public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed
* [Govpn-devel] build from last tarball
@ 2015-05-13  7:59 Alan Holt
  2015-05-13  8:47 ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-13  7:59 UTC (permalink / raw)
  To: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 1003 bytes --]

*Hello,*

*I am trying to build govpn-3.2 ob Ubuntu 14.04.2 LTS Server and getting
this error: *

root@calvin:~/GoVPN# make -C govpn-3.2 all
make: Entering directory `/root/GoVPN/govpn-3.2'
make -C src
make[1]: Entering directory `/root/GoVPN/govpn-3.2/src'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/root/GoVPN/govpn-3.2/src'
GOPATH= go build -ldflags "-X govpn.Version " govpn/cmd/govpn-client
can't load package: package govpn/cmd/govpn-client: cannot find package
"govpn/cmd/govpn-client" in any of:
        /usr/lib/go/src/pkg/govpn/cmd/govpn-client (from $GOROOT)
        ($GOPATH not set)
make: *** [govpn-client] Error 1
make: Leaving directory `/root/GoVPN/govpn-3.2'

*Could you please to help with it? *
*Thanks. *


-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 1573 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13  7:59 [Govpn-devel] build from last tarball Alan Holt
@ 2015-05-13  8:47 ` stargrave
  2015-05-13  9:00   ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-13  8:47 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 383 bytes --]

Greetings, Alan!

Seems tha current Makefile works only under GNU Make 4.x, but Ubuntu
14.x contains an older one (3.x). I made a commit to develop branch of
GoVPN. Can you check if it works correctly? If so, then I will make a
new release.

% git clone https://github.com/stargrave/govpn.git
% cd govpn
% git checkout develop
% make

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13  8:47 ` stargrave
@ 2015-05-13  9:00   ` Alan Holt
  2015-05-13  9:36     ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-13  9:00 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 2451 bytes --]

*Hello again,*

*I do checks on two systems. *
*- Ubuntu 14.04.2 LTS Server *
*- CentOS release 6.6 Final*

*With all updates installed on it.*

*On Ubuntu 14.04.2 LTS Server*

root@calvin:~/govpn# make --version
GNU Make 3.81
This program built for x86_64-pc-linux-gnu

root@calvin:~# git clone https://github.com/stargrave/govpn.git
Cloning into 'govpn'...
remote: Counting objects: 699, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 699 (delta 0), reused 0 (delta 0), pack-reused 695
Receiving objects: 100% (699/699), 192.46 KiB | 136.00 KiB/s, done.
Resolving deltas: 100% (411/411), done.
Checking connectivity... done.

root@calvin:~# cd govpn

root@calvin:~/govpn# git checkout develop
Already on 'develop'
Your branch is up-to-date with 'origin/develop'.

root@calvin:~/govpn# make
GNUmakefile:4: common.mk: No such file or directory
make: *** No rule to make target `common.mk'.  Stop.


*On* *CentOS release 6.6 Final*

[root@centos6 govpn]# make --version
GNU Make 3.81
This program built for x86_64-redhat-linux-gnu

[root@centos6 ~]# git clone https://github.com/stargrave/govpn.git
Initialized empty Git repository in /root/govpn/.git/
remote: Counting objects: 699, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 699 (delta 0), reused 0 (delta 0), pack-reused 695
Receiving objects: 100% (699/699), 192.46 KiB | 331 KiB/s, done.
Resolving deltas: 100% (411/411), done.

[root@centos6 ~]# cd govpn

[root@centos6 govpn]# git checkout develop
Already on 'develop'

[root@centos6 govpn]# make
GNUmakefile:4: common.mk: No such file or directory
make: *** No rule to make target `common.mk'.  Stop.

*Still no success. *



On Wed, May 13, 2015 at 11:47 AM, <stargrave@stargrave•org> wrote:

> Greetings, Alan!
>
> Seems tha current Makefile works only under GNU Make 4.x, but Ubuntu
> 14.x contains an older one (3.x). I made a commit to develop branch of
> GoVPN. Can you check if it works correctly? If so, then I will make a
> new release.
>
> % git clone https://github.com/stargrave/govpn.git
> % cd govpn
> % git checkout develop
> % make
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 4193 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13  9:00   ` Alan Holt
@ 2015-05-13  9:36     ` stargrave
  2015-05-13 10:01       ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-13  9:36 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 345 bytes --]

*** Alan Holt [2015-05-13 12:33]:
>root@calvin:~/govpn# make
>GNUmakefile:4: common.mk: No such file or directory
>make: *** No rule to make target `common.mk'.  Stop.

Sorry, my mistake. I forgot to add common.mk file to the commit.
Please, can you check it again?

% cd govpn
% git pull
% make

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13  9:36     ` stargrave
@ 2015-05-13 10:01       ` Alan Holt
  2015-05-13 10:14         ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-13 10:01 UTC (permalink / raw)
  To: Alan Holt, govpn-devel


[-- Attachment #1.1: Type: text/plain, Size: 1819 bytes --]

Hi,

yes it works fine now, but only for *Ubuntu 14.04.2 Server* and *Centos 6.6
Final*
I've attached logs to this email.

For *FreeBSD *I've got next error:

[root@freebsd ~/govpn]# make
...
HEAD is now at 36aebfe... changed license to BSD
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2"
govpn/cmd/govpn-client
go: not found
*** Error code 127

Stop.
make: stopped in /root/govpn

I use *FreeBSD 10.1-RELEASE-p9* with all updates.

On Wed, May 13, 2015 at 12:36 PM, <stargrave@stargrave•org> wrote:

> *** Alan Holt [2015-05-13 12:33]:
> >root@calvin:~/govpn# make
> >GNUmakefile:4: common.mk: No such file or directory
> >make: *** No rule to make target `common.mk'.  Stop.
>
> Sorry, my mistake. I forgot to add common.mk file to the commit.
> Please, can you check it again?
>
> % cd govpn
> % git pull
> % make
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

On Wed, May 13, 2015 at 12:36 PM, <stargrave@stargrave•org> wrote:

> *** Alan Holt [2015-05-13 12:33]:
> >root@calvin:~/govpn# make
> >GNUmakefile:4: common.mk: No such file or directory
> >make: *** No rule to make target `common.mk'.  Stop.
>
> Sorry, my mistake. I forgot to add common.mk file to the commit.
> Please, can you check it again?
>
> % cd govpn
> % git pull
> % make
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #1.2: Type: text/html, Size: 3734 bytes --]

[-- Attachment #2: Log_centos.txt --]
[-- Type: text/plain, Size: 3247 bytes --]

[root@centos6 govpn]# make
make -C src
make[1]: Entering directory `/root/govpn/src'
mkdir -p golang.org/x
git clone https://go.googlesource.com/crypto golang.org/x/crypto
Initialized empty Git repository in /root/govpn/src/golang.org/x/crypto/.git/
remote: Total 1874 (delta 1196), reused 1874 (delta 1196)
Receiving objects: 100% (1874/1874), 1.36 MiB | 1.11 MiB/s, done.
Resolving deltas: 100% (1196/1196), done.
cd golang.org/x/crypto && git checkout --force 24ffb5feb3312a39054178a4b0a4554fc2201248
Note: checking out '24ffb5feb3312a39054178a4b0a4554fc2201248'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 24ffb5f... x/crypto/openpgp: Limit packet recursion depth.
mkdir -p github.com/agl
git clone https://github.com/agl/ed25519.git github.com/agl/ed25519
Initialized empty Git repository in /root/govpn/src/github.com/agl/ed25519/.git/
remote: Counting objects: 30, done.
remote: Total 30 (delta 0), reused 0 (delta 0), pack-reused 30
Unpacking objects: 100% (30/30), done.
cd github.com/agl/ed25519 && git checkout --force d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
Note: checking out 'd2b94fd789ea21d12fac1a4443dd3a3f79cda72c'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at d2b94fd... Add LICENSE file.
mkdir -p github.com/bigeagle
git clone https://github.com/bigeagle/water.git github.com/bigeagle/water
Initialized empty Git repository in /root/govpn/src/github.com/bigeagle/water/.git/
remote: Counting objects: 79, done.
remote: Total 79 (delta 0), reused 0 (delta 0), pack-reused 79
Unpacking objects: 100% (79/79), done.
cd github.com/bigeagle/water && git checkout --force 36aebfeb35da4f1f6a975726716c6fc563c5c495
Note: checking out '36aebfeb35da4f1f6a975726716c6fc563c5c495'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 36aebfe... changed license to BSD
make[1]: Leaving directory `/root/govpn/src'
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2" govpn/cmd/govpn-client
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2" govpn/cmd/govpn-server
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2" govpn/cmd/govpn-verifier

[-- Attachment #3: Log_FreeBSD.txt --]
[-- Type: text/plain, Size: 3569 bytes --]

[root@freebsd ~]# git clone https://github.com/stargrave/govpn.git
Cloning into 'govpn'...
remote: Counting objects: 702, done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 702 (delta 1), reused 0 (delta 0), pack-reused 695
Receiving objects: 100% (702/702), 193.16 KiB | 295.00 KiB/s, done.
Resolving deltas: 100% (412/412), done.
Checking connectivity... done.
[root@freebsd ~]# cd govpn
[root@freebsd ~/govpn]# git checkout develop
Already on 'develop'
Your branch is up-to-date with 'origin/develop'.
[root@freebsd ~/govpn]# make
make -C src
mkdir -p golang.org/x
git clone https://go.googlesource.com/crypto golang.org/x/crypto
Cloning into 'golang.org/x/crypto'...
remote: Total 1874 (delta 1196), reused 1874 (delta 1196)
Receiving objects: 100% (1874/1874), 1.36 MiB | 1.05 MiB/s, done.
Resolving deltas: 100% (1196/1196), done.
Checking connectivity... done.
cd golang.org/x/crypto && git checkout --force 24ffb5feb3312a39054178a4b0a4554fc2201248
Note: checking out '24ffb5feb3312a39054178a4b0a4554fc2201248'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 24ffb5f... x/crypto/openpgp: Limit packet recursion depth.
mkdir -p github.com/agl
git clone https://github.com/agl/ed25519.git github.com/agl/ed25519
Cloning into 'github.com/agl/ed25519'...
remote: Counting objects: 30, done.
remote: Total 30 (delta 0), reused 0 (delta 0), pack-reused 30
Unpacking objects: 100% (30/30), done.
Checking connectivity... done.
cd github.com/agl/ed25519 && git checkout --force d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
Note: checking out 'd2b94fd789ea21d12fac1a4443dd3a3f79cda72c'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at d2b94fd... Add LICENSE file.
mkdir -p github.com/bigeagle
git clone https://github.com/bigeagle/water.git github.com/bigeagle/water
Cloning into 'github.com/bigeagle/water'...
remote: Counting objects: 79, done.
remote: Total 79 (delta 0), reused 0 (delta 0), pack-reused 79
Unpacking objects: 100% (79/79), done.
Checking connectivity... done.
cd github.com/bigeagle/water && git checkout --force 36aebfeb35da4f1f6a975726716c6fc563c5c495
Note: checking out '36aebfeb35da4f1f6a975726716c6fc563c5c495'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 36aebfe... changed license to BSD
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2" govpn/cmd/govpn-client
go: not found
*** Error code 127

