upPath = flag.String("up", "", "Path to up-script")
downPath = flag.String("down", "", "Path to down-script")
stats = flag.String("stats", "", "Enable stats retrieving on host:port")
- mtu = flag.Int("mtu", 1500, "MTU")
+ mtu = flag.Int("mtu", 1452, "MTU for outgoing packets")
nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
)
knownPeers := govpn.KnownPeers(map[string]**govpn.Peer{remote.String(): &peer})
log.Println(govpn.VersionGet())
+ log.Println("Max MTU on TAP interface:", govpn.TAPMaxMTU())
if *stats != "" {
log.Println("Stats are going to listen on", *stats)
statsPort, err := net.Listen("tcp", *stats)
bindAddr = flag.String("bind", "[::]:1194", "Bind to address")
peersPath = flag.String("peers", "peers", "Path to peers keys directory")
stats = flag.String("stats", "", "Enable stats retrieving on host:port")
- mtu = flag.Int("mtu", 1500, "MTU")
+ mtu = flag.Int("mtu", 1452, "MTU for outgoing packets")
nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
)
ethSink := make(chan EthEvent)
log.Println(govpn.VersionGet())
+ log.Println("Max MTU on TAP interface:", govpn.TAPMaxMTU())
if *stats != "" {
log.Println("Stats are going to listen on", *stats)
statsPort, err := net.Listen("tcp", *stats)
allowable difference. That opens the door for replay attacks for narrow
time interval.
@item MTU
-Maximum transmission unit, maximum frame size that is acceptable on TAP
-interface.
+Maximum transmission unit for outgoing GoVPN's packets. It varies and
+depends on your environment. By default MTU equals to 1452 bytes: 40
+bytes per IPv6 and 8 bytes per UDP. So GoVPN's packets won't be larger
+than this value. It will print maximum acceptable value for TAP
+interface during startup. As a rule TAP's MTU is 42 bytes smaller: 26
+bytes overheard for transport message, 14 bytes Ethernet frame overhead.
@end table
Client needs to know his identification, path to the authentication key,
server% echo "echo tap10" >> peers/CLIENTID/up.sh
server% ip addr add 192.168.0.1/24 dev wlan0
server% tunctl -t tap10
-server% ip link set mtu 1462 dev tap10
+server% ip link set mtu 1412 dev tap10
server% ip addr add 172.16.0.1/24 dev tap10
server% ip link set up dev tap10
server% GOMAXPROC=4 govpn-server -bind 192.168.0.1:1194
client% echo MYLONG64HEXKEY > key.txt
client% ip addr add 192.168.0.2/24 dev wlan0
client% tunctl -t tap10
-client% ip link set mtu 1462 dev tap10
+client% ip link set mtu 1412 dev tap10
client% ip addr add 172.16.0.2/24 dev tap10
client% ip link set up dev tap10
client% ip route add default via 172.16.0.1
server% cat > peers/CLIENTID/up.sh <<EOF
#!/bin/sh
$tap=$(ifconfig tap create)
-ifconfig $tap inet6 fc00::1/96 mtu 1462 up
+ifconfig $tap inet6 fc00::1/96 mtu 1412 up
echo $tap
EOF
server% ifconfig em0 inet6 fe80::1/64
@example
client% ifconfig me0 inet6 -ifdisabled auto_linklocal
client% ifconfig tap10
-client% ifconfig tap10 inet6 fc00::2/96 mtu 1462 up
+client% ifconfig tap10 inet6 fc00::2/96 mtu 1412 up
client% route -6 add default fc00::1
client% export GOMAXPROC=4
client% while :; do