source: etherws/trunk/README.rst @ 152

Revision 152, 3.4 KB checked in by atzm, 12 years ago (diff)
  • modify document
  • Property svn:keywords set to Id
RevLine 
[141]1Introduction
2============
3etherws is an implementation of Ethernet over WebSocket tunnel
4based on Linux Universal TUN/TAP device driver.
5
[152]6How to Use
7==========
8For example, if you want to make virtual ethernet link for *VM1* and *VM2*
9whose hypervisor's broadcast domains were split by router *R*::
[141]10
11  +------------------+            +------------------+
12  | Hypervisor1      |            |      Hypervisor2 |
13  |  +-----+         |            |         +-----+  |
14  |  | VM1 |         |            |         | VM2 |  |
15  |  +--+--+         |            |         +--+--+  |
16  |     | (vnet0)    |            |    (vnet0) |     |
17  |  +--+--+         |            |         +--+--+  |
18  |  | br0 |         |            |         | br0 |  |
19  |  +--+--+         |            |         +--+--+  |
20  |     |            |            |            |     |
21  | (ethws0)  (eth0) |            | (eth0)  (ethws0) |
22  +----||--------+---+            +----+-------||----+
23       ||        |        +---+        |       ||
24       ||   -----+--------| R |--------+-----  ||
25       ||                 +---+                ||
26       ||                                      ||
27       ``======================================''
28            (Ethernet over WebSocket tunnel)
29
[152]30then you can use following commands.
[141]31
[152]32on *Hypervisor1*::
[141]33
34  # etherws server
35  # brctl addbr br0
36  # brctl addif br0 vnet0
37  # brctl addif br0 ethws0
38  # ifconfig br0 up
39
[152]40on *Hypervisor2*::
[141]41
42  # etherws client --uri ws://<Hypervisor1's IP address>/
43  # brctl addbr br0
44  # brctl addif br0 vnet0
45  # brctl addif br0 ethws0
46  # ifconfig br0 up
47
[152]48If connection through the tunnel is unstable, then you may fix it
49by changing VM's MTU to under 1500, e.g.::
[146]50
[152]51  # ifconfig eth0 mtu 1400
[144]52
[152]53Tunnel Encryption
54=================
55etherws supports SSL/TLS connection (but client does not verify server
56certificates).
57If you want to encrypt the tunnel, then you can use following options.
[144]58
[152]59on *Hypervisor1* (options *keyfile* and *certfile* were specified)::
60
[144]61  # etherws server --keyfile ssl.key --certfile ssl.crt
62
[152]63on *Hypervisor2* (option *uri*'s scheme was changed to *wss*)::
[144]64
65  # etherws client --uri wss://<Hypervisor1's IP address>/
66
[152]67You also can test by following command::
68
69  # openssl s_client -connect <Hypervisor1's IP address>:443
70
71Client Authentication
72=====================
73etherws supports HTTP Basic Authentication.
74It means you can use etherws as simple L2-VPN server/client.
75
76On server side, etherws requires user information in Apache htpasswd
77format (and currently supports SHA-1 digest only). To create this file::
78
79  # htpasswd -s -c filename username
80
81If you do not have htpasswd command, then you can use python one-liner::
82
83  # python -c 'import hashlib; print("username:{SHA}" + hashlib.sha1("password").digest().encode("base64"))'
84
85To run server with this::
86
87  # etherws server --htpasswd filename
88
89You also can test by following command::
90
91  # telnet <address> 80
92  GET / HTTP/1.1
93
94It will return *401 Authorization Required*.
95
96On client side, etherws requires username as option, and password from
97stdin::
98
99  # etherws client --uri ws://<address>/ --user username
100  Password:
101
102If authentication did not succeed, then it will die with some error messages.
103
104Note that you should not use HTTP Basic Authentication without SSL/TLS
105support, because it is insecure in itself.
106
[141]107History
108=======
[152]1090.3 (2012-05-17 JST)
110  - client authentication support
111
[144]1120.2 (2012-05-16 JST)
113  - SSL/TLS connection support
114
1150.1 (2012-05-15 JST)
[141]116  - First release
Note: See TracBrowser for help on using the repository browser.