FreeBSD Manual Pages
RP(1) General Commands Manual RP(1) NAME rp -- high-level interface to rosenpass SYNOPSIS rp [explain] [verbose] genkey ... | pubkey ... | exchange ... rp [...] genkey PRIVATE_KEYS_DIR rp [...] pubkey PRIVATE_KEYS_DIR PUBLIC_KEYS_DIR rp [...] exchange PRIVATE_KEYS_DIR [dev <device>] [listen <ip>:<port>] [peer PUBLIC_KEYS_DIR [endpoint <ip>:<port>] [persistent-keepalive <interval>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>] ...]] ... DESCRIPTION The rp program is used to build a VPN with WireGuard and Rosenpass. The optional [explain] and [verbose] options can be used to obtain fur- ther help or to enable a detailed view on the operations, respectively. COMMANDS genkey PRIVATE_KEYS_DIR Creates a new directory with appropriate permissions and gener- ates all the necessary private keys required for a peer to par- ticipate in a rosenpass connection. pubkey PRIVATE_KEYS_DIR PUBLIC_KEYS_DIR Creates a fresh directory at PUBLIC_KEYS_DIR, which contains the extracted public keys from the private keys generated by genkey and located inside PRIVATE_KEYS_DIR. exchange PRIVATE_KEYS_DIR [dev <device>] [listen <ip>:<port>] [PEERS] Starts the VPN on interface device, listening on the provided IP and port combination, allowing connections from PEERS. EXIT STATUS The rp utility exits 0 on success, and >0 if an error occurs. EXAMPLES In this example, we will assume that the server has an interface bound to 192.168.0.1, that accepts incoming connections on port 9999/UDP for Rosenpass and port 10000/UDP for WireGuard. To create a VPN connection, start by generating secret keys on both hosts. rp genkey server.rosenpass-secret rp genkey client.rosenpass-secret Extract the public keys: rp pubkey server.rosenpass-secret server.rosenpass-public rp pubkey client.rosenpass-secret client.rosenpass-public Copy the "-public" directories to the other peers and then start the VPN. On the server: sudo rp exchange server.rosenpass-secret dev rosenpass0 listen 192.168.0.1:9999 \ peer client.rosenpass-public allowed-ips fe80::/64 On the client: sudo rp exchange client.rosenpass-secret dev rosenpass 0 \ peer server.rosenpass-public endpoint 192.168.0.1:9999 allowed-ips fe80::/64 Assign IP addresses: sudo ip a add fe80::1/64 dev rosenpass0 # Server sudo ip a add fe80::2/64 dev rosenpass0 # Client Test the connection by pinging the server on the client machine: ping fe80::1%rosenpass0 # Client You can watch how rosenpass replaces the WireGuard PSK with the follow- ing: watch -n 0.2 'wg show all; wg show all preshared-keys' SEE ALSO rosenpass(1), wg(1) AUTHORS Rosenpass was created by Karolin Varner, Benjamin Lipp, Wanja Zaeske, Marei Peischl, Stephan Ajuvo, and Lisa Schmidt. This manual page was written by Emil Engler BUGS The bugs are tracked at https://github.com/rosenpass/rosenpass/issues. FreeBSD Ports 14.quarterly $Mdocdate$ RP(1)
NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | EXAMPLES | SEE ALSO | AUTHORS | BUGS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rp&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>