GitHub - PatriotSuite/gssvpn at v1.1

PatriotSuite / gssvpn Public

forked from jbreams/gssvpn

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Virtual Patriotic Network - create private networks and allow the government to monitor them as well.

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 120 Commits
libev		libev
minilzo		minilzo
Makefile.am		Makefile.am
README		README
common.c		common.c
configure.in		configure.in
gssvpn.c		gssvpn.c
gssvpn.h		gssvpn.h
gssvpnd.c		gssvpnd.c
linux-server.pl		linux-server.pl
mac-client.pl		mac-client.pl
server_packets.c		server_packets.c

Repository files navigation

GSSVPN v1

GSSVPN is simple VPN software that uses GSSAPI to do its encryption and
authentication. It assumes that your server will have a service principal
and can act as a GSSAPI acceptor, and that your clients have a user 
principal and can act as a GSSAPI initiator. It has been tested
with the server running on RHEL 5 and the client running on Mac OS X.

It uses the tun/tap driver to provide a virtual ethernet device - PtP tunnel
devices are currently unsupported. On OS X, you may need to install the
TUNTAP driver available at http://tuntaposx.sourceforge.net/. On Linux,
you should install the tunctl utility to manage the server-side tap device.

All packets received from the tap device are encrypted with the GSSAPI
context, compressed, and sent to the other end. The server acts as an ethernet
switch, and supports ethernet broadcasts to all the connected clients.

Although it uses GSSAPI for authentication, GSSVPN does not have any 
authorization or network configuration tools. Instead, it uses an 
external utility that will send the client its network information. If the
utility returns non-zero, it assumes the client is invalid, and will
shut down the connection. The client side has a matching utility which
will set up the ip address and any routes to tunnelled networks.

GSSVPN uses libev (available from http://software.schmorp.de/pkg/libev.html)
to do asyncronous event handling and minilzo (available from 
http://www.oberhumer.com/opensource/lzo/) to do packet compression.

Usage:

gssvpnd -v -p port -i interface -s service -a utility -u user -t timeout -d
	-v				Will enable verbose logging. Really really verbose.
	-p port			The port for the server to bind to.
	-s service		The name of the service in the keytab to accept contexts for.
	-a utility		Path to the utility to execute for network initialization.
	-u user			User to become after dropping privileges.
	-t timeout		Max lifetime of a client connection.
	-i interface	Tap interface to use
	-d				Runs the process as a daemon, detaching from the console.

gssvpn -v -h hostname -p port -s service -i interface
	-v				Will enable verbose logging.
	-p port			Port to connect to on the server
	-s service		Service name to connect to on server
	-h hostname 	Hostname of server
	-i interface	Tap interface to use