-
Notifications
You must be signed in to change notification settings - Fork 69
Configuration
The configuration of the framework is very easy, there are different sections of the configuration that needs to be handled in a different manner:
- Global settings
- Authentication settings
- Encryption settings
- Transport module settings
All these sections serve a different purpose in the framework's life, but it is almost self explanatory.
The Global settings section consists several settings that is needed for the framework itself. This is used to set up the client and server mode, and the address of the the server.
Most of the default settings does not really need to be modified. If you know what you are doing, please adjust the settings, otherwise just state your server's IP and hostname below.
Example configuration for the Global section:
remoteserverip = 54.76.113.73
remoteserverhost = PUT_YOUR_SERVER_HOSTNAME_HERE
# SERVER configs, does not really need to be modified
serverif = xfl0
serverip = 10.9.0.1
servernetmask = 24
serverbind = 0.0.0.0
# CLIENT configs, does not really need to be modified
clientif = xfl0
clientip = 10.9.0.101
clientnetmask = 24
mtu = 1350
Here comes your server's IP, the client will connect to this IP over the different protocols.
Your server's hostname/domain name should be stated here. Some modules use this instead of the IP address (like SOCKS v5).
default: xfl0
Name of the interface on the server side. By leaving it to the default, it is almost sure that it will not collide with any other tools.
default: 10.9.0.1
Change it to whatever IP that you like, this will be the IP of the server. Please make sure that the client IPs are in the same range as this IP/netmask.
default: 24
Netmask that specifies the VPN's IP range.
default: 0.0.0.0
By default the tool binds on all interfaces. If you want to bind to a specific interface, please specify the IP address of that one.
default: xfl0
Same thing as the serverif, but on the client side. It does not have to match with the server, this is just an alias for the interface.
default: 10.9.0.101
Make sure you change this on every client, otherwise there will be an IP collision on the VPN and the framework will malfunction.
default: 24
Make sure you keep this netmask value as the same as the servernetmask otherwise it will not work properly.
default: 1350
Most network interface's MTU is 1500 by default. We are tunnelling data over those interfaces, so there will be an overhead. 150 bytes for this overhead are more than enough. If you would like to pimp it up, it is up to you. Please note that some of the modules are doing fragmentation, so it will have no or very little effect on those modules.
There is a basic Authentication module support in the framework that supports 2-step authentication only (not to confuse with two-factor authentication). This will be improved later. The two authentication module that is done at the moment:
- noauth
- saltedsha512
This one is dangerous to enable. Provides no authentication at all. Anybody can connect to the server without knowing any secrets.
Encryption is on the roadmap will be introduced early 2018 hopefully. Therefore no encryption settings are present in the framework at the moment.
See the Transport Module configuration
XFLTReaT 2017-2020 Balazs Bucsay @xoreipeip
- Home - Introduction to XFLTReaT
- The framework - The framework explained
- Installation - How to install the tool
- Configuration - How to configure the framework
- Operating System support - See the supported Operating Systems
- Transport modules - Explanation of the transport modules
- Authentication modules - Explanation of the authentication modules
- Encryption modules - Explanation of the encryption modules
- Use Cases - Examples use cases
- Development - How to develop for the framework