Previous: Server part, Up: User manual
Let’s assume that there is some insecure link between your computer and WiFi-reachable gateway.
wlan0
NIC with 192.168.0/24 network on it.
wlan0
MTU is 1500, 20 bytes overhead per IPv4. So MTU for
GoVPN is 1500 - 20 - 8 = 1472.
Install. At first you must install this software: download, check the signature, compile.
Do not forget about setting GOMAXPROC
environment variable for
using more than one CPU on both sides:
% export GOMAXPROC=4
Prepare the server. Create the new client, named (for example) "Alice":
% ./utils/newclient.sh Alice Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
"6d4ac605ce8dc37c2f0bf21cb542a713" – is the new client’s identity.
Prepare the client. Generate Verifier for known client identity:
% ./utils/storekey.sh /tmp/passphrase Enter passphrase:[my secure passphrase is here] % govpn-verifier -id 6d4ac605ce8dc37c2f0bf21cb542a713 -key /tmp/passphrase 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 % rm /tmp/passphrase
"562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55" – this is verifier itself.
Save verifier on server.
% cat > peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier <<EOF 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 EOF
Prepare network on GNU/Linux IPv4 server:
server% echo "echo tap10" >> peers/6d4ac605ce8dc37c2f0bf21cb542a713/up.sh server% ip addr add 192.168.0.1/24 dev wlan0 server% tunctl -t tap10 server% ip link set mtu 1432 dev tap10 server% ip addr add 172.16.0.1/24 dev tap10 server% ip link set up dev tap10
Run server daemon itself:
server% govpn-server -bind 192.168.0.1:1194 -mtu 1472
Prepare network on GNU/Linux IPv4 client:
client% umask 066 client% utils/storekey.sh key.txt client% ip addr add 192.168.0.2/24 dev wlan0 client% tunctl -t tap10 client% ip link set mtu 1432 dev tap10 client% ip addr add 172.16.0.2/24 dev tap10 client% ip link set up dev tap10 client% ip route add default via 172.16.0.1
Run client daemon itself:
client% govpn-client \ -key key.txt \ -id 6d4ac605ce8dc37c2f0bf21cb542a713 \ -iface tap10 \ -remote 192.168.0.1:1194 \ -mtu 1472
FreeBSD IPv6 similar client-server example:
server% ifconfig em0 inet6 fe80::1/64 server% govpn-server -bind "fe80::1%em0"
client% ifconfig me0 inet6 -ifdisabled auto_linklocal client% ifconfig tap10 client% ifconfig tap10 inet6 fc00::2/96 mtu 1412 up client% route -6 add default fc00::1 client% govpn-client \ -key key.txt \ -id 6d4ac605ce8dc37c2f0bf21cb542a713 \ -iface tap10 \ -remote "[fe80::1%me0]":1194
Previous: Server part, Up: User manual