From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by stargrave.org (Postfix, from userid 66) id 4B41E1399B; Wed, 20 Jan 2016 10:54:14 +0300 (MSK) Received: by mail.stargrave.org (Postfix, from userid 1001) id EBE5A77B6; Wed, 20 Jan 2016 10:53:59 +0300 (MSK) Date: Wed, 20 Jan 2016 10:53:59 +0300 From: stargrave@stargrave.org To: berber.it@gmail.com Message-ID: <20160120075359.GlKcmAP4s%stargrave@stargrave.org> References: <20150513114140.GB8522@stargrave.org> <20150513140925.GB17870@stargrave.org> <20150513165227.GA24372@stargrave.org> <20150514132532.GA8258@stargrave.org> <20150514141142.GA25284@stargrave.org> <20160119220857.EW83YOAs6%stargrave@stargrave.org> In-Reply-To: Mail-Followup-To: govpn-devel@lists.cypherpunks.ru, berber.it@gmail.com User-Agent: s-nail v14.8.6 OpenPGP: id=AE1A8109E49857EF; url=http://www.stargrave.org/pubkey.txt Cc: govpn-devel@lists.cypherpunks.ru Subject: Re: [Govpn-devel] build from last tarball X-BeenThere: govpn-devel@lists.cypherpunks.ru X-Mailman-Version: 2.1.18 Precedence: list List-Id: "GoVPN announcements, patches, questions and bug reports" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2016 07:54:14 -0000 Greetings! *** Alan Holt [Wed, 20 Jan 2016 00:58:49 +0200]: >root@alan-XPS:~/govpn-5.2# ./utils/newclient.sh alan >Your client verifier is: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg >Place the following YAML configuration entry on the server's side: > > alan: > up: /path/to/up.sh > iface: or TAP interface name > verifier: Passphrase: >$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U Damn it, I found bug here. When you start newclient.sh, it starts govpn-verifier that prints "Passphrase:" and waits when you enter it. But because of output buffering you will see "Passphrase:" line later, included in the output of an example YAML file. I will fix it. In your case example YAML will be: alan: up: /path/to/up.sh iface: or TAP interface name verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U >*Should I change iface option here to my virtual interface tap10? * GoVPN can not create interfaces itself. Either you have to create it manually and tell GoVPN what already existing interface it should use (by specifying "iface"), or you have to print in the first output line interface name when executing up.sh. Up.sh is an optional thing: it is just a hook that will be executed when the peer connects. At least either one of "iface", or "up" must be specified. If "iface" is specified, then "up" is optional. As I can see, you manually created tap10 interface and configured network addresses on it, so up.sh script may be omitted and only iface specified: alan: iface: tap10 verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U (only 3 lines). >*What should I put in (*up: /path/to/up.sh*): ? * If you have preconfigured network interface and do not execute any hooks/commands after the peer is connected, then you may forget about up.sh at all. >*Am I do right? * Yeah. Except maybe invalid YAML with those "Passphrase:" (it is my fault). "verifier" key contains "$argon2..." string only. >*And how should I star client? * Something like this: govpn-client \ -verifier '$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg' \ -remote 192.168.0.103:1194 \ -iface tap10 I assume that you have got preconfigured tap10 interface on the client too. If you do not specify -key, then you will be asked about passphrase to enter it manually when govpn-client starts. -- Happy hacking, Sergey Matveev