Up: User manual
Let’s assume that there is some insecure link between your computer and
WiFi-reachable gateway. You have got preconfigured wlan0
network
interface with 192.168.0/24 network. You want to create virtual
encrypted and authenticated 172.16.0/24 network and use it as a default
transport. MTU for that wlan0 is 1500 bytes. GoVPN will say that maximum
MTU for the link is 1476, however it does not take in account TAP’s
Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).
Do not forget about setting GOMAXPROC
environment variable for
using more than one CPU.
At first you have to generate client’s authentication key and client’s
unique identification. There is utils/newclient.sh
script for
convenience.
% ./utils/newclient.sh Alice 9b40701bdaf522f2b291cb039490312
9b40701bdaf522f2b291cb039490312
is client’s identification.
peers/9b40701bdaf522f2b291cb039490312/name
contains Alice,
peers/9b40701bdaf522f2b291cb039490312/key
contains authentication key and
peers/9b40701bdaf522f2b291cb039490312/up.sh
contains currently
dummy empty up-script.
GNU/Linux IPv4 client-server example:
server% echo "echo tap10" >> peers/CLIENTID/up.sh server% ip addr add 192.168.0.1/24 dev wlan0 server% tunctl -t tap10 server% ip link set mtu 1462 dev tap10 server% ip addr add 172.16.0.1/24 dev tap10 server% ip link set up dev tap10 server% GOMAXPROC=4 govpn-server -bind 192.168.0.1:1194
client% umask 066 client% echo MYLONG64HEXKEY > key.txt client% ip addr add 192.168.0.2/24 dev wlan0 client% tunctl -t tap10 client% ip link set mtu 1462 dev tap10 client% ip addr add 172.16.0.2/24 dev tap10 client% ip link set up dev tap10 client% ip route add default via 172.16.0.1 client% export GOMAXPROC=4 client% while :; do govpn-client -key key.txt -id CLIENTID -iface tap10 -remote 192.168.0.1:1194 done
FreeBSD IPv6 client-server example, with stats enabled on the server (localhost’s 5678 port):
server% cat > peers/CLIENTID/up.sh <<EOF #!/bin/sh $tap=$(ifconfig tap create) ifconfig $tap inet6 fc00::1/96 mtu 1462 up echo $tap EOF server% ifconfig em0 inet6 fe80::1/64 server% GOMAXPROC=4 govpn-server -bind fe80::1%em0 -stats [::1]:5678
client% ifconfig me0 inet6 -ifdisabled auto_linklocal client% ifconfig tap10 client% ifconfig tap10 inet6 fc00::2/96 mtu 1462 up client% route -6 add default fc00::1 client% export GOMAXPROC=4 client% while :; do govpn-client -key key.txt -id CLIENTID -iface tap10 -remote [fe80::1%me0]:1194 done
Example up-script:
client% cat > up.sh <<EOF #!/bin/sh dhclient $1 rtsol $1 EOF client% chmod +x up.sh client% govpn -id CLIENTID -key key.txt -iface tap10 -remote [fe80::1%me0]:1194 -up ./up.sh
Client will exit if won’t finish handshake during -timeout
.
If no packets are received from remote side during timeout, then daemon
will stop sending packets to the client and client will exit. In all
cases you have to rehandshake again.
Up: User manual