public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed
From: stargrave@stargrave•org
To: berber.it@gmail•com
Cc: govpn-devel@lists.cypherpunks.ru
Subject: Re: [Govpn-devel] build from last tarball
Date: Wed, 20 Jan 2016 10:53:59 +0300 [thread overview]
Message-ID: <20160120075359.GlKcmAP4s%stargrave@stargrave.org> (raw)
In-Reply-To: <CAKw30nozuWLqd9fUmbsO78tBOh2pzFgSrRSBWS6yg-cFAFZTDA@mail.gmail.com>
Greetings!
*** Alan Holt <berber.it@gmail•com> [Wed, 20 Jan 2016 00:58:49 +0200]:
>root@alan-XPS:~/govpn-5.2# ./utils/newclient.sh alan
>Your client verifier is: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg
>Place the following YAML configuration entry on the server's side:
>
> alan:
> up: /path/to/up.sh
> iface: or TAP interface name
> verifier: Passphrase:
>$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U
Damn it, I found bug here. When you start newclient.sh, it starts
govpn-verifier that prints "Passphrase:" and waits when you enter it.
But because of output buffering you will see "Passphrase:" line later,
included in the output of an example YAML file. I will fix it. In your
case example YAML will be:
alan:
up: /path/to/up.sh
iface: or TAP interface name
verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U
>*Should I change iface option here to my virtual interface tap10? *
GoVPN can not create interfaces itself. Either you have to create it
manually and tell GoVPN what already existing interface it should use
(by specifying "iface"), or you have to print in the first output line
interface name when executing up.sh. Up.sh is an optional thing: it is
just a hook that will be executed when the peer connects. At least
either one of "iface", or "up" must be specified. If "iface" is
specified, then "up" is optional.
As I can see, you manually created tap10 interface and configured
network addresses on it, so up.sh script may be omitted and only iface
specified:
alan:
iface: tap10
verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U
(only 3 lines).
>*What should I put in (*up: /path/to/up.sh*): ? *
If you have preconfigured network interface and do not execute any
hooks/commands after the peer is connected, then you may forget about
up.sh at all.
>*Am I do right? *
Yeah. Except maybe invalid YAML with those "Passphrase:" (it is my
fault). "verifier" key contains "$argon2..." string only.
>*And how should I star client? *
Something like this:
govpn-client \
-verifier '$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg' \
-remote 192.168.0.103:1194 \
-iface tap10
I assume that you have got preconfigured tap10 interface on the client
too. If you do not specify -key, then you will be asked about passphrase
to enter it manually when govpn-client starts.
--
Happy hacking, Sergey Matveev
next prev parent reply other threads:[~2016-01-20 7:54 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-13 7:59 [Govpn-devel] build from last tarball Alan Holt
2015-05-13 8:47 ` stargrave
2015-05-13 9:00 ` Alan Holt
2015-05-13 9:36 ` stargrave
2015-05-13 10:01 ` Alan Holt
2015-05-13 10:14 ` stargrave
2015-05-13 10:52 ` Alan Holt
2015-05-13 11:41 ` stargrave
2015-05-13 13:31 ` Alan Holt
2015-05-13 13:47 ` Alan Holt
2015-05-13 14:09 ` stargrave
2015-05-13 14:55 ` Alan Holt
2015-05-13 16:52 ` stargrave
2015-05-14 8:30 ` Alan Holt
2015-05-14 9:22 ` Alan Holt
2015-05-14 12:34 ` stargrave
2015-05-14 13:25 ` stargrave
2015-05-14 13:32 ` Alan Holt
2015-05-14 14:11 ` stargrave
2016-01-19 19:04 ` Alan Holt
2016-01-19 22:08 ` stargrave
2016-01-19 22:58 ` Alan Holt
2016-01-20 7:53 ` stargrave [this message]
2016-01-21 9:43 ` stargrave
2016-01-28 10:26 ` Alan Holt
2016-01-28 10:46 ` stargrave
2016-01-28 13:39 ` Alan Holt
2016-01-28 14:20 ` stargrave
2015-05-13 14:06 ` stargrave