Is it possible to create a VPN client/server in Delphi?

[Clément 145]

Hi,

I googled to find some hints on how to create my own VPN solution.
I'm still researching and I found nothing in Delphi (or pascal) that covers this subject.
Some C examples are in linux, but I would like to focus on windows only.

 

Any ideas?

TIA

 

[DelphiUdIT 132]

You can start from RAS ... Jedi units RAS32 and JvRas32 encapsulate Windows api about RAS. In this way you can create your "client" VPN in Windows (I use it in Windows 7, hope that it works in new Windows version too).

 

I had an example how to use it to create from "zero" a vpn connection with RAS many years ago. If I find it i will post here.

 

For server I dont'know ....

 

Bye

[Fr0sT.Brutal 897]

Do you really need N in VPN (local network between peers connected through the channel) or just what browser addons and mobile apps call VPN (secure proxy)?

[Clément 145]

N in VPN (local network between peers connected through the channel)

I was just talking with a friend, and he would to have his own VPN integrated solution. He asked me if I could do it (write both VPN server and Client in Delphi). And I said that I have no idea!

If possible, I would like to use SSTP as protocol and ICS as Client and Server app.

After googling up a little and found some python implementation of a "simple VPN server".

I found C samples to open a Private Network in windows. Some code (in Python) of a VPN server, and some client application In C too... Unfortunately nothing in Delphi (or pascal).

I'm just hoping not to find the word "Driver" in the specifications
Anyway, I hope to find a way to implement the basics

 

[Fr0sT.Brutal 897]

12 hours ago, Clément said:

I was just talking with a friend, and he would to have his own VPN integrated solution. He asked me if I could do it (write both VPN server and Client in Delphi)

Again. What exactly he wants to have? Full featured VPN with system-wide local network, system-wide secure channel and app-specific secure channel are 3 different things.

[Sherlock 632]

Considering the simple fact that a VPN access point would be exposed to the entire Internet with its sh*tload of malevolent entities out there just waiting to pounce on just another self made "secure" server I would not touch this project with a ten foot pole and oven mits...and a hazmat suit. Just introduce your pal to WireGuard and be done with it.

[David Heffernan 2300]

42 minutes ago, Sherlock said:

Considering the simple fact that a VPN access point would be exposed to the entire Internet with its sh*tload of malevolent entities out there just waiting to pounce on just another self made "secure" server I would not touch this project with a ten foot pole and oven mits...and a hazmat suit. Just introduce your pal to WireGuard and be done with it.

Exactly. Why reinvent the wheel? And if you absolutely had to implement VPN in Delphi code, then hire an expert that has implemented VPN before.

[Clément 145]

On 8/8/2023 at 4:23 AM, Fr0sT.Brutal said:

Again. What exactly he wants to have? Full featured VPN with system-wide local network, system-wide secure channel and app-specific secure channel are 3 different things.

As far as I can tell, a VPN ( no system-wide local network ) , a "basic" secure channel... I'm gathering information for our next meeting.

[Clément 145]

On 8/8/2023 at 12:07 PM, Sherlock said:

Considering the simple fact that a VPN access point would be exposed to the entire Internet with its sh*tload of malevolent entities out there just waiting to pounce on just another self made "secure" server I would not touch this project with a ten foot pole and oven mits...and a hazmat suit. Just introduce your pal to WireGuard and be done with it.

This is one of my strongest arguments against this projects. But since it's a friend, I want to make sure I can explain the "why, hows, and don'ts"
He considered other applications ( I will ask him about WireGuard ), and most have "extra features" that are not required. He just wanted a "plain old simple VPN" that works without extra features that goes way beyond what he requires.
When some specs uses the word "simple", it just makes me run the other way. The problem in this case is the "friend" part. He would have asked if didn't required it. So.. Now that I learned a little more to be scared, I think I can get him scared too .

[Clément 145]

On 8/8/2023 at 12:50 PM, David Heffernan said:

Exactly. Why reinvent the wheel? And if you absolutely had to implement VPN in Delphi code, then hire an expert that has implemented VPN before. 

I'm still reading and trying to figure some aspects of this projects. May be I just need to learn a little more to be able to ask my friend the right questions.

[Lars Fosdal 1732]

Writing your own VPN software in Delphi.  Would you write your own Firewall too?

Just say no.  You don't need the liability.

[Fr0sT.Brutal 897]

2 hours ago, Clément said:

a "basic" secure channel...

What features he needs that TLS server couldn't provide? Channel is secure and it could be verified by certs, even a client could be checked by cert so no side client will get through

[Brandon Staggs 185]

+1 for Wireguard. It is secure and simple. It is well-known, open source, and well-understood. There are countless tutorials on setting it up and using it. Unless you are going to get paid a lot of money and have some kind of contract that absolves you of liability, just don't.

 

https://www.wireguard.com/