Up: User manual  


Example usage

Let’s assume that there is some insecure link between your computer and WiFi-reachable gateway. You have got preconfigured wlan0 network interface with 192.168.0/24 network. You want to create virtual encrypted and authenticated 172.16.0/24 network and use it as a default transport. MTU for that wlan0 is 1500 bytes. GoVPN will say that maximum MTU for the link is 1476, however it does not take in account TAP’s Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).

GNU/Linux IPv4 client-server example:

server% mkdir -p peers/CLIENTID
server% umask 066
server% echo MYLONG64HEXKEY > peers/CLIENTID/key
server% echo "#!/bin/sh" > peers/CLIENTID/up.sh
server% echo "echo tap10" > peers/CLIENTID/up.sh
server% chmod 500 peers/CLIENTID/up.sh
server% ip addr add 192.168.0.1/24 dev wlan0
server% tunctl -t tap10
server% ip link set mtu 1462 dev tap10
server% ip addr add 172.16.0.1/24 dev tap10
server% ip link set up dev tap10
server% govpn -bind 192.168.0.1:1194
client% umask 066
client% echo MYLONG64HEXKEY > key.txt
client% ip addr add 192.168.0.2/24 dev wlan0
client% tunctl -t tap10
client% ip link set mtu 1462 dev tap10
client% ip addr add 172.16.0.2/24 dev tap10
client% ip link set up dev tap10
client% ip route add default via 172.16.0.1
client% while :; do
    govpn -key key.txt -id CLIENTID -iface tap10 -remote 192.168.0.1:1194
done

FreeBSD IPv6 client-server example:

server% mkdir -p peers/CLIENTID
server% umask 066
server% echo MYLONG64HEXKEY > peers/CLIENTID/key
server% echo "#!/bin/sh" > 
server% cat > peers/CLIENTID/up.sh <<EOF
#!/bin/sh
$tap=$(ifconfig tap create)
ifconfig $tap inet6 fc00::1/96 mtu 1462 up
echo $tap
EOF
server% chmod 500 peers/CLIENTID/up.sh
server% ifconfig em0 inet6 fe80::1/64
server% govpn -bind fe80::1%em0
client% ifconfig me0 inet6 -ifdisabled auto_linklocal
client% ifconfig tap10
client% ifconfig tap10 inet6 fc00::2/96 mtu 1462 up
client% route -6 add default fc00::1
client% while :; do
    govpn -key key.txt -id CLIENTID -iface tap10 -remote [fe80::1%me0]:1194
done

Example up-script:

client% cat > up.sh <<EOF
#!/bin/sh
dhclient $1
rtsol $1
EOF
client% chmod +x up.sh
client% govpn -id CLIENTID -key key.txt -iface tap10 -remote [fe80::1%me0]:1194 -up ./up.sh

Client will exit if won’t finish handshake during -timeout. If no packets are received from remote side during timeout, then daemon will stop sending packets to the client and client will exit. In all cases you have to rehandshake again.


Up: User manual