Stop.
make: stopped in /root/govpn

[-- Attachment #4: Log_ubuntu.txt --]
[-- Type: text/plain, Size: 3224 bytes --]

root@calvin:~/govpn# make
make -C src
make[1]: Entering directory `/root/govpn/src'
mkdir -p golang.org/x
git clone https://go.googlesource.com/crypto golang.org/x/crypto
Cloning into 'golang.org/x/crypto'...
remote: Total 1874 (delta 1196), reused 1874 (delta 1196)
Receiving objects: 100% (1874/1874), 1.36 MiB | 545.00 KiB/s, done.
Resolving deltas: 100% (1196/1196), done.
Checking connectivity... done.
cd golang.org/x/crypto && git checkout --force 24ffb5feb3312a39054178a4b0a4554fc2201248
Note: checking out '24ffb5feb3312a39054178a4b0a4554fc2201248'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 24ffb5f... x/crypto/openpgp: Limit packet recursion depth.
mkdir -p github.com/agl
git clone https://github.com/agl/ed25519.git github.com/agl/ed25519
Cloning into 'github.com/agl/ed25519'...
remote: Counting objects: 30, done.
remote: Total 30 (delta 0), reused 0 (delta 0), pack-reused 30
Unpacking objects: 100% (30/30), done.
Checking connectivity... done.
cd github.com/agl/ed25519 && git checkout --force d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
Note: checking out 'd2b94fd789ea21d12fac1a4443dd3a3f79cda72c'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at d2b94fd... Add LICENSE file.
mkdir -p github.com/bigeagle
git clone https://github.com/bigeagle/water.git github.com/bigeagle/water
Cloning into 'github.com/bigeagle/water'...
remote: Counting objects: 79, done.
remote: Total 79 (delta 0), reused 0 (delta 0), pack-reused 79
Unpacking objects: 100% (79/79), done.
Checking connectivity... done.
cd github.com/bigeagle/water && git checkout --force 36aebfeb35da4f1f6a975726716c6fc563c5c495
Note: checking out '36aebfeb35da4f1f6a975726716c6fc563c5c495'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 36aebfe... changed license to BSD
make[1]: Leaving directory `/root/govpn/src'
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2" govpn/cmd/govpn-client
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2" govpn/cmd/govpn-server
GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2" govpn/cmd/govpn-verifier

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 10:01       ` Alan Holt
@ 2015-05-13 10:14         ` stargrave
  2015-05-13 10:52           ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-13 10:14 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 661 bytes --]

*** Alan Holt [2015-05-13 13:03]:
>For *FreeBSD *I've got next error:
>
>[root@freebsd ~/govpn]# make
>...
>HEAD is now at 36aebfe... changed license to BSD
>GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2"
>govpn/cmd/govpn-client
>go: not found

You have to install Go programming language compiler first. GoVPN is not
written on C: so Go compiler is a separate package as a rule. It is the
only major dependency. On FreeBSD you can install lang/go port. Seems
that Ubuntu and CentOS has it preinstalled.

Thanks for the feedback! I will create an updated tarballs with
Makefile-related fixes.

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 10:14         ` stargrave
@ 2015-05-13 10:52           ` Alan Holt
  2015-05-13 11:41             ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-13 10:52 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 2631 bytes --]

Hi,

right! I installed GoLanguage on FreeBSD and now it fine.
But can I have your help with user manual?

I follow this instructions:
http://www.cypherpunks.ru/govpn/Example-usage.html#Example-usage

and there is not so clear explained how to run server and client.
I have:

Both VMs are Ubuntu Server:

*Server*: 172.25.60.62
*Client*: 172.25.60.63

I did run *server *successfully:
root@calvin:~/govpn# ./govpn-server -bind 172.25.60.62:1194 -mtu 1472
2015/05/13 10:28:29.548793 main.go:120: GoVPN version 3.2 built with go1.2.1
2015/05/13 10:28:29.549008 main.go:121: Max MTU on TAP interface: 1432
2015/05/13 10:28:29.549031 main.go:130: Server started

but when I start the *client*, I see this error:
root@farengeit:~/govpn# ./govpn-client -key key.txt -id CLIENTID -iface
tap10 -remote 172.25.60.62:1194 -mtu 1472
panic: ID is not specified

goroutine 1 [running]:
runtime.panic(0x536700, 0xc21001d4a0)
        /usr/lib/go/src/pkg/runtime/panic.c:266 +0xb6
main.main()
        /root/govpn/src/govpn/cmd/govpn-client/main.go:58 +0xc9

goroutine 3 [runnable]:
os/signal.loop()
        /usr/lib/go/src/pkg/os/signal/signal_unix.go:19
created by os/signal.init·1
        /usr/lib/go/src/pkg/os/signal/signal_unix.go:27 +0x31

What is it client id? How do I specify this?
I want to create clear and simple instructions for manual installation.

Another question, like this, why it need this: echo "echo tap10" >>
peers/CLIENTID/up.sh ?
So I created directory peers/CLIENTID on server and file up.sh with tap10

but I don't really understand why server needs it.
Thank you.


On Wed, May 13, 2015 at 1:14 PM, <stargrave@stargrave•org> wrote:

> *** Alan Holt [2015-05-13 13:03]:
> >For *FreeBSD *I've got next error:
> >
> >[root@freebsd ~/govpn]# make
> >...
> >HEAD is now at 36aebfe... changed license to BSD
> >GOPATH=/root/govpn go build -ldflags "-X govpn.Version 3.2"
> >govpn/cmd/govpn-client
> >go: not found
>
> You have to install Go programming language compiler first. GoVPN is not
> written on C: so Go compiler is a separate package as a rule. It is the
> only major dependency. On FreeBSD you can install lang/go port. Seems
> that Ubuntu and CentOS has it preinstalled.
>
> Thanks for the feedback! I will create an updated tarballs with
> Makefile-related fixes.
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 4078 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 10:52           ` Alan Holt
@ 2015-05-13 11:41             ` stargrave
  2015-05-13 13:31               ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-13 11:41 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 1812 bytes --]

*** Alan Holt [2015-05-13 14:03]:
>but when I start the *client*, I see this error:
>root@farengeit:~/govpn# ./govpn-client -key key.txt -id CLIENTID -iface
>tap10 -remote 172.25.60.62:1194 -mtu 1472
>panic: ID is not specified

Well, when writing documentation I assumed that CLIENTID will be
substituted with the real one, created with utils/newclient.sh.
I have updated documentation on http://www.cypherpunks.ru/govpn/Example-usage.html
Hope it is more understandable now. peers-directory is some kind of
database on the server. It contains client's identities, their
verifiers, up/down-scripts. New client is created using
utils/newclient.sh script on the server. On the client side you must
generate so-called verifier and save it on the server.

>What is it client id? How do I specify this?

Technically is just a random 128-bit string, 32 hex characters. It is
generated conveniently with utils/newclient.sh.

>Another question, like this, why it need this: echo "echo tap10" >>
>peers/CLIENTID/up.sh ?
>So I created directory peers/CLIENTID on server and file up.sh with tap10
>
>but I don't really understand why server needs it.

Well, again, utils/newclient.sh creates CLIENTID (32 hex chars)
directory and dummy empty up.sh script. After client is connected,
server requires to know to what TAP-interface it must be attached. up.sh
script tells this by writing its name to stdout. There can be many
various setups where each client can be bind to specified interface
(various networks), or maybe each time new TAP-interface is generated
and added to the bridge network. All those setups are fully configurable
manuall with up.sh and GoVPN's server needs to know only what TAP
interface is must use after client is connected.

