PERFORCE change 125449 for review
mharvan at FreeBSD.org
Mon Aug 20 12:29:55 PDT 2007
Change 125449 by mharvan at mharvan_bike-planet on 2007/08/20 19:29:29
Removed old content
Affected files ...
.. //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 edit
==== //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 (text+ko) ====
@@ -1,69 +1,18 @@
- Super Tunnel Daemon
+ Magic Tunnel Daemon
-This is an initial implementation with minimal features. The daemon
-creates a tun interfaces, loads encapsulation plugins, finds a working
-encapsulation and connects it to the tun interfaces. Failover to other
-encapsulations is supported, but currently each encapsulation is
-attempted only once.
-There are two encapsulation plugins, a tcp and a udp one. The current
-implementation creates three tcp encapsulations (ports 3333, 2222,
-1111) and a udp encapsulation. Currently, the udp encapsulation does
-not detect malfunction, firewall,..., but the tcp one does.
-Many things are still missing. There is no queuing or buffering of
-traffic in the daemon. Should the encapsulation not handle a
-sufficiently large MTU, there would be a problem. The tunnel has to
-run with superuser privileges to set up the tun interface. Some future
-plugins might also require the superuser privileges, e.g. to open a
-raw socket. Privilege separation might be a good thing to do in the
-The main design idea is depicted in the following figure
- +---+ +-------+ +------+
- |tun| |tunneld| |plugin|
- +---+ +-------+ +------+
- +--------- select() ---------------------+
- | |
- v |
- tun_receive() ------> plugin_send() |
- tun_send() <------ plugin_receive() <--+
-On a FreeBSD system, a simple make should suffice.
-On a Linux system, uncommend the LDFLAGS in Makefile, cp
-tun_dev.c.linux tun_dev.c. and make should do the trick.
+On a FreeBSD system, a simple make should suffice. Before that, please
+patch your system with patches in ../sys.patches to get additional
server: tunneld -s -p port
client: tunneld -c -p port host
-After starting tunneld, set up the tun0 interface as follows.
-server: ifconfig tun0 mtu 1400 192.168.0.1 192.168.0.2
-client: ifconfig tun0 mtu 1400 192.168.0.2 192.168.0.1
-server: ifconfig tun0 mtu 1400 192.168.0.1
- route add 192.168.0.2 tun0
-client: ifconfig tun0 mtu 1400 192.168.0.2
- route add 192.168.0.1 tun0
-Then test with ping, netcat or whatever. For example, do this on the client:
-To test failover, just start adding firewall rules. On a linux box the
-following would block the first encapsulation, running on TCP port
-iptables -t filter -A INPUT --protocol tcp --destination-port 3333 -j DROP
+You should set up nat on the tun interfaces. With pf:
+ nat on ral0 from !(ral0) to any -> (ral0)
+where ral0 is the external network interface.
To get some security, you may want to set up IPSec on the tun interface.
More information about the p4-projects