git clone https://github.com/neilalexander/sigmavpn
cd sigmavpn
make (这一步会遇错,如果你没安装libsodium)
cd ~
wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.16.tar.gz
tar zxvf libsodium-1.0.16.tar.gz
cd libsodium-1.0.16
./configure
make
make install
ldconfig
cd ~/sigmavpn
make (这次,make不会再遇错。make后,会在当前目录下,生成可执行文件sigmavpn)
root@ar:~/sigmavpn# ls
Makefile intf.h modules.h naclkeypair.o proto tai.c
dep main.c modules.o pack.c proto.h tai.h
extras main.o naclkeypair pack.h sigmavpn tai.o
intf modules.c naclkeypair.c pack.o sigmavpn.1 types.h
root@ar:~/sigmavpn# ./sigmavpn
SigmaVPN.
Copyright (c) 2011 Neil Alexander T. All rights reserved.
Configuration file '/usr/local/etc/sigmavpn.conf' could not be parsed
root@ar:~/sigmavpn#
(提示:未找到配置文件sigmavpn.conf)
在这个issue:https://github.com/neilalexander/sigmavpn/issues/8里,程序作者说:
There are some details on Google Code: https://code.google.com/p/sigmavpn/wiki/Configuration
https://github.com/neilalexander/sigmavpn
https://code.google.com/p/sigmavpn/wiki/Configuration
https://code.google.com/archive/p/sigmavpn/wikis/Configuration.wiki
https://gist.github.com/clowwindy/57d44b69741992d3eaa3
-------------
A short guide to setting up SigmaVPN for Android. SigmaVPN for Android requires the peer to be running SigmaVPN or QuickTun.This guide uses SigmaVPN for Android v0.27 (2013-06-05) and SigmaVPN commit c05cccfa2277a6c186e62e6cb85bd9fedcf3bbcd on 2014-06-18.
TUN/TAP interface provides a a virtual TUNnel for IP packets, or a virtual network TAP for ethernet frames.SigmaVPN for Android supports only the TUN interface.
A TUN device needs to be configured with a network range. SigmaVPN requires a separate TUN device for each peer Android device.Since it is a point-to-point arrangement, we will create a /30 network for each peer Android device. Let's use the private range 172.30.172.0/30 for the first TUN device. We'll assign 172.30.172.1 to the TUN device on the SigmaVPN host, and 172.30.172.2 to the TUN device created by SigmaVPN for Android.
SigmaVPN for Android setup:
On the SigmaVPN host (assuming a Linux):
SigmaVPN for Android setup:
cd sigmavpn
make (这一步会遇错,如果你没安装libsodium)
cd ~
wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.16.tar.gz
tar zxvf libsodium-1.0.16.tar.gz
cd libsodium-1.0.16
./configure
make
make install
ldconfig
cd ~/sigmavpn
make (这次,make不会再遇错。make后,会在当前目录下,生成可执行文件sigmavpn)
root@ar:~/sigmavpn# ls
Makefile intf.h modules.h naclkeypair.o proto tai.c
dep main.c modules.o pack.c proto.h tai.h
extras main.o naclkeypair pack.h sigmavpn tai.o
intf modules.c naclkeypair.c pack.o sigmavpn.1 types.h
root@ar:~/sigmavpn# ./sigmavpn
SigmaVPN.
Copyright (c) 2011 Neil Alexander T. All rights reserved.
Configuration file '/usr/local/etc/sigmavpn.conf' could not be parsed
root@ar:~/sigmavpn#
(提示:未找到配置文件sigmavpn.conf)
在这个issue:https://github.com/neilalexander/sigmavpn/issues/8里,程序作者说:
There are some details on Google Code: https://code.google.com/p/sigmavpn/wiki/Configuration
https://github.com/neilalexander/sigmavpn
https://code.google.com/p/sigmavpn/wiki/Configuration
https://code.google.com/archive/p/sigmavpn/wikis/Configuration.wiki
https://gist.github.com/clowwindy/57d44b69741992d3eaa3
-------------
SigmaVPN Android Setup
A short guide to setting up SigmaVPN for Android. SigmaVPN for Android requires the peer to be running SigmaVPN or QuickTun.This guide uses SigmaVPN for Android v0.27 (2013-06-05) and SigmaVPN commit c05cccfa2277a6c186e62e6cb85bd9fedcf3bbcd on 2014-06-18.
TUN/TAP interface provides a a virtual TUNnel for IP packets, or a virtual network TAP for ethernet frames.SigmaVPN for Android supports only the TUN interface.
A TUN device needs to be configured with a network range. SigmaVPN requires a separate TUN device for each peer Android device.Since it is a point-to-point arrangement, we will create a /30 network for each peer Android device. Let's use the private range 172.30.172.0/30 for the first TUN device. We'll assign 172.30.172.1 to the TUN device on the SigmaVPN host, and 172.30.172.2 to the TUN device created by SigmaVPN for Android.
