server that can fulfill a request for a resource, such as a file or web page, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as load balancing, privacy, or security. Proxies were devised to add structure and encapsulation to distributed systems. A proxy server thus functions on behalf of the client when requesting service, potentially masking the true origin of the request to the resource server.

alpnpass

• https://github.com/VerSprite/alpnpass - This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.

Hysteria

• https://github.com/apernet/hysteria - Expansive range of modes including SOCKS5, HTTP proxy, TCP/UDP forwarding, Linux TProxy - not to mention additional features continually being added. Powered by a custom QUIC protocol, Hysteria delivers unparalleled performance over even the most unreliable and lossy networks. Our protocol is designed to masquerade as standard HTTP/3 traffic, making it very difficult to detect and block without widespread collateral damage. We have builds for all major platforms and architectures. Deploy anywhere & use everywhere. With built-in support for custom authentication, traffic statistics & access control, Hysteria is easy to integrate into your infrastructure.

• cscot - OpenVPN through Hysteria2

Privoxy

• Privoxy - a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.

Glype

• Glype is a web-based proxy script written in PHP which focuses on features, functionality, and ease of use. Webmasters use Glype to quickly and easily set up their own proxy sites. Glype helps users to defeat Internet censorship and be anonymous while web browsing.

ngrok

• ngrok - Introspected tunnels to localhost- securely expose a local web server to the internet and capture all traffic for detailed inspection and replay
  • http://inconshreveable.com/09-25-2013/ngrok-tunnels-better-faster-stronger/

uProxy

• uProxy - was an open source project led by the University of Washington and seeded by Jigsaw. Although the project is no longer supported, the code is still available on GitHub.
  • http://www.google.com/ideas/projects/uproxy/
  • https://github.com/UWNetworksLab/uProxy-p2p

Lantern

• Lantern - a software application for desktop and mobile that delivers fast, reliable and secure access to blocked websites and apps.
  • https://github.com/getlantern/lantern

dispatch-proxy

• https://github.com/Morhaus/dispatch-proxy - Combine internet connections, increase your download speed [1]

peroxide

• https://github.com/creativemarket/peroxide - A simple, configurable proxy server that will hit a chain of sources before failing.

• https://github.com/elazarl/goproxy - An HTTP proxy library for Go

Dokodemo-door

• https://www.v2ray.com/en/configuration/protocols/dokodemo.html - a protocol for inbound connections. It take any connections and passes them to the specified destination. Dokodemo-door can also (if configured, work as a transparent proxy.

MITM

mitmproxy

• mitmproxy - a free and open source interactive HTTPS proxy. [2]
  • https://github.com/mitmproxy/mitmproxy

Hyperfox

• hyperfox - HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation. [3]
  • https://github.com/malfunkt/hyperfox

fteproxy

• fteproxy - provides transport-layer protection to resist keyword filtering, censorship and discriminatory routing policies. Its job is to relay datastreams, such as web browsing traffic, by encoding streams as messages that match a user-specified regular expression. fteproxy is fast, free, open source, and cross platform.
  • https://github.com/kpdyer/fteproxy

Extensions

• http://getfoxyproxy.org

• https://github.com/willscott/ChromeProxy

• https://chrome.google.com/webstore/detail/proxxy/clkkaggocmafajhbcbknhcgnbmagjohi/details

• https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm

• https://autoproxy.org/
  • https://shebang.ws/autoproxy-i2p-eepsites-tor-onions-firefox.html

px

• https://github.com/genotrance/px - An HTTP proxy server to automatically authenticate through an NTLM proxy

Virtual

• https://en.wikipedia.org/wiki/Virtual_call_capability

• https://en.wikipedia.org/wiki/Virtual_network - a computer network that consists, at least in part, of virtual network links. A virtual network link is a link that does not consist of a physical (wired or wireless) connection between two computing devices but is implemented using methods of network virtualization. The two most common forms of network virtualization are protocol-based virtual networks (such as VLANs, VPNs, and VPLSs) and virtual networks that are based on virtual devices (such as the networks connecting virtual machines inside a hypervisor). In practice, both forms can be used in conjunction.

