Date: Mon, 20 Aug 2007 19:29:54 GMT From: Matus Harvan <mharvan@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 125449 for review Message-ID: <200708201929.l7KJTsxD081892@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=125449 Change 125449 by mharvan@mharvan_bike-planet on 2007/08/20 19:29:29 Removed old content Affected files ... .. //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 edit Differences ... ==== //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 (text+ko) ==== @@ -1,69 +1,18 @@ - Super Tunnel Daemon + Magic Tunnel Daemon -This is an initial implementation with minimal features. The daemon -creates a tun interfaces, loads encapsulation plugins, finds a working -encapsulation and connects it to the tun interfaces. Failover to other -encapsulations is supported, but currently each encapsulation is -attempted only once. - -There are two encapsulation plugins, a tcp and a udp one. The current -implementation creates three tcp encapsulations (ports 3333, 2222, -1111) and a udp encapsulation. Currently, the udp encapsulation does -not detect malfunction, firewall,..., but the tcp one does. - -Many things are still missing. There is no queuing or buffering of -traffic in the daemon. Should the encapsulation not handle a -sufficiently large MTU, there would be a problem. The tunnel has to -run with superuser privileges to set up the tun interface. Some future -plugins might also require the superuser privileges, e.g. to open a -raw socket. Privilege separation might be a good thing to do in the -future. - -The main design idea is depicted in the following figure - +---+ +-------+ +------+ - |tun| |tunneld| |plugin| - +---+ +-------+ +------+ - | - v - +--------- select() ---------------------+ - | | - v | - tun_receive() ------> plugin_send() | - | - tun_send() <------ plugin_receive() <--+ - BUILDING -On a FreeBSD system, a simple make should suffice. - -On a Linux system, uncommend the LDFLAGS in Makefile, cp -tun_dev.c.linux tun_dev.c. and make should do the trick. +On a FreeBSD system, a simple make should suffice. Before that, please +patch your system with patches in ../sys.patches to get additional +goodies. USAGE server: tunneld -s -p port client: tunneld -c -p port host -After starting tunneld, set up the tun0 interface as follows. - -FreeBSD -server: ifconfig tun0 mtu 1400 192.168.0.1 192.168.0.2 - -client: ifconfig tun0 mtu 1400 192.168.0.2 192.168.0.1 - -Linux -server: ifconfig tun0 mtu 1400 192.168.0.1 - route add 192.168.0.2 tun0 - -client: ifconfig tun0 mtu 1400 192.168.0.2 - route add 192.168.0.1 tun0 - -Then test with ping, netcat or whatever. For example, do this on the client: -ping 192.168.0.1 - -To test failover, just start adding firewall rules. On a linux box the -following would block the first encapsulation, running on TCP port -3333: -iptables -t filter -A INPUT --protocol tcp --destination-port 3333 -j DROP +You should set up nat on the tun interfaces. With pf: + nat on ral0 from !(ral0) to any -> (ral0) +where ral0 is the external network interface. To get some security, you may want to set up IPSec on the tun interface.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708201929.l7KJTsxD081892>