From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yk0-x235.google.com (mail-yk0-x235.google.com [IPv6:2607:f8b0:4002:c07::235]) by stargrave.org (Postfix) with ESMTPS id 8D4D0139FC for ; Tue, 24 Nov 2015 11:32:13 +0300 (MSK) Received: by ykdr82 with SMTP id r82so10694556ykd.3 for ; Tue, 24 Nov 2015 00:32:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Zmyg7qc0iOpLCMfgwtS2+S1oegnT2NrPFtIO8bJe2es=; b=ay9yKDfKhWuxFFuEcUdsSxPNj/ISOUULhQJSVfx1S8rFnbpC3nDgSD91ZDZmKSpRIA WtY+Ce7bIiRPwitv+jpQh5BMlq8Ww/9fh9ePP0OBp7piszFnwhhWg57DbOiDcds0yJka 9P09c2+Rgj26eaUfJWnV2Edz/KMaD45/qaHFF8lH7Z8umWKx4I0T9rbU+9kiRZaSwyhU Z19BqwPHo70mu9TGSAugrAORIgpNM9RCnW5mFPJDhQkf3eaCk+rVOSl9DooIvtUeMDXd 6aTppR6fUVUoFupqAolFAUMUVYSJYLU601RufQPSQlLh9V5npaFqD0se/DgpwFF86RnU jMmw== MIME-Version: 1.0 X-Received: by 10.129.87.131 with SMTP id l125mr21266297ywb.251.1448353929780; Tue, 24 Nov 2015 00:32:09 -0800 (PST) Received: by 10.129.153.213 with HTTP; Tue, 24 Nov 2015 00:32:09 -0800 (PST) In-Reply-To: References: Date: Tue, 24 Nov 2015 16:32:09 +0800 Message-ID: From: Gary To: govpn-devel@lists.cypherpunks.ru Content-Type: multipart/alternative; boundary=001a114584107e68de0525452df4 Subject: Re: [Govpn-devel] Govpn-devel Digest, Vol 5, Issue 3 X-BeenThere: govpn-devel@lists.cypherpunks.ru X-Mailman-Version: 2.1.18 Precedence: list List-Id: "GoVPN announcements, patches, questions and bug reports" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 08:32:14 -0000 --001a114584107e68de0525452df4 Content-Type: text/plain; charset=UTF-8 HI, Thanks a lot! But how to configure it on VPS? And I still cannot understand very much for building up.sh script. thanks a lot for help! 2015-09-22 17:00 GMT+08:00 : > Send Govpn-devel mailing list submissions to > govpn-devel@lists.cypherpunks.ru > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel > or, via email, send a message with subject or body 'help' to > govpn-devel-request@lists.cypherpunks.ru > > You can reach the person managing the list at > govpn-devel-owner@lists.cypherpunks.ru > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Govpn-devel digest..." > > > Today's Topics: > > 1. Re: How to install and config govpn on server & client? > (stargrave@stargrave.org) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 21 Sep 2015 12:04:28 +0300 > From: stargrave@stargrave.org > To: govpn-devel@lists.cypherpunks.ru > Subject: Re: [Govpn-devel] How to install and config govpn on server & > client? > Message-ID: <20150921090428.GA7282@stargrave.org> > Content-Type: text/plain; charset="us-ascii" > > Greetings! > > >How to install and config govpn on server & client? I need details info > >about that. > > I hope that example here: http://www.cypherpunks.ru/govpn/Example.html > should help. > > Initially you must generate client's identity and password verifier. I > recommend to use trivial script newclient.sh that comes in distribution: > > client% ./utils/newclient.sh Mylove > Enter passphrase:[hello world] > Your id is: 35180231a9532325f24d37352a044dd7 > > Place the following JSON configuration entry on the server's side: > > "35180231a9532325f24d37352a044dd7": { > "name": "Mylove", > "up": "/path/to/up.sh", > "verifier": > "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390" > } > > Verifier was generated with: > > ./utils/storekey.sh /tmp/passphrase > govpn-verifier -id 35180231a9532325f24d37352a044dd7 -key > /tmp/passphrase > > Create up.sh script that will output on the first line TAP interface > name that must be used for the peer. For example: > > % umask 077 > % ed /path/to/up.sh > a > #!