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 11:41             ` stargrave
@ 2015-05-13 13:31               ` Alan Holt
  2015-05-13 13:47                 ` Alan Holt
  2015-05-13 14:06                 ` stargrave
  0 siblings, 2 replies; 29+ messages in thread
From: Alan Holt @ 2015-05-13 13:31 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 3774 bytes --]

*Hello,*

*thank you so much for explanation.*
*Now documentation is look better, but I still have problems with
configuration of Client Side.*

*I do next on server: *
export GOMAXPROC=1
root@calvin:~/govpn# ./utils/newclient.sh Alice
Place verifier to peers/*2e6cc6e97d496b29d0271f55*/verifier

root@calvin:~/govpn/peers/2e6cc6e97d496b29d0271f55# ls -l
total 12
-rw------- 1 root root  6 May 13 16:22 name
-rwx------ 1 root root 10 May 13 16:22 up.sh
-rw------- 1 root root 65 May 13 16:22 verifier
root@calvin:~/govpn/peers/2e6cc6e97d496b29d0271f55#

*How client should now this? *
*On client I do as written in updated documentation: *
root@farengeit:~/govpn# ./utils/storekey.sh /tmp/passphrase
Enter passphrase:root@farengeit:~/govpn#

root@farengeit:~/govpn# ./govpn-verifier -id *2e6cc6e97d496b29d0271f55 *-key
/tmp/passphrase
panic: ID is not specified

goroutine 1 [running]:
runtime.panic(0x4df940, 0xc21001d420)
        /usr/lib/go/src/pkg/runtime/panic.c:266 +0xb6
main.main()
        /root/govpn/src/govpn/cmd/govpn-verifier/main.go:41 +0x96
root@farengeit:~/govpn# ./govpn-verifier -id 2e6cc6e97d496b29d0271f55 -key
/tmp/passphrase
panic: ID is not specified

goroutine 1 [running]:
runtime.panic(0x4df940, 0xc21001d420)
        /usr/lib/go/src/pkg/runtime/panic.c:266 +0xb6
main.main()
        /root/govpn/src/govpn/cmd/govpn-verifier/main.go:41 +0x96

*2e6cc6e97d496b29d0271f55  - this is the number generated on server.*

*So because of this error, I can't continue with configuration from here.
What I do wrong? *



On Wed, May 13, 2015 at 2:41 PM, <stargrave@stargrave•org> wrote:

> *** Alan Holt [2015-05-13 14:03]:
> >but when I start the *client*, I see this error:
> >root@farengeit:~/govpn# ./govpn-client -key key.txt -id CLIENTID -iface
> >tap10 -remote 172.25.60.62:1194 -mtu 1472
> >panic: ID is not specified
>
> Well, when writing documentation I assumed that CLIENTID will be
> substituted with the real one, created with utils/newclient.sh.
> I have updated documentation on
> http://www.cypherpunks.ru/govpn/Example-usage.html
> Hope it is more understandable now. peers-directory is some kind of
> database on the server. It contains client's identities, their
> verifiers, up/down-scripts. New client is created using
> utils/newclient.sh script on the server. On the client side you must
> generate so-called verifier and save it on the server.
>
> >What is it client id? How do I specify this?
>
> Technically is just a random 128-bit string, 32 hex characters. It is
> generated conveniently with utils/newclient.sh.
>
> >Another question, like this, why it need this: echo "echo tap10" >>
> >peers/CLIENTID/up.sh ?
> >So I created directory peers/CLIENTID on server and file up.sh with tap10
> >
> >but I don't really understand why server needs it.
>
> Well, again, utils/newclient.sh creates CLIENTID (32 hex chars)
> directory and dummy empty up.sh script. After client is connected,
> server requires to know to what TAP-interface it must be attached. up.sh
> script tells this by writing its name to stdout. There can be many
> various setups where each client can be bind to specified interface
> (various networks), or maybe each time new TAP-interface is generated
> and added to the bridge network. All those setups are fully configurable
> manuall with up.sh and GoVPN's server needs to know only what TAP
> interface is must use after client is connected.
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 7547 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 13:31               ` Alan Holt
@ 2015-05-13 13:47                 ` Alan Holt
  2015-05-13 14:09                   ` stargrave
  2015-05-13 14:06                 ` stargrave
  1 sibling, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-13 13:47 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 465 bytes --]

Hello,

you wrote here (http://www.cypherpunks.ru/govpn/Example-usage.html):
As a preparation you have to generate peer directory (register new client)
on the server side using utils/newsclient.sh, *generate Verifier on client
side and place it on the server*

But in example you do generate in on the *server*:

*server% ./utils/newclient.sh Alice
Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
*


And this is what I did.

​

[-- Attachment #2: Type: text/html, Size: 710 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 13:31               ` Alan Holt
  2015-05-13 13:47                 ` Alan Holt
@ 2015-05-13 14:06                 ` stargrave
  1 sibling, 0 replies; 29+ messages in thread
From: stargrave @ 2015-05-13 14:06 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 1173 bytes --]

Greetings,

As I can see: you did everything right.

*** Alan Holt [2015-05-13 16:42]:
>root@farengeit:~/govpn# ./govpn-verifier -id *2e6cc6e97d496b29d0271f55 *-key
>/tmp/passphrase
>panic: ID is not specified

Well, at first I am going to replace that panics with short human
readable messages.

>*So because of this error, I can't continue with configuration from here.
>What I do wrong? *

The problem lies in the fact that /dev/random on FreeBSD and GNU/Linux
has different behaviour: In FreeBSD if you ask to give N bytes, then it
will give you that N bytes, but in Linux you can get less bytes if
kernel does not have enough entropy. "2e6cc6e97d496b29d0271f55" is 24
chars long, 96 bits, not 128. That is why govpn-verifier fails.

It is my mistake to assume that /dev/random under Linux works as in
FreeBSD. I made a commit in develop-branch. Please, remove you
2e6cc6e97d496b29d0271f55 peer and run newclient.sh again. Now it should
work as expected.

root@farengeit:~/govpn# rm -fr peers/2e6cc6e97d496b29d0271f55
root@farengeit:~/govpn# git pull
root@farengeit:~/govpn# ./utils/newclient.sh Alice

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 13:47                 ` Alan Holt
@ 2015-05-13 14:09                   ` stargrave
  2015-05-13 14:55                     ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-13 14:09 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 744 bytes --]

Greetings,

*** Alan Holt <berber.it@gmail•com> [2015-05-13 16:51]:
>But in example you do generate in on the *server*:
>
>*server% ./utils/newclient.sh Alice
>Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
>
>And this is what I did.

You did everything fine. And documentation is correct too:

* You generate peers-subdirectory for client, and client's identity. But
  this directory currently does not contain "verifier"
* You must send your client its identity, it generates verifier and
  sends it back to server
* Server saves received verifier (because only client must know his
  password) in its corresponding peers directory

Thanks again for your feedback!

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 14:09                   ` stargrave
@ 2015-05-13 14:55                     ` Alan Holt
  2015-05-13 16:52                       ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-13 14:55 UTC (permalink / raw)
  To: Alan Holt, govpn-devel


[-- Attachment #1.1: Type: text/plain, Size: 3836 bytes --]

*Hello,*

*now server and client are up.*

*SERVER:*
root@calvin:~/govpn# ./govpn-server -bind 172.25.60.62:1194 -mtu 1472
2015/05/13 14:24:24.291786 identify.go:133: Adding key
28c3d9d4f4a6fbf27686212a7e220003
2015/05/13 14:24:24.292009 main.go:120: GoVPN version 3.2 built with go1.2.1
2015/05/13 14:24:24.292046 main.go:121: Max MTU on TAP interface: 1432
2015/05/13 14:24:24.292074 main.go:130: Server started

2015/05/13 14:27:27.731480 main.go:225: Peer handshake finished
28c3d9d4f4a6fbf27686212a7e220003:172.25.60.63:59918
2015/05/13 14:27:27.736285 main.go:181: Registered interface  with peer
28c3d9d4f4a6fbf27686212a7e220003:172.25.60.63:59918

*CLIENT:*
root@farengeit:~/govpn# ./govpn-client -key key.txt -id
28c3d9d4f4a6fbf27686212a7e220003 -iface tap10 -remote 172.25.60.62:1194
-mtu 1472
2015/05/13 14:27:27.782777 main.go:104: GoVPN version 3.2 built with go1.2.1
2015/05/13 14:27:27.783612 main.go:105: Max MTU on TAP interface: 1432
2015/05/13 14:27:27.783878 main.go:118: Starting handshake
2015/05/13 14:27:27.810347 main.go:163: Handshake completed

*But there is no traffic go trough the tunnel at all. *
*Server: 172.16.0.1*
*Client: 172.16.0.2*

*You can see on attached screenshot that both interface are up.*

*Ping FROM client TO server:*
root@farengeit:~# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
>From 172.16.0.2 icmp_seq=1 Destination Host Unreachable
>From 172.16.0.2 icmp_seq=2 Destination Host Unreachable
>From 172.16.0.2 icmp_seq=3 Destination Host Unreachable

*Routing table on client is OK:*
root@farengeit:~# ip route show
default via 172.25.60.254 dev eth0
172.16.0.0/24 dev tap10  proto kernel  scope link  src 172.16.0.2
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.42.1
172.25.60.0/24 dev eth0  proto kernel  scope link  src 172.25.60.63

root@farengeit:~# ip route get 172.16.0.1
172.16.0.1 dev tap10  src 172.16.0.2
    cache

*Tcpdump from client:*
root@farengeit:~# tcpdump -i tap10 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap10, link-type EN10MB (Ethernet), capture size 65535 bytes
17:53:12.533350 ARP, Request who-has 172.16.0.1 tell 172.16.0.2, length 28
17:53:13.529803 ARP, Request who-has 172.16.0.1 tell 172.16.0.2, length 28
17:53:14.529830 ARP, Request who-has 172.16.0.1 tell 172.16.0.2, length 28

*Tcp dump on server show no traffic at all: *
root@calvin:~# tcpdump -i tap10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap10, link-type EN10MB (Ethernet), capture size 65535 bytes

Looks like no traffic can go trough the tunnel.
Firewall are disabled on both VMs of course.



On Wed, May 13, 2015 at 5:09 PM, <stargrave@stargrave•org> wrote:

> Greetings,
>
> *** Alan Holt <berber.it@gmail•com> [2015-05-13 16:51]:
> >But in example you do generate in on the *server*:
> >
> >*server% ./utils/newclient.sh Alice
> >Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
> >
> >And this is what I did.
>
> You did everything fine. And documentation is correct too:
>
> * You generate peers-subdirectory for client, and client's identity. But
>   this directory currently does not contain "verifier"
> * You must send your client its identity, it generates verifier and
>   sends it back to server
> * Server saves received verifier (because only client must know his
>   password) in its corresponding peers directory
>
> Thanks again for your feedback!
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #1.2: Type: text/html, Size: 5649 bytes --]

[-- Attachment #2: ScreenShot.png --]
[-- Type: image/png, Size: 114718 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 14:55                     ` Alan Holt
@ 2015-05-13 16:52                       ` stargrave
  2015-05-14  8:30                         ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-13 16:52 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 812 bytes --]

Greetings,

*** Alan Holt [2015-05-13 18:21]:
>*You can see on attached screenshot that both interface are up.*

But interface on the server side is no "RUNNING", as client's do.
Does up.sh in server's peer subdirectory contain something like echo
tap10? Will "ifconfig tap10 up" (or "ip link set up dev tap10") help?