• https://en.wikipedia.org/wiki/Virtual_circuit

• https://en.wikipedia.org/wiki/Pseudo-wire

• https://en.wikipedia.org/wiki/Tunneling_protocol

• https://github.com/anderspitman/awesome-tunneling - List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.

• http://www.ccexpert.us/mpls-network/peertopeer-vpn-model-versus-overlay-vpn-model.html

• http://blog.scottlowe.org/2013/04/16/network-overlays-vs-network-virtualization/

X.25

• https://en.wikipedia.org/wiki/X.25 - an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. An X.25 WAN consists of packet-switching exchange (PSE) nodes as the networking hardware, and leased lines, plain old telephone service connections, or ISDN connections as physical links.

X.25 is a family of protocols that was popular during the 1980s with telecommunications companies and in financial transaction systems such as automated teller machines. X.25 was originally defined by the International Telegraph and Telephone Consultative Committee (CCITT, now ITU-T) in a series of drafts and finalized in a publication known as The Orange Book in 1976. While X.25 has, to a large extent, been replaced by less complex protocols, especially the Internet protocol (IP), the service is still used (e.g. as of 2012 in the credit card payment industry) and available in niche and legacy applications.

Beginning in the early 1990s, in North America, use of X.25 networks (predominated by Telenet and Tymnet)[11] started to be replaced by Frame Relay, service offered by national telephone companies. Most systems that required X.25 now use TCP/IP, however it is possible to transport X.25 over TCP/IP when necessary.

X.25 networks are still in use throughout the world. A variant called AX.25 is also used widely by amateur packet radio. Racal Paknet, now known as Widanet, is still in operation in many regions of the world, running on an X.25 protocol base. In some countries, like the Netherlands or Germany, it is possible to use a stripped version of X.25 via the D-channel of an ISDN-2 (or ISDN BRI) connection for low volume applications such as point-of-sale terminals; but, the future of this service in the Netherlands is uncertain.

Frame Relay

• https://en.wikipedia.org/wiki/Frame_Relay

• https://en.wikipedia.org/wiki/VoFR

ATM

• https://en.wikipedia.org/wiki/Asynchronous_Transfer_Mode

Virtual LAN

• https://en.wikipedia.org/wiki/Virtual_LAN - VLAN

• http://en.wikipedia.org/wiki/IEEE_802.1Q

• http://openvswitch.org/

• http://www.sdncentral.com/technology/vswitch-the-new-battleground-what-every-datacenter-operator-must-know/2012/07/

• http://blog.scottlowe.org/2013/09/09/namespaces-vlans-open-vswitch-and-gre-tunnels/

https://github.com/m13253/popub - Publish a service from localhost onto your server.

Network virtualization

• https://en.wikipedia.org/wiki/Network_virtualization - the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization. Network virtualization is categorized as either external virtualization, combining many networks or parts of networks into a virtual unit, or internal virtualization, providing network-like functionality to software containers on a single network server.

• Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command

Virtual Extensible LAN

• https://en.wikipedia.org/wiki/Virtual_Extensible_LAN - VXLAN, a network virtualization technology that attempts to improve the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate MAC-based OSI layer 2 Ethernet frames within layer 4 UDP packets, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be both virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs).

NGN

• https://en.wikipedia.org/wiki/Next-generation_network - all IP

• https://en.wikipedia.org/wiki/Virtual_Private_LAN_Service

MPLS

• https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching - type of data-carrying technique for high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols, hence its name "multiprotocol". MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.

VPN

• https://en.wikipedia.org/wiki/VPN

• https://en.wikipedia.org/wiki/VTun - a networking application which can set up Virtual Tunnels over TCP/IP networks. It supports Internet Protocol (IP), Point-to-Point Protocol (PPP) and Serial Line Internet Protocol (SLIP) protocols. It exists as the reference implementation of the Tun/Tap user-space tunnel driver which was included in the Linux kernel as of version 2.4, also originally developed by Maxim Krasnyansky. Bishop Clark is the current maintainer.

