Next: Developer manual, Previous: Precautions, Up: Top
Announcements about updates and new releases can be found in Reporting bugs.
GoVPN is split into two pieces: client and server. Each of them work on top of UDP and TAP virtual network interfaces. Client and server have several common configuration command line options:
Because of stateless UDP nature there is no way to know if remote peer is dead, but after some timeout. Client and server heartbeats each other every third part of heartbeat. Also this timeout is the time when server purge his obsolete handshake and peers states.
To prevent replay attacks we just remember latest received nonce number from the remote peer and drop those who has lower ones. Because UDP packets can be reordered: that behaviour can lead to dropping of not replayed ones. This option gives ability to create some window of allowable difference. That opens the door for replay attacks for narrow time interval.
Maximum transmission unit, maximum frame size that is acceptable on TAP interface.
Client needs to know his identification, path to the authentication key, remote server’s address, TAP interface name, and optional path to up and down scripts, that will be executed after connection is either initiated or terminated.
Server needs to know only the address to listen on and path to directory
containing peers information. This directory must contain subdirectories
with the names equal to client’s identifications. Each of them must have
key file with corresponding authentication key, up.sh
script that has to print interface’s name on the first output line.
Optionally there can be down.sh
that will be executed when client
disconnects, and name
file containing human readable client’s name.
Each of them have ability to show statistics about known connected
peers. If you specify host:port in -stats
argument, then
it will run HTTP server on it, responding with JSON documents.
• Example usage: |
Next: Developer manual, Previous: Precautions, Up: Top