PERFORCE change 125449 for review

Matus Harvan mharvan at FreeBSD.org
Mon Aug 20 12:29:55 PDT 2007 

http://perforce.freebsd.org/chv.cgi?CH=125449

Change 125449 by mharvan at mharvan_bike-planet on 2007/08/20 19:29:29

	Removed old content

Affected files ...

.. //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 edit

Differences ...

==== //depot/projects/soc2007/mharvan-mtund/mtund.src/README#4 (text+ko) ====

@@ -1,69 +1,18 @@
-			 Super Tunnel Daemon
+			 Magic Tunnel Daemon
 
-This is an initial implementation with minimal features. The daemon
-creates a tun interfaces, loads encapsulation plugins, finds a working
-encapsulation and connects it to the tun interfaces. Failover to other
-encapsulations is supported, but currently each encapsulation is
-attempted only once.
-
-There are two encapsulation plugins, a tcp and a udp one. The current
-implementation creates three tcp encapsulations (ports 3333, 2222,
-1111) and a udp encapsulation. Currently, the udp encapsulation does
-not detect malfunction, firewall,..., but the tcp one does.
-
-Many things are still missing. There is no queuing or buffering of
-traffic in the daemon. Should the encapsulation not handle a
-sufficiently large MTU, there would be a problem. The tunnel has to
-run with superuser privileges to set up the tun interface. Some future
-plugins might also require the superuser privileges, e.g. to open a
-raw socket. Privilege separation might be a good thing to do in the
-future.
-
-The main design idea is depicted in the following figure
-                +---+	     +-------+	    +------+
-                |tun|        |tunneld|      |plugin|
-                +---+        +-------+      +------+
-                                 |
-                                 v
-                   +--------- select() ---------------------+
-		   |					    |
-		   v					    |
-              tun_receive()   ------>   plugin_send()	    |
-							    |
-	      tun_send()      <------   plugin_receive() <--+
-
 BUILDING
 
-On a FreeBSD system, a simple make should suffice.
-
-On a Linux system, uncommend the LDFLAGS in Makefile, cp
-tun_dev.c.linux tun_dev.c. and make should do the trick.
+On a FreeBSD system, a simple make should suffice. Before that, please
+patch your system with patches in ../sys.patches to get additional
+goodies.
 
 USAGE
 server: tunneld -s -p port
 client: tunneld -c -p port host
 
-After starting tunneld, set up the tun0 interface as follows.
-
-FreeBSD
-server: ifconfig tun0 mtu 1400 192.168.0.1 192.168.0.2
-
-client: ifconfig tun0 mtu 1400 192.168.0.2 192.168.0.1
-
-Linux
-server: ifconfig tun0 mtu 1400 192.168.0.1
-	route add 192.168.0.2 tun0
-
-client: ifconfig tun0 mtu 1400 192.168.0.2
-	route add 192.168.0.1 tun0
-
-Then test with ping, netcat or whatever. For example, do this on the client:
-ping 192.168.0.1
-
-To test failover, just start adding firewall rules. On a linux box the
-following would block the first encapsulation, running on TCP port
-3333:
-iptables -t filter -A INPUT --protocol tcp --destination-port 3333 -j DROP
+You should set up nat on the tun interfaces. With pf:
+	nat on ral0 from !(ral0) to any -> (ral0)
+where ral0 is the external network interface.
 
 To get some security, you may want to set up IPSec on the tun interface.

More information about the p4-projects mailing list