-NB that this is a very bare set of installation instructions ! It
-describes a `default' configuration; you can do more esoteric things
-if you wish.
+This directory contains:
+
+* A userv service (`ipif') for allowing users to create network
+interfaces and handle the traffic for them. For instructions, see the
+comment at the top of service.c.
+
+* A VPN tunnelling system based on that userv service, which does
+encryption and can be used to join two networks. It uses its own
+nonstandard protocols, not IPSEC. Key setup is done via an ssh
+connection. For installation instructions, read this file.
+
+These tools have only been tested on GNU/Linux, and the ipif service
+in particular uses the Linux-specific `slattach' utility.
+
+NB that this is a very bare set of installation instructions for the
+VPN system ! It describes a fairly `default' configuration; you can
+do more esoteric things if you wish.
In any case, on each tunnel endpoint system (not the eventual
end-system, but the point where the packets are `detunnelled'):
-* Install userv, 0.95.0 or later. This should be in Debian.
-* Get userv-utils 0.1.9 from the location above, unpack it, cd to the
- `ipif' subdirectory, and say `make' then `really make install'.
+* Install userv, 1.0.1 or later. This should be in Debian. Get this
+* package, userv-utils from the location above, unpack it, cd to the
+ `ipif' subdirectory, and say `make' then as root `make install'.
-The tunnel is always set up by one of its endpoints, using ssh. So
-the active endpoint must have ssh installed; the passive endpoint must
-have sshd accessible to the active endpoint, and be willing to allow
-the active endpoint to run the appropriate command.
+The tunnel is always set up by one of its endpoints, using ssh (we
+recommend you use OpenSSH). So the active endpoint must have ssh
+installed; the passive endpoint must have sshd accessible to the
+active endpoint, and be willing to allow the active endpoint to run
+the appropriate command.
So: create an account for the active endpoint on the passive. You
probably want to use RSAAuthentication, so configure the relevant key
If you see a message from `slattach' about being unable to open /dev/2
or some such, then you need to upgrade your `slattach'. In Debian
GNU/Linux it's in the `netbase' package, and the fix is in 3.16-3 and
-later. The relevant Debian bug reports are #45515 and #45944, and Ian
-Jackson can supply the patch to slattach or a working binary.
+later; however the bug has regressed, and is known to be in 3.18-4 and
+earlier. The relevant Debian bug reports are #45515 (now closed) and
+#45944. A patch to correct 3.18-4 is in this directory as
+`slattach.diff'.
-$Id: INSTALL,v 1.1 2000/06/21 22:48:29 ian Exp $
+$Id: INSTALL,v 1.3 2000/08/13 20:23:23 ian Exp $
~mdw / userv-utils / blobdiff