NTVL - NAT Traversal VLAN/VPN

ntvl is a tool to create a functional network between hardware which are behind NATs.
Devices on diferent networks can see each other bypassing firewalls as if they were on the same network.

This mean that ntvl can be used as a layer-two peer-to-peer virtual private network (VPN) which allows users to use features typical of P2P applications at network instead of application level. The users can gain native IP visibility (e.g. two PCs belonging to the same ntvl network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong.

See image below:
PROBLEM:Computer in network 1 at 192.168.1.10 can not access a service in network 2 computer 10.0.0.1 (via [R1] 199.100.10.34 - 199.100.20.1 [R2]) because a mutliple NAT
SOLUTION:Create a virtual network where both computers (or more) share the same subnet, lets say 172.16.0.0/24

[ Download Stable | Current Snapshot | Documentation | Contact mainteiner | Discussion boards | Interesting site | Developers area ]

What is NAT?

The number of available IP addresses on internet it limited. To get around this a concept of NAT (Network Address Translation) was introduced. With NAT only the router needs to have public IP address (also called Gateway, usually a DSL or Cable Modem). All devices behind NAT router have private IP addresses - usually starting with 192.168 or 10. These addresses are only valid within the router network. A quite common example is a simple network with one gateway (say DSL or Cable modem). The gateway has a public (WAN) IP address and does NAT. All computers connected to this gateway get assigned a private IP address. The gateway takes care routing the data from / to computers connected to it. To make a computer connected to gateway accessible from interent a port forwarding setting is required. If the gateway supports UPnP or NAT-PMP protocol, Air Video Server can transparently setup the port forwarding for the user. Otherwise manual port forwarding is required. This scenario represents a single level of NAT (just one router on network that does network address translation). Unfortunately it often isn't this simple.

What is double NAT?

Double NAT is a scenario where multiple routers on network are doing network address translation. Common example is a Cable or DSL modem, to which a Wi-Fi router is connected. Both modem and router have NAT enabled. Computers on the network are connected to Wi-Fi router. Even if port forwarding is setup on Wi-Fi router, the computer is not accessible from internet, because the WiFi router itself doesn't have public IP address. It has a private IP address within the network of DSL/Cable modem. There are multiple ways to resolve this, unfortunately none of these is a silver bullet. It depends on concrete network setup to determine which one is appropriate. Hers is where NTVL comes to scene,

How NAT works?

In this example, an inside host (192.168.1.10) wants to communicate with an outside web server (199.100.20.1).
It sends a packet to the NAT-configured gateway router for the network.
The gateway router reads the source IP address of the packet and checks if the packet matches the criteria specified for translation.
The gateway router has an ACL (Access Control List) that identifies the inside network as valid hosts for translation.
Therefore, it translates an inside local IP address into inside global IP address, which in this case is 199.100.10.34.
It stores this translated local to global address in the NAT table. The gateway router then sends the packet to its destination.
When the web server responds, the packet comes back to the global address of gateway router (199.100.10.34).
The gateway router refers to its NAT table and sees that this was a previously translated IP address.
Then, it translates the inside global address to the inside local address, and the packet is forwarded to host at IP address 192.168.1.10.
If it does not find a translation that match, the packet is dropped.

What is NAT Traversal?

From wikipedia:
NAT traversal is a general term for techniques that establish and maintain IP connections traversing network address translation (NAT) gateways. NAT breaks end-to-end connectivity. Intercepting and modifying traffic can only be performed transparently in the absence of secure encryption and authentication. NAT traversal techniques are typically required for client-to-client networking applications, especially peer-to-peer and VoIP.

How ntvl works

NTVL creates a virtual network between "nodes", some of them can connect directly (like purple network) but others may need a "supenode".
The supernode is used by nodes at startup or for reaching nodes behind symmetrical firewalls. This application is basically a directory register and a packet router for those nodes that cannot talk directly.
Each network (a.k.a "community") has is own subnet and with some configuration can reach another subnets via "node gateways" (those with two diferent color interfaces).
You can also make one or multiple tunnels between nodes to direct traffic according to your application specific needs.

Example

You need to connect two diferent groups to the same network (some or all of members are blocked by NATed firewalls)
Then, using ntvl you create a virtual private network (VPN) with two diferent subnets (VLANs) GREEN and ORANGE.
Certain traffic can be routed from GREEN to ORANGE using a "gateway node".
If some application has high traffic between three nodes, you can create a separate subnet (PURPLE) or a direct tunnels between them.

Suggested aplications

  • Home/office servers (behind bloqued NATs)
  • Peer-to-Peer applications
  • Home/office virtual private networks
  • Game network
  • Bypass (country/ISP) internet censorship

FAQ

Q: Is this project opensourced and free forever?
A: Yes. There always will be a community free edition.

Q: Why this? there are multiple options like SSH tunnels or STUN, TURN and ICE protocols
A: Because each alternative has different solution approach and can be used for different purposes. This one uses Layer 2 of the OSI model.
This means that you do not need to change your applications to use certain protocols or aditional ports. It is another (virtual) network connection.

Q: Can I use any application or service daemon on a computer connected to a ntvl network?
A: Yes, you can. Once the connection is stablished you can do anything yo will do with another network connection.

Q: What’s the difference between ntvl and ssh or nat-traversal tunnel?
A: A tunnel is a point-to-point connection, ntvl send packets to multiple end points and also includes a tool to make a tunnel.

Q: How secure is my connection?
A: All packets are encrypted at the origin and decoded at each endpoint. (This not apply if you decide to make a direct tunnel via ntvl-tunnel)

Q: How many inline firewalls natvl can cross?
A: It doesn’t matter if you’re behind one NAT or behind n-NATs. natvl will cross all of them.

Q: How many devices can be connected?
A: The same as normal networks, you are limited only bye the range of available private IPv4 addresses:

Need help?

You can reach the ntvl community by sending email to the ntvl mailing list. Instead if you have a private question, you can contact the ntvl developers at bambusoft contact page.

License

ntvl is distributed under the GPLv3 license.

Get It

Have a look at the stable version in our downloads page.
You can have te most recent (unstable) snapshot at github

Help Wanted

We appreciate any help we can get, currently we need:

Sorry, english is not our primary language, if you find any error or have any comment please let us know. Thank you
Hablamos perfectamente el español. Colaboradores hispanos son bienvenidos (no necesitan dominar el idioma inglés)

Project Hosted by Bambusoft