Changeset 152


Ignore:
Timestamp:
05/16/12 23:59:10 (13 years ago)
Author:
atzm
Message:
  • modify document
File:
1 edited

Legend:

Unmodified
Added
Removed
  • etherws/trunk/README.rst

    r148 r152  
    44based on Linux Universal TUN/TAP device driver. 
    55 
    6 Usage 
    7 ===== 
    8 For example, if you want to make virtual ethernet link for VM1 and VM2 
    9 whose hypervisor's broadcast domains were split by router R:: 
     6How to Use 
     7========== 
     8For example, if you want to make virtual ethernet link for *VM1* and *VM2* 
     9whose hypervisor's broadcast domains were split by router *R*:: 
    1010 
    1111  +------------------+            +------------------+ 
     
    2828            (Ethernet over WebSocket tunnel) 
    2929 
    30 then you can type following commands. 
     30then you can use following commands. 
    3131 
    32 on Hypervisor1:: 
     32on *Hypervisor1*:: 
    3333 
    3434  # etherws server 
     
    3838  # ifconfig br0 up 
    3939 
    40 on Hypervisor2:: 
     40on *Hypervisor2*:: 
    4141 
    4242  # etherws client --uri ws://<Hypervisor1's IP address>/ 
     
    4646  # ifconfig br0 up 
    4747 
    48 If connection through this tunnel is unstable, then you may fix it 
    49 by changing VM's MTU to under 1500. 
     48If connection through the tunnel is unstable, then you may fix it 
     49by changing VM's MTU to under 1500, e.g.:: 
    5050 
    51 Also etherws supports SSL/TLS connection (but client does not validate 
    52 server certificates and server does not authenticate client yet), so if 
    53 you want to encrypt this tunnel, then you can use following options. 
     51  # ifconfig eth0 mtu 1400 
    5452 
    55 on Hypervisor1 (options *keyfile* and *certfile* were specified):: 
     53Tunnel Encryption 
     54================= 
     55etherws supports SSL/TLS connection (but client does not verify server 
     56certificates). 
     57If you want to encrypt the tunnel, then you can use following options. 
     58 
     59on *Hypervisor1* (options *keyfile* and *certfile* were specified):: 
    5660 
    5761  # etherws server --keyfile ssl.key --certfile ssl.crt 
    5862 
    59 on Hypervisor2 (option *uri*'s scheme was changed to *wss*):: 
     63on *Hypervisor2* (option *uri*'s scheme was changed to *wss*):: 
    6064 
    6165  # etherws client --uri wss://<Hypervisor1's IP address>/ 
    6266 
     67You also can test by following command:: 
     68 
     69  # openssl s_client -connect <Hypervisor1's IP address>:443 
     70 
     71Client Authentication 
     72===================== 
     73etherws supports HTTP Basic Authentication. 
     74It means you can use etherws as simple L2-VPN server/client. 
     75 
     76On server side, etherws requires user information in Apache htpasswd 
     77format (and currently supports SHA-1 digest only). To create this file:: 
     78 
     79  # htpasswd -s -c filename username 
     80 
     81If you do not have htpasswd command, then you can use python one-liner:: 
     82 
     83  # python -c 'import hashlib; print("username:{SHA}" + hashlib.sha1("password").digest().encode("base64"))' 
     84 
     85To run server with this:: 
     86 
     87  # etherws server --htpasswd filename 
     88 
     89You also can test by following command:: 
     90 
     91  # telnet <address> 80 
     92  GET / HTTP/1.1 
     93 
     94It will return *401 Authorization Required*. 
     95 
     96On client side, etherws requires username as option, and password from 
     97stdin:: 
     98 
     99  # etherws client --uri ws://<address>/ --user username 
     100  Password:  
     101 
     102If authentication did not succeed, then it will die with some error messages. 
     103 
     104Note that you should not use HTTP Basic Authentication without SSL/TLS 
     105support, because it is insecure in itself. 
     106 
    63107History 
    64108======= 
     1090.3 (2012-05-17 JST) 
     110  - client authentication support 
     111 
    651120.2 (2012-05-16 JST) 
    66113  - SSL/TLS connection support 
Note: See TracChangeset for help on using the changeset viewer.