Quickstart
This guide will help you quickly get started with TruePacket to perform:
- Client-side session validation
- Server-side session validation
- Session tunneling
Prerequisites:
- OS: Debian >12.x, Ubuntu >24.x
- Architecture: x86_64, arm64
Installation
-
Retrieve installation packages from TruePacket support.
-
(Client) If installing for Ubuntu, install opensnitch manually from GitHub
-
To install TruePacket, run the following command from the command line:
console sudo apt install ./tpcontrold_0.9.8_linux_amd64.deb -
Exchange client and server ca certs by appending local self-signed CA cert /etc/tpcontrold/cert/tpsm-CA.pem to remote server's /etc/tpcontrold/cert/ca/tpsm-ca-certificates.crt file. Restart tpcontrold service to reload trusted root cert list on all nodes with tpcontrold:
console #Assuming copied over ca file is named as "IMPORTED-tpsm-CA.pem" cat /etc/tpcontrold/cert/IMPORTED-tpsm-CA.pem >> /etc/tpcontrold/cert/ca/tpsm-ca-certificates.crt sudo systemctl restart tpcontrold.service -
(Server) Start wsvpn service:
console sudo systemctl enable wsvpn.service && sudo systemctl restart wsvpn.service -
(Client) Install opensnitch from either debian with apt or get the latest version
from https://github.com/evilsocket/opensnitch/releases:console sudo apt install opensnitch -
(Client) Enable and start opensnitch service:
console systemctl enable opensnitch.service && systemctl restart opensnitch.service -
(Server) Optional step. Load hardened nftables rules - allows SSH and TruePacket inbound ports only:
console # Load rules temporarily (will reset after reboot) sudo nft -f /etc/tpcontrold/example.nftables.rules # Make rules persistent sudo cp /etc/tpcontrold/example.nftables.rules /etc/nftables.conf sudo systemctl restart nftables.service