Changeset 152
- Timestamp:
- 05/16/12 23:59:10 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
etherws/trunk/README.rst
r148 r152 4 4 based on Linux Universal TUN/TAP device driver. 5 5 6 Usage7 ===== 8 For example, if you want to make virtual ethernet link for VM1 and VM29 whose hypervisor's broadcast domains were split by router R::6 How to Use 7 ========== 8 For example, if you want to make virtual ethernet link for *VM1* and *VM2* 9 whose hypervisor's broadcast domains were split by router *R*:: 10 10 11 11 +------------------+ +------------------+ … … 28 28 (Ethernet over WebSocket tunnel) 29 29 30 then you can type following commands.30 then you can use following commands. 31 31 32 on Hypervisor1::32 on *Hypervisor1*:: 33 33 34 34 # etherws server … … 38 38 # ifconfig br0 up 39 39 40 on Hypervisor2::40 on *Hypervisor2*:: 41 41 42 42 # etherws client --uri ws://<Hypervisor1's IP address>/ … … 46 46 # ifconfig br0 up 47 47 48 If connection through th istunnel is unstable, then you may fix it49 by changing VM's MTU to under 1500 .48 If connection through the tunnel is unstable, then you may fix it 49 by changing VM's MTU to under 1500, e.g.:: 50 50 51 Also etherws supports SSL/TLS connection (but client does not validate 52 server certificates and server does not authenticate client yet), so if 53 you want to encrypt this tunnel, then you can use following options. 51 # ifconfig eth0 mtu 1400 54 52 55 on Hypervisor1 (options *keyfile* and *certfile* were specified):: 53 Tunnel Encryption 54 ================= 55 etherws supports SSL/TLS connection (but client does not verify server 56 certificates). 57 If you want to encrypt the tunnel, then you can use following options. 58 59 on *Hypervisor1* (options *keyfile* and *certfile* were specified):: 56 60 57 61 # etherws server --keyfile ssl.key --certfile ssl.crt 58 62 59 on Hypervisor2(option *uri*'s scheme was changed to *wss*)::63 on *Hypervisor2* (option *uri*'s scheme was changed to *wss*):: 60 64 61 65 # etherws client --uri wss://<Hypervisor1's IP address>/ 62 66 67 You also can test by following command:: 68 69 # openssl s_client -connect <Hypervisor1's IP address>:443 70 71 Client Authentication 72 ===================== 73 etherws supports HTTP Basic Authentication. 74 It means you can use etherws as simple L2-VPN server/client. 75 76 On server side, etherws requires user information in Apache htpasswd 77 format (and currently supports SHA-1 digest only). To create this file:: 78 79 # htpasswd -s -c filename username 80 81 If you do not have htpasswd command, then you can use python one-liner:: 82 83 # python -c 'import hashlib; print("username:{SHA}" + hashlib.sha1("password").digest().encode("base64"))' 84 85 To run server with this:: 86 87 # etherws server --htpasswd filename 88 89 You also can test by following command:: 90 91 # telnet <address> 80 92 GET / HTTP/1.1 93 94 It will return *401 Authorization Required*. 95 96 On client side, etherws requires username as option, and password from 97 stdin:: 98 99 # etherws client --uri ws://<address>/ --user username 100 Password: 101 102 If authentication did not succeed, then it will die with some error messages. 103 104 Note that you should not use HTTP Basic Authentication without SSL/TLS 105 support, because it is insecure in itself. 106 63 107 History 64 108 ======= 109 0.3 (2012-05-17 JST) 110 - client authentication support 111 65 112 0.2 (2012-05-16 JST) 66 113 - SSL/TLS connection support
Note: See TracChangeset
for help on using the changeset viewer.