• https://en.wikipedia.org/wiki/Social_VPN

• https://www.tinfoilsecurity.com/blog/dont-get-pwned-on-public-wifi-use-your-own-vpn-tutorial-guide-how-to [4]

• https://www.privateinternetaccess.com/pages/vpn-encryption

• https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp/
• http://www.vpntutorials.com/blog/which-is-better-l2tp-vs-openvpn-105/

• http://www.vpngate.net/en/

• http://blog.backslasher.net/ssh-openvpn-tunneling.html [5]

• VPN - a Very Precarious Narrative - Dennis Schubert - [6]

PPTP

• https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
• https://wiki.archlinux.org/index.php/PPTP_Server

Not recommended for use any more.

• http://akensai.com/linode-vpn/

L2TP

• https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol

• https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_12.04.html

Requires use of encrypted protocol (IPsec). Uses UDP port 500, which is more easily blocked by NAT firewalls.

• https://www.zerotier.com/ [7]

L2FP

• https://en.wikipedia.org/wiki/Layer_2_Forwarding_Protocol - a tunneling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet. L2F does not provide encryption or confidentiality by itself; It relies on the protocol being tunneled to provide privacy. L2F was specifically designed to tunnel Point-to-Point Protocol (PPP) traffic.[

IPsec

• https://en.wikipedia.org/wiki/IPsec - an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Hence, IPsec protects any application traffic across an IP network.

• https://github.com/royhills/ike-scan - Discover and fingerprint IKE hosts (IPsec VPN Servers)

• https://www.openswan.org/projects/openswan/
  • http://en.wikipedia.org/wiki/Openswan

• http://www.strongswan.org/

GRE

• https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation - a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network.

OpenVPN

• http://openvpn.net/index.php/open-source.html
  • https://en.wikipedia.org/wiki/OpenVPN

• https://wiki.archlinux.org/index.php/OpenVPN

• https://cryptoanarchy.org/wiki/OpenVPN

• http://n0where.net/openvpn-simple-overview

• http://library.linode.com/networking/openvpn

• PiVPN - Simplest OpenVPN setup and configuration, designed for Raspberry Pi.
  • https://github.com/pivpn/pivpn

• https://github.com/corrad1nho/qomui - an easy-to-use OpenVPN/WireGuard gui for GNU/Linux with some unique features such as provider-independent support for double-hop connections. Qomui supports multiple providers with added convenience when using AirVPN, PIA, ProtonVPN, Windscribe or Mullvad.

n2n

• https://github.com/meyerd/n2n

Tinc

• https://en.wikipedia.org/wiki/Tinc_(protocol)

• http://tinc-vpn.org/

WireGuard

• https://www.wireguard.io [8]

• https://en.wikipedia.org/wiki

• https://github.com/pirate/wireguard-docs - a BETA/WIP open-source VPN solution written in C by Jason Donenfeld and others, aiming to fix many of the problems that have plagued other modern server-to-server VPN offerings like IPSec/IKEv2, OpenVPN, or L2TP. It shares some similarities with other modern VPN offerings like Tinc and MeshBird, namely good cipher suites and minimal config.This is my attempt at writing "The Unofficial WireGuard Documentation" to make up for the somewhat sparse official docs on an otherwise great piece of software.

• https://fosdem.org/2017/schedule/event/wireguard [9]

• https://news.ycombinator.com/item?id=17659983

• https://news.ycombinator.com/item?id=23243248

• Tailscale - easy and secure VPN using WireGuard and 2FA. Connect your team's devices and development environments for easy access to remote resources.
  • https://github.com/tailscale/tailscale

• https://github.com/juanfont/headscale - a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using NAT traversal. Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the control server.The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes. A Tailscale network (tailnet) is private network which Tailscale assigns to a user in terms of private users or an organisation.

BoringTun

• BoringTun - a userspace WireGuard implementation in Rust [10]
  • https://github.com/cloudflare/boringtun

strongSwan

• https://www.strongswan.org/ [11]

Algo

• Algo VPN - short for "Al Gore", the Vice President of Networks everywhere for inventing the Internet, a set of Ansible scripts that simplifies the setup of a personal IPSEC VPN. It contains the most secure defaults available, works with common cloud providers, and does not require client software on most devices.
  • https://github.com/trailofbits/algo

Vita

• https://github.com/inters/vita - a high-performance L3 VPN gateway you can use to interconnect your networks. Vita acts as a tunnel between your local, private network and any number of remote Vita gateways. With it, nodes spread across your outposts can communicate with each other with confidentiality and authenticity ensured at the network layer. [12]

