miegl/glorytun
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update README.md

Browse Source 
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
This commit is contained in:
Adrien Gallouët
2018-05-16 21:41:39 +00:00
parent f3b44e2f45
commit 022e478fb9
1 changed files with 31 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
README.md
View File

@@ -3,6 +3,30 @@
Glorytun is a small, simple and secure VPN over [mud](https://github.com/angt/mud). Glorytun is a small, simple and secure VPN over [mud](https://github.com/angt/mud).
It runs on Linux, OpenBSD, FreeBSD and MacOS. It runs on Linux, OpenBSD, FreeBSD and MacOS.
### Features
The main features of Glorytun come directly from mud:
* Fast and highly secure
The use of UDP and [libsodium](https://github.com/jedisct1/libsodium) allows you to secure
your communications without impacting performance.
Glorytun uses AES only if AES-NI is available otherwise ChaCha20 is used.
You can force the use of ChaCha20 for higher security.
All messages are encrypted, authenticated and marked with a timestamp.
Perfect forward secrecy is also implemented with ECDH over Curve25519.
* Multipath and active failover
This is the main feature of Glorytun that allows to build an SD-WAN like service.
This allows a TCP connection to explore and exploit multiple links without being disconnected.
* Path MTU discovery without ICMP
Bad MTU configuration is a very common problem in the world of VPN.
As it is critical, Glorytun will try to setup it correctly by guessing its value.
It doesn't rely on ICMP Next-hop MTU to avoid black holes.
### Build and Install ### Build and Install
Glorytun depends on [libsodium](https://github.com/jedisct1/libsodium) version >= 1.0.4. Glorytun depends on [libsodium](https://github.com/jedisct1/libsodium) version >= 1.0.4.
@@ -19,7 +43,8 @@ To build and install the latest release from github:
$ meson glorytun glorytun/build $ meson glorytun glorytun/build
$ sudo ninja -C glorytun/build install $ sudo ninja -C glorytun/build install
This will install all binaries in `/usr/local/bin/` by default. This will install all binaries in `/usr/local/bin` by default.
You can easily customize your setup with meson (see `meson help`).
### Usage ### Usage
@@ -39,13 +64,11 @@ available commands:
``` ```
Add the keyword `help` after a command to show its usage. Use the keyword `help` after a command to show its usage.
### Mini HowTo ### Mini HowTo
Glorytun does not touch network configuration of its interface, Glorytun does not touch the configuration of its network interface (except for the MTU),
It only tries to set the MTU when it receives packets,
it doesn't rely on ICMP Next-hop MTU to avoid black holes.
It is up to the user to do it according to the tools available It is up to the user to do it according to the tools available
on his system (systemd-networkd, netifd, ...). on his system (systemd-networkd, netifd, ...).
This also allows a wide variety of configurations. This also allows a wide variety of configurations.
@@ -55,8 +78,7 @@ To start a server:
# (umask 066; glorytun keygen > my_secret_key) # (umask 066; glorytun keygen > my_secret_key)
# glorytun bind 0.0.0.0 keyfile my_secret_key & # glorytun bind 0.0.0.0 keyfile my_secret_key &
You should now have a virgin `tun0` interface as mentioned earlier. You should now have an unconfigured network interface (let's say `tun0`).
I let you choose your favorite tool :)
For exemple, the simplest setup with `ifconfig`: For exemple, the simplest setup with `ifconfig`:
# ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up # ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up
@@ -64,7 +86,7 @@ For exemple, the simplest setup with `ifconfig`:
To check if the server is running, simply call `glorytun show`. To check if the server is running, simply call `glorytun show`.
It will show you all the running tunnels. It will show you all the running tunnels.
To start a new client, you need to get the secret key (somehow..). To start a new client, you need to get the secret key generated for the server.
Then simply call: Then simply call:
# glorytun bind 0.0.0.0 to SERVER_IP keyfile my_secret_key & # glorytun bind 0.0.0.0 to SERVER_IP keyfile my_secret_key &
@@ -77,32 +99,7 @@ Here the tricky part... You need to specify your paths or glorytun will not send
Again, to check if your path is working, you can watch its status with `glorytun path`. Again, to check if your path is working, you can watch its status with `glorytun path`.
You should now be able to ping your server with `ping 10.0.1.1`. You should now be able to ping your server with `ping 10.0.1.1`.
### Easy setup with systemd If you have systemd-networkd, you can use the helper program `glorytun-setup`.
Just call `glorytun-setup` and follow the instructions.
First, setup the server:
$ sudo glorytun-setup
Config filename (tun0):
Server ip (enter for server conf):
Bind to port (5000):
Server key (enter to generate a new one):
Your new key: NEW_KEY
Start glorytun now ? (enter to skip): y
Copy the new generated key and use it when configuring the client:
$ sudo glorytun-setup
Config filename (tun0):
Server ip (enter for server conf): SERVER_IP
Server port (5000):
Server key (enter to generate a new one): NEW_KEY
Start glorytun now ? (enter to skip): y
To stop the service:
$ sudo systemctl stop glorytun@tun0
--- ---