Send Govpn-devel mailing list submissions to
govpn-devel@lists.cypherpunks.ru
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel
or, via email, send a message with subject or body 'help' to
govpn-devel-request@lists.cypherpunks.ru
You can reach the person managing the list at
govpn-devel-owner@lists.cypherpunks.ru
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Govpn-devel digest..."
Today's Topics:
1. Re: How to install and config govpn on server & client?
(stargrave@stargrave.org)
----------------------------------------------------------------------
Message: 1
Date: Mon, 21 Sep 2015 12:04:28 +0300
From: stargrave@stargrave.org
To: govpn-devel@lists.cypherpunks.ru
Subject: Re: [Govpn-devel] How to install and config govpn on server &
client?
Message-ID: <20150921090428.GA7282@stargrave.org>
Content-Type: text/plain; charset="us-ascii"
Greetings!
>How to install and config govpn on server & client? I need details info
>about that.
I hope that example here: http://www.cypherpunks.ru/govpn/Example.html
should help.
Initially you must generate client's identity and password verifier. I
recommend to use trivial script newclient.sh that comes in distribution:
client% ./utils/newclient.sh Mylove
Enter passphrase:[hello world]
Your id is: 35180231a9532325f24d37352a044dd7
Place the following JSON configuration entry on the server's side:
"35180231a9532325f24d37352a044dd7": {
"name": "Mylove",
"up": "/path/to/up.sh",
"verifier": "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
}
Verifier was generated with:
./utils/storekey.sh /tmp/passphrase
govpn-verifier -id 35180231a9532325f24d37352a044dd7 -key /tmp/passphrase
Create up.sh script that will output on the first line TAP interface
name that must be used for the peer. For example:
% umask 077
% ed /path/to/up.sh
a
#!/bin/sh
echo tap0
.
wq
20
% chmod +x /path/to/up.sh
Then you must add this JSON entry in peers.json (default filename for
server configuration) on the server side:
server% cat > peers.json <<EOF
{
"35180231a9532325f24d37352a044dd7": {
"name": "Mylove",
"up": "/home/stargrave/mylove-up.sh",
"verifier": "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
}
}
EOF
And prepare you network with creating of up-script. For example I assume
that tap2 network interface is dedicated to that peer. Create it with
native operating system utilities. For example (under FreeBSD):
server# ifconfig tap2 create
server# ifconfig tap2 inet 10.10.10.1/24 mtu 1412 up
server# chown stargrave /dev/tap2
server% umask 077
server% cat > /home/stargrave/mylove-up.sh <EOF
#!/bin/sh -e
echo tap2
echo "Mylove is connected" | mailx -s "Connection event" root@stargrave.org
EOF
server% chmod +x /home/stargrave/mylove-up.sh
up-script must print TAP interface name that on the first line (others
are ignored). You may even create it inside that script.
Then you can start server up. I use that command:
% ./govpn-server -bind :1193 -stats '[::1]:5678' -proto all
My server is already up. If I changed JSON file, then it will once a
minute refresh it and add appeared peers:
2015/09/21 11:55:49.134609 identify.go:83: Adding key 35180231a9532325f24d37352a044dd7
Server is ready. You can run your client. At first you have to save you
passphrase in some temporary file:
client% umask 077
client% ./utils/storekey.sh /tmp/mypassphrase
Enter passphrase:[hello world]
create TAP interface on the client's side:
client# ifconfig tap0 create
server# ifconfig tap0 inet 10.10.10.2/24 mtu 1412 up
server# chown stargrave /dev/tap0
For example I call rtsol utility to receive IPv6 address solicitation,
so I will create up-script that will take interface name as a first
argument and run this utility:
client% cat > /tmp/up.sh <<EOF
#!/bin/sh
/sbin/rtsol $1
EOF
clien% chmod +x /tmp/up.sh
and run client itself:
client% govpn-client -iface tap0 -id 35180231a9532325f24d37352a044dd7 -key /tmp/mypassphrase -remote X.X.X.X:1193 -up /tmp/up.sh
2015/09/21 12:01:49.888625 identify.go:83: Adding key 35180231a9532325f24d37352a044dd7
2015/09/21 12:01:49.888838 main.go:86: GoVPN version 4.0 built with go1.5.1
2015/09/21 12:01:49.889063 main.go:93: Max MTU on TAP interface: 1412
2015/09/21 12:01:49.889513 udp.go:39: Connected to UDP:X.X.X.X:1193
2015/09/21 12:01:49.900517 udp.go:89: Handshake completed
--
Happy hacking, Sergey Matveev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.cypherpunks.ru/pipermail/govpn-devel/attachments/20150921/293f7ca2/attachment-0001.bin>
------------------------------
Subject: Digest Footer
_______________________________________________
Govpn-devel mailing list
Govpn-devel@lists.cypherpunks.ru
http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel
------------------------------
End of Govpn-devel Digest, Vol 5, Issue 3
*****************************************