Hello Sergey, thank you for this notes and sorry for long answer. Yesterday evening we did check GoVPN(*5.3 tarball*) server in the field. *We did test it in our local network (~100Mb) between two VMs.* 1 vm - Ubuntu14.04 1 vm - Arch 1 vm - Centos 7 as server in Amsterdam After I got notes from you about configuring server and client, to get tunnel running was really simple. *My peers.yaml looks like:* alan: iface: tap10 verifier: $argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ$tIAu7jX57mDll2hmK/xjoLyKJfozQivTvupmftT7VYY *Can I add another client in the same file, like:* alex: iface: tap10 verifier: $argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ$tIAu7jX57mDll2hmK/xjoLyKJfozQivTvupmftT7VYY *My server run: * # ./govpn-server -bind 172.25.60.72:1194 2016/01/28 11:24:58.152692 main.go:46: GoVPN version built with go1.5.3 2016/01/28 11:24:58.153323 identify.go:70: Adding key 5e78349e86590bdbf7e04860ed115245 2016/01/28 11:24:58.153797 udp.go:51: Listening on UDP:172.25.60.72:1194 2016/01/28 11:24:58.154457 main.go:85: Server started *My client run:* # govpn-client -verifier '$argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ' -remote=172.25.60.72:1194 -iface tap10 *Tests that we performed: * *Ping in local network:* # ping 172.16.0.2 PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data. 64 bytes from 172.16.0.2: icmp_seq=1 ttl=64 time=*2.03 *ms 64 bytes from 172.16.0.2: icmp_seq=2 ttl=64 time=*10.0* ms 64 bytes from 172.16.0.2: icmp_seq=3 ttl=64 time=*5.04* ms 64 bytes from 172.16.0.2: icmp_seq=4 ttl=64 time=*10.0* ms 64 bytes from 172.16.0.2: icmp_seq=5 ttl=64 time=*11.3* ms 64 bytes from 172.16.0.2: icmp_seq=6 ttl=64 time=*6.18* ms 64 bytes from 172.16.0.2: icmp_seq=7 ttl=64 time=*12.2* ms *iperf test in local network:* puppet root ~ # iperf -c 172.16.0.2 ------------------------------------------------------------ Client connecting to 172.16.0.2, TCP port 5001 TCP window size: 45.0 KByte (default) ------------------------------------------------------------ [ 3] local 172.16.0.1 port 55274 connected with 172.16.0.2 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 105 MBytes *87.7* Mbits/sec *Ping test VPN over Internet (Netherlands, Amsterdam<-> Israel, Tel-Aviv) is good in SINGLE mode:* # ping 172.16.0.1 PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data. 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1174 ms 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=81.8 ms 64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=79.4 ms 64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=83.0 ms 64 bytes from 172.16.0.1: icmp_seq=8 ttl=64 time=88.9 ms 64 bytes from 172.16.0.1: icmp_seq=9 ttl=64 time=79.2 ms 64 bytes from 172.16.0.1: icmp_seq=10 ttl=64 time=87.7 ms 64 bytes from 172.16.0.1: icmp_seq=12 ttl=64 time=144 ms 64 bytes from 172.16.0.1: icmp_seq=13 ttl=64 time=98.0 ms *In this case 2 clients from Tel-Aviv connected to the same server in Amsterdam, one of users get disconnected:* 2016/01/28 10:14:16.503875 main.go:111: *Deleting peer* 71ec89cac70333cbeb37f5234bf847f9:93.157.86.36:45087 2016/01/28 10:14:16.527846 udp.go:173: Unknown identity from: 93.157.86.36:45087 2016/01/28 10:14:16.527921 udp.go:173: Unknown identity from: 93.157.86.36:45087 2016/01/28 10:14:17.528000 udp.go:173: Unknown identity from: 93.157.86.36:45087 2016/01/28 10:14:17.528077 udp.go:173: Unknown identity from: 93.157.86.36:45087 2016/01/28 10:14:18.528820 udp.go:173: Unknown identity from: 93.157.86.36:45087 2016/01/28 10:14:19.541059 udp.go:173: Unknown identity from: 93.157.86.36:45087 2016/01/28 10:14:20.530810 udp.go:173: Unknown identity from: 93.157.86.36:45087 *So how I do one server serf multiple clients?* *Is it possible? * On Thu, Jan 21, 2016 at 11:43 AM, wrote: > *** Alan Holt [Wed, 20 Jan 2016 00:58:49 +0200]: > >root@alan-XPS:~/govpn-5.2# cat peers.yaml > >alan: > > up: /path/to/up.sh > > iface: tap10 > > verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg > > Passphrase: > > >$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U > > I fixed the issue that "Passphrase:" does not appear after newclient.sh > call and is included in example YAML output in 5.3 release. > > Now the output is as expected: > > % ./utils/newclient.sh foobar > Passphrase:[hello] > > Your client verifier is: > $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg > > Place the following YAML configuration entry on the server's side: > > foobar: > up: /path/to/up.sh > iface: or TAP interface name > verifier: > $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY > % ./govpn-verifier -verifier > '$argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY' > Passphrase: > true > > Thanks again for showing this issue! > > -- > Happy hacking, Sergey Matveev > -- *בברכה, * *אלכס ברבר* *PGP Public Key * *www.linuxspace.org* *--* *Best regards.* *Alex Berber* *PGP Public Key * *www.linuxspace.org*