Increasing scalability for R&E security solution

NORDUnet supports further strengthening of eduVPN software, for the usecase where eduVPN is used by university campuses and research institutions to allow remote users to securely access the insitution networks and IT resources.

COVID-19 lockdowns have emphasized the value of a solution which enables academic users to connect to their university or their national research and education network (NREN) from home or another location -  just like if they had been at their workplace. This is exactly the scope of eduVPN – “edu” for “education” and VPN for Virtual Private Network. NORDUnet has granted financial support to enhance eduVPN. During COVID-19, the number of researchers and students working remotely has increased dramatically. As a result, institutions need to scale their security solution to handle the increased load.

“NORDUnet already gave us support four years ago during the early phase of development. The new donation will position us better to handle more users, more efficiently,” says Tangui Coulouarn, head of advanced network connection projects at Danish NREN DeiC.

Being able to work remote in a secure manner was already possible at many institutions, where eduVPN has in some cases replaced or is a supplement to the existing VPN solutions. The COVID-19 situation may have highlighted the value of a reliable, open-source solution supported by the national research network, but it will definitely remain highly attractive in the future regardless of the epidemic. In addition, eduVPN offers the additional value of allowing users to connect to the NREN just as if the user was at their home institution.

The current system is built using the OpenVPN software,  and the donation from NORDUnet will allow developers to implement a better solution for eduVPN servers.

“We experienced challenges due to some license restrictions to use OpenVPN in iOS and macOS. On the server side, it is also a bit cumbersome to scale up to large number of users using OpenVPN,” explains Tangui Coulouarn.

The new protocol - WireGuard – will be used as an alternative to OpenVPN.

“WireGuard is the new kid on the block for Open Source VPN. Since several of the people involved in eduVPN development are also active in WireGuard development, we have been able to follow the evolution of WireGuard quite closely. You might say that we have just been waiting for the system to reach a satisfactory level of maturity. We are confident that the timing is right now,” says Tangui Coulouarn.

“We are starting with improvements on the server side and the macOS and iOS apps. We expect to introduce support for WireGuard for Linux, Android and Windows clients next. As we are keen to offer easy, user-friendly access, the use of the new protocol under the hood will not be visible to end-users.”

Learn more about eduVPN