diff --git a/dist/linux-x64/README.md b/dist/linux-x64/README.md new file mode 100644 index 0000000..3a6148d --- /dev/null +++ b/dist/linux-x64/README.md @@ -0,0 +1,218 @@ +# OSTP Server - Linux x64 Distribution + +Universal Linux binaries (statically linked with musl) for OSTP VPN server deployment. + +## ๐Ÿ“ฆ Contents + +- **ostp-server** (9.2 MB) - VPN server with AEAD encryption, TLS mimicry, UDP-over-TCP +- **oncp-master** (4.8 MB) - Control plane API server for node/user management +- **SHA256SUMS** - Integrity verification checksums +- **deploy.sh** - Automated deployment script +- **server.json.example** - ostp-server configuration template +- **server-enrollment.json.example** - ostp-server with enrollment token +- **ostp-server.service** - systemd service unit for ostp-server +- **oncp-master.service** - systemd service unit for oncp-master + +## ๐Ÿš€ Quick Start + +### 1. Verify Integrity + +```bash +sha256sum -c SHA256SUMS +``` + +### 2. Deploy with Script (Recommended) + +```bash +chmod +x deploy.sh +sudo ./deploy.sh +``` + +The script will: +- Install binaries to `/usr/local/bin/` +- Create systemd services +- Generate PSK and network configuration +- Set up firewall rules +- Start services + +### 3. Manual Installation + +```bash +# Make binaries executable +chmod +x ostp-server oncp-master + +# Copy to system path +sudo cp ostp-server oncp-master /usr/local/bin/ + +# Generate PSK for ostp-server +PSK=$(openssl rand -hex 32) +echo "Generated PSK: $PSK" + +# Start oncp-master (control plane) +sudo ./oncp-master serve --listen 0.0.0.0:8080 --network-octet 42 + +# Generate enrollment token (expires in 3 minutes) +./oncp-master node token --expiry 3 + +# Start ostp-server (VPN server) +sudo ./ostp-server -l 0.0.0.0:443 -p $PSK --master http://localhost:8080 +``` + +## ๐Ÿ”ง Configuration + +### ostp-server Configuration + +Create `/etc/ostp/server.json`: + +```json +{ + "listen_addr": "0.0.0.0:443", + "psk": "YOUR_64_CHAR_HEX_PSK", + "master_url": "http://localhost:8080", + "country_code": "US", + "max_clients": 1000 +} +``` + +### oncp-master Configuration + +Environment variables: +- `ONCP_DATABASE` - SQLite database path (default: `oncp.db`) +- `ONCP_NETWORK_OCTET` - Second octet for 10.X.0.0/16 subnet (default: `42`) +- `ONCP_LOG_LEVEL` - Logging level: error, warn, info, debug, trace + +## ๐ŸŒ Network Architecture + +**Master Node Subnet:** `10.X.0.0/16` (where X = network-octet) +- Master Node IP: `10.X.0.1` +- Client IPs: `10.X.0.2` - `10.X.255.254` +- Capacity: ~65,000 clients per Master Node + +## ๐Ÿ” Security Features + +### OTP Enrollment Tokens +Nodes must provide time-limited one-time tokens during enrollment: + +```bash +# Generate token (3 minute expiry) +./oncp-master node token --expiry 3 + +# Node uses token in enrollment request +./ostp-server --token ABC123XYZ0 --master https://master-url +``` + +### Silent Validation +Invalid tokens result in silent connection close (HTTP 444) - prevents enumeration. + +## ๐Ÿ“Š Management Commands + +### Node Management + +```bash +# List pending enrollments +./oncp-master node pending + +# Approve node (allocates IP + generates