/bin/sh > echo tap0 > . > wq > 20 > % chmod +x /path/to/up.sh > > Then you must add this JSON entry in peers.json (default filename for > server configuration) on the server side: > > server% cat > peers.json < { > "35180231a9532325f24d37352a044dd7": { > "name": "Mylove", > "up": "/home/stargrave/mylove-up.sh", > "verifier": > "6f7657776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390" > } > } > EOF > > And prepare you network with creating of up-script. For example I assume > that tap2 network interface is dedicated to that peer. Create it with > native operating system utilities. For example (under FreeBSD): > > server# ifconfig tap2 create > server# ifconfig tap2 inet 10.10.10.1/24 mtu 1412 up > server# chown stargrave /dev/tap2 > server% umask 077 > server% cat > /home/stargrave/mylove-up.sh #!/bin/sh -e > echo tap2 > echo "Mylove is connected" | mailx -s "Connection event" > root@stargrave.org > EOF > server% chmod +x /home/stargrave/mylove-up.sh > > up-script must print TAP interface name that on the first line (others > are ignored). You may even create it inside that script. > > Then you can start server up. I use that command: > > % ./govpn-server -bind :1193 -stats '[::1]:5678' -proto all > > My server is already up. If I changed JSON file, then it will once a > minute refresh it and add appeared peers: > > 2015/09/21 11:55:49.134609 identify.go:83: Adding key > 35180231a9532325f24d37352a044dd7 > > Server is ready. You can run your client. At first you have to save you > passphrase in some temporary file: > > client% umask 077 > client% ./utils/storekey.sh /tmp/mypassphrase > Enter passphrase:[hello world] > > create TAP interface on the client's side: > > client# ifconfig tap0 create > server# ifconfig tap0 inet 10.10.10.2/24 mtu 1412 up > server# chown stargrave /dev/tap0 > > For example I call rtsol utility to receive IPv6 address solicitation, > so I will create up-script that will take interface name as a first > argument and run this utility: > > client% cat > /tmp/up.sh < #!/bin/sh > /sbin/rtsol $1 > EOF > clien% chmod +x /tmp/up.sh > > and run client itself: > > client% govpn-client -iface tap0 -id 35180231a9532325f24d37352a044dd7 > -key /tmp/mypassphrase -remote X.X.X.X:1193 -up /tmp/up.sh > 2015/09/21 12:01:49.888625 identify.go:83: Adding key > 35180231a9532325f24d37352a044dd7 > 2015/09/21 12:01:49.888838 main.go:86: GoVPN version 4.0 built with > go1.5.1 > 2015/09/21 12:01:49.889063 main.go:93: Max MTU on TAP interface: 1412 > 2015/09/21 12:01:49.889513 udp.go:39: Connected to UDP:X.X.X.X:1193 > 2015/09/21 12:01:49.900517 udp.go:89: Handshake completed > > -- > Happy hacking, Sergey Matveev > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 801 bytes > Desc: not available > URL: < > http://lists.cypherpunks.ru/pipermail/govpn-devel/attachments/20150921/293f7ca2/attachment-0001.bin > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Govpn-devel mailing list > Govpn-devel@lists.cypherpunks.ru > http://lists.cypherpunks.ru/mailman/listinfo/govpn-devel > > > ------------------------------ > > End of Govpn-devel Digest, Vol 5, Issue 3 > ***************************************** > --001a114584107e68de0525452df4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
HI,
Thanks a lot! But how to configure it on VPS?
And I still cannot understand very much for building up.sh script.


