7 Let's assume that there is some insecure link between your computer and
8 WiFi-reachable gateway.
11 @item You have got @code{wlan0} NIC with 192.168.0/24 network on it.
12 @item You want to create virtual encrypted and authenticated 172.16.0/24
13 network and use it as a default transport.
14 @item Assume that outgoing GoVPN packets can be fragmented, so we do not
15 bother configuring MTU of TAP interfaces. For better performance just
16 lower it and check that no fragmentation of outgoing UDP packets occurs.
19 @strong{Install}. At first you must @ref{Installation, install} this
20 software: download, @ref{Integrity, check the signature}, compile.
22 @strong{Prepare the client}. Generate client's verifier for Alice as an
28 client% ./utils/newclient.sh Alice
30 Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
32 Place the following YAML configuration entry on the server's side:
36 iface: or TAP interface name
37 verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
39 Verifier was generated with:
41 ./utils/storekey.sh /tmp/passphrase
42 govpn-verifier -key /tmp/passphrase
45 @strong{Prepare the server}. Add this entry to @code{peers.yaml}
51 verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
54 @strong{Prepare network on GNU/Linux IPv4 server}:
58 server% ip addr add 192.168.0.1/24 dev wlan0
59 server% tunctl -t tap10
60 server% ip addr add 172.16.0.1/24 dev tap10
61 server% ip link set up dev tap10
64 @strong{Run server daemon itself}:
67 server% govpn-server -bind 192.168.0.1:1194
70 @strong{Prepare network on GNU/Linux IPv4 client}:
74 client% utils/storekey.sh key.txt
75 client% ip addr add 192.168.0.2/24 dev wlan0
76 client% tunctl -t tap10
77 client% ip addr add 172.16.0.2/24 dev tap10
78 client% ip link set up dev tap10
79 client% ip route add default via 172.16.0.1
82 @strong{Run client daemon itself}:
84 client% govpn-client \
86 -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \
88 -remote 192.168.0.1:1194
91 @strong{FreeBSD IPv6 similar client-server example}:
94 server% ifconfig em0 inet6 fe80::1/64
95 server% govpn-server -bind "fe80::1%em0"
99 client% ifconfig me0 inet6 -ifdisabled auto_linklocal
100 client% ifconfig tap10
101 client% ifconfig tap10 inet6 fc00::2/96 up
102 client% route -6 add default fc00::1
103 client% govpn-client \
105 -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \
107 -remote "[fe80::1%me0]":1194