HI,
Thanks a lot! But how to configure it on VPS?
And I still cannot understand very much for building up.sh script.


thanks a lot for help!

2015-09-22 17:00 GMT+08:00 <govpn-devel-request@lists.cypherpunks.ru>:
Send Govpn-devel mailing list submissions to
        govpn-devel@lists.cypherpunks.ru

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel
or, via email, send a message with subject or body 'help' to
        govpn-devel-request@lists.cypherpunks.ru

You can reach the person managing the list at
        govpn-devel-owner@lists.cypherpunks.ru

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Govpn-devel digest..."


Today's Topics:

   1. Re: How to install and config govpn on server &   client?
      (stargrave@stargrave.org)


----------------------------------------------------------------------

Message: 1
Date: Mon, 21 Sep 2015 12:04:28 +0300
From: stargrave@stargrave.org
To: govpn-devel@lists.cypherpunks.ru
Subject: Re: [Govpn-devel] How to install and config govpn on server &
        client?
Message-ID: <20150921090428.GA7282@stargrave.org>
Content-Type: text/plain; charset="us-ascii"

Greetings!

>How to install and config govpn on server & client?  I need details info
>about that.

I hope that example here: http://www.cypherpunks.ru/govpn/Example.html
should help.

Initially you must generate client's identity and password verifier. I
recommend to use trivial script newclient.sh that comes in distribution:

    client% ./utils/newclient.sh Mylove
    Enter passphrase:[hello world]
    Your id is: 35180231a9532325f24d37352a044dd7

    Place the following JSON configuration entry on the server's side:

        "35180231a9532325f24d37352a044dd7": {
            "name": "Mylove",
            "up": "/path/to/up.sh",
            "verifier": "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
        }

    Verifier was generated with:

        ./utils/storekey.sh /tmp/passphrase
        govpn-verifier -id 35180231a9532325f24d37352a044dd7 -key /tmp/passphrase

    Create up.sh script that will output on the first line TAP interface
    name that must be used for the peer. For example:

        % umask 077
        % ed /path/to/up.sh
        a
        #!/bin/sh
        echo tap0
        .
        wq
        20
        % chmod +x /path/to/up.sh

Then you must add this JSON entry in peers.json (default filename for
server configuration) on the server side:

    server% cat > peers.json <<EOF
    {
        "35180231a9532325f24d37352a044dd7": {
            "name": "Mylove",
            "up": "/home/stargrave/mylove-up.sh",
            "verifier": "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
        }
    }
    EOF

And prepare you network with creating of up-script. For example I assume
that tap2 network interface is dedicated to that peer. Create it with
native operating system utilities. For example (under FreeBSD):

    server# ifconfig tap2 create
    server# ifconfig tap2 inet 10.10.10.1/24 mtu 1412 up
    server# chown stargrave /dev/tap2
    server% umask 077
    server% cat > /home/stargrave/mylove-up.sh <EOF
    #!/bin/sh -e
    echo tap2
    echo "Mylove is connected" | mailx -s "Connection event" root@stargrave.org
    EOF
    server% chmod +x /home/stargrave/mylove-up.sh

up-script must print TAP interface name that on the first line (others
are ignored). You may even create it inside that script.

Then you can start server up. I use that command:

    % ./govpn-server -bind :1193 -stats '[::1]:5678' -proto all

My server is already up. If I changed JSON file, then it will once a
minute refresh it and add appeared peers:

    2015/09/21 11:55:49.134609 identify.go:83: Adding key 35180231a9532325f24d37352a044dd7

Server is ready. You can run your client. At first you have to save you
passphrase in some temporary file:

    client% umask 077
    client% ./utils/storekey.sh /tmp/mypassphrase
    Enter passphrase:[hello world]

create TAP interface on the client's side:

    client# ifconfig tap0 create
    server# ifconfig tap0 inet 10.10.10.2/24 mtu 1412 up
    server# chown stargrave /dev/tap0

For example I call rtsol utility to receive IPv6 address solicitation,
so I will create up-script that will take interface name as a first
argument and run this utility:

    client% cat > /tmp/up.sh <<EOF
    #!/bin/sh
    /sbin/rtsol $1
    EOF
    clien% chmod +x /tmp/up.sh

and run client itself:

    client% govpn-client -iface tap0 -id 35180231a9532325f24d37352a044dd7 -key /tmp/mypassphrase -remote X.X.X.X:1193 -up /tmp/up.sh
    2015/09/21 12:01:49.888625 identify.go:83: Adding key 35180231a9532325f24d37352a044dd7
    2015/09/21 12:01:49.888838 main.go:86: GoVPN version 4.0 built with go1.5.1
    2015/09/21 12:01:49.889063 main.go:93: Max MTU on TAP interface: 1412
    2015/09/21 12:01:49.889513 udp.go:39: Connected to UDP:X.X.X.X:1193
    2015/09/21 12:01:49.900517 udp.go:89: Handshake completed

--
Happy hacking, Sergey Matveev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.cypherpunks.ru/pipermail/govpn-devel/attachments/20150921/293f7ca2/attachment-0001.bin>

------------------------------

Subject: Digest Footer

_______________________________________________
Govpn-devel mailing list
Govpn-devel@lists.cypherpunks.ru
http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel


------------------------------

End of Govpn-devel Digest, Vol 5, Issue 3
*****************************************