Introduction
SigmaVPN can support multiple concurrent tunnels, with flexible endpoint/protocol settings. Typically, configuration will be placed into a sigmavpn.conf file, in INI format.
Protocols specify how packets should be encoded/decoded or encrypted/decrypted before being sent and received. Right now there are a couple of protocols:
-
nacltai: strong temporal encryption based oncurve25519xsalsa20poly1305, as provided by the NaCl library -
nacl0: weaker encryption based oncurve25519xsalsa20poly1305, as provided by the NaCl library, but really should not be used and will probably be removed -
raw: unencrypted raw packets
Interfaces specify the inputs and outputs of the SigmaVPN executable. The following interfaces currently exist:
- udp: the UDP protocol
- tuntap: the TUN/TAP driver interface, for creating virtual network devices
Typically you have two interfaces: a local interface, and a remote interface.
The local interface is your entry point to the tunnel, and the remote interface generally carries the tunnel itself. Therefore, the local side is generally unencrypted/unencoded, and the remote side is encrypted/encoded.
Moving packets between the two interfaces, and encrypting/decrypting them, is handled by Sigma.
you <-> local <-> protocol <-> remote <-> ...... <-> remote <-> protocol <-> local <-> peer
Typically, a configuration will have two interfaces (one local and one remote), and one protocol. Let's look at a typical encrypted VPN setup:
- local
tuntapinterface -
nacltaiprotocol - remote
udpinterface
This configures a tunnel so that:
- packets from the local TUN/TAP interface will be encrypted using
nacltai, and then sent to your peer via UDP - packets received from your peer via UDP will be decrypted using
nacltai, and then sent to your local TUN/TAP interface