forked from jbreams/gssvpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
57 lines (47 loc) · 2.84 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
GSSVPN v1.4
GSSVPN is simple VPN software that uses GSSAPI to do its encryption and
authentication. It assumes that your server will have a service principal
and can act as a GSSAPI acceptor, and that your clients have a user
principal and can act as a GSSAPI initiator. It has been tested
with the server running on RHEL 5 and the client running on Mac OS X.
It uses the tun/tap driver to provide a virtual ethernet device - PtP tunnel
devices are currently unsupported. On OS X, you may need to install the
TUNTAP driver available at http://tuntaposx.sourceforge.net/. On Linux,
you should install the tunctl utility to manage the server-side tap device.
All packets received from the tap device are encrypted with the GSSAPI
context, compressed, and sent to the other end. The server acts as an ethernet
switch, and supports ethernet broadcasts to all the connected clients.
Although it uses GSSAPI for authentication, GSSVPN does not have any
authorization or network configuration tools. Instead, it uses an
external utility that will send the client its network information. If the
utility returns non-zero, it assumes the client is invalid, and will
shut down the connection. The client side has a matching utility which
will set up the ip address and any routes to tunnelled networks. This design
is meant to put the site-specific policy code in an easily maintainable format,
separate from the C core of the software. You are encouraged to edit/create
your own netinit scripts to fit your needs.
Usage:
gssvpnd -v -p port -s service -i interface -a utility -u user -t -d
-v Will enable verbose logging. Really really verbose.
-p port The port for the server to bind to.
-s service The name of the service in the keytab to accept contexts for.
-i interface Tap interface to use
-a utility Path to the utility to execute for network initialization.
-u user User to become after dropping privileges.
-t Kill clients on timeout (default is to reinitialize).
-d Runs the process as a daemon, detaching from the console.
gssvpn -v -h hostname -p port -s service -i interface -a utility -u user -e keepalive -r cmd
-v Will enable verbose logging.
-h hostname Hostname of server
-p port Port to connect to on the server
-s service Service name to connect to on server
-i interface Tap interface to use
-a utility Path to the utility to execute for network initialization.
-u user User to become after dropping privileges.
-e keepalive Period between sending keep-alive echos to server.
-r command Command to run to renew credentials.
The client will catch the USR1 and USR2 signals and perform a GSSAPI or network
reinitialization respectively.
GSSVPN uses libev (available from http://software.schmorp.de/pkg/libev.html)
to do asyncronous event handling and minilzo (available from
http://www.oberhumer.com/opensource/lzo/) to do packet compression.