summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-02-28 15:05:28 +0000
committerChristian Pointner <equinox@anytun.org>2009-02-28 15:05:28 +0000
commitcf901dc485a5d490afa1d76354d8f93894efabf8 (patch)
tree9bb84a92261e5357a7f1e154a458bacca3021fda
parentfixed example ipv6 netmask (diff)
added p2p example configs
changed default user name and group improved init script (chroot)
-rw-r--r--etc/anytun/client1/config6
-rw-r--r--etc/anytun/client2/config6
-rw-r--r--etc/anytun/client3/config6
-rw-r--r--etc/anytun/p2p-a/config82
-rw-r--r--etc/anytun/p2p-b/config82
-rwxr-xr-xetc/init.d/anytun9
6 files changed, 178 insertions, 13 deletions
diff --git a/etc/anytun/client1/config b/etc/anytun/client1/config
index a4fc1a0..8e7970a 100644
--- a/etc/anytun/client1/config
+++ b/etc/anytun/client1/config
@@ -48,10 +48,10 @@ remote-port 4444
log syslog:3,anytun-client1,daemon
## change user and group after init
-username nobody
-groupname nogroup
+username anytun
+groupname anytun
-## chroot to /var/run/anytun
+## chroot to users home directory
#chroot /var/run/anytun
## key derivation pseudo random function
diff --git a/etc/anytun/client2/config b/etc/anytun/client2/config
index e487515..a33419e 100644
--- a/etc/anytun/client2/config
+++ b/etc/anytun/client2/config
@@ -48,10 +48,10 @@ remote-port 4444
log syslog:3,anytun-client2,daemon
## change user and group after init
-username nobody
-groupname nogroup
+username anytun
+groupname anytun
-## chroot to /var/run/anytun
+## chroot to users home directory
#chroot /var/run/anytun
## key derivation pseudo random function
diff --git a/etc/anytun/client3/config b/etc/anytun/client3/config
index 59bb925..5799470 100644
--- a/etc/anytun/client3/config
+++ b/etc/anytun/client3/config
@@ -48,10 +48,10 @@ remote-port 4444
log syslog:3,anytun-client3,daemon
## change user and group after init
-username nobody
-groupname nogroup
+username anytun
+groupname anytun
-## chroot to /var/run/anytun
+## chroot to users home directory
#chroot /var/run/anytun
## key derivation pseudo random function
diff --git a/etc/anytun/p2p-a/config b/etc/anytun/p2p-a/config
new file mode 100644
index 0000000..1fa5763
--- /dev/null
+++ b/etc/anytun/p2p-a/config
@@ -0,0 +1,82 @@
+#############################
+## Main options #
+#############################
+
+## device type tun = ip/ipv6, tap = ethernet
+type tun
+
+## Automaticaly configure the interface
+## the address hast to be supplied in CIDR notation
+ifconfig 192.168.223.1/30
+
+## payload encryption algorithm
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
+cipher aes-ctr
+
+## message authentication algorithm
+#auth-algo null
+auth-algo sha1
+
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase Creating_P2P_VPN_Tunnels_With_Anytun_Is_Easy
+
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
+
+## local port to bind to (for tunnel data)
+## make sure to use a different port for every server and client!
