Hello, yes it works fine now. In some reason I have high pings: root@farengeit:~# ping 172.16.0.1 PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=*4.36* ms 64 bytes from 172.16.0.1: icmp_seq=4 ttl=64 time=3.75 ms 64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=*4.70* ms 64 bytes from 172.16.0.1: icmp_seq=6 ttl=64 time=3.76 ms 64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=*4.39* ms Both machines are on the same laptop, if you remember Also I created user manual. I will publish this on my blog too. Example of Usage on Ubuntu 14.04 or Centos 6.6 Both VMs are Ubuntu Server: *Server EXT IP:* 172.25.60.62 *Client EXT IP:* 172.25.60.63 *====INSTALLATION PART=====* Install dependencies: # apt-get install uml-utilities # apt-get install golang *====COMPILATION PART=====* On both *CLIENT *and *SERVER *do: Download tarball here: http://www.cypherpunks.ru/govpn/Prepared-tarballs.html#Prepared-tarballs Fore example last stable: # wget http://www.cypherpunks.ru/govpn/download/govpn-3.2.tar.xz Extract archive and compile the code # tar xvf govpn-3.2.tar.xz # cd govpn-3.2 # mkdir -p peers # make On *SERVER*: This is number of CPU's # export GOMAXPROC=4 # cd govpn-3.2 Create new client: # ./utils/newclient.sh Alice Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier 6d4ac605ce8dc37c2f0bf21cb542a713 - This is Client ID On *CLIENT*: # ./utils/storekey.sh /tmp/passphrase Enter passphrase:[my secure passphrase is here] Id - this is number generated on server with script newclient.sh: # govpn-verifier -id 6d4ac605ce8dc37c2f0bf21cb542a713 -key /tmp/passphrase 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 - this number is verifier Remove file: # rm /tmp/passphrase On *SERVER*: # cd govpn-3.2 Put verifier to file and save it: # vim peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 *====RUN PART=====* On *SERVER*: # echo "echo tap10" >> peers/6d4ac605ce8dc37c2f0bf21cb542a713/up.sh # tunctl -t tap10 # ip link set mtu 1432 dev tap10 # ip addr add 172.16.0.1/24 dev tap10 # ip link set up dev tap10= # ifconfig tap10 up # ifup tap10 Run the daemon: # govpn-server -bind 172.25.60.62:1194 -mtu 1472 On *CLIENT*: # umask 066 # utils/storekey.sh key.txt # tunctl -t tap10 # ip link set mtu 1432 dev tap10 # ip addr add 172.16.0.2/24 dev tap10 # ip link set up dev tap10 # ip route add default via 172.16.0.1 # ifconfig tap10 up # ifup tap10 Run the daemon: # govpn-client -key key.txt -id 6d4ac605ce8dc37c2f0bf21cb542a713 -iface tap10 -remote 172.25.60.62:1194 -mtu 1472 Check that tunnel works, do ping from CLIENT to SERVER: # ping 172.16.0.1 PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=4.36 ms ====================================================================== I will continue test to see how stable is tunnel and why pings are so high. Also I will create tunnel between machines in USA and ISRAEL to check its performance. In future, I want to create deb and rpm packages for it too, but before need to do checks Alex. On Wed, May 13, 2015 at 7:52 PM, wrote: > Greetings, > > *** Alan Holt [2015-05-13 18:21]: > >*You can see on attached screenshot that both interface are up.* > > But interface on the server side is no "RUNNING", as client's do. > Does up.sh in server's peer subdirectory contain something like echo > tap10? Will "ifconfig tap10 up" (or "ip link set up dev tap10") help? > > >Looks like no traffic can go trough the tunnel. > > I think that tunnel works (you can listen tcpdump over unencrypted > network part), but server's TAP is not running. > > In FreeBSD I had to turn sysctl options: > > net.link.tap.user_open=1 > net.link.tap.up_on_open=1 > > The second one up-s the interface when tap device is opened. Maybe > something similar is needed under GNU/Linux (currently I do not have any > working under the hand). > > -- > Happy hacking, Sergey Matveev > -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3* *www.linuxspace.org* *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org*