PSK) +./oncp-master node approve + +# Reject enrollment +./oncp-master node reject + +# List all nodes +./oncp-master node list +``` + +### User Management + +```bash +# Create user with 100GB quota, 30 days +./oncp-master user create --quota 100 --days 30 + +# List users +./oncp-master user list + +# Show network statistics +./oncp-master stats +``` + +### SNI Management + +```bash +# Update SNI domains for specific country +./oncp-master sni update --country RU --add example.com + +# Block domain globally +./oncp-master sni block --domain blocked.com +``` + +## ๐Ÿ–ฅ๏ธ System Requirements + +- **OS:** Any Linux distribution with glibc or musl (universal binary) +- **RAM:** 512 MB minimum, 2 GB recommended +- **CPU:** 1 core minimum, 2+ cores recommended +- **Network:** Public IP with ports 443 (ostp-server), 8080 (oncp-master) open +- **Storage:** 100 MB for binaries, 1 GB+ for logs/database + +## ๐Ÿ›ก๏ธ Firewall Configuration + +```bash +# Allow ostp-server (VPN) +sudo ufw allow 443/tcp + +# Allow oncp-master API (restrict to internal network in production) +sudo ufw allow 8080/tcp +``` + +## ๐Ÿ“ Logs + +- **ostp-server:** `/var/log/ostp-server.log` or stdout +- **oncp-master:** `/var/log/oncp-master.log` or stdout + +View logs with systemd: +```bash +sudo journalctl -u ostp-server -f +sudo journalctl -u oncp-master -f +``` + +## ๐Ÿ”„ Updates + +```bash +# Stop services +sudo systemctl stop ostp-server oncp-master + +# Replace binaries +sudo cp ostp-server oncp-master /usr/local/bin/ + +# Restart services +sudo systemctl start ostp-server oncp-master +``` + +## ๐Ÿ“š Documentation + +- Project Repository: https://github.com/ospab/ospab.network +- Architecture Overview: See `prompt.md` in repository +- API Documentation: `http://:8080/health` (health check) + +## โš ๏ธ Production Checklist + +- [ ] Change default PSK (64 hex characters) +- [ ] Configure unique network octet (0-255, avoid 0 and 255) +- [ ] Set up SSL/TLS for oncp-master API (use reverse proxy) +- [ ] Restrict oncp-master port to internal network +- [ ] Configure log rotation +- [ ] Set up monitoring (Prometheus/Grafana) +- [ ] Enable automatic backups of oncp.db +- [ ] Configure firewall rules +- [ ] Set resource limits in systemd services + +## ๐Ÿ†˜ Support + +For issues and questions: +- GitHub Issues: https://github.com/ospab/ospab.network/issues +- Security: Report vulnerabilities via private disclosure + +--- + +**Version:** 0.1.0 +**Build Date:** January 2, 2026 +**License:** Proprietary diff --git a/dist/linux-x64/SHA256SUMS b/dist/linux-x64/SHA256SUMS new file mode 100644 index 0000000..34179e8 --- /dev/null +++ b/dist/linux-x64/SHA256SUMS @@ -0,0 +1,2 @@ +53de7690ddcd22828d1d2c55bec75e7a43aa6476827d8162615549b08a1a39dc oncp-master +d3ec5b5ee8c90f1f92667458f44a795159157ae64e8d5073888838fbfce286e2 ostp-server diff --git a/dist/linux-x64/SHA256SUMS.txt b/dist/linux-x64/SHA256SUMS.txt new file mode 100644 index 0000000..e69de29 diff --git a/dist/linux-x64/deploy.sh b/dist/linux-x64/deploy.sh new file mode 100644 index 0000000..90486d6 --- /dev/null +++ b/dist/linux-x64/deploy.sh @@ -0,0 +1,221 @@ +#!