/*
-govpn -- high-performance secure virtual private network daemon
+govpn -- simple secure virtual private network daemon
Copyright (C) 2014 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+
+// Simple secure virtual private network daemon
package main
import (
"os/signal"
"time"
- "code.google.com/p/go.crypto/poly1305"
- "code.google.com/p/go.crypto/salsa20"
+ "golang.org/x/crypto/poly1305"
+ "golang.org/x/crypto/salsa20"
)
var (
upPath = flag.String("up", "", "Path to up-script")
downPath = flag.String("down", "", "Path to down-script")
mtu = flag.Int("mtu", 1500, "MTU")
+ nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
verboseP = flag.Bool("v", false, "Increase verbosity")
)
flag.Parse()
timeout := *timeoutP
verbose := *verboseP
+ noncediff := uint64(*nonceDiff)
log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
// Key decoding
state = &Handshake{addr: udpPkt.addr}
states[addr] = state
}
- p = state.Server(conn, key, udpPktData)
+ p = state.Server(noncediff, conn, key, udpPktData)
} else {
if !exists {
fmt.Print("[HS?]")
udpSinkReady <- true
continue
}
- p = state.Client(conn, key, udpPktData)
+ p = state.Client(noncediff, conn, key, udpPktData)
}
if p != nil {
fmt.Print("[HS-OK]")
continue
}
nonceRecv, _ := binary.Uvarint(udpPktData[:8])
- if peer.nonceRecv >= nonceRecv {
+ if nonceRecv < peer.nonceRecv-noncediff {
fmt.Print("R")
udpSinkReady <- true
continue