7 Let's assume that there is some insecure link between your computer and
8 WiFi-reachable gateway.
11 @item You have got @code{wlan0} NIC with 192.168.0/24 network on it.
12 @item You want to create virtual encrypted and authenticated 172.16.0/24
13 network and use it as a default transport.
14 @item Assume that outgoing GoVPN packets can be fragmented, so we do not
15 bother configuring MTU of TAP interfaces. For better performance just
16 lower it and check that no fragmentation of outgoing UDP packets occurs.
19 @strong{Install}. At first you must @ref{Installation, install} this
20 software: download, @ref{Integrity, check the signature}, compile.
22 @strong{Prepare the client}. Generate client's verifier for Alice as an
28 client% ./utils/newclient.sh Alice
30 Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
32 Place the following YAML configuration entry on the server's side:
36 iface: or TAP interface name
37 verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
40 @strong{Prepare the server}. Add this entry to @code{peers.yaml}
46 verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
49 @strong{Prepare network on GNU/Linux IPv4 server}:
52 server% ip addr add 192.168.0.1/24 dev wlan0
53 server% tunctl -t tap10
54 server% ip addr add 172.16.0.1/24 dev tap10
55 server% ip link set up dev tap10
58 @strong{Run server daemon itself}:
61 server% govpn-server -bind 192.168.0.1:1194
64 @strong{Prepare network on GNU/Linux IPv4 client}:
67 client% ip addr add 192.168.0.2/24 dev wlan0
68 client% tunctl -t tap10
69 client% ip addr add 172.16.0.2/24 dev tap10
70 client% ip link set up dev tap10
71 client% ip route add default via 172.16.0.1
74 @strong{Run client daemon itself}:
76 client% govpn-client \
77 -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \
79 -remote 192.168.0.1:1194
82 @strong{FreeBSD IPv6 similar client-server example}:
85 server% ifconfig em0 inet6 fe80::1/64
86 server% govpn-server -bind "fe80::1%em0"
90 client% ifconfig me0 inet6 -ifdisabled auto_linklocal
91 client% ifconfig tap10
92 client% ifconfig tap10 inet6 fc00::2/96 up
93 client% route -6 add default fc00::1
94 client% govpn-client \
95 -verifier '$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg' \
97 -remote "[fe80::1%me0]":1194