Hello, something pretty wrong for me... *For two clients and one server we do this in peers.yaml:* # cat peers.yaml alex: iface: tap_alan verifier: $argon2d$m=4096,t=128,p=1$ceyJyscDM8vrN/UjS/hH+Q$wbU/uMubJqSLsc1xZ6qNjTENuLLCU8XCWtj8YJ/hGls jack: iface: tap_jack verifier: $argon2d$m=4096,t=128,p=1$BJrUaLgW7/ogiuklIUOg0g$C/OcsEmxEUloibV45m4vY0MCvbNNvttqZmikpcBTivU *We have created 3 interfaces:* *br0*: flags=4099 mtu 1432 inet *172.16.0.5* netmask 255.255.255.255 broadcast 0.0.0.0 inet6 fe80::5414:2ff:fe16:a15b prefixlen 64 scopeid 0x20 ether 56:14:02:16:a1:5b txqueuelen 0 (Ethernet) RX packets 45 bytes 1260 (1.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5 bytes 438 (438.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 *tap_alan*: inet *172.16.0.2* netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::5414:2ff:fe16:a15b prefixlen 64 scopeid 0x20 ether 56:14:02:16:a1:5b txqueuelen 500 (Ethernet) RX packets 45 bytes 1890 (1.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 876 (876.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 *tap_jack*: flags=4099 mtu 1432 inet *172.16.0.1* netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::e86a:55ff:fe96:1fa prefixlen 64 scopeid 0x20 ether ea:6a:55:96:01:fa txqueuelen 500 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 32 bytes 1572 (1.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Where br0 should be bridge. tap_alan for user alan. tap_jack for user jack. *that was done by 2 scripts, first to create bridge, second to create users:* *### Creating bridge ###* *cat create_bidge.sh* #!/bin/bash ip link add name br0 type bridge ip link set br0 up *### adding users, set br0 master ###* *cat add_govpn_user.sh* #!/bin/bash USER=$1 TAP=tap_${USER} IPADDR=$2 ip tuntap add dev ${TAP} mode tap ip link set mtu 1432 dev ${TAP} ip addr add ${IPADDR} dev ${TAP} ip link set ${TAP} up ip link set ${TAP} master br0 *So as I understand, now bridge interface should route traffic between two others interfaces?* # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 37.48.109.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 *172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap_jack* *172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap_alex* *Should I add br0 to routing table in some special way? * 4: br0: mtu 1432 qdisc noqueue state DOWN mode DEFAULT link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff 5: tap_jack: mtu 1432 qdisc pfifo_fast master br0 stat e DOWN mode DEFAULT qlen 500 link/ether ea:6a:55:96:01:fa brd ff:ff:ff:ff:ff:ff 6: tap_alex: mtu 1432 qdisc pfifo_fast master br0 state DO WN mode DEFAULT qlen 500 link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff *So we have this schema: * CLIENT: user_alex IP 172.16.0.1 CLIENT: user_jack IP 172.16.0.2 *SERVER: * br0 IP 172.16.0.5 tap_jack IP 172.16.0.101 tap_alex IP 172.16.0.102 *Connection is established successfully.* *But no luck with ping from client user_alex to server interface br0* # ping 172.16.0.5 PING 172.16.0.5 (172.16.0.5) 56(84) bytes of data. >From 172.16.0.102 icmp_seq=1 Destination Host Unreachable >From 172.16.0.102 icmp_seq=2 Destination Host Unreachable >From 172.16.0.102 icmp_seq=3 Destination Host Unreachable >From 172.16.0.102 icmp_seq=4 Destination Host Unreachable >From 172.16.0.102 icmp_seq=5 Destination Host Unreachable *Also I can't ping "my" interface on the server:* # ping 172.16.0.2 PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data. >From 172.16.0.102 icmp_seq=1 Destination Host Unreachable >From 172.16.0.102 icmp_seq=2 Destination Host Unreachable *Server works like a router: * vim /etc/sysctl.conf net.ipv4.ip_forward=1 *What I am doing wrong? * On Thu, Jan 28, 2016 at 12:46 PM, wrote: > Greetings! > > *** Alan Holt [Thu, 28 Jan 2016 12:26:35 +0200]: > >*Can I add another client in the same file, like:* > >alex: > > iface: tap10 > > You can, but they must not share the same TAP interface. > > >------------------------------------------------------------ > >Client connecting to 172.16.0.2, TCP port 5001 > >TCP window size: 45.0 KByte (default) > >------------------------------------------------------------ > >[ 3] local 172.16.0.1 port 55274 connected with 172.16.0.2 port 5001 > >[ ID] Interval Transfer Bandwidth > >[ 3] 0.0-10.0 sec 105 MBytes *87.7* Mbits/sec > > As I can see, not the full 100Mbps is used. This is because GoVPN > actually has relatively high delays. I assume that your CPU load was not > high, that means that it can process much more packets, but because of > delays, TCP layer has lower throughput. > > I tested GoVPN 4.x with 1Gbps network between two notebooks with Intel > i5 CPU under FreeBSD 10.2 amd64 with Go 1.5.1. It gave me 786 Mbps of > throughput of UDP packets. > > Delays is the main problem with performance in real-life applications. I > use GoVPN at home and scp over 1Gbps link give me 40-50 MiB/s throughput > over IPv6 endpoints. By the way, I do not know why, but GoVPN is slower > when using it over IPv6. > > >*In this case 2 clients from Tel-Aviv connected to the same server in > >Amsterdam, one of users get disconnected:* > > Yes, only one client can use single TAP interface. > > >*So how I do one server serf multiple clients?* > >*Is it possible? * > > Only one user per TAP-interface. If you want to connect them together, > then it can be done easily with the bridge/bond between those > interfaces. I do not currently have GNU/Linux under the hand, but it > should be like this: > > # brctl addbr bridge0 > # brctl addif bridge0 tap0 > # brctl addif bridge0 tap1 > > where tap0 is interface for the first user, tap1 is for the second. > Using up.sh, that is executed after client connects, you can do it > dynamically like this (only crude example): > > #!/bin/sh > tapname=$(tunctl -u someuser) > brctl addif bridge0 $tapname > echo $tapname > > here we create new TAP interface and add it to the bridge (to the > shared network interface) and echo it so GoVPN will understand what > TAP-interface it must use. > > -- > Happy hacking, Sergey Matveev > -- *בברכה, * *אלכס ברבר* *PGP Public Key * *www.linuxspace.org* *--* *Best regards.* *Alex Berber* *PGP Public Key * *www.linuxspace.org*