public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed
* Re: [Govpn-devel] Govpn-devel Digest, Vol 5, Issue 3
[not found] <mailman.1.1442912400.73456.govpn-devel@lists.cypherpunks.ru>
@ 2015-11-24 8:32 ` Gary
2015-11-24 11:05 ` [Govpn-devel] VPS configuration stargrave
0 siblings, 1 reply; 2+ messages in thread
From: Gary @ 2015-11-24 8:32 UTC (permalink / raw)
To: govpn-devel
[-- Attachment #1: Type: text/plain, Size: 6013 bytes --]
HI,
Thanks a lot! But how to configure it on VPS?
And I still cannot understand very much for building up.sh script.
thanks a lot for help!
2015-09-22 17:00 GMT+08:00 <govpn-devel-request@lists•cypherpunks.ru>:
> Send Govpn-devel mailing list submissions to
> govpn-devel@lists.cypherpunks.ru
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel
> or, via email, send a message with subject or body 'help' to
> govpn-devel-request@lists•cypherpunks.ru
>
> You can reach the person managing the list at
> govpn-devel-owner@lists•cypherpunks.ru
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Govpn-devel digest..."
>
>
> Today's Topics:
>
> 1. Re: How to install and config govpn on server & client?
> (stargrave@stargrave•org)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 21 Sep 2015 12:04:28 +0300
> From: stargrave@stargrave•org
> To: govpn-devel@lists.cypherpunks.ru
> Subject: Re: [Govpn-devel] How to install and config govpn on server &
> client?
> Message-ID: <20150921090428.GA7282@stargrave•org>
> Content-Type: text/plain; charset="us-ascii"
>
> Greetings!
>
> >How to install and config govpn on server & client? I need details info
> >about that.
>
> I hope that example here: http://www.cypherpunks.ru/govpn/Example.html
> should help.
>
> Initially you must generate client's identity and password verifier. I
> recommend to use trivial script newclient.sh that comes in distribution:
>
> client% ./utils/newclient.sh Mylove
> Enter passphrase:[hello world]
> Your id is: 35180231a9532325f24d37352a044dd7
>
> Place the following JSON configuration entry on the server's side:
>
> "35180231a9532325f24d37352a044dd7": {
> "name": "Mylove",
> "up": "/path/to/up.sh",
> "verifier":
> "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
> }
>
> Verifier was generated with:
>
> ./utils/storekey.sh /tmp/passphrase
> govpn-verifier -id 35180231a9532325f24d37352a044dd7 -key
> /tmp/passphrase
>
> Create up.sh script that will output on the first line TAP interface
> name that must be used for the peer. For example:
>
> % umask 077
> % ed /path/to/up.sh
> a
> #!/bin/sh
> echo tap0
> .
> wq
> 20
> % chmod +x /path/to/up.sh
>
> Then you must add this JSON entry in peers.json (default filename for
> server configuration) on the server side:
>
> server% cat > peers.json <<EOF
> {
> "35180231a9532325f24d37352a044dd7": {
> "name": "Mylove",
> "up": "/home/stargrave/mylove-up.sh",
> "verifier":
> "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
> }
> }
> EOF
>
> And prepare you network with creating of up-script. For example I assume
> that tap2 network interface is dedicated to that peer. Create it with
> native operating system utilities. For example (under FreeBSD):
>
> server# ifconfig tap2 create
> server# ifconfig tap2 inet 10.10.10.1/24 mtu 1412 up
> server# chown stargrave /dev/tap2
> server% umask 077
> server% cat > /home/stargrave/mylove-up.sh <EOF
> #!/bin/sh -e
> echo tap2
> echo "Mylove is connected" | mailx -s "Connection event"
> root@stargrave•org
> EOF
> server% chmod +x /home/stargrave/mylove-up.sh
>
> up-script must print TAP interface name that on the first line (others
> are ignored). You may even create it inside that script.
>
> Then you can start server up. I use that command:
>
> % ./govpn-server -bind :1193 -stats '[::1]:5678' -proto all
>
> My server is already up. If I changed JSON file, then it will once a
> minute refresh it and add appeared peers:
>
> 2015/09/21 11:55:49.134609 identify.go:83: Adding key
> 35180231a9532325f24d37352a044dd7
>
> Server is ready. You can run your client. At first you have to save you
> passphrase in some temporary file:
>
> client% umask 077
> client% ./utils/storekey.sh /tmp/mypassphrase
> Enter passphrase:[hello world]
>
> create TAP interface on the client's side:
>
> client# ifconfig tap0 create
> server# ifconfig tap0 inet 10.10.10.2/24 mtu 1412 up
> server# chown stargrave /dev/tap0
>
> For example I call rtsol utility to receive IPv6 address solicitation,
> so I will create up-script that will take interface name as a first
> argument and run this utility:
>
> client% cat > /tmp/up.sh <<EOF
> #!/bin/sh
> /sbin/rtsol $1
> EOF
> clien% chmod +x /tmp/up.sh
>
> and run client itself:
>
> client% govpn-client -iface tap0 -id 35180231a9532325f24d37352a044dd7
> -key /tmp/mypassphrase -remote X.X.X.X:1193 -up /tmp/up.sh
> 2015/09/21 12:01:49.888625 identify.go:83: Adding key
> 35180231a9532325f24d37352a044dd7
> 2015/09/21 12:01:49.888838 main.go:86: GoVPN version 4.0 built with
> go1.5.1
> 2015/09/21 12:01:49.889063 main.go:93: Max MTU on TAP interface: 1412
> 2015/09/21 12:01:49.889513 udp.go:39: Connected to UDP:X.X.X.X:1193
> 2015/09/21 12:01:49.900517 udp.go:89: Handshake completed
>
> --
> Happy hacking, Sergey Matveev
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 801 bytes
> Desc: not available
> URL: <
> http://lists.cypherpunks.ru/pipermail/govpn-devel/attachments/20150921/293f7ca2/attachment-0001.bin
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Govpn-devel mailing list
> Govpn-devel@lists•cypherpunks.ru
> http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel
>
>
> ------------------------------
>
> End of Govpn-devel Digest, Vol 5, Issue 3
> *****************************************
>
[-- Attachment #2: Type: text/html, Size: 8438 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Govpn-devel] VPS configuration
2015-11-24 8:32 ` [Govpn-devel] Govpn-devel Digest, Vol 5, Issue 3 Gary
@ 2015-11-24 11:05 ` stargrave
0 siblings, 0 replies; 2+ messages in thread
From: stargrave @ 2015-11-24 11:05 UTC (permalink / raw)
To: govpn-devel
[-- Attachment #1: Type: text/plain, Size: 707 bytes --]
*** Gary <kingtopest9000@gmail•com> [2015-11-24 11:33]:
>HI,
>Thanks a lot! But how to configure it on VPS?
>And I still cannot understand very much for building up.sh script.
GoVPN waits from up.sh only the name of the TAP interface: it will open
it and use. GoVPN daemon itself does not create TAP interfaces and does
not do any network configuration. So all network configuration is on the
administrator. If you need only single tunnel with static IP addresses,
then create it (TAP interface), configure and GoVPN needs to know only
it's name, that it retrieves from up.sh, that will be something like
that in that case:
#!/bin/sh
echo tap0
--
Happy hacking, Sergey Matveev
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-24 11:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <mailman.1.1442912400.73456.govpn-devel@lists.cypherpunks.ru>
2015-11-24 8:32 ` [Govpn-devel] Govpn-devel Digest, Vol 5, Issue 3 Gary
2015-11-24 11:05 ` [Govpn-devel] VPS configuration stargrave