Tutorial¶
This section provides a step-by-step guide to using NoPASARAN, including various scenarios and the setup of an end-to-end control channel.
Scenarios¶
Here are some example scenarios that demonstrate the basic usage of NoPASARAN.
Control Channel¶
To establish an end-to-end control channel in NoPASARAN, you can follow the steps outlined in the “TLS Mutual Authenticated End-to-End Tunnel” tutorial:
Node Certificates¶
SSH authentication are used to enhance security through mutual authentication. These certificates are issued by a certification authority for key management.
Temporary Section: Unaddressed Problems¶
This section deals with problems that have not been addressed yet.
Handling Kernel Packets After Receiving Raw Packets¶
When using raw packets in NoPASARAN, the kernel might still send certain packets that are not intended to be part of the scenarios. To prevent these unwanted packets from affecting the testing environment, we can drop specific types of packets using iptables:
Drop output ICMP packets for UDP with “host unreachable” message:
iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP
Drop output TCP packets with the “RST” (reset) flag set:
iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
These rules ensure that the kernel does not send unwanted packets, maintaining the integrity and predictability of the scenarios involving raw packets.