ShadowVPN
ShadowVPN copied to clipboard
clowwindy
Builtin NAT
A server can handle concurrent multiple users with one tun device.
Protocol upgrade is required.
Backward compatible. Will fallback to P2P mode if no user token is specified.
I assume the change is done right? please tell me if my understanding is correct: one server can now handle multiple clients, and all we need to do is to change the line "concurrency=1" to "concurrency=x" with x>1 (Best part is multiple users connected are under the same virtual lan now, right?) *update, nvm, didn't notice the "usertoken" until I check the sample conf. it wasn't in the updated server.conf.
if so, should the part of README where it states "ShadowVPN is a peer-to-peer VPN, which means you'll have one server for one client" be updated as well?
Also I noticed that this page should be updated too: "https://github.com/clowwindy/ShadowVPN/wiki/Starting-Multiple-Servers-on-One-VPS" As all the changes are moved to server.conf, and now server_up and server_down should be left alone.
I'm not sure if I understand the intention correctly, but the security model of user token is strange. At 8-byte in length, it does not provide enough resistance against guessing, yet each user token is supposed to be a secret. Why not using longer (e.g. 16-byte) ones?
To provide basic NAT support without adding too long overhead. We don't expect 2^32 users here, but just a few hundreds or thousands. Also it seems not very profitable for a user who has the password to a server to guess other users' tokens.