+port 4445
+
+## The remote host and port
+remote-host p2p-b.example.com
+remote-port 4445
+
+#############################
+## Debug options #
+#############################
+
+## don't run in background
+#nodaemonize
+
+## additional log to standard output with a level of 5
+#log stdout:5
+
+
+#############################
+## Expert options #
+#############################
+
+## log to syslog with a level of 3
+log syslog:3,anytun-p2p-a,daemon
+
+## change user and group after init
+username anytun
+groupname anytun
+
+## chroot to users home directory
+#chroot /var/run/anytun
+
+## key derivation pseudo random function
+#kd-prf null
+#kd-prf aes-ctr
+#kd-prf aes-ctr-128
+#kd-prf aes-ctr-192
+#kd-prf aes-ctr-256
+
+## Device name
+#dev uanytun0
+
+## Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 0123456789ABCDEF0123456789ABCDEF
+#salt 0123456789ABCD0123456789ABCD
+
+## Setting a window size > 0 will enable replay protection
+## This most likely will only work with external rekeying
+#window-size 0
diff --git a/etc/anytun/p2p-b/config b/etc/anytun/p2p-b/config
new file mode 100644
index 0000000..340545a
--- /dev/null
+++ b/etc/anytun/p2p-b/config
@@ -0,0 +1,82 @@
+#############################
+## Main options #
+#############################
+
+## device type tun = ip/ipv6, tap = ethernet
+type tun
+
+## Automaticaly configure the interface
+## the address hast to be supplied in CIDR notation
+ifconfig 192.168.223.2/30
+
+## payload encryption algorithm
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
+cipher aes-ctr
+
+## message authentication algorithm
+#auth-algo null
+auth-algo sha1
+
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase Creating_P2P_VPN_Tunnels_With_Anytun_Is_Easy
+
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
+
+## local port to bind to (for tunnel data)
+## make sure to use a different port for every server and client!
+port 4445
+
+## The remote host and port
+remote-host p2p-a.example.com
+remote-port 4445
+
+#############################
+## Debug options #
+#############################
+
+## don't run in background
+#nodaemonize
+
+## additional log to standard output with a level of 5
+#log stdout:5
+
+
+#############################
+## Expert options #
+#############################
+
+## log to syslog with a level of 3
+log syslog:3,anytun-p2p-b,daemon
+
+## change user and group after init
+username anytun
+groupname anytun
+
+## chroot to users home directory
+#chroot /var/run/anytun
+
+## key derivation pseudo random function
+#kd-prf null
+#kd-prf aes-ctr
+#kd-prf aes-ctr-128
+#kd-prf aes-ctr-192
+#kd-prf aes-ctr-256
+
+## Device name
+#dev uanytun0
+
+## Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 0123456789ABCDEF0123456789ABCDEF
+#salt 0123456789ABCD0123456789ABCD
+
+## Setting a window size > 0 will enable replay protection
+## This most likely will only work with external rekeying
+#window-size 0
diff --git a/etc/init.d/anytun b/etc/init.d/anytun
index 740c77b..d0299d4 100755
--- a/etc/init.d/anytun
+++ b/etc/init.d/anytun
@@ -12,8 +12,6 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/anytun
ANYTUNCONFIG=/usr/bin/anytun-config
CONTROLDAEMON=/usr/bin/anytun-controld
-CHROOTDIR='/var/run/anytun'
-# DAEMONOPTS="--username nobody --groupname nogroup --chroot $CHROOTDIR"
NAME=anytun
DESC=anytun
CONFIG_DIR=/etc/anytun
@@ -31,7 +29,11 @@ start_vpn () {
if [ -f $CONFIG_DIR/$NAME/config ] ; then
POSTUP=''
test -f $CONFIG_DIR/$NAME/post-up.sh && POSTUP="-x $CONFIG_DIR/$NAME/post-up.sh"
- DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '`
+ CHROOTDIR=`grep '^chroot' < $CONFIG_DIR/$NAME/config | sed 's/chroot\s*//'`
+ if [ -n "$CHROOTDIR" ] ; then
+ test -d $CHROOTDIR || mkdir -p $CHROOTDIR
+ fi
+ DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '`
$DAEMON --write-pid /var/run/anytun.$NAME.pid $POSTUP \
$DAEMONOPTS $DAEMONARG || STATUS="FAILED"
else
@@ -74,7 +76,6 @@ set -e
case "$1" in
start)
echo -n "Starting $DESC:"
- test -d $CHROOTDIR || mkdir -p $CHROOTDIR
if test -z "$2" ; then
if [ -f $CONFIG_DIR/autostart ] ; then
for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do