Previous: , Up: User manual  


Example usage

Let’s assume that there is some insecure link between your computer and WiFi-reachable gateway.

Install. At first you must install this software: download, check the signature, compile.

Do not forget about setting GOMAXPROC environment variable for using more than one CPU on both sides:

% export GOMAXPROC=4

Prepare the server. Create the new client, named (for example) "Alice":

% ./utils/newclient.sh Alice
Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier

"6d4ac605ce8dc37c2f0bf21cb542a713" – is the new client’s identity.

Prepare the client. Generate Verifier for known client identity:

% ./utils/storekey.sh /tmp/passphrase
Enter passphrase:[my secure passphrase is here]
% govpn-verifier -id 6d4ac605ce8dc37c2f0bf21cb542a713 -key /tmp/passphrase
562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55
% rm /tmp/passphrase

"562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55" – this is verifier itself.

Save verifier on server.

% cat > peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier <<EOF
562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55
EOF

Prepare network on GNU/Linux IPv4 server:

server% echo "echo tap10" >> peers/6d4ac605ce8dc37c2f0bf21cb542a713/up.sh
server% ip addr add 192.168.0.1/24 dev wlan0
server% tunctl -t tap10
server% ip link set mtu 1432 dev tap10
server% ip addr add 172.16.0.1/24 dev tap10
server% ip link set up dev tap10

Run server daemon itself:

server% govpn-server -bind 192.168.0.1:1194 -mtu 1472

Prepare network on GNU/Linux IPv4 client:

client% umask 066
client% utils/storekey.sh key.txt
client% ip addr add 192.168.0.2/24 dev wlan0
client% tunctl -t tap10
client% ip link set mtu 1432 dev tap10
client% ip addr add 172.16.0.2/24 dev tap10
client% ip link set up dev tap10
client% ip route add default via 172.16.0.1

Run client daemon itself:

client% govpn-client \
    -key key.txt \
    -id 6d4ac605ce8dc37c2f0bf21cb542a713 \
    -iface tap10 \
    -remote 192.168.0.1:1194 \
    -mtu 1472

FreeBSD IPv6 similar client-server example:

server% ifconfig em0 inet6 fe80::1/64
server% govpn-server -bind "fe80::1%em0"
client% ifconfig me0 inet6 -ifdisabled auto_linklocal
client% ifconfig tap10
client% ifconfig tap10 inet6 fc00::2/96 mtu 1412 up
client% route -6 add default fc00::1
client% govpn-client \
    -key key.txt \
    -id 6d4ac605ce8dc37c2f0bf21cb542a713 \
    -iface tap10 \
    -remote "[fe80::1%me0]":1194

Previous: , Up: User manual