>Looks like no traffic can go trough the tunnel.

I think that tunnel works (you can listen tcpdump over unencrypted
network part), but server's TAP is not running.

In FreeBSD I had to turn sysctl options:

    net.link.tap.user_open=1
    net.link.tap.up_on_open=1

The second one up-s the interface when tap device is opened. Maybe
something similar is needed under GNU/Linux (currently I do not have any
working under the hand).

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-13 16:52                       ` stargrave
@ 2015-05-14  8:30                         ` Alan Holt
  2015-05-14  9:22                           ` Alan Holt
  2015-05-14 13:25                           ` stargrave
  0 siblings, 2 replies; 29+ messages in thread
From: Alan Holt @ 2015-05-14  8:30 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 4754 bytes --]

Hello,

yes it works fine now.
In some reason I have high pings:

root@farengeit:~# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=*4.36* ms
64 bytes from 172.16.0.1: icmp_seq=4 ttl=64 time=3.75 ms
64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=*4.70* ms
64 bytes from 172.16.0.1: icmp_seq=6 ttl=64 time=3.76 ms
64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=*4.39* ms

Both machines are on the same laptop, if you remember
Also I created user manual.
I will publish this on my blog too.


Example of Usage on Ubuntu 14.04 or Centos 6.6

Both VMs are Ubuntu Server:

*Server EXT IP:* 172.25.60.62
*Client EXT IP:* 172.25.60.63

*====INSTALLATION PART=====*

Install dependencies:
# apt-get install uml-utilities
# apt-get install golang

*====COMPILATION PART=====*

On both *CLIENT *and *SERVER *do:

Download tarball here:
http://www.cypherpunks.ru/govpn/Prepared-tarballs.html#Prepared-tarballs

Fore example last stable:
# wget http://www.cypherpunks.ru/govpn/download/govpn-3.2.tar.xz

Extract archive and compile the code
# tar xvf govpn-3.2.tar.xz
# cd govpn-3.2
# mkdir -p peers
# make

On *SERVER*:
This is number of CPU's
# export GOMAXPROC=4
# cd govpn-3.2

Create new client:
# ./utils/newclient.sh Alice
Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier

6d4ac605ce8dc37c2f0bf21cb542a713 - This is Client ID

On *CLIENT*:
# ./utils/storekey.sh /tmp/passphrase
Enter passphrase:[my secure passphrase is here]

Id - this is number generated on server with script newclient.sh:
# govpn-verifier -id 6d4ac605ce8dc37c2f0bf21cb542a713 -key /tmp/passphrase
562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55

562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 - this
number is verifier

Remove file:
# rm /tmp/passphrase

On *SERVER*:
# cd govpn-3.2

Put verifier to file and save it:
# vim peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55

*====RUN PART=====*

On *SERVER*:
# echo "echo tap10" >> peers/6d4ac605ce8dc37c2f0bf21cb542a713/up.sh
# tunctl -t tap10
# ip link set mtu 1432 dev tap10
# ip addr add 172.16.0.1/24 dev tap10
# ip link set up dev tap10=
# ifconfig tap10 up
# ifup tap10

Run the daemon:
# govpn-server -bind 172.25.60.62:1194 -mtu 1472

On *CLIENT*:
# umask 066
# utils/storekey.sh key.txt
# tunctl -t tap10
# ip link set mtu 1432 dev tap10
# ip addr add 172.16.0.2/24 dev tap10
# ip link set up dev tap10
# ip route add default via 172.16.0.1
# ifconfig tap10 up
# ifup tap10

Run the daemon:
# govpn-client -key key.txt -id 6d4ac605ce8dc37c2f0bf21cb542a713 -iface
tap10 -remote 172.25.60.62:1194 -mtu 1472

Check that tunnel works, do ping from CLIENT to SERVER:
# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=4.36 ms

======================================================================

I will continue test to see how stable is tunnel and why pings are so high.
Also I will create tunnel between machines in USA and ISRAEL to check its
performance.
In future, I want to create deb and rpm packages for it too, but before
need to do checks

Alex.




On Wed, May 13, 2015 at 7:52 PM, <stargrave@stargrave•org> wrote:

> Greetings,
>
> *** Alan Holt [2015-05-13 18:21]:
> >*You can see on attached screenshot that both interface are up.*
>
> But interface on the server side is no "RUNNING", as client's do.
> Does up.sh in server's peer subdirectory contain something like echo
> tap10? Will "ifconfig tap10 up" (or "ip link set up dev tap10") help?
>
> >Looks like no traffic can go trough the tunnel.
>
> I think that tunnel works (you can listen tcpdump over unencrypted
> network part), but server's TAP is not running.
>
> In FreeBSD I had to turn sysctl options:
>
>     net.link.tap.user_open=1
>     net.link.tap.up_on_open=1
>
> The second one up-s the interface when tap device is opened. Maybe
> something similar is needed under GNU/Linux (currently I do not have any
> working under the hand).
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 7537 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-14  8:30                         ` Alan Holt
@ 2015-05-14  9:22                           ` Alan Holt
  2015-05-14 12:34                             ` stargrave
  2015-05-14 13:25                           ` stargrave
  1 sibling, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-14  9:22 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 6815 bytes --]

Hello,

I did some tests and I see that pings are ok and I think the speed of
tunnel too.

*GoVPN*

root@farengeit:~# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.14 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=3.82 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=4.30 ms
64 bytes from 172.16.0.1: icmp_seq=4 ttl=64 time=2.09 ms
64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=2.85 ms
64 bytes from 172.16.0.1: icmp_seq=6 ttl=64 time=1.85 ms
64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=3.14 ms
64 bytes from 172.16.0.1: icmp_seq=8 ttl=64 time=1.31 ms
^C
--- 172.16.0.1 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7018ms
rtt min/avg/max/mdev = 1.143/2.565/4.301/1.080 ms
root@farengeit:~#
root@farengeit:~#
root@farengeit:~#


*PPPD over SSH*

root@farengeit:~# ping 10.0.8.2
PING 10.0.8.2 (10.0.8.2) 56(84) bytes of data.
64 bytes from 10.0.8.2: icmp_seq=1 ttl=64 time=1.56 ms
64 bytes from 10.0.8.2: icmp_seq=2 ttl=64 time=3.76 ms
64 bytes from 10.0.8.2: icmp_seq=3 ttl=64 time=3.53 ms
64 bytes from 10.0.8.2: icmp_seq=4 ttl=64 time=3.71 ms
64 bytes from 10.0.8.2: icmp_seq=5 ttl=64 time=4.35 ms
64 bytes from 10.0.8.2: icmp_seq=6 ttl=64 time=4.03 ms
64 bytes from 10.0.8.2: icmp_seq=7 ttl=64 time=4.08 ms
64 bytes from 10.0.8.2: icmp_seq=8 ttl=64 time=3.75 ms

I should do more test with remote machines.


On Thu, May 14, 2015 at 11:30 AM, Alan Holt <berber.it@gmail•com> wrote:

> Hello,
>
> yes it works fine now.
> In some reason I have high pings:
>
> root@farengeit:~# ping 172.16.0.1
> PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
> 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms
> 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms
> 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=*4.36* ms
> 64 bytes from 172.16.0.1: icmp_seq=4 ttl=64 time=3.75 ms
> 64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=*4.70* ms
> 64 bytes from 172.16.0.1: icmp_seq=6 ttl=64 time=3.76 ms
> 64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=*4.39* ms
>
> Both machines are on the same laptop, if you remember
> Also I created user manual.
> I will publish this on my blog too.
>
>
> Example of Usage on Ubuntu 14.04 or Centos 6.6
>
> Both VMs are Ubuntu Server:
>
> *Server EXT IP:* 172.25.60.62
> *Client EXT IP:* 172.25.60.63
>
> *====INSTALLATION PART=====*
>
> Install dependencies:
> # apt-get install uml-utilities
> # apt-get install golang
>
> *====COMPILATION PART=====*
>
> On both *CLIENT *and *SERVER *do:
>
> Download tarball here:
> http://www.cypherpunks.ru/govpn/Prepared-tarballs.html#Prepared-tarballs
>
> Fore example last stable:
> # wget http://www.cypherpunks.ru/govpn/download/govpn-3.2.tar.xz
>
> Extract archive and compile the code
> # tar xvf govpn-3.2.tar.xz
> # cd govpn-3.2
> # mkdir -p peers
> # make
>
> On *SERVER*:
> This is number of CPU's
> # export GOMAXPROC=4
> # cd govpn-3.2
>
> Create new client:
> # ./utils/newclient.sh Alice
> Place verifier to peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
>
> 6d4ac605ce8dc37c2f0bf21cb542a713 - This is Client ID
>
> On *CLIENT*:
> # ./utils/storekey.sh /tmp/passphrase
> Enter passphrase:[my secure passphrase is here]
>
> Id - this is number generated on server with script newclient.sh:
> # govpn-verifier -id 6d4ac605ce8dc37c2f0bf21cb542a713 -key /tmp/passphrase
> 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55
>
> 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55 - this
> number is verifier
>
> Remove file:
> # rm /tmp/passphrase
>
> On *SERVER*:
> # cd govpn-3.2
>
> Put verifier to file and save it:
> # vim peers/6d4ac605ce8dc37c2f0bf21cb542a713/verifier
> 562556cc9ecf0019b4cf45bcdf42706944ae9b3ac7c73ad299d83f2d5a169c55
>
> *====RUN PART=====*
>
> On *SERVER*:
> # echo "echo tap10" >> peers/6d4ac605ce8dc37c2f0bf21cb542a713/up.sh
> # tunctl -t tap10
> # ip link set mtu 1432 dev tap10
> # ip addr add 172.16.0.1/24 dev tap10
> # ip link set up dev tap10=
> # ifconfig tap10 up
> # ifup tap10
>
> Run the daemon:
> # govpn-server -bind 172.25.60.62:1194 -mtu 1472
>
> On *CLIENT*:
> # umask 066
> # utils/storekey.sh key.txt
> # tunctl -t tap10
> # ip link set mtu 1432 dev tap10
> # ip addr add 172.16.0.2/24 dev tap10
> # ip link set up dev tap10
> # ip route add default via 172.16.0.1
> # ifconfig tap10 up
> # ifup tap10
>
> Run the daemon:
> # govpn-client -key key.txt -id 6d4ac605ce8dc37c2f0bf21cb542a713 -iface
> tap10 -remote 172.25.60.62:1194 -mtu 1472
>
> Check that tunnel works, do ping from CLIENT to SERVER:
> # ping 172.16.0.1
> PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
> 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1.15 ms
> 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=2.24 ms
> 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=4.36 ms
>
> ======================================================================
>
> I will continue test to see how stable is tunnel and why pings are so high.
> Also I will create tunnel between machines in USA and ISRAEL to check its
> performance.
> In future, I want to create deb and rpm packages for it too, but before
> need to do checks
>
> Alex.
>
>
>
>
> On Wed, May 13, 2015 at 7:52 PM, <stargrave@stargrave•org> wrote:
>
>> Greetings,
>>
>> *** Alan Holt [2015-05-13 18:21]:
>> >*You can see on attached screenshot that both interface are up.*
>>
>> But interface on the server side is no "RUNNING", as client's do.
>> Does up.sh in server's peer subdirectory contain something like echo
>> tap10? Will "ifconfig tap10 up" (or "ip link set up dev tap10") help?
>>
>> >Looks like no traffic can go trough the tunnel.
>>
>> I think that tunnel works (you can listen tcpdump over unencrypted
>> network part), but server's TAP is not running.
>>
>> In FreeBSD I had to turn sysctl options:
>>
>>     net.link.tap.user_open=1
>>     net.link.tap.up_on_open=1
>>
>> The second one up-s the interface when tap device is opened. Maybe
>> something similar is needed under GNU/Linux (currently I do not have any
>> working under the hand).
>>
>> --
>> Happy hacking, Sergey Matveev
>>
>
>
>
> --
> *בברכה, *
> *אלכס ברבר*
>
> *+9 72 54 285 952 3*
> *www.linuxspace.org* <http://www.linuxspace.org>
> *--*
> *Best regards.*
> *Alex Berber*
> *+9 72 54 285 952 3*
> *www.linuxspace.org* <http://www.linuxspace.org/>
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 11142 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-14  9:22                           ` Alan Holt
@ 2015-05-14 12:34                             ` stargrave
  0 siblings, 0 replies; 29+ messages in thread
From: stargrave @ 2015-05-14 12:34 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 403 bytes --]