thanks a lot for help!

2015-09-22 17:00 GMT= +08:00 <govpn-devel-request@lists.cypherpunks.ru>:
Send Govpn-devel mailing l= ist submissions to
=C2=A0 =C2=A0 =C2=A0 =C2=A0
govpn-devel@lists.cypherpunks.ru

To subscribe or unsubscribe via the World Wide Web, visit
=C2=A0 =C2=A0 =C2=A0 =C2=A0 http://lists.cyp= herpunks.ru/mailman/listinfo/govpn-devel
or, via email, send a message with subject or body 'help' to
=C2=A0 =C2=A0 =C2=A0 =C2=A0 govpn-devel-request@lists.cypherpunks.ru

You can reach the person managing the list at
=C2=A0 =C2=A0 =C2=A0 =C2=A0 govpn-devel-owner@lists.cypherpunks.ru

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Govpn-devel digest..."


Today's Topics:

=C2=A0 =C2=A01. Re: How to install and config govpn on server &=C2=A0 = =C2=A0client?
=C2=A0 =C2=A0 =C2=A0 (stargrave@= stargrave.org)


----------------------------------------------------------------------

Message: 1
Date: Mon, 21 Sep 2015 12:04:28 +0300
From: stargrave@stargrave.org
To:
govpn-devel@lists.c= ypherpunks.ru
Subject: Re: [Govpn-devel] How to install and config govpn on server &<= br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 client?
Message-ID: <2015= 0921090428.GA7282@stargrave.org>
Content-Type: text/plain; charset=3D"us-ascii"

Greetings!

>How to install and config govpn on server & client?=C2=A0 I need de= tails info
>about that.

I hope that example here: http://www.cypherpunks.ru/govp= n/Example.html
should help.

Initially you must generate client's identity and password verifier. I<= br> recommend to use trivial script newclient.sh that comes in distribution:
=C2=A0 =C2=A0 client% ./utils/newclient.sh Mylove
=C2=A0 =C2=A0 Enter passphrase:[hello world]
=C2=A0 =C2=A0 Your id is: 35180231a9532325f24d37352a044dd7

=C2=A0 =C2=A0 Place the following JSON configuration entry on the server= 9;s side:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 "35180231a9532325f24d37352a044dd7": {=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "name": "Mylove&qu= ot;,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "up": "/path/to/up= .sh",
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "verifier": "6f765= 7776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }

=C2=A0 =C2=A0 Verifier was generated with:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 ./utils/storekey.sh /tmp/passphrase
=C2=A0 =C2=A0 =C2=A0 =C2=A0 govpn-verifier -id 35180231a9532325f24d37352a04= 4dd7 -key /tmp/passphrase

=C2=A0 =C2=A0 Create up.sh script that will output on the first line TAP in= terface
=C2=A0 =C2=A0 name that must be used for the peer. For example:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 % umask 077
=C2=A0 =C2=A0 =C2=A0 =C2=A0 % ed /path/to/up.sh
=C2=A0 =C2=A0 =C2=A0 =C2=A0 a
=C2=A0 =C2=A0 =C2=A0 =C2=A0 #!/bin/sh
=C2=A0 =C2=A0 =C2=A0 =C2=A0 echo tap0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 .
=C2=A0 =C2=A0 =C2=A0 =C2=A0 wq
=C2=A0 =C2=A0 =C2=A0 =C2=A0 20
=C2=A0 =C2=A0 =C2=A0 =C2=A0 % chmod +x /path/to/up.sh

Then you must add this JSON entry in peers.json (default filename for
server configuration) on the server side:

=C2=A0 =C2=A0 server% cat > peers.json <<EOF
=C2=A0 =C2=A0 {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "35180231a9532325f24d37352a044dd7": {=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "name": "Mylove&qu= ot;,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "up": "/home/starg= rave/mylove-up.sh",
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "verifier": "6f765= 7776fcc7ce0128138ad78b7438cd482ef77abf79df41e1b51568aefc390"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2=A0 =C2=A0 }
=C2=A0 =C2=A0 EOF