DNS

• http://blog.steve.org.uk/robbing_peter_to_pay_paul__or_location_spoofing_via_dns.html

Services

• http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs
• http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/ [13]
• http://torrentfreak.com/proxy-sh-vpn-provider-monitored-traffic-to-catch-hacker-130930/

• https://ipredator.se/

• https://www.phantompeer.com/

• http://cryptoseal.com/

SoftEther VPN

• SoftEther VPN [14]

BadVPN

• BadVPN is a peer-to-peer VPN system. It provides a Layer 2 (Ethernet) network between the peers (VPN network nodes). The peers connect to a central server which acts as a chat server for them to establish direct connections between each other (data connections). These connections are used for transferring network data (Ethernet frames).

Freelan

• Freelan - A free, open-source, multi-platform, highly-configurable and peer-to-peer VPN software, designed to easily connect remote hosts and mainly focused on security and performance. [15]

Social VPN Project

• Social VPN Project - free and open-source P2P Social Virtual Private Network (VPN) that seamlessly networks your computer with the computers of your friends.

Campagnol

• Campagnol is a distributed IP-based VPN software able to open new connections through NATs or firewalls without any configuration. It uses UDP for the transport layer and utilizes tunneling and encryption (with DTLS) and the UDP hole punching NAT traversal technique. The established connections are P2P.

ocserv

• OpenConnect VPN server - The OpenConnect VPN server (ocserv) is an open source Linux SSL VPN server designed for organizations that require a remote access VPN with enterprise user management and control.

DSVR

• https://github.com/dboyd13/DSVR - Domain-Specific VPN Router. If you're using a VPN service today, you may have found the following limitations: All or nothing. Either ALL traffic goes down the VPN or none - unable to be selective. Only one VPN at a time. Cannot selectively route certain sites down one VPN, and others down another VPN. Unless you've configured your VPN at the router level, it's likely that only a single device can use your VPN at one time. [16]

n2n

• n2n - a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong. In a nutshell, as OpenVPN moved SSL from application (e.g. used to implement the https protocol) to network protocol, n2n moves P2P from application to network level.
  • https://github.com/ntop/n2n

sshuttle

• https://github.com/sshuttle/sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
  • http://longren.io/poor-mans-vpn-with-a-cheap-vps/ [17]

SigmaVPN

• SigmaVPN is simple, light-weight and modular VPN software for UNIX systems, deploying the NaCl encryption library. It's easy to configure, has low overheads and is reliable. No longer is it necessary to waste precious time configuring overcomplicated tunnels. [18]

fastd

• https://github.com/neocturne/fastd - a very small VPN daemon which tunnels IP packets and Ethernet frames over UDP. It supports various modern encryption and authentication schemes and can be used in many different network topologies (1:1, 1:n, meshed). fastd runs on Linux, FreeBSD, OpenBSD and macOS. Android support exists in the code, but is currently unmaintained. Binary packages are provided by many major Linux distributions.

dn42

• dn42 - a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the 172.20.0.0/14 range and private AS numbers are used (see registry) as well as IPv6 addresses from the ULA-Range (fd00::/8). A number of services are provided on the network: see internal (only available from within dn42). Also, dn42 is interconnected with other networks, such as ChaosVPN or some Freifunk networks. [19]

ChaosVPN

• ChaosVPN - a system to connect Hackers. Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.

wirehole

• https://github.com/IAmStoxe/wirehole - a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound. [20]

Outline VPN

• Outline VPN – access to the free and open Internet
  • https://github.com/Jigsaw-Code/?q=outline

• https://en.wikipedia.org/wiki/Outline_VPN - a free and open-source tool that deploys Shadowsocks servers on multiple cloud service providers. The software suite also includes client software for multiple platforms. Outline was developed by Jigsaw, a technology incubator created by Google. The Outline Server supports self-hosting, as well as cloud service providers including DigitalOcean, Rackspace, Google Cloud Platform, and Amazon EC2. Installation involves running a command on its command-line interface, or in the case of installing on DigitalOcean or Google Cloud, its graphical user interface.