Greetings,

*** Alan Holt [2015-05-14 12:36]:
>I did some tests and I see that pings are ok and I think the speed of
>tunnel too.

Ah, I see. Great. Well, packet delay is possible, because of Go garbage
collector. I tested GoVPN 3.1 with netperf between notebook with Intel
i5 CPU and Xeon-based server over gigabit Ethernet: it gave 366 Mbps
throughput.

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-14  8:30                         ` Alan Holt
  2015-05-14  9:22                           ` Alan Holt
@ 2015-05-14 13:25                           ` stargrave
  2015-05-14 13:32                             ` Alan Holt
  1 sibling, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-14 13:25 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 566 bytes --]

Greetings,

*** Alan Holt [2015-05-14 11:48]:
>Also I created user manual.

Thank you very much! I made a commit based on your style:
https://github.com/stargrave/govpn/commit/530cdffccf0c60a0daa8cc7e0be49aae4c44701b

>In future, I want to create deb and rpm packages for it too, but before
>need to do checks

That will be great! I know that Arch Linux port exists: https://aur.archlinux.org/packages/govpn/
And I created port for FreeBSD several days ago: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200105

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-14 13:25                           ` stargrave
@ 2015-05-14 13:32                             ` Alan Holt
  2015-05-14 14:11                               ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2015-05-14 13:32 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 1373 bytes --]

hi,

yes, but first we should complete full stack of checks, to be sure of
stability, performance and security.
As you saw, it was hard a bit, even to run server and client, so may be
it's good Idea to make it a bit more user friendly.

Also, I found on your site, that GoVPN contain web-server that can show
statistics of server.
how do I run it?
what does it show to me? traffic? peers? connection issues?

this feature could be great.








On Thu, May 14, 2015 at 4:25 PM, <stargrave@stargrave•org> wrote:

> Greetings,
>
> *** Alan Holt [2015-05-14 11:48]:
> >Also I created user manual.
>
> Thank you very much! I made a commit based on your style:
>
> https://github.com/stargrave/govpn/commit/530cdffccf0c60a0daa8cc7e0be49aae4c44701b
>
> >In future, I want to create deb and rpm packages for it too, but before
> >need to do checks
>
> That will be great! I know that Arch Linux port exists:
> https://aur.archlinux.org/packages/govpn/
> And I created port for FreeBSD several days ago:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200105
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*

*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*+9 72 54 285 952 3*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 2525 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-14 13:32                             ` Alan Holt
@ 2015-05-14 14:11                               ` stargrave
  2016-01-19 19:04                                 ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2015-05-14 14:11 UTC (permalink / raw)
  To: Alan Holt; +Cc: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 1328 bytes --]

Greetings,

*** Alan Holt [2015-05-14 16:39]:
>As you saw, it was hard a bit, even to run server and client, so may be
>it's good Idea to make it a bit more user friendly.

The main trouble as I saw is that currently I do not have enough time to
check it with GNU/Linux systems.

>Also, I found on your site, that GoVPN contain web-server that can show
>statistics of server.
>how do I run it?
>what does it show to me? traffic? peers? connection issues?

Yes, exactly that kind of metrics. http://www.cypherpunks.ru/govpn/Stats.html
You just specify -stats host:port argument and that is all. For example:

% curl -q http://localhost:5678/ | jq .
[
  {
    "HeartbeatSent": 1,
    "HeartbeatRecv": 2,
    "LastSent": "2015-05-14T17:09:59.389331817+03:00",
    "LastPing": "2015-05-14T17:09:59.394971856+03:00",
    "Established": "2015-05-14T17:08:47.005758754+03:00",
    "Noncediff": 1,
    "CPR": 0,
    "NoiseEnable": false,
    "Id": "e1cad298c479175daf28169db230d1a6",
    "Addr": {
      "Zone": "",
      "Port": 1194,
      "IP": "1.2.3.4"
    },
    "BytesIn": 8347,
    "BytesOut": 1794,
    "BytesPayloadIn": 6475,
    "BytesPayloadOut": 1326,
    "FramesIn": 72,
    "FramesOut": 18,
    "FramesUnauth": 0,
    "FramesDup": 0
  }
]

-- 
Happy hacking, Sergey Matveev

[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2015-05-14 14:11                               ` stargrave
@ 2016-01-19 19:04                                 ` Alan Holt
  2016-01-19 22:08                                   ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2016-01-19 19:04 UTC (permalink / raw)
  To: Alan Holt, govpn-devel

[-- Attachment #1: Type: text/plain, Size: 2764 bytes --]

Hello Sergey Matveev,

how are you?
I am trying to test new version of GoVPN 5.2 client and server.
But seems like there is a lot of questions.

I can't even compile it on (Ubuntu 14.04.3 LTS) and Centos 6 with this
error, can you help please?

alex@alex-XPS:~/govpn/govpn-5.2$ make
GOPATH=/home/alex/govpn/govpn-5.2 go build -ldflags "-X govpn.Version=5.2"
govpn/cmd/govpn-client
# govpn
src/govpn/peer.go:381: undefined: bytes.LastIndexByte
src/govpn/verifier.go:83: undefined: base64.RawStdEncoding
src/govpn/verifier.go:93: undefined: base64.RawStdEncoding
src/govpn/verifier.go:108: undefined: base64.RawStdEncoding
src/govpn/verifier.go:117: undefined: base64.RawStdEncoding
make: *** [govpn-client] Error 2

On FreeBSD and Arch it compiled well, but interesting to know which
dependencies are missing.
Thank you.

After I want to test it on Ubuntu\Centos\Arch\FreeBSD
My regards.


On Thu, May 14, 2015 at 5:11 PM, <stargrave@stargrave•org> wrote:

> Greetings,
>
> *** Alan Holt [2015-05-14 16:39]:
> >As you saw, it was hard a bit, even to run server and client, so may be
> >it's good Idea to make it a bit more user friendly.
>
> The main trouble as I saw is that currently I do not have enough time to
> check it with GNU/Linux systems.
>
> >Also, I found on your site, that GoVPN contain web-server that can show
> >statistics of server.
> >how do I run it?
> >what does it show to me? traffic? peers? connection issues?
>
> Yes, exactly that kind of metrics.
> http://www.cypherpunks.ru/govpn/Stats.html
> You just specify -stats host:port argument and that is all. For example:
>
> % curl -q http://localhost:5678/ | jq .
> [
>   {
>     "HeartbeatSent": 1,
>     "HeartbeatRecv": 2,
>     "LastSent": "2015-05-14T17:09:59.389331817+03:00",
>     "LastPing": "2015-05-14T17:09:59.394971856+03:00",
>     "Established": "2015-05-14T17:08:47.005758754+03:00",
>     "Noncediff": 1,
>     "CPR": 0,
>     "NoiseEnable": false,
>     "Id": "e1cad298c479175daf28169db230d1a6",
>     "Addr": {
>       "Zone": "",
>       "Port": 1194,
>       "IP": "1.2.3.4"
>     },
>     "BytesIn": 8347,
>     "BytesOut": 1794,
>     "BytesPayloadIn": 6475,
>     "BytesPayloadOut": 1326,
>     "FramesIn": 72,
>     "FramesOut": 18,
>     "FramesUnauth": 0,
>     "FramesDup": 0
>   }
> ]
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 4525 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-19 19:04                                 ` Alan Holt
@ 2016-01-19 22:08                                   ` stargrave
  2016-01-19 22:58                                     ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2016-01-19 22:08 UTC (permalink / raw)
  To: berber.it; +Cc: govpn-devel

Greetings!

