public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed
From: Alan Holt <berber.it@gmail•com>
To: Alan Holt <berber.it@gmail•com>, govpn-devel@lists.cypherpunks.ru
Subject: Re: [Govpn-devel] build from last tarball
Date: Thu, 14 May 2015 11:30:56 +0300 [thread overview]
Message-ID: <CAKw30nrPfCQsandKsCKaNVdoniZFcr09wnOBJZ_B8tyUh9n0mw@mail.gmail.com> (raw)
In-Reply-To: <20150513165227.GA24372@stargrave.org>
[-- Attachment #1: Type: text/plain, Size: 4754 bytes --]
Hello,
yes it works fine now.
In some reason I have high pings:
root@farengeit:~# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=*4.36* ms
64 bytes from 172.16.0.1: icmp_seq=4 ttl=64 time=3.75 ms
64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=*4.70* ms
64 bytes from 172.16.0.1: icmp_seq=6 ttl=64 time=3.76 ms
64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=*4.39* ms
Both machines are on the same laptop, if you remember
Also I created user manual.
I will publish this on my blog too.
Example of Usage on Ubuntu 14.04 or Centos 6.6
Both VMs are Ubuntu Server:
*Server EXT IP:* 172.25.60.62
*Client EXT IP:* 172.25.60.63
*====INSTALLATION PART=====*
Install dependencies:
# apt-get install uml-utilities
# apt-get install golang
*====COMPILATION PART=====*
On both *CLIENT *and *SERVER *do:
Download tarball here:
http://www.cypherpunks.ru/govpn/Prepared-tarballs.html#Prepared-tarballs
Fore example last stable:
# wget http://www.cypherpunks.ru/govpn/download/govpn-3.2.tar.xz
Extract archive and compile the code
# tar xvf govpn-3.2.tar.xz
# cd govpn-3.2
# mkdir -p peers
# make
On *SERVER*:
This is number of CPU's
# export GOMAXPROC=4
# cd govpn-3.2
Create new client:
# ./utils/newclient.sh Alice
Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
6d4ac605ce8dc37c2f0bf21cb542a713 - This is Client ID
On *CLIENT*:
# ./utils/storekey.sh /tmp/passphrase
Enter passphrase:[my secure passphrase is here]
Id - this is number generated on server with script newclient.sh:
# govpn-verifier -id 6d4ac605ce8dc37c2f0bf21cb542a713 -key /tmp/passphrase
562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55
562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 - this
number is verifier
Remove file:
# rm /tmp/passphrase
On *SERVER*:
# cd govpn-3.2
Put verifier to file and save it:
# vim peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55
*====RUN PART=====*
On *SERVER*:
# echo "echo tap10" >> peers/6d4ac605ce8dc37c2f0bf21cb542a713/up.sh
# tunctl -t tap10
# ip link set mtu 1432 dev tap10
# ip addr add 172.16.0.1/24 dev tap10
# ip link set up dev tap10=
# ifconfig tap10 up
# ifup tap10
Run the daemon:
# govpn-server -bind 172.25.60.62:1194 -mtu 1472
On *CLIENT*:
# umask 066
# utils/storekey.sh key.txt
# tunctl -t tap10
# ip link set mtu 1432 dev tap10
# ip addr add 172.16.0.2/24 dev tap10
# ip link set up dev tap10
# ip route add default via 172.16.0.1
# ifconfig tap10 up
# ifup tap10
Run the daemon:
# govpn-client -key key.txt -id 6d4ac605ce8dc37c2f0bf21cb542a713 -iface
tap10 -remote 172.25.60.62:1194 -mtu 1472
Check that tunnel works, do ping from CLIENT to SERVER:
# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=4.36 ms
======================================================================
I will continue test to see how stable is tunnel and why pings are so high.
Also I will create tunnel between machines in USA and ISRAEL to check its
performance.
In future, I want to create deb and rpm packages for it too, but before
need to do checks
Alex.
On Wed, May 13, 2015 at 7:52 PM, <stargrave@stargrave•org> wrote:
> Greetings,
>
> *** Alan Holt [2015-05-13 18:21]:
> >*You can see on attached screenshot that both interface are up.*
>
> But interface on the server side is no "RUNNING", as client's do.
> Does up.sh in server's peer subdirectory contain something like echo
> tap10? Will "ifconfig tap10 up" (or "ip link set up dev tap10") help?
>
> >Looks like no traffic can go trough the tunnel.
>
> I think that tunnel works (you can listen tcpdump over unencrypted
> network part), but server's TAP is not running.
>
> In FreeBSD I had to turn sysctl options:
>
> net.link.tap.user_open=1
> net.link.tap.up_on_open=1
>
> The second one up-s the interface when tap device is opened. Maybe
> something similar is needed under GNU/Linux (currently I do not have any
> working under the hand).
>
> --
> Happy hacking, Sergey Matveev
>
--
*בברכה, *
*אלכס ברבר*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>
[-- Attachment #2: Type: text/html, Size: 7537 bytes --]
next prev parent reply other threads:[~2015-05-14 8:31 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-13 7:59 [Govpn-devel] build from last tarball Alan Holt
2015-05-13 8:47 ` stargrave
2015-05-13 9:00 ` Alan Holt
2015-05-13 9:36 ` stargrave
2015-05-13 10:01 ` Alan Holt
2015-05-13 10:14 ` stargrave
2015-05-13 10:52 ` Alan Holt
2015-05-13 11:41 ` stargrave
2015-05-13 13:31 ` Alan Holt
2015-05-13 13:47 ` Alan Holt
2015-05-13 14:09 ` stargrave
2015-05-13 14:55 ` Alan Holt
2015-05-13 16:52 ` stargrave
2015-05-14 8:30 ` Alan Holt [this message]
2015-05-14 9:22 ` Alan Holt
2015-05-14 12:34 ` stargrave
2015-05-14 13:25 ` stargrave
2015-05-14 13:32 ` Alan Holt
2015-05-14 14:11 ` stargrave
2016-01-19 19:04 ` Alan Holt
2016-01-19 22:08 ` stargrave
2016-01-19 22:58 ` Alan Holt
2016-01-20 7:53 ` stargrave
2016-01-21 9:43 ` stargrave
2016-01-28 10:26 ` Alan Holt
2016-01-28 10:46 ` stargrave
2016-01-28 13:39 ` Alan Holt
2016-01-28 14:20 ` stargrave
2015-05-13 14:06 ` stargrave