summaryrefslogtreecommitdiff
path: root/src/man
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-12-22 20:18:51 +0000
committerChristian Pointner <equinox@anytun.org>2009-12-22 20:18:51 +0000
commita525c9c7412fb9483dd868b3504cd1be32dc7d23 (patch)
tree402f6e0f760558f9870e4aa4d8771d620256f084 /src/man
parentadded patch from Cyril Brulebois in order to enable build on Debian/Freebsd K... (diff)
added manpage to svn (and later to release tarball)
moved manpages to doc directory
Diffstat (limited to 'src/man')
-rw-r--r--src/man/Makefile57
-rw-r--r--src/man/anyrtpproxy.8.txt150
-rw-r--r--src/man/anytun-config.8.txt173
-rw-r--r--src/man/anytun-controld.8.txt110
-rw-r--r--src/man/anytun-showtables.8.txt71
-rw-r--r--src/man/anytun.8.txt373
6 files changed, 0 insertions, 934 deletions
diff --git a/src/man/Makefile b/src/man/Makefile
deleted file mode 100644
index adc9919..0000000
--- a/src/man/Makefile
+++ /dev/null
@@ -1,57 +0,0 @@
-##
-## anytun
-##
-## The secure anycast tunneling protocol (satp) defines a protocol used
-## for communication between any combination of unicast and anycast
-## tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
-## mode and allows tunneling of every ETHER TYPE protocol (e.g.
-## ethernet, ip, arp ...). satp directly includes cryptography and
-## message authentication based on the methodes used by SRTP. It is
-## intended to deliver a generic, scaleable and secure solution for
-## tunneling and relaying of packets of any protocol.
-##
-##
-## Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
-## Christian Pointner <satp@wirdorange.org>
-##
-## This file is part of Anytun.
-##
-## Anytun is free software: you can redistribute it and/or modify
-## it under the terms of the GNU General Public License as published by
-## the Free Software Foundation, either version 3 of the License, or
-## any later version.
-##
-## Anytun is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-## GNU General Public License for more details.
-##
-## You should have received a copy of the GNU General Public License
-## along with anytun. If not, see <http://www.gnu.org/licenses/>.
-##
-
-VERSION=$(shell cat ../../version)
-
-MANPAGES := anytun.8 anytun-controld.8 anytun-config.8 anytun-showtables.8 #anyrtpproxy.8
-XML := $(MANPAGES:%.8=%.8.xml)
-
-.PHONY: clean
-
-all: manpage
-
-define create-manpage
- a2x -f manpage $(1)
- @ sed -i -e 's/\[FIXME: source\]/anytun ${VERSION}/' $(2)
- @ sed -i -e 's/\[FIXME: manual\]/$(2:.8=) user manual/' $(2)
- @ sed -i -e 's/^\($(subst -,\\-,$(2:.8=))\)$$/\\fB\1\\fR/' $(2)
- @ sed -i -e 's/^ \[ \([^ ]*\)/ [ \\fB\1\\fR/' $(2)
-endef
-
-%.8: %.8.txt
- $(call create-manpage,$<,$@)
-
-manpage: $(MANPAGES)
-
-clean:
- rm -f $(MANPAGES)
- rm -f $(XML)
diff --git a/src/man/anyrtpproxy.8.txt b/src/man/anyrtpproxy.8.txt
deleted file mode 100644
index a92d2e6..0000000
--- a/src/man/anyrtpproxy.8.txt
+++ /dev/null
@@ -1,150 +0,0 @@
-anyrtpproxy(8)
-==============
-
-NAME
-----
-anyrtpproxy - anycast rtpproxy
-
-SYNOPSIS
---------
-
-....
-anyrtpproxy
- [ -h|--help ]
- [ -D|--nodaemonize ]
- [ -C|--chroot ]
- [ -u|--username <username> ]
- [ -H|--chroot-dir <directory> ]
- [ -P|--write-pid <filename> ]
- [ -i|--interface <ip-address> ]
- [ -s|--control <hostname|ip>[:<port>] ]
- [ -p|--port-range <start> <end> ]
- [ -n|--nat ]
- [ -o|--no-nat-once ]
- [ -S|--sync-port port> ]
- [ -M|--sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] ]
-....
-
-
-DESCRIPTION
------------
-
-*anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses
-the same control protocol than rtpproxy though it can be controled through the nathelper
-plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun*
-to sync the session information among all anycast instances.
-
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
- This option instructs *anyrtpproxy* to run in the foreground
- instead of becoming a daemon.
-
-*-C, --chroot*::
- chroot and drop privileges
-
-*-u, --username <username>*::
- if chroot change to this user
-
-*-H, --chroot-dir <directory>*::
- chroot to this directory
-
-*-P, --write-pid <filename>*::
- write pid to this file
-
-*-i, --interface <ip address>*::
- The local interface to listen on for RTP packets
-
-*-s, --control <hostname|ip>[:<port>]*::
- The local address and port to listen on for control messages from openser
-
-*-p, --port-range <start> <end>*::
- A pool of ports which should be used by *anyrtpproxy* to relay RTP packets.
