Up: User manual  


Example usage

Let’s assume that there is some insecure link between your computer and WiFi-reachable gateway. You have got preconfigured wlan0 network interface with 192.168.0/24 network. You want to create virtual encrypted and authenticated 172.16.0/24 network and use it as a default transport. MTU for that wlan0 is 1500 bytes. GoVPN will say that maximum MTU for the link is 1476, however it does not take in account TAP’s Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).

Do not forget about setting GOMAXPROC environment variable for using more than one CPU.

At first you have to generate client’s authentication key and client’s unique identification. There is utils/newclient.sh script for convenience.

% ./utils/newclient.sh Alice
9b40701bdaf522f2b291cb039490312

9b40701bdaf522f2b291cb039490312 is client’s identification. peers/9b40701bdaf522f2b291cb039490312/name contains Alice, peers/9b40701bdaf522f2b291cb039490312/key contains authentication key and peers/9b40701bdaf522f2b291cb039490312/up.sh contains currently dummy empty up-script.

GNU/Linux IPv4 client-server example:

server% echo "echo tap10" >> peers/CLIENTID/up.sh
server% ip addr add 192.168.0.1/24 dev wlan0
server% tunctl -t tap10
server% ip link set mtu 1462 dev tap10
server% ip addr add 172.16.0.1/24 dev tap10
server% ip link set up dev tap10
server% GOMAXPROC=4 govpn-server -bind 192.168.0.1:1194
client% umask 066
client% echo MYLONG64HEXKEY > key.txt
client% ip addr add 192.168.0.2/24 dev wlan0
client% tunctl -t tap10
client% ip link set mtu 1462 dev tap10
client% ip addr add 172.16.0.2/24 dev tap10
client% ip link set up dev tap10
client% ip route add default via 172.16.0.1
client% export GOMAXPROC=4
client% while :; do
    govpn-client -key key.txt -id CLIENTID -iface tap10 -remote 192.168.0.1:1194
done

FreeBSD IPv6 client-server example, with stats enabled on the server (localhost’s 5678 port):

server% cat > peers/CLIENTID/up.sh <<EOF
#!/bin/sh
$tap=$(ifconfig tap create)
ifconfig $tap inet6 fc00::1/96 mtu 1462 up
echo $tap
EOF
server% ifconfig em0 inet6 fe80::1/64
server% GOMAXPROC=4 govpn-server -bind fe80::1%em0 -stats [::1]:5678
client% ifconfig me0 inet6 -ifdisabled auto_linklocal
client% ifconfig tap10
client% ifconfig tap10 inet6 fc00::2/96 mtu 1462 up
client% route -6 add default fc00::1
client% export GOMAXPROC=4
client% while :; do
    govpn-client -key key.txt -id CLIENTID -iface tap10 -remote [fe80::1%me0]:1194
done

Example up-script:

client% cat > up.sh <<EOF
#!/bin/sh
dhclient $1
rtsol $1
EOF
client% chmod +x up.sh
client% govpn -id CLIENTID -key key.txt -iface tap10 -remote [fe80::1%me0]:1194 -up ./up.sh

Client will exit if won’t finish handshake during -timeout. If no packets are received from remote side during timeout, then daemon will stop sending packets to the client and client will exit. In all cases you have to rehandshake again.


Up: User manual