/bin/bash +set -e + +# OSTP Server - Automated Deployment Script +# Version: 0.1.0 +# Requires: root/sudo access + +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +RED='\033[0;31m' +NC='\033[0m' # No Color + +echo -e "${GREEN}โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—${NC}" +echo -e "${GREEN}โ•‘ OSTP Server Deployment Script โ•‘${NC}" +echo -e "${GREEN}โ•‘ Version 0.1.0 โ•‘${NC}" +echo -e "${GREEN}โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•${NC}" +echo + +# Check if running as root +if [[ $EUID -ne 0 ]]; then + echo -e "${RED}Error: This script must be run as root${NC}" + echo "Usage: sudo ./deploy.sh" + exit 1 +fi + +# Check if binaries exist +if [ ! -f "ostp-server" ] || [ ! -f "oncp-master" ]; then + echo -e "${RED}Error: Binaries not found in current directory${NC}" + exit 1 +fi + +# Verify checksums +echo -e "${YELLOW}โ†’${NC} Verifying integrity..." +if sha256sum -c SHA256SUMS > /dev/null 2>&1; then + echo -e "${GREEN}โœ“${NC} Checksums verified" +else + echo -e "${RED}โœ—${NC} Checksum verification failed!" + read -p "Continue anyway? (y/N): " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 1 + fi +fi + +# Configuration prompts +echo +echo -e "${YELLOW}โ•โ•โ• Configuration โ•โ•โ•${NC}" +read -p "Network octet (10.X.0.0/16, default 42): " NETWORK_OCTET +NETWORK_OCTET=${NETWORK_OCTET:-42} + +read -p "ostp-server listen port (default 443): " OSTP_PORT +OSTP_PORT=${OSTP_PORT:-443} + +read -p "oncp-master listen port (default 8080): " ONCP_PORT +ONCP_PORT=${ONCP_PORT:-8080} + +read -p "Install directory (default /usr/local/bin): " INSTALL_DIR +INSTALL_DIR=${INSTALL_DIR:-/usr/local/bin} + +read -p "Config directory (default /etc/ostp): " CONFIG_DIR +CONFIG_DIR=${CONFIG_DIR:-/etc/ostp} + +read -p "Database directory (default /var/lib/ostp): " DATA_DIR +DATA_DIR=${DATA_DIR:-/var/lib/ostp} + +# Generate PSK +echo +echo -e "${YELLOW}โ†’${NC} Generating PSK..." +PSK=$(openssl rand -hex 32) +echo -e "${GREEN}โœ“${NC} PSK generated: ${YELLOW}${PSK}${NC}" +echo -e "${RED}โš  SAVE THIS PSK! It will be stored in ${CONFIG_DIR}/server.json${NC}" + +# Create directories +echo +echo -e "${YELLOW}โ†’${NC} Creating directories..." +mkdir -p "$INSTALL_DIR" +mkdir -p "$CONFIG_DIR" +mkdir -p "$DATA_DIR" +mkdir -p /var/log/ostp + +# Install binaries +echo -e "${YELLOW}โ†’${NC} Installing binaries..." +cp ostp-server oncp-master "$INSTALL_DIR/" +chmod +x "$INSTALL_DIR/ostp-server" "$INSTALL_DIR/oncp-master" +echo -e "${GREEN}โœ“${NC} Binaries installed to $INSTALL_DIR" + +# Create ostp-server config +cat > "$CONFIG_DIR/server.json" < /etc/systemd/system/oncp-master.service < /etc/systemd/system/ostp-server.service < /dev/null; then + echo -e "${YELLOW}โ†’${NC} Configuring firewall..." + ufw allow ${OSTP_PORT}/tcp comment "OSTP VPN Server" + echo -e "${GREEN}โœ“${NC} Firewall rule added for port ${OSTP_PORT}" + echo -e "${YELLOW}โš ${NC} Note: Port ${ONCP_PORT} (oncp-master) not exposed. Restrict to internal network in production!" +fi + +# Enable and start services +echo +echo -e "${YELLOW}โ†’${NC} Starting services..." +systemctl enable oncp-master ostp-server +systemctl start oncp-master + +# Wait