Why DecentVPN?


I- Why this name?

The name stands for decentralized VPN, as we want to lower the role of the VPN server so that it won't eventually be necessary at all in the future of decentVPN. 

II- Why this project?

2.1- How today VPN solutions are working

VPN use can be sorted in 2 configurations: inter-sites VPN and roadwarriors VPN. Of course a typical VPN configuration is a mix of this 2 uses.

    2.1.1- Inter-sites VPN: a nightmare to setup and maintain.

Building an inter-sites VPN requires to bring up a tunnel between each site. Let see what it looks like in the case of a 4 sites VPN:
typical inter sites VPN
Image 1
As a result if there are X sites, there will be (X-1) tunnels to be configured on each VPN server... And just 1 for decentVPN, as we'll see.

    2.1.2- Roadwarriors VPN: And the server goes *boom*.

A "roadwarrior" is a single user willing to join a VPN. In our example, we see many users (called VPN Clients below) in the same VPN. The concern is when a VPN Client wants to communicate with another one. All communications between them have to pass through the VPN server.
On the image below, note that the presence of a LAN behind the VPN server is optional, as many people use a VPN only to gather single hosts accross the Internet.
typical roadwarrior VPN
Image 2
Thus the speed of the VPN connection between the Client 1 and 3 is limited by the VPN server bandwith availability. decentVPN was first designed to solve this issue.



Just one last picture to make it more obvious:
Typical "Star" VPN
Image 3
What do you think that happens when all these guys want to communicate together, while each communication in the VPN borrow a part of the VPN Server bandwith?

2.2- How decentVPN is working

Note: Keep in mind that even if we keep the "Server" and "Client" labels and different signs on the pictures, Servers and Clients will run the same software and their use won't differ in later release of decentVPN .

    2.2.1- Performance

The basic idea is that a decentVPN user has only to initiate one connection with the VPN Server when he wants to join the VPN. All traffic adressed to another client automatically bring up a tunnel with this client if there wasn't already one.
As a consequence, all traffic between hosts in the VPN remain secured and is directly send to its destination.

decentVPN structure
Image 4

So that decentVPN makes full use of each node bandwith, enabling roadwarriors only VPN structures like in Image 3.

    2.2.1- Light setup

A convenient side-effect of this design impacts the inter-sites VPN scheme (cf Image 1). There are much less tunnels to configure, only the ones labelled "initial tunnel":
Inter-Site VPN with decentVPN
Image 5