Hello Sergey,

thank you for this notes and sorry for long answer.
Yesterday evening we did check GoVPN(5.3 tarball) server in the field.

We did test it in our local network (~100Mb) between two VMs.
1 vm - Ubuntu14.04
1 vm - Arch
1 vm - Centos 7 as server in Amsterdam

After I got notes from you about configuring server and client, to get tunnel running was really simple. 

My peers.yaml looks like:
alan:
    iface: tap10
    verifier: $argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ$tIAu7jX57mDll2hmK/xjoLyKJfozQivTvupmftT7VYY

Can I add another client in the same file, like:
alex:
    iface: tap10
    verifier: $argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ$tIAu7jX57mDll2hmK/xjoLyKJfozQivTvupmftT7VYY

My server run: 
# ./govpn-server -bind 172.25.60.72:1194
2016/01/28 11:24:58.152692 main.go:46: GoVPN version  built with go1.5.3
2016/01/28 11:24:58.153323 identify.go:70: Adding key 5e78349e86590bdbf7e04860ed115245
2016/01/28 11:24:58.153797 udp.go:51: Listening on UDP:172.25.60.72:1194
2016/01/28 11:24:58.154457 main.go:85: Server started

My client run:
# govpn-client -verifier '$argon2d$m=4096,t=128,p=1$Xng0noZZC9v34Ehg7RFSRQ' -remote=172.25.60.72:1194 -iface tap10

Tests that we performed: 
Ping in local network:
# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
64 bytes from 172.16.0.2: icmp_seq=1 ttl=64 time=2.03 ms
64 bytes from 172.16.0.2: icmp_seq=2 ttl=64 time=10.0 ms
64 bytes from 172.16.0.2: icmp_seq=3 ttl=64 time=5.04 ms
64 bytes from 172.16.0.2: icmp_seq=4 ttl=64 time=10.0 ms
64 bytes from 172.16.0.2: icmp_seq=5 ttl=64 time=11.3 ms
64 bytes from 172.16.0.2: icmp_seq=6 ttl=64 time=6.18 ms
64 bytes from 172.16.0.2: icmp_seq=7 ttl=64 time=12.2 ms

iperf test in local network:
puppet root ~ # iperf -c 172.16.0.2
------------------------------------------------------------
Client connecting to 172.16.0.2, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[  3] local 172.16.0.1 port 55274 connected with 172.16.0.2 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   105 MBytes  87.7 Mbits/sec

Ping test VPN over Internet (Netherlands, Amsterdam<-> Israel, Tel-Aviv) is good in SINGLE mode:
# ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=1174 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=81.8 ms
64 bytes from 172.16.0.1: icmp_seq=5 ttl=64 time=79.4 ms
64 bytes from 172.16.0.1: icmp_seq=7 ttl=64 time=83.0 ms
64 bytes from 172.16.0.1: icmp_seq=8 ttl=64 time=88.9 ms
64 bytes from 172.16.0.1: icmp_seq=9 ttl=64 time=79.2 ms
64 bytes from 172.16.0.1: icmp_seq=10 ttl=64 time=87.7 ms
64 bytes from 172.16.0.1: icmp_seq=12 ttl=64 time=144 ms
64 bytes from 172.16.0.1: icmp_seq=13 ttl=64 time=98.0 ms

In this case 2 clients from Tel-Aviv connected to the same server in Amsterdam, one of users get disconnected:

2016/01/28 10:14:16.503875 main.go:111: Deleting peer 71ec89cac70333cbeb37f5234bf847f9:93.157.86.36:45087                                                                                       
2016/01/28 10:14:16.527846 udp.go:173: Unknown identity from: 93.157.86.36:45087                
2016/01/28 10:14:16.527921 udp.go:173: Unknown identity from: 93.157.86.36:45087                
2016/01/28 10:14:17.528000 udp.go:173: Unknown identity from: 93.157.86.36:45087                
2016/01/28 10:14:17.528077 udp.go:173: Unknown identity from: 93.157.86.36:45087                
2016/01/28 10:14:18.528820 udp.go:173: Unknown identity from: 93.157.86.36:45087                
2016/01/28 10:14:19.541059 udp.go:173: Unknown identity from: 93.157.86.36:45087                
2016/01/28 10:14:20.530810 udp.go:173: Unknown identity from: 93.157.86.36:45087         

So how I do one server serf multiple clients?
Is it possible? 


On Thu, Jan 21, 2016 at 11:43 AM, <stargrave@stargrave.org> wrote:
*** Alan Holt <berber.it@gmail.com> [Wed, 20 Jan 2016 00:58:49 +0200]:
>root@alan-XPS:~/govpn-5.2# cat peers.yaml
>alan:
>    up: /path/to/up.sh
>    iface: tap10
>    verifier: $argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg
>    Passphrase:
>$argon2d$m=4096,t=128,p=1$J2g7mlL33KHw34qDq0L5Eg$NsW5CVpiU14e1c12S8GKEqSeHVeAZ5h+gVrVq4s7u3U

I fixed the issue that "Passphrase:" does not appear after newclient.sh
call and is included in example YAML output in 5.3 release.

Now the output is as expected:

    % ./utils/newclient.sh foobar
    Passphrase:[hello]

    Your client verifier is: $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg

    Place the following YAML configuration entry on the server's side:

        foobar:
            up: /path/to/up.sh
            iface: or TAP interface name
            verifier: $argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY
    % ./govpn-verifier -verifier '$argon2d$m=4096,t=128,p=1$ijktkRI+NRG9VHETCywgzg$W4hAiwvOKWcE/U3dVujbdTeFUA3klmjG4joLR8CdMAY'
    Passphrase:
    true

Thanks again for showing this issue!

--
Happy hacking, Sergey Matveev



--
בברכה, 
אלכס ברבר
--
Best regards.
Alex Berber