How to create a Virtual LAN (VLAN)? Guides and tips are much appreciated

TL;DR I want to create an app that emulates VLAN using Elixir Erlang but don’t know how

Hey guys! So yeah back in the days I used to play games with my buddies on our LAN using some game clients that are now decommissioned or no longer stable so I thought to myself why not create my own app that emulates VLAN? Long story short after some reading online I came to a conclusion that Elixir Erlang is the technology for the job.

But unfortunately I can’t find any materials / resources to guide me on my adventure. Please point me to any resources / materials that can guide me forward.

1 Like

I’m not sure I totally understand your question. When you say “VLAN”, are talking about a VLAN on your local host? Something like Docker sets up?

Or are you talking about a game server that runs on a LAN for other LAN clients (on other machines, but on the local network) to talk to?

1 Like

VLAN is a low level protocol that is used in data centers to overlay networks that can’t see each other on top of the same physical (like cables) network. You then hook up computers or virtual machines into these networks so that groups of computers can’t see each other.

Docker doesn’t even set up a VLAN, it just sets up virtual network adapters.

2 Likes

Ok, that makes way more sense :slight_smile:

VLANs run on the router or switch, right? I guess I’m still slightly confused on what exactly @meSmashsta is trying to accomplish.

This is from 2004… http://erlang.se/euc/04/juanjo.pdf

Not an answer to VLAN, but Elixir and Erlang are masters at isolation…

It is easy to setup rooms, accessible for members, or private spaces. Or in your case, isolate players for games.

There is MUD game in this topic.

damn, that must have been slow =D. VLAN tag is an 2? byte piece in the ethernet frame header; the way that the linux kernel does fast it is by literally bit-bashing the ethernet frame in-place. If you’ve ever had to wrangle iptables or netfilter, it’s complicated as hell because it’s doing a bunch of in-place mutations and managing the pipeline in a very opinionated fashion that has had niche-application features, exceptions, and code paths… I can’t imagine taking every ethernet frame and passing it between different erlang processes before the common binary heap existed in the VM. And still, you can’t do an in-place mutation on that data…

Cisco and Juniper I believe use erlang in the control plane of their switches, but I’m pretty sure all of the stuff like I’m talking about above is done using ASICs that expose a minimal API. Arista chose python! But apparently Andy Bechtelshiemer hand-rolled the core of the Arista as a system that “compiles” python with a whole ton of sanity checks before allowing in the system. Last I checked, Arista is migrating to golang.

2 Likes

Hey guys sorry for the late reply, different time zone :cry: :cry: :cry:

Sorry for the confusion, I myself am also unsure of the details.

I am trying to create a virtual private network application capable of establishing direct links between computers that are behind network address translation (“NAT”) firewalls without requiring reconfiguration (when the user’s PC can be accessed directly without relays from the Internet/WAN side); in other words, it establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a local area network (“LAN”) – taken straight from the Mamachi wiki.

A similar app like LogMeIn Hamachi:

Similar app just so me and my buddies can play LAN games even without being in the same place, I am also planning to open source it because I don’t plan on earning money out of it and making it open source would attract talented programmers that might want to improve or fix it.

Thank you for that information, though I couldn’t fully comprehend it now (I will slowly search the keywords to break it down). The GoLang part gave me an idea of what to search for as well.

Maybee you want ngrok https://ngrok.com/

Wireguard is new hotness with regards to VPN-esque connectivity. Tailscale provides a pretty slick product on top of it to easily setup secured networks over a WAN. Wireguard is included in newer Linux kernels as well.

1 Like

This also looks interesting, GitHub - spawnfest/wishvpn: by WishVPN

I’ve used OpenVPN (ovpn) to do this kind of thing for years.

Years ago at a hosting company I worked for I used ovpn to allow remote users to join the company LAN and connect to our Asterisk PBX to make and receive phone calls via SIP from their home offices etc.

In that case I had ovpn set up as a server on one of our public IPs and ovpn was installed and set up as a client on each remote user’s PC. The remote client uses a certificate to connect to the server and join the LAN. If someone left the company etc., you just revoke the certificate and they can’t connect.

In your use case I suspect that you want to create something along the lines of LogMeIn Hamachi with a web front end controlling and automating that process. In that case you would basically have two or more remote ovpn endpoints that would need to connect together with the app you’re wanting to build providing the certificates and config that allows them to connect to one another.

It’s been a while since I’ve used ovpn to do this sorta thing, so many things may have changed since then, but the certificates and keys were generated via a script, so that could be automated etc. But like LogMeIn Hamachi, it will require the end users to install the vpn software (client) on their systems to make it work.

If I was going to build something like what you describe, this is were I’d start. I’d start by looking at something like ovpn and see if I could build a custom vpn client that could be installed on each users system that would connect to my app to get it’s config etc.

The only issue I foresee in this venture is security. I want to stress that you would need to completely understand all of the security aspects involved in doing something like this.

1 Like

Tailscale is probably the way to go. We WireGuard extensively and it’s the simplest and fastest way of creating a private network across different places.

The only downside to Tailscale is that it’s a userland network stack. It’ll be slower than native wireguard for some things, but it’s definitely worth starting with.

1 Like

So you want VPN, not VLAN. a VLAN partitions an otherwise fully connected LAN. a VPN connects several otherwise isolated LANs together.

1 Like

Your best choices imho are:

ZeroTier (absolutely frictionless)
I use this a lot for linking together RPis, servers, laptops etc to form a virtual lan.

I have not used it in a production context where throughput, reliability matters. I would, if I have chance test it for such a scenario. I believe it would live up to the challenge.
I use it for my private home lab, virtual LAN parties playing 90s games and such. Works like a charm.

Wireguard (very nice, fast, part of modern Linux kernel, but needs lots of manual configuration to become a vlan)
Using that one in a production context for all kinds of networking stuff.
VPN, Gateway, VLAN, wireguard has proven to be a reliable tool for that case.
It has a steep learning curve if one is not familiar with ip routing, Linux kernel networking, iptables, etc.

Kind regards, Lukas