oditek_ipsec

IPSec Stack porting from Linux to Windows | IPSec based VPN Solution for Windows

Spread the love

This is a case study where we worked with our client, to migrate their proprietary IPSec VPN Solution on Linux to Windows. The customer is a business setup in US developing and fielding highly secure communication for the U.S. Government. Customer has a set of products providing security solutions that are delivered in an easily accessible public platform by encrypting communications over public internet. Its security solutions are focussed to U.S. Federal Agencies, Law Enforcement and First Responders, SMART Manufacturing Industries, Cybersecurity for IoT, Secure Social Media and Financial Industries.

Application Requirements


Customer uses one of the proprietary IPSec stack for VPN connectivity. The stack has been written in ‘C’ programming language and runs in user space on Linux Ubuntu platform. The need was to make the IPSec stack work in Windows environment (Server and Workstation) and should run as a Service in Windows.
Develop a TUN diver in Windows to create a virtual interface that can be used by the IPSec stack for secure data communication.
IPSec stack supports the CLI which is to be substituted with a Manager interface providing functionalities to support communication with IPSec service from Client (Windows based application UI).
The entire source to be made compatible with 32bit & 64bit Windows environment and separate binaries to be produced to run in 32bit & 64bit OS.
The final expected delivery was a Windows Based Installer(.msi) that takes care of complete installation of Device Driver for the Virtual Interface, IPSec service and dependent visual studio libraries.

The Business Case Challenge

Linux supports a virtual TUN interface which is used by the IPSec stack, but Windows does not have any virtual TUN Interface support.
Need to make the IPSec stack run as a Windows Service and develop a Manager interface that takes care of any communication between the IPSec service and the Client (i.e User Interface).
The existing code base was written and tested for Linux only. The code base needed to be ported to Windows by supporting Windows System calls(Win32 API) in place POSIX calls as alternative to Windows Mode. The entire source should be buildable from Make file in both Linux and Windows Platform.

OdiTek’s Solution


Oditek’s Team did some R&D and found Windows TAP interface could be replaced with TUN interface. TAP interface is preferable to bridge two Ethernet segments in two different locations. in such setup you can have computers in the same IP subnet (eg 10.0.0.0/24) on both ends of vpn, and they'll be able to 'talk' to each other directly without any changes in their routing tables. vpn will act like Ethernet switch. 
Team, choose to use the TAP Interface provided by OpenVPN (which is an open-source VPN protocol). As, TAP interface receives more packets (broadcast packets) than TUN interface, the changes in the source code were made to filter out unnecessary broadcast packets).
The existing ‘C’ source code were imported and organised as multiple modules in Visual Studio and replaced with Windows specific API/library calls to make the complete code compiled successfully for Windows. A set of Make files were created to support Windows build from root folder of the source code.
A library(DLL) was developed that acts as a Manager Interface, which communicates with the IPSec service for performing various functionalities such as Create new connection, Get all active server associations, Get details of server associations, Remove existing connections etc. Any client application can use this library to interact with the IPSec service.
Windows Installer was developed using Visual Studio Installer. This produces a single .MSI file that takes care of installing the dependent Visual Studio Redistributable package, OpenSSL libraries, Windows TAP driver, custom IPSec Service with default configuration files. Uninstallation and shutdown of TAP interface and complete removal of TAP driver and installed files were taken care of.

Result


The complete solution was tested successfully with customer’s intended test setup. The functionality also compared and benchmarked against the native linux source. The source code of Windows ported IPSec stack, Manager Interface, Windows Service, TAP driver (with custom scripts for install /start /stop /remove) and Windows installer were delivered to customer. Customer is very much satisfied and integrated these modules into their security solutions.

Technologies Used

    OS: Linux (Ubuntu 16.04), Windows10(64 Bit), Windows7(32/64Bit) Protocol : IPSec, IKE, UDP/IP Language: C, C++ Compiler : Microsoft Visual Studio 2017, gcc Others: Visual Studio Installer

To know more about OdiTek’s IPSec based VPN Solutions, please drop an email at – info@oditeksolutions.com

What Oditek offers


Refer our Skills page:

C++ Development

C++ is one of the most popular object-oriented programming language that is used for multi-device and multi-platform enterprise-class large scale performance-driven application development. The C++ language combines increased capacity and optimal performance of software that is why it is widely used for building well-organized applications....

more

Client Testimonials

We had a tough deadline to launch our .Net based application that processes a lot of data, and got very frustrated with our development agency we hired. Fortunately we got Oditek, and they took over seamlessly the product development, launched the app & continued feature development. Just awesome!

Neal Bonrud

Co-Founder – SubScreener, USA

They were very attentive to our needs as clients and went out of the way to make sure our projects were taken care of. They were always able to get projects done in the specifications we requested. They are passionate about getting things done; I would definitely recommend them to lead any IT projects.

Dann Manahan

Sr VP Technology- 1031 Crowd Funding

OdiTek has been very impressive in delivering a C++ based network security product migration from Linux to Windows. Honestly, we didn’t expect the speed and competencies to get the migration project delivered absolutely on time as the existing product was complex. Technically team is very experienced.

James Rautner

Co-founder- SDSE Networks

I worked with OdiTek on few high profile banking application projects. They did a fantastic job with web applications & manual testing on the VAS apps for two leading banks of UK that included rigorous UAT phases. I recommend them for any application development where security matters.

Clive Shirley

CTO- Smarta, UK

OdiTek is our extended team who works on our key software projects. They are dependable, good in collaboration and technically very much to the level what we expect a global team should be. They had transformed our web applications, CRM and added mobility to existing business platforms here.

Matt Berry

IT Manager- First Option Online

It's been more than 4 years now that we are working with OdiTek on our cloud based web product development. It's been amazing working together, they are very competent on designing scalable, high performance apps. Their technical support is outstanding to say the least, even at odd hours.

Brad Taylor

CEO- BluesummitTech, USA

I am a fan of Team OdiTek since 2014 and have worked on many product development projects together. Specially worth mentioning their deliveries on VAS Banking web application development & manual testing services for Smarta, UK. They are highly skilled & a professional team to work with.

Tom Bowden

Digital Propositions - HSBC, London

OdiTek has been working on our Integrated Web-scale Mobile Platform i.e. Optimal Health since 2014. They are very professional and takes care of the requirements meticulously. They are technically very sound and sincere in ensuring quality & performance. Wonderful working with them!

Catherine Lim

COO- Medilink Global Sdn Bdh

You can trust the team, with minimum supervision you get the work done. They are honest, professional & committed to schedule & quality. I had been successfully running 3 business applications designed, developed and maintained by Oditek developers. It’s been a pleasure working with them.

Scott Evans

CEO- Pink Storage, UK

OdiTek has been working in custom software development, including services for test automation. Many of them have worked with me in 2009-10 when I was R&D Manager in NetHawk India. They have great enthusiasm & a passion to excel in bringing customer success. Their work has been very impressive.

Karen Hamber

Senior Product Manager- Skype

It's amazing to see these guys are turning their experience into a global delivery excellence at OdiTek. I am sure their past large scale product development experience will be handy to product companies. I would always recommend Oditek for software development, especially performance-driven solutions.

Juha Marjeta

Opti Automation Oyj

If you need additional information or have project requirements, kindly drop an email to info@oditeksolutions.com

×