From a4ff4854365155786063e2eed627fb247a78cae5 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Wed, 22 Jan 2020 21:23:52 +0100 Subject: content: Fix ovpn tutorial There was an error in the IP command (-I is for specifying the interface). It also clarifies now that ICMP ping doesn't work. --- content/en/docs/Tutorials/ovpn-tut.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/content/en/docs/Tutorials/ovpn-tut.md b/content/en/docs/Tutorials/ovpn-tut.md index eb99c62..e2d6eb3 100644 --- a/content/en/docs/Tutorials/ovpn-tut.md +++ b/content/en/docs/Tutorials/ovpn-tut.md @@ -25,10 +25,10 @@ and 127.0.0.8 /24, as shown in the diagram above. To run this tutorial, make sure that [openssl](https://www.openssl.org) is installed on your machine(s) and -get the latest version of Ouroboros from the _be_ branch. +get the latest version of Ouroboros. ```bash -$ git clone --branch be https://ouroboros.rocks/git/ouroboros +$ git clone https://ouroboros.rocks/git/ouroboros $ cd ouroboros $ mkdir build && cd build $ cmake .. @@ -107,10 +107,12 @@ $ sudo tcpdump -i lo From another terminal, send some pings into the other endpoint: ```bash -$ ping 10.10.10.1 -i tun0 +$ ping 10.10.10.1 -I tun0 ``` -The tcpdump on the _tun1_ interface shows the ping messages arriving: +The pings will timeout since ICMP pings are responded to by the kernel +(and the tun interface is userspace), but the tcpdump on the _tun1_ +interface will show the ping messages arriving: ```bash $ sudo tcpdump -i tun1 @@ -123,7 +125,8 @@ listening on tun1, link-type RAW (Raw IP), capture size 262144 bytes ``` While the tcpdump on the loopback shows the AES encrypted traffic that -is actually sent on the flow: +is actually sent on the flow (and not visible to the legacy "network" +below: ```bash $ sudo tcpdump -i lo @@ -158,6 +161,9 @@ listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 0x0070: 5fb2 73ef ``` +You can experiment with other small tools like nc (netcat) to monitor +both requests and responses. + # Encrypted tunnel between two IP hosts connected to the Internet To create an encrypted tunnel between two Internet hosts, the same -- cgit v1.2.3