Let’s assume that there is some insecure link between your computer and WiFi-reachable gateway.
wlan0
NIC with 192.168.0/24 network on it.
wlan0
MTU is 1500, 20 bytes overhead per IPv4. So MTU for
GoVPN is 1500 - 20 - 8 = 1472.
Install. At first you must install this software: download, check the signature, compile.
Prepare the client. Generate client’s identity and verifier for Alice as an example:
client% ./utils/newclient.sh Alice Enter passphrase: Your id is: 7012df29deee2170594119df5091d4a2 Place the following JSON configuration entry on the server's side: "7012df29deee2170594119df5091d4a2": { "name": "Alice", "up": "/path/to/up.sh", "verifier": "fb43255ca3fe5bd884e364e5eae0cd37ad14774930a027fd38d8938fd0b57425" } Verifier was generated with: ./utils/storekey.sh /tmp/passphrase govpn-verifier -id 7012df29deee2170594119df5091d4a2 -key /tmp/passphrase
Prepare the server. Add this entry to peers.json
configuration file.
Prepare network on GNU/Linux IPv4 server:
server% umask 077 server% echo "#!/bin/sh" > /path/to/up.sh server% echo "echo tap10" >> /path/to/up.sh server% ip addr add 192.168.0.1/24 dev wlan0 server% tunctl -t tap10 server% ip link set mtu 1432 dev tap10 server% ip addr add 172.16.0.1/24 dev tap10 server% ip link set up dev tap10
Run server daemon itself:
server% govpn-server -bind 192.168.0.1:1194 -mtu 1472
Prepare network on GNU/Linux IPv4 client:
client% umask 066 client% utils/storekey.sh key.txt client% ip addr add 192.168.0.2/24 dev wlan0 client% tunctl -t tap10 client% ip link set mtu 1432 dev tap10 client% ip addr add 172.16.0.2/24 dev tap10 client% ip link set up dev tap10 client% ip route add default via 172.16.0.1
Run client daemon itself:
client% govpn-client \ -key key.txt \ -id 906e34b98750c4f686d6c5489508763c \ -iface tap10 \ -remote 192.168.0.1:1194 \ -mtu 1472
FreeBSD IPv6 similar client-server example:
server% ifconfig em0 inet6 fe80::1/64 server% govpn-server -bind "fe80::1%em0"
client% ifconfig me0 inet6 -ifdisabled auto_linklocal client% ifconfig tap10 client% ifconfig tap10 inet6 fc00::2/96 mtu 1412 up client% route -6 add default fc00::1 client% govpn-client \ -key key.txt \ -id 906e34b98750c4f686d6c5489508763c \ -iface tap10 \ -remote "[fe80::1%me0]":1194