MTU for the link is 1476, however it does not take in account TAP's
Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).
+ common% umask 066
+ common% echo MYLONG64HEXKEY > key.txt
+
GNU/Linux IPv4 client-server example:
server% ip addr add 192.168.0.1/24 dev wlan0
server% ip link set mtu 1462 dev tap10
server% ip addr add 172.16.0.1/24 dev tap10
server% ip link set up dev tap10
- server% govpn -key KEY -iface tap10 -bind 192.168.0.1:1194
+ server% govpn -key key.txt -iface tap10 -bind 192.168.0.1:1194
client% ip addr add 192.168.0.2/24 dev wlan0
client% tunctl -t tap10
client% ip addr add 172.16.0.2/24 dev tap10
client% ip link set up dev tap10
client% ip route add default via 172.16.0.1
- client% while :; do govpn -key KEY -iface tap10 -remote 192.168.0.1:1194; done
+ client% while :; do govpn -key key.txt -iface tap10 -remote 192.168.0.1:1194; done
FreeBSD IPv6 client-server example:
server% ifconfig em0 inet6 fe80::1/64
server% ifconfig tap10 create
server% ifconfig tap10 inet6 fc00::1/96 mtu 1462 up
- server% govpn -key KEY -face tap10 -bind fe80::1%em0
+ server% govpn -key key.txt -face tap10 -bind fe80::1%em0
client% ifconfig me0 inet6 -ifdisabled auto_linklocal
client% ifconfig tap10
client% ifconfig tap10 inet6 fc00::2/96 mtu 1462 up
client% route -6 add default fc00::1
- client% while :; do govpn -key KEY -iface tap10 -remote [fe80::1%me0]:1194; done
+ client% while :; do govpn -key key.txt -iface tap10 -remote [fe80::1%me0]:1194; done
If client won't finish handshake during -timeout, then it will exit.
If no packets are received from remote side during timeout, then daemon
"flag"
"fmt"
"io"
+ "io/ioutil"
"log"
"net"
"time"
remoteAddr = flag.String("remote", "", "Remote server address")
bindAddr = flag.String("bind", "", "Bind to address")
ifaceName = flag.String("iface", "tap0", "TAP network interface")
- keyHex = flag.String("key", "", "Authentication key")
+ keyPath = flag.String("key", "", "Path to authentication key file")
mtu = flag.Int("mtu", 1500, "MTU")
timeout = flag.Int("timeout", 60, "Timeout seconds")
verbose = flag.Bool("v", false, "Increase verbosity")
log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
// Key decoding
- if len(*keyHex) != 64 {
- panic("Key is required argument (64 hex characters)")
+ keyData, err := ioutil.ReadFile(*keyPath)
+ if err != nil {
+ panic("Unable to read keyfile: " + err.Error())
+ }
+ if len(keyData) < 64 {
+ panic("Key must be 64 hex characters long")
}
- keyDecoded, err := hex.DecodeString(*keyHex)
+ keyDecoded, err := hex.DecodeString(string(keyData[0:64]))
if err != nil {
- panic(err)
+ panic("Unable to decode the key: " + err.Error())
}
key := new([KeySize]byte)
copy(key[:], keyDecoded)
+ keyDecoded = nil
+ keyData = nil
// Interface listening
maxIfacePktSize := *mtu - poly1305.TagSize - NonceSize