Builtin NAT

[clowwindy]

A server can handle concurrent multiple users with one tun device.

Protocol upgrade is required.

Backward compatible. Will fallback to P2P mode if no user token is specified.

[simplerick-simplefun]

I assume the change is done right? please tell me if my understanding is correct: one server can now handle multiple clients, and all we need to do is to change the line "concurrency=1" to "concurrency=x" with x>1 (Best part is multiple users connected are under the same virtual lan now, right?) *update, nvm, didn't notice the "usertoken" until I check the sample conf. it wasn't in the updated server.conf.

if so, should the part of README where it states "ShadowVPN is a peer-to-peer VPN, which means you'll have one server for one client" be updated as well?

Also I noticed that this page should be updated too: "https://github.com/clowwindy/ShadowVPN/wiki/Starting-Multiple-Servers-on-One-VPS" As all the changes are moved to server.conf, and now server_up and server_down should be left alone.

[clowwindy]

No. Still in progress.

[riobard]

I'm not sure if I understand the intention correctly, but the security model of user token is strange. At 8-byte in length, it does not provide enough resistance against guessing, yet each user token is supposed to be a secret. Why not using longer (e.g. 16-byte) ones?

[clowwindy]

To provide basic NAT support without adding too long overhead. We don't expect 2^32 users here, but just a few hundreds or thousands. Also it seems not very profitable for a user who has the password to a server to guess other users' tokens.

[riobard]

I see. Makes sense.