for oncp-master to start +sleep 2 + +# Generate enrollment token +echo -e "${YELLOW}โ†’${NC} Generating enrollment token..." +TOKEN=$(${INSTALL_DIR}/oncp-master node token --expiry 60 2>/dev/null | grep -A1 "Token:" | tail -1 | xargs) +echo -e "${GREEN}โœ“${NC} Enrollment token (60 min): ${YELLOW}${TOKEN}${NC}" + +# Start ostp-server +systemctl start ostp-server + +echo +echo -e "${GREEN}โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—${NC}" +echo -e "${GREEN}โ•‘ Deployment Complete! โœ“ โ•‘${NC}" +echo -e "${GREEN}โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•${NC}" +echo +echo -e "${YELLOW}Services Status:${NC}" +systemctl status oncp-master --no-pager -l || true +systemctl status ostp-server --no-pager -l || true +echo +echo -e "${YELLOW}Important Information:${NC}" +echo -e " โ€ข Network: ${GREEN}10.${NETWORK_OCTET}.0.0/16${NC}" +echo -e " โ€ข Master IP: ${GREEN}10.${NETWORK_OCTET}.0.1${NC}" +echo -e " โ€ข PSK: ${YELLOW}${PSK}${NC}" +echo -e " โ€ข Enrollment Token: ${YELLOW}${TOKEN}${NC} (expires in 60 minutes)" +echo -e " โ€ข Config: ${CONFIG_DIR}/server.json" +echo -e " โ€ข Database: ${DATA_DIR}/oncp.db" +echo -e " โ€ข Logs: /var/log/ostp/" +echo +echo -e "${YELLOW}Next Steps:${NC}" +echo -e " 1. Enroll nodes: ${GREEN}ostp-server --token ${TOKEN} --master https://your-master${NC}" +echo -e " 2. Approve nodes: ${GREEN}oncp-master node pending${NC} โ†’ ${GREEN}oncp-master node approve ${NC}" +echo -e " 3. Create users: ${GREEN}oncp-master user create --quota 100 --days 30${NC}" +echo -e " 4. Monitor logs: ${GREEN}journalctl -u ostp-server -f${NC}" +echo +echo -e "${RED}โš  Security Reminder:${NC}" +echo -e " โ€ข Save PSK in password manager" +echo -e " โ€ข Restrict port ${ONCP_PORT} to internal network" +echo -e " โ€ข Set up SSL/TLS reverse proxy for production" +echo -e " โ€ข Configure log rotation" +echo + +exit 0 diff --git a/dist/linux-x64/oncp-master.service b/dist/linux-x64/oncp-master.service new file mode 100644 index 0000000..c1dca6b --- /dev/null +++ b/dist/linux-x64/oncp-master.service @@ -0,0 +1,30 @@ +[Unit] +Description=ONCP Master Node - Control Plane API +After=network.target +Documentation=https://github.com/ospab/ospab.network + +[Service] +Type=simple +User=root +WorkingDirectory=/var/lib/ostp +Environment="ONCP_DATABASE=/var/lib/ostp/oncp.db" +Environment="ONCP_NETWORK_OCTET=42" +Environment="ONCP_LOG_LEVEL=info" +ExecStart=/usr/local/bin/oncp-master serve --listen 0.0.0.0:8080 --network-octet 42 +Restart=on-failure +RestartSec=5s +StandardOutput=append:/var/log/ostp/oncp-master.log +StandardError=append:/var/log/ostp/oncp-master.log + +# Security hardening +NoNewPrivileges=true +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ReadWritePaths=/var/lib/ostp /var/log/ostp + +# Resource limits +LimitNOFILE=4096 + +[Install] +WantedBy=multi-user.target diff --git a/dist/linux-x64/ostp-server.service b/dist/linux-x64/ostp-server.service new file mode 100644 index 0000000..87f9fcb --- /dev/null +++ b/dist/linux-x64/ostp-server.service @@ -0,0 +1,28 @@ +[Unit] +Description=OSTP VPN Server +After=network.target +Documentation=https://github.com/ospab/ospab.network + +[Service] +Type=simple +User=root +WorkingDirectory=/etc/ostp +ExecStart=/usr/local/bin/ostp-server -c /etc/ostp/server.json +Restart=on-failure +RestartSec=5s +StandardOutput=append:/var/log/ostp/ostp-server.log +StandardError=append:/var/log/ostp/ostp-server.log + +# Security hardening +NoNewPrivileges=true +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ReadWritePaths=/var/log/ostp + +# Resource limits +LimitNOFILE=65536 +LimitNPROC=512 + +[Install] +WantedBy=multi-user.target diff --git a/dist/linux-x64/server-enrollment.json.example b/dist/linux-x64/server-enrollment.json.example new file mode 100644 index 0000000..5c0e3cd --- /dev/null +++ b/dist/linux-x64/server-enrollment.json.example @@ -0,0 +1,8 @@ +{ + "listen_addr": "0.0.0.0:443", + "enrollment_token": "ABC123XYZ0", + "master_url": "https://master-node.example.com:8080", + "country_code": "US", + "region": "us-west", + "node_name": "node-01" +} diff --git a/dist/linux-x64/server.json.example b/dist/linux-x64/server.json.example new file mode 100644 index 0000000..686096d --- /dev/null +++ b/dist/linux-x64/server.json.example @@ -0,0 +1,7 @@ +{ + "listen_addr": "0.0.0.0:443", + "psk": "CHANGE_THIS_64_CHARACTER_HEX_PSK_GENERATED_WITH_OPENSSL_RAND", + "master_url": "http://127.0.0.1:8080", + "country_code": "US", + "max_clients": 1000 +} diff --git a/dist/ostp-client-windows-x64.zip b/dist/ostp-client-windows-x64.zip new file mode 100644 index 0000000..98ffd20 Binary files /dev/null and b/dist/ostp-client-windows-x64.zip differ diff --git a/dist/ostp-server-linux-x64.tar.gz b/dist/ostp-server-linux-x64.tar.gz new file mode 100644 index 0000000..801d128 Binary files /dev/null and b/dist/ostp-server-linux-x64.tar.gz differ diff --git a/dist/windows-x64/README.md b/dist/windows-x64/README.md new file mode 100644 index 0000000..93fb66c --- /dev/null +++ b/dist/windows-x64/README.md @@ -0,0 +1,289 @@ +# OSTP Client - Windows x64 Distribution + +Windows native client with GUI, daemon service, and automated installer. + +## ๐Ÿ“ฆ Contents + +- **ostp-installer.exe** (0.37 MB) - Setup wizard with admin privileges +- **ostp-daemon.exe** (0.53 MB) - Windows Service for VPN tunnel management +- **ostp-client.exe** (1.64 MB) - Command-line client for advanced users +- **SHA256SUMS.txt** - Integrity verification checksums + +## ๐Ÿš€ Quick Start (Recommended) + +### 1. Verify Integrity + +Open PowerShell: +```powershell +Get-Content SHA256SUMS.txt | ForEach-Object { + $hash, $file = $_ -split '\s+', 2 + $computed = (Get-FileHash $file -Algorithm SHA256).Hash.ToLower() + if ($hash -eq $computed) { "โœ“ $file" } else { "โœ— $file MISMATCH!" } +} +``` + +### 2. Run Installer + +**Right-click `ostp-installer.exe` โ†’ Run as Administrator** + +The installer will: +- Install Wintun driver (TAP network adapter) +- Register `OspabGuard` Windows Service +- Configure firewall rules +- Install GUI to Start Menu +- Create desktop shortcut + +### 3. Launch GUI + +After installation, open **OSTP VPN** from Start Menu or desktop. + +## ๐Ÿ–ฅ๏ธ GUI Interface + +Dark stealth theme interface (450ร—600): +- **Server Selection** - Choose country from dropdown (auto-fetch from Master Node) +- **Connect/Disconnect** - One-click VPN toggle +- **Real-time Stats** - Upload/download speeds, ping, connection time +- **System Tray** - Minimize to tray for background operation + +### Settings +- Auto-connect on startup +- Kill switch (block all traffic when VPN disconnects) +- Protocol selection (TCP/UDP) +- Custom DNS servers + +## ๐Ÿ”ง Command-Line Client (Advanced) + +### ostp-client.exe + +For advanced users who prefer CLI or scripting: + +```cmd +# Interactive wizard +ostp-client.exe setup + +# Connect to specific server +ostp-client.exe connect --server 1.2.3.4:443 --psk YOUR_PSK --country RU + +# List profiles +ostp-client.exe profiles + +# Connect using saved profile +ostp-client.exe connect --profile "US-West" + +# Disconnect +ostp-client.exe disconnect + +# Show status +ostp-client.exe status +``` + +### Configuration File + +Located at: `%APPDATA%\Ospab\OSTP\config.json` + +```json +{ + "profiles": [ + { + "name": "US-West", + "server": "1.2.3.4:443", + "psk": "64_char_hex_psk", + "country_code": "US" + } + ], + "auto_connect": false, + "kill_switch": true +} +``` + +## ๐Ÿ› ๏ธ Service Management + +### ostp-daemon.exe + +Runs as Windows Service (`OspabGuard`): + +```cmd +# Check service status +sc query OspabGuard + +# Start service +sc start OspabGuard + +# Stop service +sc stop OspabGuard + +# View service logs +type C:\ProgramData\Ospab\OSTP\ostp-daemon.log +``` + +### IPC Communication + +GUI communicates with daemon via Named Pipe: `\\.\pipe\ostp-daemon` + +Commands: +- `CONNECT\n` - Establish VPN tunnel +- `DISCONNECT\n` - Close VPN tunnel +- `STATUS\n` - Get JSON status response + +## ๐Ÿ” Security Features + +### Anti-Reverse Engineering +- **ostp-guard** analysis tool detection (IDA Pro, x64dbg, Ghidra, etc.) +- VM environment detection (VirtualBox, VMware, QEMU) +- Debugger detection (IsDebuggerPresent, remote debuggers) +- Weighted scoring system (4+ points = environment rejected) +- Error code masking (`0xE0000001` for all security blocks) + +### Stealth Mode +- TLS 1.3 ClientHello mimicry (randomized JA3 fingerprint) +- Geo-specific SNI selection (cloudflare.com, google.com, etc.) +- UDP-over-TCP framing with random padding +- No identifiable protocol signatures + +### Encryption +- **AEAD:** ChaCha20-Poly1305 +- **Key Exchange:** X25519 Elliptic Curve Diffie-Hellman +- **PSK Validation:** HMAC-SHA256 with silent drop on failure + +## ๐Ÿ“Š Network Configuration + +After connection: +- **Client IP:** Assigned by Master Node (10.X.Y.Z) +- **Gateway:** Master Node (10.X.0.1) +- **DNS:** 1.1.1.1, 8.8.8.8 (configurable) +- **MTU:** 1420 (optimized for tunneling overhead) + +## ๐ŸชŸ System Requirements + +- **OS:** Windows 10/11 (x64) or Windows Server 2019+ +- **RAM:** 256 MB minimum +- **CPU:** 1 core minimum +- **Network:** Internet connection (any speed) +- **Privileges:** Administrator required for installation + +## ๐Ÿ”ง Troubleshooting + +### Connection Issues + +1. **Check service status:** + ```cmd + sc query OspabGuard + ``` + +2. **View logs:** + ```cmd + type C:\ProgramData\Ospab\OSTP\ostp-daemon.log + ``` + +3. **Test