*** Alan Holt <berber.it@gmail•com> [Tue, 19 Jan 2016 21:04:49 +0200]:
>how are you?

I am fine, thanks!

>src/govpn/peer.go:381: undefined: bytes.LastIndexByte
>src/govpn/verifier.go:83: undefined: base64.RawStdEncoding
>src/govpn/verifier.go:93: undefined: base64.RawStdEncoding
>src/govpn/verifier.go:108: undefined: base64.RawStdEncoding
>src/govpn/verifier.go:117: undefined: base64.RawStdEncoding
>make: *** [govpn-client] Error 2

I checked the building under Go 1.3.x. It fails with the same reason.
That means that GoVPN minimally requires at least Go 1.4. Seems that
Ubuntu and CentOS has an outdated Go versions. I will add minimal
requirements version to the documentation and the website. Thanks for
the note.

But I highly recommend to use at least 1.5 version -- it gives *very*
high performance boost!

>On FreeBSD and Arch it compiled well, but interesting to know which
>dependencies are missing.

Those operating systems have very fresh software versions, as a rule.

-- 
Happy hacking, Sergey Matveev

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-19 22:08                                   ` stargrave
@ 2016-01-19 22:58                                     ` Alan Holt
  2016-01-20  7:53                                       ` stargrave
  2016-01-21  9:43                                       ` stargrave
  0 siblings, 2 replies; 29+ messages in thread
From: Alan Holt @ 2016-01-19 22:58 UTC (permalink / raw)
  To: govpn-devel, Alan Holt

[-- Attachment #1: Type: text/plain, Size: 4369 bytes --]

Hi Sergey,

thanks for this small and useful note, you were right!
I downloaded latest version of Go (*go1.5.3.src.tar.gz*) from official site
and compiled *govpn-5.2 *successfully.

*Now I have 3 utilities in root directory: *
-rwxr-xr-x  1 root root 7693400 ינו 20 00:19 govpn-client
-rwxr-xr-x  1 root root 8523328 ינו 20 00:19 govpn-server
-rwxr-xr-x  1 root root 4658456 ינו 20 00:19 govpn-verifier

*And one script in ./utils : *
-rwx------ 1 1001 root 634 ינו 13 21:39 newclient.sh

*On server side I run this script and enter password:*
root@alan-XPS:~/govpn-5.2# ./utils/newclient.sh alan
Your client verifier is: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg
Place the following YAML configuration entry on the server's side:

    alan:
        up: /path/to/up.sh
        iface: or TAP interface name
        verifier: Passphrase:
$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U

*After I created file in main directory called peers.yaml and put all this
strings inside:*
root@alan-XPS:~/govpn-5.2# cat peers.yaml
alan:
    up: /path/to/up.sh
    iface: tap10
    verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg
    Passphrase:
$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U

*Should I change iface option here to my virtual interface tap10? *
*What should I put in (*up: /path/to/up.sh*): ? *

*As I understand, I should bring up interface tap10. *
*So I did it:*

root@alan-XPS:~/govpn-5.2# sudo ip tuntap add dev eth10 mode tap
root@alan-XPS:~/govpn-5.2# ip link set mtu 1432 dev tap10
root@alan-XPS:~/govpn-5.2# ip addr add 172.16.0.1/24 dev tap10
root@alan-XPS:~/govpn-5.2# ifconfig tap10 up
root@alan-XPS:~/govpn-5.2# ifup tap10
root@alan-XPS:~/govpn-5.2# ip addr show tap10
6: tap10: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc pfifo_fast
state DOWN group default qlen 500
    link/ether a6:9c:68:0c:a4:b5 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/24 scope global tap10
       valid_lft forever preferred_lft forever

*And here we go with daemon: *
root@alan-XPS:~/govpn-5.2# ./govpn-server -bind 192.168.0.103:1194
2016/01/20 00:51:33.154774 main.go:46: GoVPN version 5.2 built with go1.5.3
2016/01/20 00:51:33.155121 identify.go:70: Adding key
27683b9a52f7dca1f0df8a83ab42f912
2016/01/20 00:51:33.155230 udp.go:51: Listening on UDP:192.168.0.103:1194
2016/01/20 00:51:33.155296 main.go:85: Server started

*Am I do right? *
*And how should I star client? *

*In govpn-verifier I found this: *
root@alan-XPS:~/govpn-5.2# ./govpn-verifier --help
  -key string
    Path to passphrase file

*But I don't really understand, how I should connect to server.*
*Could you please to help with this part?*
*Thank you.*

On Wed, Jan 20, 2016 at 12:08 AM, <stargrave@stargrave•org> wrote:

> Greetings!
>
> *** Alan Holt <berber.it@gmail•com> [Tue, 19 Jan 2016 21:04:49 +0200]:
> >how are you?
>
> I am fine, thanks!
>
> >src/govpn/peer.go:381: undefined: bytes.LastIndexByte
> >src/govpn/verifier.go:83: undefined: base64.RawStdEncoding
> >src/govpn/verifier.go:93: undefined: base64.RawStdEncoding
> >src/govpn/verifier.go:108: undefined: base64.RawStdEncoding
> >src/govpn/verifier.go:117: undefined: base64.RawStdEncoding
> >make: *** [govpn-client] Error 2
>
> I checked the building under Go 1.3.x. It fails with the same reason.
> That means that GoVPN minimally requires at least Go 1.4. Seems that
> Ubuntu and CentOS has an outdated Go versions. I will add minimal
> requirements version to the documentation and the website. Thanks for
> the note.
>
> But I highly recommend to use at least 1.5 version -- it gives *very*
> high performance boost!
>
> >On FreeBSD and Arch it compiled well, but interesting to know which
> >dependencies are missing.
>
> Those operating systems have very fresh software versions, as a rule.
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 6519 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-19 22:58                                     ` Alan Holt
@ 2016-01-20  7:53                                       ` stargrave
  2016-01-21  9:43                                       ` stargrave
  1 sibling, 0 replies; 29+ messages in thread
From: stargrave @ 2016-01-20  7:53 UTC (permalink / raw)
  To: berber.it; +Cc: govpn-devel

Greetings!

*** Alan Holt <berber.it@gmail•com> [Wed, 20 Jan 2016 00:58:49 +0200]:
>root@alan-XPS:~/govpn-5.2# ./utils/newclient.sh alan
>Your client verifier is: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg
>Place the following YAML configuration entry on the server's side:
>
>    alan:
>        up: /path/to/up.sh
>        iface: or TAP interface name
>        verifier: Passphrase:
>$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U

Damn it, I found bug here. When you start newclient.sh, it starts
govpn-verifier that prints "Passphrase:" and waits when you enter it.
But because of output buffering you will see "Passphrase:" line later,
included in the output of an example YAML file. I will fix it. In your
case example YAML will be:

alan:
    up: /path/to/up.sh
    iface: or TAP interface name
    verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U

>*Should I change iface option here to my virtual interface tap10? *

GoVPN can not create interfaces itself. Either you have to create it
manually and tell GoVPN what already existing interface it should use
(by specifying "iface"), or you have to print in the first output line
interface name when executing up.sh. Up.sh is an optional thing: it is
just a hook that will be executed when the peer connects. At least
either one of "iface", or "up" must be specified. If "iface" is
specified, then "up" is optional.

As I can see, you manually created tap10 interface and configured
network addresses on it, so up.sh script may be omitted and only iface
specified:

alan:
    iface: tap10
    verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U

(only 3 lines).

>*What should I put in (*up: /path/to/up.sh*): ? *

If you have preconfigured network interface and do not execute any
hooks/commands after the peer is connected, then you may forget about
up.sh at all.

>*Am I do right? *

Yeah. Except maybe invalid YAML with those "Passphrase:" (it is my
fault). "verifier" key contains "$argon2..." string only.

>*And how should I star client? *

Something like this:

govpn-client \
    -verifier '$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg' \
    -remote 192.168.0.103:1194 \
    -iface tap10

I assume that you have got preconfigured tap10 interface on the client
too. If you do not specify -key, then you will be asked about passphrase
to enter it manually when govpn-client starts.

-- 
Happy hacking, Sergey Matveev

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-19 22:58                                     ` Alan Holt
  2016-01-20  7:53                                       ` stargrave
@ 2016-01-21  9:43                                       ` stargrave
  2016-01-28 10:26                                         ` Alan Holt
  1 sibling, 1 reply; 29+ messages in thread
From: stargrave @ 2016-01-21  9:43 UTC (permalink / raw)
  To: berber.it; +Cc: govpn-devel

*** Alan Holt <berber.it@gmail•com> [Wed, 20 Jan 2016 00:58:49 +0200]:
>root@alan-XPS:~/govpn-5.2# cat peers.yaml
>alan:
>    up: /path/to/up.sh
>    iface: tap10
>    verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg
>    Passphrase:
>$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U

I fixed the issue that "Passphrase:" does not appear after newclient.sh
call and is included in example YAML output in 5.3 release.

Now the output is as expected:

    % ./utils/newclient.sh foobar
    Passphrase:[hello]

    Your client verifier is: $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg

    Place the following YAML configuration entry on the server's side:

        foobar:
            up: /path/to/up.sh
            iface: or TAP interface name
            verifier: $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY
    % ./govpn-verifier -verifier '$argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY'
    Passphrase:
    true

Thanks again for showing this issue!

-- 
Happy hacking, Sergey Matveev

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-21  9:43                                       ` stargrave
@ 2016-01-28 10:26                                         ` Alan Holt
  2016-01-28 10:46                                           ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2016-01-28 10:26 UTC (permalink / raw)
  To: govpn-devel, Alan Holt

[-- Attachment #1: Type: text/plain, Size: 5495 bytes --]

Hello Sergey,

thank you for this notes and sorry for long answer.
Yesterday evening we did check GoVPN(*5.3 tarball*) server in the field.

