Hello, I did some tests and I see that pings are ok and I think the speed of tunnel too. *GoVPN* root@farengeit:~# ping 172.16.0.1 PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.14 ms 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=3.82 ms 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=4.30 ms 64 bytes from 172.16.0.1: icmp_seq=4 ttl=64 time=2.09 ms 64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=2.85 ms 64 bytes from 172.16.0.1: icmp_seq=6 ttl=64 time=1.85 ms 64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=3.14 ms 64 bytes from 172.16.0.1: icmp_seq=8 ttl=64 time=1.31 ms ^C --- 172.16.0.1 ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 7018ms rtt min/avg/max/mdev = 1.143/2.565/4.301/1.080 ms root@farengeit:~# root@farengeit:~# root@farengeit:~# *PPPD over SSH* root@farengeit:~# ping 10.0.8.2 PING 10.0.8.2 (10.0.8.2) 56(84) bytes of data. 64 bytes from 10.0.8.2: icmp_seq=1 ttl=64 time=1.56 ms 64 bytes from 10.0.8.2: icmp_seq=2 ttl=64 time=3.76 ms 64 bytes from 10.0.8.2: icmp_seq=3 ttl=64 time=3.53 ms 64 bytes from 10.0.8.2: icmp_seq=4 ttl=64 time=3.71 ms 64 bytes from 10.0.8.2: icmp_seq=5 ttl=64 time=4.35 ms 64 bytes from 10.0.8.2: icmp_seq=6 ttl=64 time=4.03 ms 64 bytes from 10.0.8.2: icmp_seq=7 ttl=64 time=4.08 ms 64 bytes from 10.0.8.2: icmp_seq=8 ttl=64 time=3.75 ms I should do more test with remote machines. On Thu, May 14, 2015 at 11:30 AM, Alan Holt wrote: > Hello, > > yes it works fine now. > In some reason I have high pings: > > root@farengeit:~# ping 172.16.0.1 > PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. > 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms > 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms > 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=*4.36* ms > 64 bytes from 172.16.0.1: icmp_seq=4 ttl=64 time=3.75 ms > 64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=*4.70* ms > 64 bytes from 172.16.0.1: icmp_seq=6 ttl=64 time=3.76 ms > 64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=*4.39* ms > > Both machines are on the same laptop, if you remember > Also I created user manual. > I will publish this on my blog too. > > > Example of Usage on Ubuntu 14.04 or Centos 6.6 > > Both VMs are Ubuntu Server: > > *Server EXT IP:* 172.25.60.62 > *Client EXT IP:* 172.25.60.63 > > *====INSTALLATION PART=====* > > Install dependencies: > # apt-get install uml-utilities > # apt-get install golang > > *====COMPILATION PART=====* > > On both *CLIENT *and *SERVER *do: > > Download tarball here: > http://www.cypherpunks.ru/govpn/Prepared-tarballs.html#Prepared-tarballs > > Fore example last stable: > # wget http://www.cypherpunks.ru/govpn/download/govpn-3.2.tar.xz > > Extract archive and compile the code > # tar xvf govpn-3.2.tar.xz > # cd govpn-3.2 > # mkdir -p peers > # make > > On *SERVER*: > This is number of CPU's > # export GOMAXPROC=4 > # cd govpn-3.2 > > Create new client: > # ./utils/newclient.sh Alice > Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier > > 6d4ac605ce8dc37c2f0bf21cb542a713 - This is Client ID > > On *CLIENT*: > # ./utils/storekey.sh /tmp/passphrase > Enter passphrase:[my secure passphrase is here] > > Id - this is number generated on server with script newclient.sh: > # govpn-verifier -id 6d4ac605ce8dc37c2f0bf21cb542a713 -key /tmp/passphrase > 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 > > 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 - this > number is verifier > > Remove file: > # rm /tmp/passphrase > > On *SERVER*: > # cd govpn-3.2 > > Put verifier to file and save it: > # vim peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier > 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 > > *====RUN PART=====* > > On *SERVER*: > # echo "echo tap10" >> peers/6d4ac605ce8dc37c2f0bf21cb542a713/up.sh > # tunctl -t tap10 > # ip link set mtu 1432 dev tap10 > # ip addr add 172.16.0.1/24 dev tap10 > # ip link set up dev tap10= > # ifconfig tap10 up > # ifup tap10 > > Run the daemon: > # govpn-server -bind 172.25.60.62:1194 -mtu 1472 > > On *CLIENT*: > # umask 066 > # utils/storekey.sh key.txt > # tunctl -t tap10 > # ip link set mtu 1432 dev tap10 > # ip addr add 172.16.0.2/24 dev tap10 > # ip link set up dev tap10 > # ip route add default via 172.16.0.1 > # ifconfig tap10 up > # ifup tap10 > > Run the daemon: > # govpn-client -key key.txt -id 6d4ac605ce8dc37c2f0bf21cb542a713 -iface > tap10 -remote 172.25.60.62:1194 -mtu 1472 > > Check that tunnel works, do ping from CLIENT to SERVER: > # ping 172.16.0.1 > PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. > 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms > 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms > 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=4.36 ms > > ====================================================================== > > I will continue test to see how stable is tunnel and why pings are so high. > Also I will create tunnel between machines in USA and ISRAEL to check its > performance. > In future, I want to create deb and rpm packages for it too, but before > need to do checks > > Alex. > > > > > On Wed, May 13, 2015 at 7:52 PM, wrote: > >> Greetings, >> >> *** Alan Holt [2015-05-13 18:21]: >> >*You can see on attached screenshot that both interface are up.* >> >> But interface on the server side is no "RUNNING", as client's do. >> Does up.sh in server's peer subdirectory contain something like echo >> tap10? Will "ifconfig tap10 up" (or "ip link set up dev tap10") help? >> >> >Looks like no traffic can go trough the tunnel. >> >> I think that tunnel works (you can listen tcpdump over unencrypted >> network part), but server's TAP is not running. >> >> In FreeBSD I had to turn sysctl options: >> >> net.link.tap.user_open=1 >> net.link.tap.up_on_open=1 >> >> The second one up-s the interface when tap device is opened. Maybe >> something similar is needed under GNU/Linux (currently I do not have any >> working under the hand). >> >> -- >> Happy hacking, Sergey Matveev >> > > > > -- > *בברכה, * > *אלכס ברבר* > > *+9 72 54 285 952 3* > *www.linuxspace.org* > *--* > *Best regards.* > *Alex Berber* > *+9 72 54 285 952 3* > *www.linuxspace.org* > -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3* *www.linuxspace.org* *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org*