Bare-bone Setup
SigmaVPN host setup:# Generate keys for the SigmaVPN host. $ naclkeypair PRIVATE KEY: 55467491bb51b6166add9c22c560a6a0ce0ca8836aab29db5d6fd3abd56eec2b PUBLIC KEY: fce78ab3177a6541713ab826e735521f2764a450dc168b7a0c30107a3e04f45b # Creates the tun device. $ ip tuntap add dev tun0 mode tun $ ip addr add 172.30.172.1/30 dev tun0 # Let's not introduce unnecessary fragmentation. $ ip link set dev tun0 mtu 1400 # Activate the interface. $ ip link set dev tun0 up $cat > /etc/sigmavpn.conf << 'EOF' # Comments are allowed [firstandroiddevicename] # Don't use nacl0 which is not secure. proto = nacltai # Remote's public key, get this from SigmaVPN for Android side. proto_publickey = 8fa2b21bc9b7188067b75255232d571de254cba2dc7a960312db754842f4c72a # Local's private key, this will be the PRIVATE KEY from the earlier naclkeypair invocation. proto_privatekey = 55467491bb51b6166add9c22c560a6a0ce0ca8836aab29db5d6fd3abd56eec2b local = tuntap local_interface = tun0 # Tell SigmaVPN that tun0 is a tun device since in Linux the TUN device can be named anything. local_tunmode = 1 # SigmaVPN for Android requires protocol info to be disabled. local_protocolinfo = 0 peer = udp # The address of SigmaVPN for Android device will be changing constantly. peer_remotefloat = 1 # Where SigmaVPN should be listening for UDP. Typically this will be the address of the Internet-bound network interface. peer_localaddr = 10.0.0.1 # Choose whatever port, SigmaVPN does not have a default port number. peer_localport = 5678 EOF $ sigmavpn -c /etc/sigmavpn.conf SigmaVPN. Copyright (c) 2011 Neil Alexander T. All rights reserved. Using configuration file '/etc/sigmavpn.conf' firstandroiddevicename: Session active Remote endpoint is now 1.2.3.4:5977
SigmaVPN for Android setup:
- Tunnel/Remote Address & Port: the Internet address of the SigmaVPN host.
- Tunnel/Remote Public Key: the SigmaVPN's host public key for this device.
- Tunnel/Use TAI64 nonce: always enable this.
- Network/Tunnel Address Prefix: 172.30.172.2/30
- Network/Static Route: what ranges should be routed through the VPN. If not specified, only 172.30.172.0/30 will be.
- Network/DNS Servers: if not specified, will use the DNS server
Internet Access for the Android Device
There are additional setup if you want the Android device to access the Internet through the SigmaVPN host.On the SigmaVPN host (assuming a Linux):
# Enable IP forwarding. sysctl -w net.ipv4.ip_forward=1 # Masquerade traffic from VPN to the Internet, assuming eth0 is the Internet-bound network interface. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Allow established traffic to be forwarded. iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Allow traffic initiated from VPN to access the world. iptables -A FORWARD -i tun0 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
SigmaVPN for Android setup:
- Network/Static Route: 0.0.0.0/0
- Network/DNS Servers: get it from /etc/resolv.conf on the SigmaVPN host
A Second Android Device
- New keys for the Sigma VPN host. You can use the same one but if you lose an Android device, you'll have to change the keys for all the others.
- A new TUN device with a different range, let's say 172.30.172.4/30.
- The TUN address on the SigmaVPN host is 172.30.172.5/30.
- SigmaVPN on the host must listen on a different port.
- SigmaVPN for Android's Network/Tunnel Address Prefix: 172.30.172.6/30.
- If you want the second Android device to access Internet:
iptables -A FORWARD -i tun1 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
from http://workiis.blogspot.com/2015/03/sigmavpn-android-setup.html
-----
-----
安装SigmaVPN
Install SigmaVPN on Raspbian
在树莓派上安装SigmaVPN
在树莓派上安装SigmaVPN
以下配置还有一些问题待解决:从Android SigmaVPN连接服务器,提示数据解密FAIL,问题原因未知,我觉得是sigmaVPN软件的BUG。最后我架了一个Shadowsocks服务器,android手机上用影梭全局访问,在外面可以访问家里全部局域网资源。
获取SigmaVPN代码
从github获取代码
安装libsodium
SigmaVPN依赖libsodium,安装libsodium
编译SigmaVPN
显示以下编译信息,编译完成,没有想到编译如此简单顺利。
sigmavpn执行环境
sigmavpn不安装,把需要的可执行程序提取出来。sigmavpn支持模块化,需要
proto
和intf
里的几个.o
文件。SigmaVPN配置
我参考的是clowwindy的配置 https://gist.github.com/clowwindy/57d44b69741992d3eaa3
生成proto_publickey和proto_privatekey
运行
naclkeypair
生成proto_publickey和proto_privatekey。创建vpn.conf
其中192.168.1.104是树莓派的IP,如果是VPS则换成VPS的公网IP。proto_publickey和proto_privatekey替换成上面的生成的值。
创建tunnel网口和配置iptables
启动sigmavpn
-m指定模块
.o
所在的目录。配置android上sigmavpn客户端
在市场安装sigmavpn客户端。
TUNNEL配置
Remote Address : vpn.conf里的peer_localaddr
Remote Port : vpn.conf里的peer_localport
Remote Public Key: vpn.conf里的proto_publickey
Remote Port : vpn.conf里的peer_localport
Remote Public Key: vpn.conf里的proto_publickey
选中Use TAI64 nonce
NETWORK配置
Tunnel Address Prefix:10.8.0.2/24
配置完成后,点击STATUS页的CONNECT按钮,看看状态栏是不是有VPN的小钥匙了.
No comments:
Post a Comment