*We did test it in our local network (~100Mb) between two VMs.*
1 vm - Ubuntu14.04
1 vm - Arch
1 vm - Centos 7 as server in Amsterdam

After I got notes from you about configuring server and client, to get
tunnel running was really simple.

*My peers.yaml looks like:*
alan:
    iface: tap10
    verifier:
$argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ$tIAu7jX57mDll2hmK/xjoLyKJfozQivTvupmftT7VYY

*Can I add another client in the same file, like:*
alex:
    iface: tap10
    verifier:
$argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ$tIAu7jX57mDll2hmK/xjoLyKJfozQivTvupmftT7VYY

*My server run: *
# ./govpn-server -bind 172.25.60.72:1194
2016/01/28 11:24:58.152692 main.go:46: GoVPN version  built with go1.5.3
2016/01/28 11:24:58.153323 identify.go:70: Adding key
5e78349e86590bdbf7e04860ed115245
2016/01/28 11:24:58.153797 udp.go:51: Listening on UDP:172.25.60.72:1194
2016/01/28 11:24:58.154457 main.go:85: Server started

*My client run:*
# govpn-client -verifier '$argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ'
-remote=172.25.60.72:1194 -iface tap10

*Tests that we performed: *
*Ping in local network:*
# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
64 bytes from 172.16.0.2: icmp_seq=1 ttl=64 time=*2.03 *ms
64 bytes from 172.16.0.2: icmp_seq=2 ttl=64 time=*10.0* ms
64 bytes from 172.16.0.2: icmp_seq=3 ttl=64 time=*5.04* ms
64 bytes from 172.16.0.2: icmp_seq=4 ttl=64 time=*10.0* ms
64 bytes from 172.16.0.2: icmp_seq=5 ttl=64 time=*11.3* ms
64 bytes from 172.16.0.2: icmp_seq=6 ttl=64 time=*6.18* ms
64 bytes from 172.16.0.2: icmp_seq=7 ttl=64 time=*12.2* ms

*iperf test in local network:*
puppet root ~ # iperf -c 172.16.0.2
------------------------------------------------------------
Client connecting to 172.16.0.2, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[  3] local 172.16.0.1 port 55274 connected with 172.16.0.2 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   105 MBytes  *87.7* Mbits/sec

*Ping test VPN over Internet (Netherlands, Amsterdam<-> Israel, Tel-Aviv)
is good in SINGLE mode:*
# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1174 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=81.8 ms
64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=79.4 ms
64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=83.0 ms
64 bytes from 172.16.0.1: icmp_seq=8 ttl=64 time=88.9 ms
64 bytes from 172.16.0.1: icmp_seq=9 ttl=64 time=79.2 ms
64 bytes from 172.16.0.1: icmp_seq=10 ttl=64 time=87.7 ms
64 bytes from 172.16.0.1: icmp_seq=12 ttl=64 time=144 ms
64 bytes from 172.16.0.1: icmp_seq=13 ttl=64 time=98.0 ms

*In this case 2 clients from Tel-Aviv connected to the same server in
Amsterdam, one of users get disconnected:*

2016/01/28 10:14:16.503875 main.go:111: *Deleting peer*
71ec89cac70333cbeb37f5234bf847f9:93.157.86.36:45087

2016/01/28 10:14:16.527846 udp.go:173: Unknown identity from:
93.157.86.36:45087
2016/01/28 10:14:16.527921 udp.go:173: Unknown identity from:
93.157.86.36:45087
2016/01/28 10:14:17.528000 udp.go:173: Unknown identity from:
93.157.86.36:45087
2016/01/28 10:14:17.528077 udp.go:173: Unknown identity from:
93.157.86.36:45087
2016/01/28 10:14:18.528820 udp.go:173: Unknown identity from:
93.157.86.36:45087
2016/01/28 10:14:19.541059 udp.go:173: Unknown identity from:
93.157.86.36:45087
2016/01/28 10:14:20.530810 udp.go:173: Unknown identity from:
93.157.86.36:45087

*So how I do one server serf multiple clients?*
*Is it possible? *


On Thu, Jan 21, 2016 at 11:43 AM, <stargrave@stargrave•org> wrote:

> *** Alan Holt <berber.it@gmail•com> [Wed, 20 Jan 2016 00:58:49 +0200]:
> >root@alan-XPS:~/govpn-5.2# cat peers.yaml
> >alan:
> >    up: /path/to/up.sh
> >    iface: tap10
> >    verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg
> >    Passphrase:
>
> >$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U
>
> I fixed the issue that "Passphrase:" does not appear after newclient.sh
> call and is included in example YAML output in 5.3 release.
>
> Now the output is as expected:
>
>     % ./utils/newclient.sh foobar
>     Passphrase:[hello]
>
>     Your client verifier is:
> $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg
>
>     Place the following YAML configuration entry on the server's side:
>
>         foobar:
>             up: /path/to/up.sh
>             iface: or TAP interface name
>             verifier:
> $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY
>     % ./govpn-verifier -verifier
> '$argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY'
>     Passphrase:
>     true
>
> Thanks again for showing this issue!
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 9083 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-28 10:26                                         ` Alan Holt
@ 2016-01-28 10:46                                           ` stargrave
  2016-01-28 13:39                                             ` Alan Holt
  0 siblings, 1 reply; 29+ messages in thread
From: stargrave @ 2016-01-28 10:46 UTC (permalink / raw)
  To: berber.it; +Cc: govpn-devel

Greetings!

*** Alan Holt <berber.it@gmail•com> [Thu, 28 Jan 2016 12:26:35 +0200]:
>*Can I add another client in the same file, like:*
>alex:
>    iface: tap10

You can, but they must not share the same TAP interface.

>------------------------------------------------------------
>Client connecting to 172.16.0.2, TCP port 5001
>TCP window size: 45.0 KByte (default)
>------------------------------------------------------------
>[  3] local 172.16.0.1 port 55274 connected with 172.16.0.2 port 5001
>[ ID] Interval       Transfer     Bandwidth
>[  3]  0.0-10.0 sec   105 MBytes  *87.7* Mbits/sec

As I can see, not the full 100Mbps is used. This is because GoVPN
actually has relatively high delays. I assume that your CPU load was not
high, that means that it can process much more packets, but because of
delays, TCP layer has lower throughput.

I tested GoVPN 4.x with 1Gbps network between two notebooks with Intel
i5 CPU under FreeBSD 10.2 amd64 with Go 1.5.1. It gave me 786 Mbps of
throughput of UDP packets.

Delays is the main problem with performance in real-life applications. I
use GoVPN at home and scp over 1Gbps link give me 40-50 MiB/s throughput
over IPv6 endpoints. By the way, I do not know why, but GoVPN is slower
when using it over IPv6.

>*In this case 2 clients from Tel-Aviv connected to the same server in
>Amsterdam, one of users get disconnected:*

Yes, only one client can use single TAP interface.

>*So how I do one server serf multiple clients?*
>*Is it possible? *

Only one user per TAP-interface. If you want to connect them together,
then it can be done easily with the bridge/bond between those
interfaces. I do not currently have GNU/Linux under the hand, but it
should be like this:

    # brctl addbr bridge0
    # brctl addif bridge0 tap0
    # brctl addif bridge0 tap1

where tap0 is interface for the first user, tap1 is for the second.
Using up.sh, that is executed after client connects, you can do it
dynamically like this (only crude example):

    #!/bin/sh
    tapname=$(tunctl -u someuser)
    brctl addif bridge0 $tapname
    echo $tapname

here we create new TAP interface and add it to the bridge (to the
shared network interface) and echo it so GoVPN will understand what
TAP-interface it must use.

-- 
Happy hacking, Sergey Matveev

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-28 10:46                                           ` stargrave
@ 2016-01-28 13:39                                             ` Alan Holt
  2016-01-28 14:20                                               ` stargrave
  0 siblings, 1 reply; 29+ messages in thread
From: Alan Holt @ 2016-01-28 13:39 UTC (permalink / raw)
  To: govpn-devel, Alan Holt, Evgeny Shtranvasser

[-- Attachment #1: Type: text/plain, Size: 7398 bytes --]

Hello,

something pretty wrong for me...
*For two clients and one server we do this in peers.yaml:*
# cat peers.yaml
alex:
      iface: tap_alan
      verifier:
$argon2d$m=4096,t=128,p=1$ceyJyscDM8vrN/UjS/hH+Q$wbU/uMubJqSLsc1xZ6qNjTENuLLCU8XCWtj8YJ/hGls

jack:
      iface: tap_jack
      verifier:
$argon2d$m=4096,t=128,p=1$BJrUaLgW7/ogiuklIUOg0g$C/OcsEmxEUloibV45m4vY0MCvbNNvttqZmikpcBTivU

*We have created 3 interfaces:*
*br0*: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1432
        inet *172.16.0.5*  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::5414:2ff:fe16:a15b  prefixlen 64  scopeid 0x20<link>
        ether 56:14:02:16:a1:5b  txqueuelen 0  (Ethernet)
        RX packets 45  bytes 1260 (1.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5  bytes 438 (438.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
*tap_alan*:
        inet *172.16.0.2*  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::5414:2ff:fe16:a15b  prefixlen 64  scopeid 0x20<link>
        ether 56:14:02:16:a1:5b  txqueuelen 500  (Ethernet)
        RX packets 45  bytes 1890 (1.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 876 (876.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

*tap_jack*: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1432
        inet *172.16.0.1*  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::e86a:55ff:fe96:1fa  prefixlen 64  scopeid 0x20<link>
        ether ea:6a:55:96:01:fa  txqueuelen 500  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 32  bytes 1572 (1.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Where br0 should be bridge.
tap_alan for user alan.
tap_jack for user jack.

