updated examples for rail mode

4 files changed, 184 insertions, 2 deletions

diff --git a/doc/uanytun.8 b/doc/uanytun.8
index fe7855f..615be1e 100644
--- a/doc/uanytun.8
+++ b/doc/uanytun.8
@@ -445,7 +445,7 @@ As \fBuAnytun\fR can\(cqt work as an anycast endpoint it can\(cqt be used for th
 \fBClient:\fR
 .RS 4
 .sp
-uanytun \-t tun \-n 192\&.168\&.42\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E rail_MODE_is_VERY_cool \-e client \-w 64 \-Y \-r rail\&.example\&.com \-o 4440:4442
+uanytun \-t tun \-n 192\&.168\&.42\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E rail_MODE_is_VERY_cool \-e client \-w 64 \-Y \-p 1233:1235 \-r rail\&.example\&.com \-o 4440:4442
 .RE
 .sp
 .it 1 an-trap
diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt
index a3af139..5a507ca 100644
--- a/doc/uanytun.8.txt
+++ b/doc/uanytun.8.txt
@@ -312,7 +312,7 @@ Client:
 ^^^^^^^
 
 uanytun -t tun -n 192.168.42.2/30 -c aes-ctr-256 -k aes-ctr-256 -E rail_MODE_is_VERY_cool
-        -e client -w 64 -Y -r rail.example.com -o 4440:4442
+        -e client -w 64 -Y -p 1233:1235 -r rail.example.com -o 4440:4442
 
 Server:
 ^^^^^^^
diff --git a/etc/uanytun/rail-client/config b/etc/uanytun/rail-client/config
new file mode 100644
index 0000000..3671eee
--- /dev/null
+++ b/etc/uanytun/rail-client/config
@@ -0,0 +1,91 @@
+#############################
+## Main options             #
+#############################
+
+role client
+
+## device type tun = ip/ipv6, tap = ethernet
+type tun
+
+## Automaticaly configure the interface
+## the address hast to be supplied in CIDR notation
+ifconfig 192.168.42.2/30
+
+## payload encryption algorithm
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
+cipher aes-ctr
+
+## message authentication algorithm
+#auth-algo null
+auth-algo sha1
+
+##message auth tag length
+#auth-tag-length 10
+
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase RAID_is_nice_but_RAIL_is_cooler
+
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
+
+## local port to bind to (for tunnel data)
+## the number of ports here must be at least as high as the number of
+## remote ports - so in this case up to 5 links may be used
+port 8880:8884
+
+## The remote host and port (for RAIL a port range is needed)
+remote-host rail.example.com
+remote-port 8880:8884
+
+## enable RAIL mode
+rail-mode
+
+#############################
+## Debug options            #
+#############################
+
+## don't run in background
+#nodaemonize
+
+## additional log to standard output with a level of 5
+#log stdout:5
+
+
+#############################
+## Expert options           #
+#############################
+
+## log to syslog with a level of 3
+log syslog:3,uanytun-rail-client,daemon
+
+## change user and group after init
+#username uanytun
+#groupname uanytun
+
+## chroot to users home directory
+#chroot /var/run/uanytun
+
+## key derivation pseudo random function
+#kd-prf null
+#kd-prf aes-ctr
+#kd-prf aes-ctr-128
+#kd-prf aes-ctr-192
+#kd-prf aes-ctr-256
+
+## Device name
+dev rail0
+
+## Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 0123456789ABCDEF0123456789ABCDEF
+#salt 0123456789ABCD0123456789ABCD
+
+## Setting a window size > 0 will enable replay protection
+## This is needed for RAIL to work
+window-size 100
diff --git a/etc/uanytun/rail-server/config b/etc/uanytun/rail-server/config
new file mode 100644
index 0000000..0f34557
--- /dev/null
+++ b/etc/uanytun/rail-server/config
@@ -0,0 +1,91 @@
+#############################
+## Main options             #
+#############################
+
+role server
+
+## device type tun = ip/ipv6, tap = ethernet
+type tun
+
+## Automaticaly configure the interface
+## the address hast to be supplied in CIDR notation
+ifconfig 192.168.42.1/30
+
+## payload encryption algorithm
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
+cipher aes-ctr
+
+## message authentication algorithm
+#auth-algo null
+auth-algo sha1
+
+##message auth tag length
+#auth-tag-length 10
+
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase RAID_is_nice_but_RAIL_is_cooler
+
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
+
+## local port to bind to (for tunnel data)
+## the number of ports here must be at least as high as the number of
+## remote ports defined at the client configuration (in this case 5)
+port 8880:8884
+
+## The remote host and port will be learned from the first messages
+#remote-host client.unknown
+#remote-port 8880:8884
+
+## enable RAIL mode
+rail-mode
+
+#############################
+## Debug options            #
+#############################
+
+## don't run in background
+#nodaemonize
+
+## additional log to standard output with a level of 5
+#log stdout:5
+
+
+#############################
+## Expert options           #
+#############################
+
+## log to syslog with a level of 3
+log syslog:3,uanytun-rail-server,daemon
+
+## change user and group after init
+#username uanytun
+#groupname uanytun
+
+## chroot to users home directory
+#chroot /var/run/uanytun
+
+## key derivation pseudo random function
+#kd-prf null
+#kd-prf aes-ctr
+#kd-prf aes-ctr-128
+#kd-prf aes-ctr-192
+#kd-prf aes-ctr-256
+
+## Device name
+dev rail0
+
+## Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 0123456789ABCDEF0123456789ABCDEF
+#salt 0123456789ABCD0123456789ABCD
+
+## Setting a window size > 0 will enable replay protection
+## This is needed for RAIL to work
+window-size 100