-@node Server part
+@node Server
+@cindex Server
+@cindex Server part
+@cindex Server configuration
+@cindex Server side
+@cindex govpn-server
@section Server part
-Except for common @code{-mtu}, @code{-stats}, @code{-egd} options server
-has the following ones:
+Except for common @code{-stats}, @code{-egd} options server has the
+following ones:
@table @code
@item -proto
-@ref{Network transport} to use. Can be @emph{udp}, @emph{tcp} or @emph{all}.
+@ref{Network, network protocol} to use. Can be @emph{udp} (default),
+@emph{tcp} or @emph{all}.
@item -bind
Address (@code{host:port} format) we must bind to.
-@item -peers
-Path to the directory containing peers information, database.
+@item -conf
+Path to YAML file with the configuration.
@item -proxy
Start trivial HTTP @ref{Proxy} server on specified @emph{host:port}.
@end table
-Peers directory must contain subdirectories with the names of client's
-identities in hexadecimal notation. Each subdirectory has the following
-files:
+@cindex YAML
+@cindex YAML configuration
+@cindex Configuration file
+Configuration file is YAML file with following example structure:
+
+@verbatim
+stargrave: { <-- Peer human readable name
+ iface: tap10 <-- OPTIONAL TAP interface name
+ mtu: 1514 <-- OPTIONAL overriden MTU
+ up: ./stargrave-up.sh <-- OPTIONAL up-script
+ down: ./stargrave-down.sh <-- OPTIONAL down-script
+ timeout: 60 <-- OPTIONAL overriden timeout
+ noise: No <-- OPTIONAL noise enabler
+ cpr: 64 <-- OPTIONAL constant packet rate, KiB/sec
+ encless: No <-- OPTIONAL Encryptionless mode
+ verifier: $argon2d... <-- verifier received from client
+[...]
+@end verbatim
+
+At least one of either @code{iface} or @code{up} must be specified. If
+you specify @code{iface}, then it will be forcefully used to determine
+what TAP interface will be used. If it is not specified, then up-script
+must output interface's name to stdout (first output line).
+
+For example up-script can be just @code{echo tap10}, or more advanced
+like the following one:
+
+@cindex up-script
-@table @code
-
-@item verifier
-@strong{Required}. Contains corresponding verifier used to authenticate
-the client in hexadecimal notation. See @ref{Verifier} for how
-to create it.
-
-@item up.sh
-@strong{Required}. up-script executes each time connection with the
-client is established. It's @emph{stdout} output must contain TAP
-interface name on the first string. This script can be simple
-@code{echo tap10}, or maybe more advanced like this:
- @example
- #!/bin/sh
- $tap=$(ifconfig tap create)
- ifconfig $tap inet6 fc00::1/96 mtu 1412 up
- echo $tap
- @end example
-
-@item down.sh
-Optional. Same as @code{up.sh} above, but executes when connection is
-lost.
-
-@item name
-Optional. Contains human readable username. Used to beauty output of
-@ref{Stats}.
-
-@item timeout
-Optional. Contains @ref{Timeout} setting (decimal notation) in seconds.
-Otherwise default minute timeout will be used.
-
-@item noise
-Optional. Contains either "1" (enable @ref{Noise} adding), or "0".
-
-@item cpr
-Optional. Contains @ref{CPR} setting (decimal notation) in KiB/sec.
-
-@end table
+@example
+#!/bin/sh
+$tap=$(ifconfig tap create)
+ifconfig $tap inet6 fc00::1/96 mtu 1412 up
+echo $tap
+@end example
-Each minute server refreshes peers directory contents and adds newly
-appeared identities, deletes an obsolete ones.
+Each minute server rereads and refreshes peers configuration and adds
+newly appeared identities, deletes an obsolete ones.
You can use convenient @code{utils/newclient.sh} script for new client
creation:
-@example
+@verbatim
% ./utils/newclient.sh Alice
-Place verifier to peers/9b40701bdaf522f2b291cb039490312/verifier
-@end example
-
-@code{9b40701bdaf522f2b291cb039490312} is client's identification.
-@code{peers/9b40701bdaf522f2b291cb039490312/name} contains @emph{Alice},
-@code{peers/9b40701bdaf522f2b291cb039490312/verifier} contains dummy
-verifier and @code{peers/9b40701bdaf522f2b291cb039490312/up.sh} contains
-currently dummy empty up-script.
+[...]
+Your client verifier is: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
+
+Place the following YAML configuration entry on the server's side:
+
+ Alice:
+ up: /path/to/up.sh
+ iface: or TAP interface name
+ verifier: $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
+@end verbatim
+
+Example configuration file:
+@verbatim
+stargrave:
+ iface: tap0
+ verifier: $argon2d$m=4096,t=128,p=1$VMirzcshcHuG2V4jhUsEjw$X5fC07L8k61h3S1Oro/rC76+m0oGDTA9Bq+aWJ1uOgY
+slow:
+ iface: tap1
+ encless: Yes
+ mtu: 9000
+ cpr: 384
+ verifier: $argon2d$m=4096,t=128,p=1$YbIA5garDqCOhtI/2EZVNg$gOo5vcEGynmpeepNscwclicfZsWxzgYFRLbgG21EZ1U
+@end verbatim