Netsplice Development Update #1

Dear reader,

in this blog post we take a quick tour of the currently available Netsplice VPN client features. We have been working on Netsplice for a while now and implemented quite a few features since our last update. You can download the latest release 0.20.0 from https://ipredator.se/netsplice.

As always we are interested in your thoughts, bug reports and feature requests. Let us know via email to feedback@ipredator.se or by coming to our support chat at https://irc.ipredator.se. Please keep in mind that Netsplice is still alpha software.

Cross platform support

One of the most important goals for Netsplice is cross platform compatibility. The 0.20.0 release supports the following platforms:

  • Windows 7 - 10
  • MacOS 10.11 - 10.12
  • Archlinux
  • Debian 8, 9
  • Fedora 25
  • Ubuntu 16.04, 17.04

If you need support for a particular operating system or distribution please tell us and we will look into it.

Architecture

Our second goal was to decouple the user interface from the VPN client functionality. This ensures that we can always replace the GUI interface in case the framework gets deprecated. Too many applications bite the dust because their GUI framework is not maintained anymore. In the future we might be able to support a headless client that you can deploy on servers. To that end the communication between the GUI frontend and the actual VPN client software is already secured with SSL client certificates.

Internally Netsplice is separated into different processes that take care of various required functions. While this adds a bit of overhead it allows Netsplice to separate execution of required tasks like starting a VPN, running a shell script, etc.

netsplice_demo_0.20.0_arch.png

Multi-connection support

One of the major drawbacks many clients have is that they only support one active tunnel connection. This works fine for basic setups but if you need to open more than one VPN tunnel at the same time you are out of luck.

netsplice_demo_0.20.0_4-connections.png

Another drawback many VPN clients have is that they are married to a particular VPN protocol implementation. As you can see in the screenshot we already implemented basic support for OpenSSH and Tor. While the support is still pretty basic we plan to add more features. Plugins for shadowsocks, wireguard and tinc are already present on our todo list.

netsplice_demo_0.20.0_ssh-profiles.png

At the moment you can configure Netsplice for two or more OpenVPN, OpenSSH proxies and Tor connection profiles. We are still working out some UI details to simplify sorting multiple connections. For example:

  • Connect 1st OpenVPN with default route
  • Connect 2nd OpenVPN without a default route
  • Start multiple Tor instances

In this particular use case if the 1st OpenVPN goes down it will pause/halt/make sure all connections that depend on it will go down (and stay down) as well. By combining the management of multiple tunnel technologies in a single interface more advanced setups can be created. The goal here is to make it easier to dis-aggregate your traffic footprints on the internet.

Logging

Computers are complex beasts and of course a lot can go wrong when working with the various tunnel software/protocols. Based on our experience of handling your support cases we designed the log viewer of Netsplice with a few custom features that go beyond showing black text on a white window:

If you do not spend your days reading log files, finding errors in log output can be a tedious task. To remedy that situation Netsplice annotates log messages with colors based on their severity. Filtering events by type eg. debug, info or, warnings is possible too. In case you know what you are looking for a find as you type style entry field exists as well. We hope that this interface is easy to use for you. Please share your experience with us!

Another drawback many other clients have is that they spew log files all over your machine. In the age of parallel construction we should try to minimize the amount of traces something like a VPN client leaves on your machine. In the default setup Netsplice does not store any logs on your disk. Of course there is an export function in case you need logs.

netsplice_demo_0.20.0_logviewer.png

Multi binary, SSL library, and XOR support

Netsplice comes with multiple versions of OpenVPN. This makes it easy to switch between the bundled releases in case you hit a corner case bug or just want to test the latest development snapshots.

As you can see in the screenshot below OpenVPN comes in two SSL library flavors. Each OpenVPN binary bundled by Netsplice is available with LibreSSL as well as OpenSSL. The default is to use LibreSSL on all platforms.

Due to popular demand Netsplice also ships an OpenVPN version that includes the XOR patch set. The XOR functionality allows you to hide the fact that you are using OpenVPN from deep packet inspection devices by adding additional scrambling on top of the encryption layers.

netsplice_demo_0.20.0_ovpn-binaries.png

The About view of Netsplice contains detailed information about build flags that are useful for debugging. It also includes a list of all activated plugins that Netsplice is running with.

netsplice_demo_0.20.0_about.png

OpenVPN setup

Netsplice allows users to create new VPN connections from a set of pre-configured profiles. Custom VPN connections can be imported via OpenVPN config files - e.g. from your work place. By enabling the auto-start toggle you can instruct Netsplice to start a particular connection.

netsplice_demo_0.20.0_ovpn_profiles.png

Preferences for each connection can be changed using the included editor which displays the values of an OpenVPN config file in a table or a plain text view. For simple changes you can use the table view which also provides a short help for each particular entry if you hover the mouse over it. More complex configuration changes can be accomplished by using the text view editor.

netsplice_demo_0.20.0_ovpn-settings.png

The current releases of Netsplice does not come with a dedicated password store. Getting the password store right is a particularly sensitive topic. For the time being Netsplice tries to use the native password store provided by the operating system. Alternatively you can also decide to never store any passwords or keep them for the current session. Please note that your password is stored in plaintext in your computers memory if you use the session storage feature.

netsplice_demo_0.20.0_ovpn_ipr_credentials.png

Process manager

There are a number of situations where you need to start / stop a program on your computer or run a custom script based on the run-time state of a tunnel connection. Netsplice provides a Process Manager that helps you do just that. After a connection was successfully established you can start your favorite P2P program automatically.

netsplice_demo_0.20.0_plugin-process-launcher_config.png

To simplify the handling of DNS leaks a couple of actions are predefined. You simply select the desired action and add it to the start or stop execution lists. After you setup a connection it is a good idea to check for DNS leaks. The actions provided are not enabled by default since they are highly system dependent.

netsplice_demo_0.20.0_plugin-processmanager-dnsfix.png

Future developments

Right now we are working on getting the UI part for sorting connections fully workable. Once that work has been completed the plan is to add more functionality to SSH and the Tor interface. There are also a couple of plugins being worked on that every VPN client should have. Stay tuned and please provide us with feedback!

Thanks

The IPredator team