GIP-98: Should GnosisDAO invest in HOPR to kickstart development of GnosisVPN?

Introduction

This is the final report for GIP-98. Intermediate quarterly progress has previously been reported in the first and second quarterly reports.

This report marks the end of the project and work on the Gnosis VPN proof of concept (PoC). Follow-up work on the Gnosis VPN MVP and v1 will be described in detail in the next proposal.

In this report we introduce the Gnosis VPN PoC and provide guidelines on how to get started using it. We also briefly explain the new HOPRd v2.2.0 release before giving a recap and update on the original proposal scope.

Gnosis VPN Proof of Concept

The PoC of Gnosis VPN has been completed and we’ve made it available to the general public. The PoC consists of the following components:

  • Public website: The user-facing public website is https://gnosisvpn.com. It is conceived as the landing page for users interested in Gnosis VPN and provides relevant onboarding information such as links to HOPRd documentation and guidelines on how to set up the PoC as a user.
  • Server Dashboard: Users need to find available Gnosis VPN servers before trying to connect via the PoC. This information is published on https://gnosisvpn.com/servers.
  • Gnosis VPN CLI: The PoC is still developer-oriented and requires the use of a CLI tool. The code can be found on Github, with binaries for Linux and MacOS being published on Github as releases.
  • Gnosis VPN servers: We’ve worked together with the Gnosis infrastructure team to set up an initial set of servers to enable the PoC and support it in the near future.

The best place to learn about the PoC is the public website. But for the sake of clarity of this report we want to give a brief overview here too.

Gnosis VPN PoC, when considered within the scope of a VPN connection, consists of the following software components:

  1. Web browser
  2. Gnosis VPN client
  3. Wireguard client
  4. HOPRd entry node
  5. HOPR network
  6. HOPRd exit node
  7. Wireguard server
  8. SOCKS5 server
  9. Destination web service

The user’s web browser is configured to use a SOCKS5 proxy, which points to the Wireguard connection. Therefore, all traffic will be passed through Wireguard, through the underlying HOPR network, and eventually will reach the SOCKS5 server. That means all HTTPS connections made by the web browser are end-to-end terminated between the web browser and the web server it is trying to reach, which is one of the fundamental privacy goals of the PoC.

The Wireguard connection is set up by first configuring the Wireguard client with the information received from the PoC onboarding flow. At this point Wireguard will try to connect to the chosen Wireguard server, but not be able to open a connection because the HOPRd entry node needs to be configured to provide a private session to the Wireguard server. This final step can be completed by using the Gnosis VPN client (cli tool) to set up the session as documented in the PoC user guide. The HOPRd entry node will establish a private session to the HOPRd exit node which will forward all data to the Wireguard server. At this point the Wireguard client will automatically open a connection to the Wireguard server. Once the connection is open, the user has a working end-to-end VPN connection using the Gnosis VPN PoC.

You can see footage of the PoC in action here. The website at https://gnosisvpn.com has been updated to reflect the latest progress. If you run a HOPR node, you can try the PoC for yourself by following the instructions here.

HOPRd v2.2.0

Over the last 8 months we’ve put a lot of effort into HOPRd to support the functional and performance requirements of Gnosis VPN. This focus has led to the introduction of the HOPR Session protocol (which we’ve covered in the previous two reports), massive improvements in our packet processing pipelines and many other improvements to make HOPRd more stable, performant and reliable.

Release v2.2.0 was published on Github. Updated documentation can be found on our documentation hub. This release provides the foundation for the Gnosis VPN PoC. Over the last 2 weeks the majority of the HOPR network has already migrated to v2.2.0, therefore can support PoC usage as needed.
The work on v2.2.0 has also given us a lot of insight and ideas on how to make HOPRd better in the future and be able to turn the Gnosis VPN PoC into an end-user product.

Recap

As we’ve mentioned in our past reports, while working on Gnosis VPN we discovered that some of our original ideas and deliverables could be improved upon even within the scope of proposal 1. Therefore, we changed the scope as we progressed, always keeping in mind that the final outcome must provide a great foundation for Gnosis VPN. The result is a PoC which far exceeds the expectations set at the outset of this project.

Given these changes, it’s useful to look back and give a quick summary on the status of the original deliverables for reference.

Deliverable 1.1: pHTTP technical design

  • Status: completed
  • Progress was reported in quarterly report #1
  • pHTTP (private HTTP) was renamed to uHTTP (unlinkable HTTP)

Deliverable 1.2: JS client library

Deliverable 1.3: Implementation of exit and entry components

  • Status: completed
  • Progress was reported in quarterly report #1

Deliverable 1.4: pHTTP web-browser extension (PoC)

  • Status: abandoned
  • While preparing for this deliverable we noticed we could create a much better Gnosis VPN with improved privacy guarantees and user experience. This led us to abandon this original deliverable and work on native VPN capabilities instead.
  • Progress on VPN capabilities was reported in quarterly reports #1 and #2 and this final report

Deliverable 1.5: Performance improvements in HOPRd to enable pHTTP

  • Status: completed
  • Progress was reported in all reports
  • Relaying throughput is reliably 1,200 packets per second, 60x more than the original target and a 600x improvement compared to the version at the time of posting this GIP

Outlook

Although we were confident it was feasible to build a VPN connection over the HOPR network in this way, we were uncertain about the performance which could be achieved. Now the work has been completed, we’ve seen the results are 600x higher than where we started, and 60x higher than our target, with many avenues available for further improvement. It’s therefore clear to us that this is a viable approach to building a VPN product which works at scale.

The work on Gnosis VPN Proposal 1 has been beneficial for the HOPR network as well as the Gnosis community at large thanks to the completion of the Gnosis VPN PoC. We want to thank the GnosisDAO for trusting us with their support for this work on a prototype for a new and exciting end-user product in the Gnosis ecosystem. Throughout the project the Gnosis team has been supportive via feedback and discussions on ideas and visions.

We are looking forward to moving beyond this technical showcase to building Gnosis VPN as a user-focused product and pushing the boundaries of a fundamental privacy technology enabled by Gnosis and HOPR. We are proposing the next stage of Gnosis VPN development in proposal 2 which covers moving from a developer-oriented PoC to a user-oriented MVP and on to a market-ready version 1 of the Gnosis VPN product. This work will be driven by the goal of making Gnosis VPN the first truly decentralized, uncensorable and user-friendly VPN.

7 Likes