Ability to use TUN-interfaces under GNU/Linux

diff --git a/TODO b/TODO
index a40620f7c43891fada909392d055dd8a623d1778..3c1c91bc9520f552866ce7dee3c19fd86e5073f9 100644 (file)
--- a/TODO
+++ b/TODO
@@ -1,4 +1,3 @@
-* Support TUN interfaces additionally to TAP ones

 * When govpn-server opens TAP files, then it won't release them until
   daemon itself is exited
 * Randomize ports usage
 * When govpn-server opens TAP files, then it won't release them until
   daemon itself is exited
 * Randomize ports usage

diff --git a/doc/about.ru.texi b/doc/about.ru.texi
index b91108345f9aa0d121b72be596e376b971694a39..0c45017ca7ed2b3d2422c36f4d2ebeb9bea5f6d8 100644 (file)
--- a/doc/about.ru.texi
+++ b/doc/about.ru.texi
@@ -70,7 +70,7 @@ A-EKE (Diffie-Hellman Augmented Encrypted Key Exchange)).
 идентификатор}, невидимый третьим лицам (они анонимны для них).
 
 @item
 идентификатор}, невидимый третьим лицам (они анонимны для них).
 
 @item

-Использует @url{https://ru.wikipedia.org/wiki/TUN/TAP, TAP} низлежащие
+Использует @url{https://ru.wikipedia.org/wiki/TUN/TAP, TUN/TAP} низлежащие

 сетевые интерфейсы.
 
 @item
 сетевые интерфейсы.
 
 @item

diff --git a/doc/about.texi b/doc/about.texi
index 59359c8947f7100bba7130dbfa0e34a2600d3dd3..7cda5af5d6db5f52bc8d6466b986c1888538a54b 100644 (file)
--- a/doc/about.texi
+++ b/doc/about.texi
@@ -66,7 +66,7 @@ options. Clients have pre-established @ref{Identity, identity} invisible
 for third-parties (they are anonymous).
 
 @item
 for third-parties (they are anonymous).
 
 @item

-Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
+Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TUN/TAP}

 underlying network interfaces.
 
 @item
 underlying network interfaces.
 
 @item

diff --git a/doc/client.texi b/doc/client.texi
index 58dc74bb2f3a8f3bd1e549769e0dfd7766a9e62d..42b8a65910f2a1e18ecef5f0d86f33d797c7a454 100644 (file)
--- a/doc/client.texi
+++ b/doc/client.texi
@@ -7,7 +7,7 @@ options client has the following ones:
 @table @option
 
 @item -mtu
 @table @option
 
 @item -mtu

-Expected TAP interface @ref{MTU}.
+Expected TUN/TAP interface @ref{MTU}.

 
 @item -proto
 @ref{Network, Network protocol} to use. Can be either @emph{udp}
 
 @item -proto
 @ref{Network, Network protocol} to use. Can be either @emph{udp}


@@ -25,7 +25,7 @@ server.
 Address (@code{host:port} format) of remote server we need to connect to.
 
 @item -iface
 Address (@code{host:port} format) of remote server we need to connect to.
 
 @item -iface

-TAP interface name.
+TUN/TAP interface name.

 
 @item -verifier
 Our client's @ref{Verifier}.
 
 @item -verifier
 Our client's @ref{Verifier}.

diff --git a/doc/example.texi b/doc/example.texi
index 483177262533fdcca383f4dd0c6617b4720bb33a..688898a76bf350e646fac90b3ef7f702a5c40aa1 100644 (file)
--- a/doc/example.texi
+++ b/doc/example.texi
@@ -9,7 +9,7 @@ WiFi-reachable gateway.
 @item You want to create virtual encrypted and authenticated 172.16.0/24
 network and use it as a default transport.
 @item Assume that outgoing GoVPN packets can be fragmented, so we do not
 @item You want to create virtual encrypted and authenticated 172.16.0/24
 network and use it as a default transport.
 @item Assume that outgoing GoVPN packets can be fragmented, so we do not

-bother configuring MTU of TAP interfaces. For better performance just
+bother configuring MTU of TUN/TAP interfaces. For better performance just

 lower it and check that no fragmentation of outgoing UDP packets occurs.
 @end itemize
 
 lower it and check that no fragmentation of outgoing UDP packets occurs.
 @end itemize
 


@@ -29,7 +29,7 @@ Place the following YAML configuration entry on the server's side:
 
