How hard would this be to do?

[Red Squirrel]

I want to write a tcp client/server application to create a VPN tunnel.

The idea is I want the client (on windows) to connect to the server (on linux) and it would generate a virtual network connection in windows. Then it would handle all the traffic for that Ip range or ranges (it would need to modify routing tables). The packets would then be encapsulated and sent to the tunnel then on the other end they'd be decapsulated and sent, and vise versa.

how hard would this be to code and what is involved?

Basically I want a simple vpn client/server application. this would be for my own use but I would maybe release it if it turns out decent. I would probably leave out encryption and just use it through SSH tunnel. Been trying to get openvpn working and it's super complicated. there needs an easy to use vpn application out there.

[TheCPUWizard]

VPN IS complicated. If it were simple, then it would be simple to crack.

Unless you have alot of time on your hands, and a machosistic streak..then it is almost always better to use a "commercial" version.

[Red Squirrel]

complicated = hard to crack? not really. That's just security through obscurity. The authentication process and encryption are what make it hard to crack and those don't have to be complicated to use. (to code, is a different story, but I will make it easier by using ssh tunnel so I just need a non encrypted vpn)

[TheCPUWizard]

Then have phun...That last time I had to implement a custom VPN (for an operating system which only had basic socket support, and where using an external router w/VPN was not an option) the total development code was well over $250K [US]. This included a team member who was (is) a recognized expert on the topic.

Even then, we were only able to implement a subset of the protocol. Fortunately we controlled both ends, so this was acceptable. Finishing the protocols would have at least tripled the cost.

[j0nas]

Use the TAP driver implemented by OpenVPN. Use some tcp tunnel (ssh or your own) as a tunnel. Implement the tunnel server end on your Linux box, together with a TAP kernel driver. This is basically a full blown VPN. You may have some trouble getting the routing (default routes and so on) to work...

[Red Squirrel]

Then have phun...That last time I had to implement a custom VPN (for an operating system which only had basic socket support, and where using an external router w/VPN was not an option) the total development code was well over $250K [US]. This included a team member who was (is) a recognized expert on the topic.

Even then, we were only able to implement a subset of the protocol. Fortunately we controlled both ends, so this was acceptable. Finishing the protocols would have at least tripled the cost.

Oh I realize the coding will probably be complex (don't know why it would have to cost that much though if I do it myself) but the implimentation itself from a user's point of view does not have to be complex.

I'll take a look at the tap interface idea though. Something simple is what I'm looking for.

I'll keep mashing away at openvpn to see if I can get that going (or even use some of it's source) but failing that I'll look into making my own solution.

[TheCPUWizard]

Oh I realize the coding will probably be complex (don't know why it would have to cost that much though if I do it myself).

It would not cost you $$$ just time. The above figure represented nearly 2 man hears (4000 hours) of coding for a partial implementation.

This was implemented "from the ground up". Using existing protocol layers would save time, but remember to be careful with licensing. [for example GPL says that is you USE any of the code, YOUR code must be GPL].