From owner-p4-projects@FreeBSD.ORG Mon Aug 20 19:29:55 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 82DBE16A46B; Mon, 20 Aug 2007 19:29:55 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 242B816A468 for ; Mon, 20 Aug 2007 19:29:55 +0000 (UTC) (envelope-from mharvan@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 0855113C4D0 for ; Mon, 20 Aug 2007 19:29:55 +0000 (UTC) (envelope-from mharvan@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l7KJTslB081895 for ; Mon, 20 Aug 2007 19:29:54 GMT (envelope-from mharvan@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l7KJTsxD081892 for perforce@freebsd.org; Mon, 20 Aug 2007 19:29:54 GMT (envelope-from mharvan@FreeBSD.org) Date: Mon, 20 Aug 2007 19:29:54 GMT Message-Id: <200708201929.l7KJTsxD081892@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to mharvan@FreeBSD.org using -f From: Matus Harvan To: Perforce Change Reviews Cc: Subject: PERFORCE change 125449 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2007 19:29:55 -0000 http://perforce.freebsd.org/chv.cgi?CH=125449 Change 125449 by mharvan@mharvan_bike-planet on 2007/08/20 19:29:29 Removed old content Affected files ... .. //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 edit Differences ... ==== //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 (text+ko) ==== @@ -1,69 +1,18 @@ - Super Tunnel Daemon + Magic Tunnel Daemon -This is an initial implementation with minimal features. The daemon -creates a tun interfaces, loads encapsulation plugins, finds a working -encapsulation and connects it to the tun interfaces. Failover to other -encapsulations is supported, but currently each encapsulation is -attempted only once. - -There are two encapsulation plugins, a tcp and a udp one. The current -implementation creates three tcp encapsulations (ports 3333, 2222, -1111) and a udp encapsulation. Currently, the udp encapsulation does -not detect malfunction, firewall,..., but the tcp one does. - -Many things are still missing. There is no queuing or buffering of -traffic in the daemon. Should the encapsulation not handle a -sufficiently large MTU, there would be a problem. The tunnel has to -run with superuser privileges to set up the tun interface. Some future -plugins might also require the superuser privileges, e.g. to open a -raw socket. Privilege separation might be a good thing to do in the -future. - -The main design idea is depicted in the following figure - +---+ +-------+ +------+ - |tun| |tunneld| |plugin| - +---+ +-------+ +------+ - | - v - +--------- select() ---------------------+ - | | - v | - tun_receive() ------> plugin_send() | - | - tun_send() <------ plugin_receive() <--+ - BUILDING -On a FreeBSD system, a simple make should suffice. - -On a Linux system, uncommend the LDFLAGS in Makefile, cp -tun_dev.c.linux tun_dev.c. and make should do the trick. +On a FreeBSD system, a simple make should suffice. Before that, please +patch your system with patches in ../sys.patches to get additional +goodies. USAGE server: tunneld -s -p port client: tunneld -c -p port host -After starting tunneld, set up the tun0 interface as follows. - -FreeBSD -server: ifconfig tun0 mtu 1400 192.168.0.1 192.168.0.2 - -client: ifconfig tun0 mtu 1400 192.168.0.2 192.168.0.1 - -Linux -server: ifconfig tun0 mtu 1400 192.168.0.1 - route add 192.168.0.2 tun0 - -client: ifconfig tun0 mtu 1400 192.168.0.2 - route add 192.168.0.1 tun0 - -Then test with ping, netcat or whatever. For example, do this on the client: -ping 192.168.0.1 - -To test failover, just start adding firewall rules. On a linux box the -following would block the first encapsulation, running on TCP port -3333: -iptables -t filter -A INPUT --protocol tcp --destination-port 3333 -j DROP +You should set up nat on the tun interfaces. With pf: + nat on ral0 from !(ral0) to any -> (ral0) +where ral0 is the external network interface. To get some security, you may want to set up IPSec on the tun interface.