Up: User manual
Let’s assume that there is some insecure link between your computer and
WiFi-reachable gateway. You have got preconfigured wlan0
network
interface with 192.168.0/24 network. You want to create virtual
encrypted and authenticated 172.16.0/24 network and use it as a default
transport. MTU for that wlan0 is 1500 bytes. GoVPN will say that maximum
MTU for the link is 1476, however it does not take in account TAP’s
Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).
GNU/Linux IPv4 client-server example:
server% mkdir -p peers/CLIENTID server% umask 066 server% echo MYLONG64HEXKEY > peers/CLIENTID/key server% echo "#!/bin/sh" > peers/CLIENTID/up.sh server% echo "echo tap10" > peers/CLIENTID/up.sh server% chmod 500 peers/CLIENTID/up.sh server% ip addr add 192.168.0.1/24 dev wlan0 server% tunctl -t tap10 server% ip link set mtu 1462 dev tap10 server% ip addr add 172.16.0.1/24 dev tap10 server% ip link set up dev tap10 server% govpn -bind 192.168.0.1:1194
client% umask 066 client% echo MYLONG64HEXKEY > key.txt client% ip addr add 192.168.0.2/24 dev wlan0 client% tunctl -t tap10 client% ip link set mtu 1462 dev tap10 client% ip addr add 172.16.0.2/24 dev tap10 client% ip link set up dev tap10 client% ip route add default via 172.16.0.1 client% while :; do govpn -key key.txt -id CLIENTID -iface tap10 -remote 192.168.0.1:1194 done
FreeBSD IPv6 client-server example:
server% mkdir -p peers/CLIENTID server% umask 066 server% echo MYLONG64HEXKEY > peers/CLIENTID/key server% echo "#!/bin/sh" > server% cat > peers/CLIENTID/up.sh <<EOF #!/bin/sh $tap=$(ifconfig tap create) ifconfig $tap inet6 fc00::1/96 mtu 1462 up echo $tap EOF server% chmod 500 peers/CLIENTID/up.sh server% ifconfig em0 inet6 fe80::1/64 server% govpn -bind fe80::1%em0
client% ifconfig me0 inet6 -ifdisabled auto_linklocal client% ifconfig tap10 client% ifconfig tap10 inet6 fc00::2/96 mtu 1462 up client% route -6 add default fc00::1 client% while :; do govpn -key key.txt -id CLIENTID -iface tap10 -remote [fe80::1%me0]:1194 done
Example up-script:
client% cat > up.sh <<EOF #!/bin/sh dhclient $1 rtsol $1 EOF client% chmod +x up.sh client% govpn -id CLIENTID -key key.txt -iface tap10 -remote [fe80::1%me0]:1194 -up ./up.sh
Client will exit if won’t finish handshake during -timeout
.
If no packets are received from remote side during timeout, then daemon
will stop sending packets to the client and client will exit. In all
cases you have to rehandshake again.
Up: User manual