Re: [Govpn-devel] How to install and config govpn on server & client?

public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed

From: stargrave@stargrave•org
To: govpn-devel@lists.cypherpunks.ru
Subject: Re: [Govpn-devel] How to install and config govpn on server & client?
Date: Mon, 21 Sep 2015 12:04:28 +0300	[thread overview]
Message-ID: <20150921090428.GA7282@stargrave.org> (raw)
In-Reply-To: <CAEwfFSjRRExu6RvvMHLu9yiW6kZrFc_634QmDUarLovZWwEw9A@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3969 bytes --]

Greetings!

>How to install and config govpn on server & client?  I need details info
>about that.

I hope that example here: http://www.cypherpunks.ru/govpn/Example.html
should help.

Initially you must generate client's identity and password verifier. I
recommend to use trivial script newclient.sh that comes in distribution:

    client% ./utils/newclient.sh Mylove
    Enter passphrase:[hello world]
    Your id is: 35180231a9532325f24d37352a044dd7

    Place the following JSON configuration entry on the server's side:

        "35180231a9532325f24d37352a044dd7": {
            "name": "Mylove",
            "up": "/path/to/up.sh",
            "verifier": "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
        }

    Verifier was generated with:

        ./utils/storekey.sh /tmp/passphrase
        govpn-verifier -id 35180231a9532325f24d37352a044dd7 -key /tmp/passphrase

    Create up.sh script that will output on the first line TAP interface
    name that must be used for the peer. For example:

        % umask 077
        % ed /path/to/up.sh
        a
        #!/bin/sh
        echo tap0
        .
        wq
        20
        % chmod +x /path/to/up.sh

Then you must add this JSON entry in peers.json (default filename for
server configuration) on the server side:

    server% cat > peers.json <<EOF
    {
        "35180231a9532325f24d37352a044dd7": {
            "name": "Mylove",
            "up": "/home/stargrave/mylove-up.sh",
            "verifier": "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
        }
    }
    EOF

And prepare you network with creating of up-script. For example I assume
that tap2 network interface is dedicated to that peer. Create it with
native operating system utilities. For example (under FreeBSD):

    server# ifconfig tap2 create
    server# ifconfig tap2 inet 10.10.10.1/24 mtu 1412 up
    server# chown stargrave /dev/tap2
    server% umask 077
    server% cat > /home/stargrave/mylove-up.sh <EOF
    #!/bin/sh -e
    echo tap2
    echo "Mylove is connected" | mailx -s "Connection event" root@stargrave•org
    EOF
    server% chmod +x /home/stargrave/mylove-up.sh

up-script must print TAP interface name that on the first line (others
are ignored). You may even create it inside that script.

Then you can start server up. I use that command:

    % ./govpn-server -bind :1193 -stats '[::1]:5678' -proto all

My server is already up. If I changed JSON file, then it will once a
minute refresh it and add appeared peers:

    2015/09/21 11:55:49.134609 identify.go:83: Adding key 35180231a9532325f24d37352a044dd7

Server is ready. You can run your client. At first you have to save you
passphrase in some temporary file:

    client% umask 077
    client% ./utils/storekey.sh /tmp/mypassphrase
    Enter passphrase:[hello world]

create TAP interface on the client's side:

    client# ifconfig tap0 create
    server# ifconfig tap0 inet 10.10.10.2/24 mtu 1412 up
    server# chown stargrave /dev/tap0

For example I call rtsol utility to receive IPv6 address solicitation,
so I will create up-script that will take interface name as a first
argument and run this utility:

    client% cat > /tmp/up.sh <<EOF
    #!/bin/sh
    /sbin/rtsol $1
    EOF
    clien% chmod +x /tmp/up.sh

and run client itself:

    client% govpn-client -iface tap0 -id 35180231a9532325f24d37352a044dd7 -key /tmp/mypassphrase -remote X.X.X.X:1193 -up /tmp/up.sh
    2015/09/21 12:01:49.888625 identify.go:83: Adding key 35180231a9532325f24d37352a044dd7
    2015/09/21 12:01:49.888838 main.go:86: GoVPN version 4.0 built with go1.5.1
    2015/09/21 12:01:49.889063 main.go:93: Max MTU on TAP interface: 1412
    2015/09/21 12:01:49.889513 udp.go:39: Connected to UDP:X.X.X.X:1193
    2015/09/21 12:01:49.900517 udp.go:89: Handshake completed

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

     prev parent reply	other threads:[~2015-09-21  9:06 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-21  8:41 [Govpn-devel] How to install and config govpn on server & client? Mylove
2015-09-21  9:04 ` stargrave [this message]