sgx-secrets-over-s2s-strongswan

This repo is based on rgl/strongswan-site-to-site-vpn-vagrant. See original README.md in README.old.md

Description

This project sets up site-to-site VPN using 4 VMs. Each site contains a gateway and a host:

sun-ubuntu --- sun <=> moon --- moon-ubuntu

sun and moon are gateways, and sun-ubuntu, moon-ubuntu are their respective hosts.

We set up SSH tunnel to forward traffic from client running on host OS to server.

sun-ubuntu --- sun <= VPN => moon --- moon-ubuntu <= SSH tunnel => host OS
server ----------- <= VPN => -------------------- <= SSH tunnel => client

Prerequisites

Install Virtualbox

Install Vagrant

Prepare settings and AttestationReportSigningCACert.pem files and place them into ./sgx-secrets-after-ra.

Usage

This paragraph shows basic usage based on simple HTTP server. It demonstrates that the VPN is actually encrypting the traffic.

Fetch submodules

git submodule update --init

Start everything

vagrant up # takes a lot of time

Login into the moon machine (a VPN device), and watch the network traffic:

vagrant ssh moon-ubuntu
# then, inside the VM:
tcpdump -n -i any tcp port 3000

From your host computer, access the following URLs to see them working:

http://10.1.0.4:3000
http://10.2.0.4:3000

Then, see how site-to-site traffic looks like:

vagrant ssh moon-ubuntu
# then, inside the VM:
wget -qO- 10.2.0.4:3000

Running `sgx-secrets-after-ra`

When running the example, you have to setup SSH tunnel to moon-ubuntu

vagrant ssh moon-ubuntu -- -L 7777:10.2.0.4:7777
sudo tcpdump -n -i any tcp port 7777 # show traffic

Now any traffic pointed to localhost:7777 on host OS will be forwarded to sun-ubuntu, i.e. server application that provides secrets.

SSH into sun-ubuntu host to set up the server

vagrant ssh sun-ubuntu
cd /vagrant/sgx-secrets-after-ra
./bootstrap
./configure
make
./run-server

Now run client on host OS as usual:

cd /path/to/this/project/sgx-secrets-after-ra
./bootstrap
./configure
make
./run-client

Running on Windows

Install rsync to use synced_folder:

choco install rsync

If you don't have rsync installed, you can disable sync_folder in Vagrantfile by setting disabled: false to disabled: true:

config.vm.synced_folder ".", "/vagrant/", type: "rsync", disabled: false,

Now checkout from git manually:

mkdir -p ~/project
cd project

<<<<<<< HEAD git clone

d863a25ace194daa17370dbefc6dbdef68262a5d

Keep in mind that local changes won't be propagated from host OS to VM.

Name		Name	Last commit message	Last commit date
Latest commit History 44 Commits
sgx-files		sgx-files
sgx-secrets-after-ra		sgx-secrets-after-ra
.gitignore		.gitignore
.gitmodules		.gitmodules
README.md		README.md
README.old.md		README.old.md
ReadMe		ReadMe
Vagrantfile		Vagrantfile
provision-certificates.sh		provision-certificates.sh
provision-common.sh		provision-common.sh
provision-sgx-sdk.sh		provision-sgx-sdk.sh
provision-ubuntu.sh		provision-ubuntu.sh
provision-vpn-device.sh		provision-vpn-device.sh
sgx_linux_x64_driver_2.6.0_4f5bb63.bin		sgx_linux_x64_driver_2.6.0_4f5bb63.bin
sgx_linux_x64_sdk_2.7.100.4.bin		sgx_linux_x64_sdk_2.7.100.4.bin

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

sgx-secrets-over-s2s-strongswan

Description

Prerequisites

Usage

Running `sgx-secrets-after-ra`

Running on Windows

<<<<<<< HEAD git clone

About

Releases

Packages

Languages

markueni/safelib-RAP-IPSEC

Folders and files

Latest commit

History

Repository files navigation

sgx-secrets-over-s2s-strongswan

Description

Prerequisites

Usage

Running sgx-secrets-after-ra

Running on Windows

<<<<<<< HEAD git clone

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Running `sgx-secrets-after-ra`

Packages