-* Support TUN interfaces additionally to TAP ones
* When govpn-server opens TAP files, then it won't release them until
daemon itself is exited
* Randomize ports usage
идентификатор}, невидимый третьим лицам (они анонимны для них).
@item
-Использует @url{https://ru.wikipedia.org/wiki/TUN/TAP, TAP} низлежащие
+Использует @url{https://ru.wikipedia.org/wiki/TUN/TAP, TUN/TAP} низлежащие
сетевые интерфейсы.
@item
for third-parties (they are anonymous).
@item
-Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TAP}
+Uses @url{https://en.wikipedia.org/wiki/TAP_(network_driver), TUN/TAP}
underlying network interfaces.
@item
@table @option
@item -mtu
-Expected TAP interface @ref{MTU}.
+Expected TUN/TAP interface @ref{MTU}.
@item -proto
@ref{Network, Network protocol} to use. Can be either @emph{udp}
Address (@code{host:port} format) of remote server we need to connect to.
@item -iface
-TAP interface name.
+TUN/TAP interface name.
@item -verifier
Our client's @ref{Verifier}.
@item You want to create virtual encrypted and authenticated 172.16.0/24
network and use it as a default transport.
@item Assume that outgoing GoVPN packets can be fragmented, so we do not
-bother configuring MTU of TAP interfaces. For better performance just
+bother configuring MTU of TUN/TAP interfaces. For better performance just
lower it and check that no fragmentation of outgoing UDP packets occurs.
@end itemize
Alice:
up: /path/to/up.sh
- iface: or TAP interface name
+ iface: or TUN/TAP interface name
verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
@end verbatim
@subsection Maximum Transmission Unit
MTU option tells what maximum transmission unit is expected to get from
-TAP interface. It is per-user configuration. Incoming packets of bigger
+TUN/TAP interface. It is per-user configuration. Incoming packets of bigger
sizes (including the padding byte) will be ignored. If either
@ref{Noise, noise}, @ref{Encless, encryptionless mode} or @ref{CPR} are
enabled, then all outgoing packets are filled up to that MTU value.
@itemize
@item (X)Salsa20 заменён на ChaCha20. Теоретически он должен быть
быстрее и более безопасным.
+@item Возможность использовать TUN-интерфейсы под GNU/Linux. FreeBSD без
+изменений уже поддерживала эту возможность.
@end itemize
@node Релиз 6.0
@itemize
@item (X)Salsa20 is replaced with ChaCha20. Theoretically it should be
faster and more secure.
+@item Ability to use TUN-interfaces under GNU/Linux. FreeBSD has already
+supported them without any modifications.
@end itemize
@node Release 6.0
Remote peer's address. In client mode it is server's address.
@item GOVPN_IFACE
-TAP interface name. In server mode this can be empty: that means that
+TUN/TAP interface name. In server mode this can be empty: that means that
script must output its name as the first line to stdout.
@end table
@verbatim
stargrave: <-- Peer human readable name
- iface: tap10 <-- OPTIONAL TAP interface name
+ iface: tap10 <-- OPTIONAL TUN/TAP interface name
mtu: 1515 <-- OPTIONAL overriden MTU
up: ./stargrave-up.sh <-- OPTIONAL up-script
down: ./stargrave-down.sh <-- OPTIONAL down-script
At least one of either @code{iface} or @code{up} must be specified. If
you specify @code{iface}, then it will be forcefully used to determine
-what TAP interface will be used. If it is not specified, then
+what TUN/TAP interface will be used. If it is not specified, then
up-@ref{Scripts, script} must output interface's name to stdout
(first output line).
Alice:
up: /path/to/up.sh
- iface: or TAP interface name
+ iface: or TUN/TAP interface name
verifier: $balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
@end verbatim
If there were no packets at all during fourth part of timeout, then
special heartbeat packet is sent. So VPN connection should be alive all
-the time, even if there is no traffic in corresponding TAP interfaces.
+the time, even if there is no traffic in corresponding TUN/TAP interfaces.
@strong{Beware}: this consumes traffic.
Stale peers and handshake states are cleaned up every timeout period.
@ref{Contacts, contacts}.
GoVPN is split into two pieces: @ref{Client} and @ref{Server}. Each of
-them work on top of @ref{Network, UDP/TCP} and TAP virtual network
+them work on top of @ref{Network, UDP/TCP} and TUN/TAP virtual network
interfaces. GoVPN is just a tunnelling of Ethernet frames, nothing less,
nothing more. All you IP-related network management is not touched by
VPN at all. You can automate it using up and down shell scripts.
var (
remoteAddr = flag.String("remote", "", "Remote server address")
proto = flag.String("proto", "udp", "Protocol to use: udp or tcp")
- ifaceName = flag.String("iface", "tap0", "TAP network interface")
+ ifaceName = flag.String("iface", "tap0", "TUN/TAP network interface")
verifierRaw = flag.String("verifier", "", "Verifier")
keyPath = flag.String("key", "", "Path to passphrase file")
upPath = flag.String("up", "", "Path to up-script")
stats = flag.String("stats", "", "Enable stats retrieving on host:port")
proxyAddr = flag.String("proxy", "", "Use HTTP proxy on host:port")
proxyAuth = flag.String("proxy-auth", "", "user:password Basic proxy auth")
- mtu = flag.Int("mtu", govpn.MTUDefault, "MTU of TAP interface")
+ mtu = flag.Int("mtu", govpn.MTUDefault, "MTU of TUN/TAP interface")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
timeSync = flag.Int("timesync", 0, "Time synchronization requirement")
noreconnect = flag.Bool("noreconnect", false, "Disable reconnection after timeout")
tap, err = govpn.TAPListen(*ifaceName, *mtu)
if err != nil {
- log.Fatalln("Can not listen on TAP interface:", err)
+ log.Fatalln("Can not listen on TUN/TAP interface:", err)
}
if *stats != "" {
bufZ = !bufZ
n, err = tap.dev.Read(buf)
if err != nil {
- panic("Reading TAP:" + err.Error())
+ panic("Reading TUN/TAP:" + err.Error())
}
tap.Sink <- buf[:n]
}
import (
"io"
+ "strings"
"github.com/bigeagle/water"
)
func newTAPer(ifaceName string) (io.ReadWriter, error) {
- return water.NewTAP(ifaceName)
+ if strings.HasPrefix(ifaceName, "tap") {
+ return water.NewTAP(ifaceName)
+ } else {
+ return water.NewTUN(ifaceName)
+ }
}
$username:
up: /path/to/up.sh
- iface: or TAP interface name
+ iface: or TUN/TAP interface name
verifier: $verifierS
EOF