*that was done by 2 scripts, first to create bridge, second to create
users:*

*### Creating bridge ###*
*cat create_bidge.sh*
#!/bin/bash

ip link add name br0 type bridge
ip link set br0 up

*### adding users, set br0 master ###*

*cat add_govpn_user.sh*
#!/bin/bash

USER=$1
TAP=tap_${USER}
IPADDR=$2

ip tuntap add dev ${TAP} mode tap
ip link set mtu 1432 dev ${TAP}
ip addr add ${IPADDR} dev ${TAP}
ip link set ${TAP} up

ip link set ${TAP} master br0

*So as I understand, now bridge interface should route traffic between two
others interfaces?*
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
37.48.109.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
*172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0
tap_jack*
*172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0
tap_alex*

*Should I add br0 to routing table in some special way? *
4: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc noqueue state
DOWN mode DEFAULT
    link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff
5: tap_jack: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc pfifo_fast
master br0 stat
e DOWN mode DEFAULT qlen 500
    link/ether ea:6a:55:96:01:fa brd ff:ff:ff:ff:ff:ff
6: tap_alex: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc pfifo_fast
master br0 state DO
WN mode DEFAULT qlen 500
    link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff

*So we have this schema: *
CLIENT: user_alex IP 172.16.0.1
CLIENT: user_jack IP 172.16.0.2

*SERVER: *
br0 IP 172.16.0.5
tap_jack IP  172.16.0.101
tap_alex IP 172.16.0.102

*Connection is established successfully.*
*But no luck with ping from client user_alex to server interface br0*

# ping 172.16.0.5
PING 172.16.0.5 (172.16.0.5) 56(84) bytes of data.
>From 172.16.0.102 icmp_seq=1 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=2 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=3 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=4 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=5 Destination Host Unreachable

*Also I can't ping "my" interface on the server:*
# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
>From 172.16.0.102 icmp_seq=1 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=2 Destination Host Unreachable

*Server works like a router: *
vim /etc/sysctl.conf
net.ipv4.ip_forward=1

*What I am doing wrong? *


On Thu, Jan 28, 2016 at 12:46 PM, <stargrave@stargrave•org> wrote:

> Greetings!
>
> *** Alan Holt <berber.it@gmail•com> [Thu, 28 Jan 2016 12:26:35 +0200]:
> >*Can I add another client in the same file, like:*
> >alex:
> >    iface: tap10
>
> You can, but they must not share the same TAP interface.
>
> >------------------------------------------------------------
> >Client connecting to 172.16.0.2, TCP port 5001
> >TCP window size: 45.0 KByte (default)
> >------------------------------------------------------------
> >[  3] local 172.16.0.1 port 55274 connected with 172.16.0.2 port 5001
> >[ ID] Interval       Transfer     Bandwidth
> >[  3]  0.0-10.0 sec   105 MBytes  *87.7* Mbits/sec
>
> As I can see, not the full 100Mbps is used. This is because GoVPN
> actually has relatively high delays. I assume that your CPU load was not
> high, that means that it can process much more packets, but because of
> delays, TCP layer has lower throughput.
>
> I tested GoVPN 4.x with 1Gbps network between two notebooks with Intel
> i5 CPU under FreeBSD 10.2 amd64 with Go 1.5.1. It gave me 786 Mbps of
> throughput of UDP packets.
>
> Delays is the main problem with performance in real-life applications. I
> use GoVPN at home and scp over 1Gbps link give me 40-50 MiB/s throughput
> over IPv6 endpoints. By the way, I do not know why, but GoVPN is slower
> when using it over IPv6.
>
> >*In this case 2 clients from Tel-Aviv connected to the same server in
> >Amsterdam, one of users get disconnected:*
>
> Yes, only one client can use single TAP interface.
>
> >*So how I do one server serf multiple clients?*
> >*Is it possible? *
>
> Only one user per TAP-interface. If you want to connect them together,
> then it can be done easily with the bridge/bond between those
> interfaces. I do not currently have GNU/Linux under the hand, but it
> should be like this:
>
>     # brctl addbr bridge0
>     # brctl addif bridge0 tap0
>     # brctl addif bridge0 tap1
>
> where tap0 is interface for the first user, tap1 is for the second.
> Using up.sh, that is executed after client connects, you can do it
> dynamically like this (only crude example):
>
>     #!/bin/sh
>     tapname=$(tunctl -u someuser)
>     brctl addif bridge0 $tapname
>     echo $tapname
>
> here we create new TAP interface and add it to the bridge (to the
> shared network interface) and echo it so GoVPN will understand what
> TAP-interface it must use.
>
> --
> Happy hacking, Sergey Matveev
>



-- 
*בברכה, *
*אלכס ברבר*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org/>

[-- Attachment #2: Type: text/html, Size: 10224 bytes --]

^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [Govpn-devel] build from last tarball
  2016-01-28 13:39                                             ` Alan Holt
@ 2016-01-28 14:20                                               ` stargrave
  0 siblings, 0 replies; 29+ messages in thread
From: stargrave @ 2016-01-28 14:20 UTC (permalink / raw)
  To: berber.it; +Cc: jackalsh, govpn-devel

Greetings!

*** Alan Holt <berber.it@gmail•com> [Thu, 28 Jan 2016 15:39:57 +0200]:
>Where br0 should be bridge.
>tap_alan for user alan.
>tap_jack for user jack.

The main mistake that bridge is layer 2 thing, so it is not related to
routing. Bridge is like Ethernet switch, like Ethernet hub. Adding
interface to bridge is lake a plugging another Ethernet cable to the
switch. So, if you just want to make two clients "see" each other: then
you just add their TAP interfaces to the bridge and that is all -- no
routing or IPv4/IPv6 address adding is needed.

When I used GNU/Linux for the last time, I did not know about "ip link
set mode" and "ip link set master" commands. That is why I just not sure
about them. I have get some RedHat GNU/Linux and creating tap interfaces
and adding them to the bridge goes like this:

[root@android-55c141cf9c0088ac ~]# brctl addbr br0
[root@android-55c141cf9c0088ac ~]# tunctl
Set 'tap0' persistent and owned by uid 0
[root@android-55c141cf9c0088ac ~]# tunctl
Set 'tap1' persistent and owned by uid 0
[root@android-55c141cf9c0088ac ~]# brctl addif br0 tap0
[root@android-55c141cf9c0088ac ~]# brctl addif br0 tap1
[root@android-55c141cf9c0088ac ~]# brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.5295922bc262       no              tap0
                                                        tap1
[root@android-55c141cf9c0088ac ~]# ifconfig br0
br0       Link encap:Ethernet  HWaddr 52:95:92:2B:C2:62
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
[root@android-55c141cf9c0088ac ~]# ip link
3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
    link/ether 52:95:92:2b:c2:62 brd ff:ff:ff:ff:ff:ff
4: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br0 state DOWN mode DEFAULT group default qlen 500
    link/ether 52:95:92:2b:c2:62 brd ff:ff:ff:ff:ff:ff
5: tap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br0 state DOWN mode DEFAULT group default qlen 500
    link/ether 8a:65:bf:0c:f6:7f brd ff:ff:ff:ff:ff:ff

Pay attention that neither ifconfig, nor ip link shows that br0 has
tap0/tap1. Maybe I have got an outdated versions, but brctl was the
native tool. I mean that I am not sure that "ip link set master" works
like brctl addif.

So, in your case I would check "brctl show br0" output and be sure that
tap interfaces are bridged. If user_alex set 172.16.0.1 on one side, and
user_jack set 172.16.0.2 on his side, then they should be able to ping
themselves through the server -- and no IP-configuration on it is
needed neither on br0, nor on tap interfaces. This is Layer2, not
Layer3!

If you want to interact with the server too, then you must set an IP
address (ifconfig br0 inet 172.16.0.5/24) only on br0 interface, without
touching tap-interfaces.

Sorry for repeating again :-), but: bridge interfaces are like Ethernet
switches: you just plug interfaces to it, like with physical Internet.
Switch does not know anything about routing, addresses, IP, IPX or
whatever packets, but all plugged cables/interfaces can work and
communicate transparently together.

And I am not sure how routing in that case:

*br0*: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1432
        inet *172.16.0.5*  netmask 255.255.255.255  broadcast 0.0.0.0
*tap_alan*:
        inet *172.16.0.2*  netmask 255.255.255.0  broadcast 0.0.0.0
*tap_jack*: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1432
        inet *172.16.0.1*  netmask 255.255.255.0  broadcast 0.0.0.0

should work. There are three interfaces with the same 172.16.0.0/24
subnet. On what interface should the host send the packet? Any routing
related (addresses) configuration should be done on bridge interface
only.

-- 
Happy hacking, Sergey Matveev

^ permalink raw reply	[flat|nested] 29+ messages in thread

end of thread, other threads:[~2016-01-28 14:21 UTC | newest]

Thread overview: 29+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-13  7:59 [Govpn-devel] build from last tarball Alan Holt
2015-05-13  8:47 ` stargrave
2015-05-13  9:00   ` Alan Holt
2015-05-13  9:36     ` stargrave
2015-05-13 10:01       ` Alan Holt
2015-05-13 10:14         ` stargrave
2015-05-13 10:52           ` Alan Holt
2015-05-13 11:41             ` stargrave
2015-05-13 13:31               ` Alan Holt
2015-05-13 13:47                 ` Alan Holt
2015-05-13 14:09                   ` stargrave
2015-05-13 14:55                     ` Alan Holt
2015-05-13 16:52                       ` stargrave
2015-05-14  8:30                         ` Alan Holt
2015-05-14  9:22                           ` Alan Holt
2015-05-14 12:34                             ` stargrave
2015-05-14 13:25                           ` stargrave
2015-05-14 13:32                             ` Alan Holt
2015-05-14 14:11                               ` stargrave
2016-01-19 19:04                                 ` Alan Holt
2016-01-19 22:08                                   ` stargrave
2016-01-19 22:58                                     ` Alan Holt
2016-01-20  7:53                                       ` stargrave
2016-01-21  9:43                                       ` stargrave
2016-01-28 10:26                                         ` Alan Holt
2016-01-28 10:46                                           ` stargrave
2016-01-28 13:39                                             ` Alan Holt
2016-01-28 14:20                                               ` stargrave
2015-05-13 14:06                 ` stargrave