     Alice:
         up: /path/to/up.sh
 
     Alice:
         up: /path/to/up.sh

-        iface: or TAP interface name
+        iface: or TUN/TAP interface name

         verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
 @end verbatim
 
         verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
 @end verbatim
 

diff --git a/doc/mtu.texi b/doc/mtu.texi
index c11cef916020f2df315a579778fe128320f018a8..00aa7e7e94e14d68941021aa08b27a8e7a2b67d7 100644 (file)
--- a/doc/mtu.texi
+++ b/doc/mtu.texi
@@ -2,7 +2,7 @@
 @subsection Maximum Transmission Unit
 
 MTU option tells what maximum transmission unit is expected to get from
 @subsection Maximum Transmission Unit
 
 MTU option tells what maximum transmission unit is expected to get from

-TAP interface. It is per-user configuration. Incoming packets of bigger
+TUN/TAP interface. It is per-user configuration. Incoming packets of bigger

 sizes (including the padding byte) will be ignored. If either
 @ref{Noise, noise}, @ref{Encless, encryptionless mode} or @ref{CPR} are
 enabled, then all outgoing packets are filled up to that MTU value.
 sizes (including the padding byte) will be ignored. If either
 @ref{Noise, noise}, @ref{Encless, encryptionless mode} or @ref{CPR} are
 enabled, then all outgoing packets are filled up to that MTU value.

diff --git a/doc/news.ru.texi b/doc/news.ru.texi
index db4a6edfea4c2c2208dc58e593dd87711c6054e5..86b9f5e0df636c93ede0fa597367917526c038a7 100644 (file)
--- a/doc/news.ru.texi
+++ b/doc/news.ru.texi
@@ -6,6 +6,8 @@
 @itemize
 @item (X)Salsa20 заменён на ChaCha20. Теоретически он должен быть
 быстрее и более безопасным.
 @itemize
 @item (X)Salsa20 заменён на ChaCha20. Теоретически он должен быть
 быстрее и более безопасным.

+@item Возможность использовать TUN-интерфейсы под GNU/Linux. FreeBSD без
+изменений уже поддерживала эту возможность.

 @end itemize
 
 @node Релиз 6.0
 @end itemize
 
 @node Релиз 6.0

diff --git a/doc/news.texi b/doc/news.texi
index 10a2aab6d134519e72530c49d4fb0f33d7dff6e0..5cfe47d29580a413c4769e5e021de0d46361b1ea 100644 (file)
--- a/doc/news.texi
+++ b/doc/news.texi
@@ -8,6 +8,8 @@ See also this page @ref{Новости, on russian}.
 @itemize
 @item (X)Salsa20 is replaced with ChaCha20. Theoretically it should be
 faster and more secure.
 @itemize
 @item (X)Salsa20 is replaced with ChaCha20. Theoretically it should be
 faster and more secure.

+@item Ability to use TUN-interfaces under GNU/Linux. FreeBSD has already
+supported them without any modifications.

 @end itemize
 
 @node Release 6.0
 @end itemize
 
 @node Release 6.0

diff --git a/doc/scripts.texi b/doc/scripts.texi
index 7b2e3c0f78b08c12b83efea73fdac384667c8ed7..69848a02a98f5ea4950c23cf16bcefa1371ad0f4 100644 (file)
--- a/doc/scripts.texi
+++ b/doc/scripts.texi
@@ -11,7 +11,7 @@ their execution:
 Remote peer's address. In client mode it is server's address.
 
 @item GOVPN_IFACE
 Remote peer's address. In client mode it is server's address.
 
 @item GOVPN_IFACE

-TAP interface name. In server mode this can be empty: that means that
+TUN/TAP interface name. In server mode this can be empty: that means that

 script must output its name as the first line to stdout.
 
 @end table
 script must output its name as the first line to stdout.
 
 @end table

diff --git a/doc/server.texi b/doc/server.texi
index 325d317cb4b435f88398e56d51382166919c008f..b3e9ac7d8118c551af7ba05ed4bb30452a8c6519 100644 (file)
--- a/doc/server.texi
+++ b/doc/server.texi
@@ -25,7 +25,7 @@ Configuration file is YAML file with following example structure:
 
 @verbatim
 stargrave:                          <-- Peer human readable name
 
 @verbatim
 stargrave:                          <-- Peer human readable name

-    iface: tap10                    <-- OPTIONAL TAP interface name
+    iface: tap10                    <-- OPTIONAL TUN/TAP interface name

     mtu: 1515                       <-- OPTIONAL overriden MTU
     up: ./stargrave-up.sh           <-- OPTIONAL up-script
     down: ./stargrave-down.sh       <-- OPTIONAL down-script
     mtu: 1515                       <-- OPTIONAL overriden MTU
     up: ./stargrave-up.sh           <-- OPTIONAL up-script
     down: ./stargrave-down.sh       <-- OPTIONAL down-script


