mirror of https://github.com/dswd/vpncloud.git
Specs
This commit is contained in:
Dennis Schwerdel
parent
90ef94224a
commit
83574b9b47
|
|
@ -2,3 +2,4 @@ target
|
||||||
Cargo.lock
|
Cargo.lock
|
||||||
vpncloud-*
|
vpncloud-*
|
||||||
._*
|
._*
|
||||||
|
vpncloud.1
|
||||||
|
|
|
||||||
|
|
@ -127,6 +127,61 @@ based on separate MAC tables. Any nested tags (Q-in-Q) will be ignored.
|
||||||
|
|
||||||
## EXAMPLES
|
## EXAMPLES
|
||||||
|
|
||||||
|
### Switched TAP scenario
|
||||||
|
|
||||||
|
In the example scenario, a simple layer 2 network tunnel is established. Most
|
||||||
|
likely those commands need to be run as **root** using `sudo`.
|
||||||
|
|
||||||
|
First, VpnCloud need to be started on both nodes (the address after `-c` is the
|
||||||
|
address of the remote node):
|
||||||
|
```
|
||||||
|
vpncloud -c remote_node:3210
|
||||||
|
```
|
||||||
|
|
||||||
|
Then, the interfaces have to configured and activated (the `X` in the address
|
||||||
|
must be unique among all nodes, e.g. 0, 1, 2, ...):
|
||||||
|
```
|
||||||
|
ifconfig vpncloud0 10.0.0.X/24 up
|
||||||
|
```
|
||||||
|
|
||||||
|
Afterwards, the interface can be used to communicate.
|
||||||
|
|
||||||
|
|
||||||
|
### Routed TUN example
|
||||||
|
|
||||||
|
In this example, 4 nodes should communicate using IP. First, VpnCloud need to
|
||||||
|
be started on both nodes:
|
||||||
|
```
|
||||||
|
vpncloud -t tun -c remote_node:3210 --subnet 10.0.0.1/32
|
||||||
|
```
|
||||||
|
|
||||||
|
Then, the interfaces can be configured and activated like in the previous
|
||||||
|
example.
|
||||||
|
|
||||||
|
|
||||||
|
### Important notes
|
||||||
|
|
||||||
|
- It is important to configure the interface in a way that all addresses on the
|
||||||
|
VPN can be reached directly. E.g. if addresses 10.0.0.1 and 10.0.0.2 are used,
|
||||||
|
the interface needs to be configured as /24.
|
||||||
|
For TUN devices, this means that the prefix length of the subnets must be
|
||||||
|
different than the prefix length that the interface is configured with.
|
||||||
|
|
||||||
|
- VpnCloud can be used to connect two separate networks. TAP networks can be
|
||||||
|
bridged using `brctl` and TUN networks must be routed. It is very important
|
||||||
|
to be careful when setting up such a scenario in order to avoid network loops,
|
||||||
|
security issues, DHCP issues and many more problems.
|
||||||
|
|
||||||
|
- TAP devices will forward DHCP data. If done intentionally, this can be used
|
||||||
|
to assign unique addresses to all participants. If this happens accidentally,
|
||||||
|
it can conflict with DHCP servers of the local network and can have severe
|
||||||
|
side effects.
|
||||||
|
|
||||||
|
- VpnCloud is not designed to be secure. It encapsulates the network data but
|
||||||
|
it (currently) does not encrypt and authenticate it. Attackers with read
|
||||||
|
access to the UDP stream can read the whole traffic including any unencrypted
|
||||||
|
passwords in the payload. Attackers with write access to the UDP stream can
|
||||||
|
manipulate or suppress the whole traffic and even send data on their own.
|
||||||
|
|
||||||
|
|
||||||
## NETWORK PROTOCOL
|
## NETWORK PROTOCOL
|
||||||
Loading…
Reference in New Issue