And prepare you network with creating of up-script. For example I assume that tap2 network interface is dedicated to that peer. Create it with
native operating system utilities. For example (under FreeBSD):

=C2=A0 =C2=A0 server# ifconfig tap2 create
=C2=A0 =C2=A0 server# ifconfig tap2 inet 10.10.10.1/24 mtu 1412 up
=C2=A0 =C2=A0 server# chown stargrave /dev/tap2
=C2=A0 =C2=A0 server% umask 077
=C2=A0 =C2=A0 server% cat > /home/stargrave/mylove-up.sh <EOF
=C2=A0 =C2=A0 #!/bin/sh -e
=C2=A0 =C2=A0 echo tap2
=C2=A0 =C2=A0 echo "Mylove is connected" | mailx -s "Connect= ion event" root@stargrave.org
=C2=A0 =C2=A0 EOF
=C2=A0 =C2=A0 server% chmod +x /home/stargrave/mylove-up.sh

up-script must print TAP interface name that on the first line (others
are ignored). You may even create it inside that script.

Then you can start server up. I use that command:

=C2=A0 =C2=A0 % ./govpn-server -bind :1193 -stats '[::1]:5678' -pro= to all

My server is already up. If I changed JSON file, then it will once a
minute refresh it and add appeared peers:

=C2=A0 =C2=A0 2015/09/21 11:55:49.134609 identify.go:83: Adding key 3518023= 1a9532325f24d37352a044dd7

Server is ready. You can run your client. At first you have to save you
passphrase in some temporary file:

=C2=A0 =C2=A0 client% umask 077
=C2=A0 =C2=A0 client% ./utils/storekey.sh /tmp/mypassphrase
=C2=A0 =C2=A0 Enter passphrase:[hello world]

create TAP interface on the client's side:

=C2=A0 =C2=A0 client# ifconfig tap0 create
=C2=A0 =C2=A0 server# ifconfig tap0 inet
10.10.10.2/24 mtu 1412 up
=C2=A0 =C2=A0 server# chown stargrave /dev/tap0

For example I call rtsol utility to receive IPv6 address solicitation,
so I will create up-script that will take interface name as a first
argument and run this utility:

=C2=A0 =C2=A0 client% cat > /tmp/up.sh <<EOF
=C2=A0 =C2=A0 #!/bin/sh
=C2=A0 =C2=A0 /sbin/rtsol $1
=C2=A0 =C2=A0 EOF
=C2=A0 =C2=A0 clien% chmod +x /tmp/up.sh

and run client itself:

=C2=A0 =C2=A0 client% govpn-client -iface tap0 -id 35180231a9532325f24d3735= 2a044dd7 -key /tmp/mypassphrase -remote X.X.X.X:1193 -up /tmp/up.sh
=C2=A0 =C2=A0 2015/09/21 12:01:49.888625 identify.go:83: Adding key 3518023= 1a9532325f24d37352a044dd7
=C2=A0 =C2=A0 2015/09/21 12:01:49.888838 main.go:86: GoVPN version 4.0 buil= t with go1.5.1
=C2=A0 =C2=A0 2015/09/21 12:01:49.889063 main.go:93: Max MTU on TAP interfa= ce: 1412
=C2=A0 =C2=A0 2015/09/21 12:01:49.889513 udp.go:39: Connected to UDP:X.X.X.= X:1193
=C2=A0 =C2=A0 2015/09/21 12:01:49.900517 udp.go:89: Handshake completed

--
Happy hacking, Sergey Matveev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.cypherpunks.ru/pipermail/govpn-devel/attachments/20150= 921/293f7ca2/attachment-0001.bin>

------------------------------

Subject: Digest Footer

_______________________________________________
Govpn-devel mailing list
Govpn-devel@lists.cyphe= rpunks.ru
http://lists.cypherpunks.ru/mailman/listinfo= /govpn-devel


------------------------------

End of Govpn-devel Digest, Vol 5, Issue 3
*****************************************

--001a114584107e68de0525452df4--