and sent to remote server, that writes them to his interface, and vice
versa. Client and server use pre-shared authentication key (PSK).
Because of stateless UDP nature, after some timeout of inactivity peers
-forget about each other and have to retry handshake process again. As a
-rule, there are enough time-to-time traffic in ordinary Ethernet
-networks to heartbeat connection.
+forget about each other and have to retry handshake process again,
+therefore background heartbeat process will be ran.
Handshake is used to mutually authenticate peers, exchange common secret
per-session encryption key and checks UDP transport availability.
property. An attacker can not know anything from captured traffic, even
if pre-shared key is compromised.
+Also you can provide up and down scripts that will be executed after
+either connection is initiated (up-script in background), or is went
+down. The first argument for them is an interface name.
+
COMPARISON TO OpenVPN
* Faster handshake
client% route -6 add default fc00::1
client% while :; do govpn -key key.txt -iface tap10 -remote [fe80::1%me0]:1194; done
+Example up-script:
+
+ client% cat > up.sh <<EOF
+ #!/bin/sh
+ dhclient $1
+ rtsol $1
+ EOF
+ client% chmod +x up.sh
+ client% govpn -key key.txt -iface tap10 -remote [fe80::1%me0]:1194 -up ./up.sh
+
If client won't finish handshake during -timeout, then it will exit.
If no packets are received from remote side during timeout, then daemon
will stop sending packets to the client and client will exit. In all