diff options
author | Christian Pointner <equinox@anytun.org> | 2014-02-24 17:25:22 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2014-02-24 17:25:22 +0000 |
commit | 39431a7787dc7b709f7a7f88bad521db2562d2f5 (patch) | |
tree | 244e14dad54f862f708052b8d40f078734e90311 | |
parent | added examples for rail mode (diff) |
updated examples for rail mode
-rw-r--r-- | doc/uanytun.8 | 2 | ||||
-rw-r--r-- | doc/uanytun.8.txt | 2 | ||||
-rw-r--r-- | etc/uanytun/rail-client/config | 91 | ||||
-rw-r--r-- | etc/uanytun/rail-server/config | 91 |
4 files changed, 184 insertions, 2 deletions
diff --git a/doc/uanytun.8 b/doc/uanytun.8 index fe7855f..615be1e 100644 --- a/doc/uanytun.8 +++ b/doc/uanytun.8 @@ -445,7 +445,7 @@ As \fBuAnytun\fR can\(cqt work as an anycast endpoint it can\(cqt be used for th \fBClient:\fR .RS 4 .sp -uanytun \-t tun \-n 192\&.168\&.42\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E rail_MODE_is_VERY_cool \-e client \-w 64 \-Y \-r rail\&.example\&.com \-o 4440:4442 +uanytun \-t tun \-n 192\&.168\&.42\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \-E rail_MODE_is_VERY_cool \-e client \-w 64 \-Y \-p 1233:1235 \-r rail\&.example\&.com \-o 4440:4442 .RE .sp .it 1 an-trap diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index a3af139..5a507ca 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -312,7 +312,7 @@ Client: ^^^^^^^ uanytun -t tun -n 192.168.42.2/30 -c aes-ctr-256 -k aes-ctr-256 -E rail_MODE_is_VERY_cool - -e client -w 64 -Y -r rail.example.com -o 4440:4442 + -e client -w 64 -Y -p 1233:1235 -r rail.example.com -o 4440:4442 Server: ^^^^^^^ diff --git a/etc/uanytun/rail-client/config b/etc/uanytun/rail-client/config new file mode 100644 index 0000000..3671eee --- /dev/null +++ b/etc/uanytun/rail-client/config @@ -0,0 +1,91 @@ +############################# +## Main options # +############################# + +role client + +## device type tun = ip/ipv6, tap = ethernet +type tun + +## Automaticaly configure the interface +## the address hast to be supplied in CIDR notation +ifconfig 192.168.42.2/30 + +## payload encryption algorithm +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 +cipher aes-ctr + +## message authentication algorithm +#auth-algo null +auth-algo sha1 + +##message auth tag length +#auth-tag-length 10 + +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase RAID_is_nice_but_RAIL_is_cooler + +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface <ip-address> + +## local port to bind to (for tunnel data) +## the number of ports here must be at least as high as the number of +## remote ports - so in this case up to 5 links may be used +port 8880:8884 + +## The remote host and port (for RAIL a port range is needed) +remote-host rail.example.com +remote-port 8880:8884 + +## enable RAIL mode +rail-mode + +############################# +## Debug options # +############################# + +## don't run in background +#nodaemonize + +## additional log to standard output with a level of 5 +#log stdout:5 + + +############################# +## Expert options # +############################# + +## log to syslog with a level of 3 +log syslog:3,uanytun-rail-client,daemon + +## change user and group after init +#username uanytun +#groupname uanytun + +## chroot to users home directory +#chroot /var/run/uanytun + +## key derivation pseudo random function +#kd-prf null +#kd-prf aes-ctr +#kd-prf aes-ctr-128 +#kd-prf aes-ctr-192 +#kd-prf aes-ctr-256 + +## Device name +dev rail0 + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 0123456789ABCDEF0123456789ABCDEF +#salt 0123456789ABCD0123456789ABCD + +## Setting a window size > 0 will enable replay protection +## This is needed for RAIL to work +window-size 100 diff --git a/etc/uanytun/rail-server/config b/etc/uanytun/rail-server/config new file mode 100644 index 0000000..0f34557 --- /dev/null +++ b/etc/uanytun/rail-server/config @@ -0,0 +1,91 @@ +############################# +## Main options # +############################# + +role server + +## device type tun = ip/ipv6, tap = ethernet +type tun + +## Automaticaly configure the interface +## the address hast to be supplied in CIDR notation +ifconfig 192.168.42.1/30 + +## payload encryption algorithm +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 +cipher aes-ctr + +## message authentication algorithm +#auth-algo null +auth-algo sha1 + +##message auth tag length +#auth-tag-length 10 + +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase RAID_is_nice_but_RAIL_is_cooler + +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface <ip-address> + +## local port to bind to (for tunnel data) +## the number of ports here must be at least as high as the number of +## remote ports defined at the client configuration (in this case 5) +port 8880:8884 + +## The remote host and port will be learned from the first messages +#remote-host client.unknown +#remote-port 8880:8884 + +## enable RAIL mode +rail-mode + +############################# +## Debug options # +############################# + +## don't run in background +#nodaemonize + +## additional log to standard output with a level of 5 +#log stdout:5 + + +############################# +## Expert options # +############################# + +## log to syslog with a level of 3 +log syslog:3,uanytun-rail-server,daemon + +## change user and group after init +#username uanytun +#groupname uanytun + +## chroot to users home directory +#chroot /var/run/uanytun + +## key derivation pseudo random function +#kd-prf null +#kd-prf aes-ctr +#kd-prf aes-ctr-128 +#kd-prf aes-ctr-192 +#kd-prf aes-ctr-256 + +## Device name +dev rail0 + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 0123456789ABCDEF0123456789ABCDEF +#salt 0123456789ABCD0123456789ABCD + +## Setting a window size > 0 will enable replay protection +## This is needed for RAIL to work +window-size 100 |