@@ -40,7 +40,7 @@ stargrave:                          <-- Peer human readable name
 
 At least one of either @code{iface} or @code{up} must be specified. If
 you specify @code{iface}, then it will be forcefully used to determine
 
 At least one of either @code{iface} or @code{up} must be specified. If
 you specify @code{iface}, then it will be forcefully used to determine

-what TAP interface will be used. If it is not specified, then
+what TUN/TAP interface will be used. If it is not specified, then

 up-@ref{Scripts, script} must output interface's name to stdout
 (first output line).
 
 up-@ref{Scripts, script} must output interface's name to stdout
 (first output line).
 


@@ -69,7 +69,7 @@ Place the following YAML configuration entry on the server's side:
 
     Alice:
         up: /path/to/up.sh
 
     Alice:
         up: /path/to/up.sh

-        iface: or TAP interface name
+        iface: or TUN/TAP interface name

         verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
 @end verbatim
 
         verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
 @end verbatim
 

diff --git a/doc/timeout.texi b/doc/timeout.texi
index 89dd5b011579ae16c80dc05bf8d1f28eea33bcab..2cb52019d32608cf03ee33118b3987967d480188 100644 (file)
--- a/doc/timeout.texi
+++ b/doc/timeout.texi
@@ -8,7 +8,7 @@ dead. Timeout option should be synchronized both for server and client.
 
 If there were no packets at all during fourth part of timeout, then
 special heartbeat packet is sent. So VPN connection should be alive all
 
 If there were no packets at all during fourth part of timeout, then
 special heartbeat packet is sent. So VPN connection should be alive all

-the time, even if there is no traffic in corresponding TAP interfaces.
+the time, even if there is no traffic in corresponding TUN/TAP interfaces.

 @strong{Beware}: this consumes traffic.
 
 Stale peers and handshake states are cleaned up every timeout period.
 @strong{Beware}: this consumes traffic.
 
 Stale peers and handshake states are cleaned up every timeout period.

diff --git a/doc/user.texi b/doc/user.texi
index b27b35628d1281d8d0880cad898d28eecb699ef4..34a93c34c7caa8e981eefe63693ba0add283218d 100644 (file)
--- a/doc/user.texi
+++ b/doc/user.texi
@@ -5,7 +5,7 @@ Announcements about updates and new releases can be found in
 @ref{Contacts, contacts}.
 
 GoVPN is split into two pieces: @ref{Client} and @ref{Server}. Each of
 @ref{Contacts, contacts}.
 
 GoVPN is split into two pieces: @ref{Client} and @ref{Server}. Each of

-them work on top of @ref{Network, UDP/TCP} and TAP virtual network
+them work on top of @ref{Network, UDP/TCP} and TUN/TAP virtual network

 interfaces. GoVPN is just a tunnelling of Ethernet frames, nothing less,
 nothing more. All you IP-related network management is not touched by
 VPN at all. You can automate it using up and down shell scripts.
 interfaces. GoVPN is just a tunnelling of Ethernet frames, nothing less,
 nothing more. All you IP-related network management is not touched by
 VPN at all. You can automate it using up and down shell scripts.

diff --git a/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go b/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go
index c7b04a7635af89d2e2fdb8fa931543a996295764..36ff72a113e6ac0db3e809e90af6954fb57f9f6c 100644 (file)
--- a/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go
+++ b/src/cypherpunks.ru/govpn/cmd/govpn-client/main.go
@@ -34,7 +34,7 @@ import (
 var (
        remoteAddr  = flag.String("remote", "", "Remote server address")
        proto       = flag.String("proto", "udp", "Protocol to use: udp or tcp")
 var (
        remoteAddr  = flag.String("remote", "", "Remote server address")
        proto       = flag.String("proto", "udp", "Protocol to use: udp or tcp")

-       ifaceName   = flag.String("iface", "tap0", "TAP network interface")
+       ifaceName   = flag.String("iface", "tap0", "TUN/TAP network interface")

        verifierRaw = flag.String("verifier", "", "Verifier")
        keyPath     = flag.String("key", "", "Path to passphrase file")
        upPath      = flag.String("up", "", "Path to up-script")
        verifierRaw = flag.String("verifier", "", "Verifier")
        keyPath     = flag.String("key", "", "Path to passphrase file")
        upPath      = flag.String("up", "", "Path to up-script")


