Next: , Previous: , Up: Top  


User manual

GoVPN is split into two pieces: client and server. Each of them work on top of UDP and TAP virtual network interfaces. Client and server have several common configuration command line options:

Timeout

Because of stateless UDP nature there is no way to know if remote peer is dead, but after some timeout. Client and server heartbeats each other every third part of heartbeat. Also this timeout is the time when server purge his obsolete handshake and peers states.

Allowable nonce difference

To prevent replay attacks we just remembers latest received nonce number from the remote peer and drops those who has lower ones. Because UDP packets can be reordered during: that behaviour can lead to dropping of not replayed ones. This options gives ability to create some window of allows difference. That opens the door for replay attacks for narrow time interval.

MTU

Maximum transmission unit.

Client needs to know his identification, path to the authentication key, remote server’s address, TAP interface name, and optional path to up and down scripts, that will be executed after connection is either initiated or terminated.

Server needs to know only the address to listen on and path to directory containing peers information. This directory must contain subdirectories with the names equal to client’s identifications. Each of them must have key file with corresponding authentication key, up.sh script that has to print interface’s name on the first line and optional down.sh.