connectivity:** + ```cmd + ping 1.1.1.1 + tracert 1.1.1.1 + ``` + +### Firewall Conflicts + +If Windows Firewall blocks connection: +```cmd +netsh advfirewall firewall add rule name="OSTP VPN" dir=out action=allow program="C:\Program Files\Ospab\OSTP\ostp-daemon.exe" +``` + +### Wintun Driver Issues + +Reinstall Wintun: +1. Uninstall via Device Manager (Network adapters โ†’ Wintun) +2. Run `ostp-installer.exe` again +3. Reboot system + +### Service Won't Start + +Check Event Viewer: +``` +Event Viewer โ†’ Windows Logs โ†’ Application โ†’ Filter by "OspabGuard" +``` + +## ๐Ÿ”„ Updates + +### Automatic Updates (via GUI) +1. GUI checks for updates on startup +2. Prompts user to download latest version +3. Downloads installer from official server +4. Verifies SHA256 checksum +5. Runs installer (requires admin) + +### Manual Update +1. Download latest release +2. Close GUI and stop service: `sc stop OspabGuard` +3. Run new installer +4. Restart service: `sc start OspabGuard` + +## ๐Ÿ—‘๏ธ Uninstallation + +### Via Installer +Run `ostp-installer.exe` and select "Uninstall" option. + +### Manual Removal +```cmd +# Stop and remove service +sc stop OspabGuard +sc delete OspabGuard + +# Remove files +rmdir /s /q "C:\Program Files\Ospab" +rmdir /s /q "C:\ProgramData\Ospab" +rmdir /s /q "%APPDATA%\Ospab" + +# Uninstall Wintun driver +pnputil /enum-devices /class net | findstr "Wintun" +pnputil /remove-device +``` + +## ๐Ÿงช Debug Mode + +Enable debug logging: +```cmd +# Set registry key +reg add "HKLM\SOFTWARE\Ospab\OSTP" /v DebugMode /t REG_DWORD /d 1 /f + +# Restart service +sc stop OspabGuard +sc start OspabGuard + +# View debug logs +type C:\ProgramData\Ospab\OSTP\debug.log +``` + +## ๐Ÿ“š Documentation + +- Project Repository: https://github.com/ospab/ospab.network +- Issue Tracker: https://github.com/ospab/ospab.network/issues +- Architecture: See `prompt.md` in repository + +## โš ๏ธ Known Issues + +- **Windows Defender SmartScreen:** May show warning on first run (normal for unsigned binaries) +- **Antivirus False Positives:** ostp-guard detection may trigger AV heuristics (whitelist required) +- **VirtualBox:** VM detection may prevent execution (expected behavior) + +## ๐Ÿ†˜ Support + +For issues and questions: +- GitHub Issues: https://github.com/ospab/ospab.network/issues +- Email Support: support@ospab.network +- Telegram: @ospab_support + +## ๐Ÿ“‹ Version History + +- **0.1.0** (January 2, 2026) + - Initial release + - Windows Service implementation + - GUI with dark stealth theme + - OTP enrollment token support + - Dynamic IPAM (10.X.0.0/16) + +--- + +**Version:** 0.1.0 +**Build Date:** January 2, 2026 +**License:** Proprietary +**Copyright:** ยฉ 2026 Ospab Network diff --git a/dist/windows-x64/SHA256SUMS.txt b/dist/windows-x64/SHA256SUMS.txt new file mode 100644 index 0000000..f25cc8a --- /dev/null +++ b/dist/windows-x64/SHA256SUMS.txt @@ -0,0 +1,3 @@ +94400a0ab3a50a57d3914a905d79e1794a6e9642e63278854a9d492dd4f722ee ostp-client.exe +2e5c4dda1b0e9d1807892a3de587e4875906bdbe5343d5b83b5f33488d6e6696 ostp-daemon.exe +9817c74e41427780cffb3070bfb22afec0f18a570f57e5c6b1cd9a76117c4001 ostp-installer.exe