Next: , Previous: , Up: Top  


User manual

Announcements about updates and new releases can be found in Reporting bugs.

GoVPN is split into two pieces: client and server. Each of them work on top of UDP and TAP virtual network interfaces. Client and server have several common configuration command line options:

Timeout

Because of stateless UDP nature there is no way to know if remote peer is dead, but after some timeout. Client and server heartbeats each other every third part of heartbeat. Also this timeout is the time when server purge his obsolete handshake and peers states.

Allowable nonce difference

To prevent replay attacks we just remember latest received nonce number from the remote peer and drop those who has lower ones. Because UDP packets can be reordered: that behaviour can lead to dropping of not replayed ones. This option gives ability to create some window of allowable difference. That opens the door for replay attacks for narrow time interval.

MTU

Maximum transmission unit, maximum frame size that is acceptable on TAP interface.

Client needs to know his identification, path to the authentication key, remote server’s address, TAP interface name, and optional path to up and down scripts, that will be executed after connection is either initiated or terminated.

Server needs to know only the address to listen on and path to directory containing peers information. This directory must contain subdirectories with the names equal to client’s identifications. Each of them must have key file with corresponding authentication key, up.sh script that has to print interface’s name on the first output line. Optionally there can be down.sh that will be executed when client disconnects, and name file containing human readable client’s name.

Each of them have ability to show statistics about known connected peers. If you specify host:port in -stats argument, then it will run HTTP server on it, responding with JSON documents.


Next: , Previous: , Up: Top