@@ -42,7 +42,7 @@ var (
        stats       = flag.String("stats", "", "Enable stats retrieving on host:port")
        proxyAddr   = flag.String("proxy", "", "Use HTTP proxy on host:port")
        proxyAuth   = flag.String("proxy-auth", "", "user:password Basic proxy auth")
        stats       = flag.String("stats", "", "Enable stats retrieving on host:port")
        proxyAddr   = flag.String("proxy", "", "Use HTTP proxy on host:port")
        proxyAuth   = flag.String("proxy-auth", "", "user:password Basic proxy auth")

-       mtu         = flag.Int("mtu", govpn.MTUDefault, "MTU of TAP interface")
+       mtu         = flag.Int("mtu", govpn.MTUDefault, "MTU of TUN/TAP interface")

        timeoutP    = flag.Int("timeout", 60, "Timeout seconds")
        timeSync    = flag.Int("timesync", 0, "Time synchronization requirement")
        noreconnect = flag.Bool("noreconnect", false, "Disable reconnection after timeout")
        timeoutP    = flag.Int("timeout", 60, "Timeout seconds")
        timeSync    = flag.Int("timesync", 0, "Time synchronization requirement")
        noreconnect = flag.Bool("noreconnect", false, "Disable reconnection after timeout")


@@ -127,7 +127,7 @@ func main() {
 
        tap, err = govpn.TAPListen(*ifaceName, *mtu)
        if err != nil {
 
        tap, err = govpn.TAPListen(*ifaceName, *mtu)
        if err != nil {

-               log.Fatalln("Can not listen on TAP interface:", err)
+               log.Fatalln("Can not listen on TUN/TAP interface:", err)

        }
 
        if *stats != "" {
        }
 
        if *stats != "" {

diff --git a/src/cypherpunks.ru/govpn/tap.go b/src/cypherpunks.ru/govpn/tap.go
index 8a44575e5e4eddfd6235ca143d5af8ff9e318ef9..9010c55b6c3a89eb0b224298c74c4aa002c5aa0b 100644 (file)
--- a/src/cypherpunks.ru/govpn/tap.go
+++ b/src/cypherpunks.ru/govpn/tap.go
@@ -58,7 +58,7 @@ func NewTAP(ifaceName string, mtu int) (*TAP, error) {
                        bufZ = !bufZ
                        n, err = tap.dev.Read(buf)
                        if err != nil {
                        bufZ = !bufZ
                        n, err = tap.dev.Read(buf)
                        if err != nil {

-                               panic("Reading TAP:" + err.Error())
+                               panic("Reading TUN/TAP:" + err.Error())

                        }
                        tap.Sink <- buf[:n]
                }
                        }
                        tap.Sink <- buf[:n]
                }

diff --git a/src/cypherpunks.ru/govpn/tap_linux.go b/src/cypherpunks.ru/govpn/tap_linux.go
index fb9df56437b80829340e007b7ec02421dd750148..8c5e883760a2bcafda219acc37a39c1a57b2eacd 100644 (file)
--- a/src/cypherpunks.ru/govpn/tap_linux.go
+++ b/src/cypherpunks.ru/govpn/tap_linux.go
@@ -9,10 +9,15 @@ package govpn
 
 import (
        "io"
 
 import (
        "io"

+       "strings"

 
        "github.com/bigeagle/water"
 )
 
 func newTAPer(ifaceName string) (io.ReadWriter, error) {
 
        "github.com/bigeagle/water"
 )
 
 func newTAPer(ifaceName string) (io.ReadWriter, error) {

-       return water.NewTAP(ifaceName)
+       if strings.HasPrefix(ifaceName, "tap") {
+               return water.NewTAP(ifaceName)
+       } else {
+               return water.NewTUN(ifaceName)
+       }

 }
 }

diff --git a/utils/newclient.sh b/utils/newclient.sh
index aebc975b52e2f0f37c9810e925963733094e6781..98957ef6fb4bc6e604993c900caf707a10bb6fb4 100755 (executable)
--- a/utils/newclient.sh
+++ b/utils/newclient.sh
@@ -26,6 +26,6 @@ Place the following YAML configuration entry on the server's side:
 
     $username:
         up: /path/to/up.sh
 
     $username:
         up: /path/to/up.sh

-        iface: or TAP interface name
+        iface: or TUN/TAP interface name

         verifier: $verifierS
 EOF
         verifier: $verifierS
 EOF