- The range may not overlap between the anycast instances
-
-*-n, --nat*::
- Allow to learn the remote address and port in order to handle clients behind nat.
- This option should only be enabled if the source is authenticated (i.e. through
- *anytun*)
-
-*-o, --no-nat-once*::
- Disable learning of remote address and port in case the first packet does not
- come from the client which is specified by openser during configuration. Invoking
- this parameter increases the security level of the system but in case of nat needs
- a working nat transversal such as stun.
-
-*-S, --sync-port <port>*::
- local unicast(sync) port to bind to +
- This port is used by anycast hosts to synchronize information about tunnel
- endpoints. No payload data is transmitted via this port. +
- It is possible to obtain a list of active connections by telnetting into
- this port. This port is read-only and unprotected by default. It is advised
- to protect this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>:<port>,[<hostname|ip>:<port>[...]]*::
- remote hosts to sync with +
- Here, one has to specify all unicast IP addresses of all
- other anycast hosts that comprise the anycast tunnel endpoint.
-
-EXAMPLES
---------
-
-Anycast Setup with 3 instances:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \
- -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 25000 30000 -S 2342 \
- -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 30000 35000 -S 2342 \
- -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-
-BUGS
-----
-Most likely there are some bugs in *anyrtpproxy*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
-
diff --git a/src/man/anytun-config.8.txt b/src/man/anytun-config.8.txt
deleted file mode 100644
index 6a80b4d..0000000
--- a/src/man/anytun-config.8.txt
+++ /dev/null
@@ -1,173 +0,0 @@
-anytun-config(8)
-================
-
-NAME
-----
-anytun-config - anycast tunneling configuration utility
-
-SYNOPSIS
---------
-
-....
-anytun-config
- [ -h|--help ]
- [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]]
- [ -r|--remote-host <hostname|ip> ]
- [ -o|--remote-port <port> ]
- [ -4|--ipv4-only ]
- [ -6|--ipv6-only ]
- [ -R|--route <net>/<prefix length> ]
- [ -m|--mux <mux-id> ]
- [ -w|--window-size <window size> ]
- [ -k|--kd-prf <kd-prf type> ]
- [ -e|--role <role> ]
- [ -E|--passphrase <pass phrase> ]
- [ -K|--key <master key> ]
- [ -A|--salt <master salt> ]
-....
-
-DESCRIPTION
------------
-
-*anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*.
-
-OPTIONS
--------
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
- add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
- disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
- config *syslog:3,anytun-config,daemon* is added. +
- The following targets are supported:
-
- *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
- *file*;; log to file, parameters <level>[,<path>]
- *stdout*;; log to standard output, parameters <level>
- *stderr*;; log to standard error, parameters <level>
-
-*-r, --remote-host <hostname|ip>*::
- This option can be used to specify the remote tunnel
- endpoint. In case of anycast tunnel endpoints, the
- anycast IP address has to be used. If you do not specify
- an address, it is automatically determined after receiving
- the first data packet.
-
-*-o, --remote-port <port>*::
- The UDP port used for payload data by the remote host
- (specified with -p on the remote host). If you do not specify
- a port, it is automatically determined after receiving
- the first data packet.
-
-*-4, --ipv4-only*::
- Resolv to IPv4 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
- Resolv to IPv6 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-R, --route <net>/<prefix length>*::
- add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
- the multiplex id to use. default: 0
-
-*-w, --window-size <window size>*::
- seqence window size +
- Sometimes, packets arrive out of order on the receiver
- side. This option defines the size of a list of received
- packets' sequence numbers. If, according to this list,
- a received packet has been previously received or has
- been transmitted in the past, and is therefore not in
- the list anymore, this is interpreted as a replay attack
- and the packet is dropped. A value of 0 deactivates this
- list and, as a consequence, the replay protection employed
- by filtering packets according to their secuence number.
- By default the sequence window is disabled and therefore a
- window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
- key derivation pseudo random function +
- The pseudo random function which is used for calculating the
- session keys and session salt. +
- Possible values:
-
- *null*;; no random function, keys and salt are set to 0..00
- *aes-ctr*;; AES in counter mode with 128 Bits, default value
- *aes-ctr-128*;; AES in counter mode with 128 Bits
- *aes-ctr-192*;; AES in counter mode with 192 Bits
- *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
- SATP uses different session keys for inbound and outbound traffic. The
- role parameter is used to determine which keys to use for outbound or
- inbound packets. On both sides of a vpn connection different roles have
- to be used. Possible values are *left* and *right*. You may also use
- *alice* or *server* as a replacement for *left* and *bob* or *client* as
- a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
- This passphrase is used to generate the master key and master salt.
- For the master key the last n bits of the SHA256 digest of the
- passphrase (where n is the length of the master key in bits) is used.
- The master salt gets generated with the SHA1 digest.
- You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
- master key to use for key derivation +
- Master key in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
- of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
- master salt to use for key derivation +
- Master salt in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
- of 28 characters (14 bytes).
-
-
-EXAMPLES
---------
-
-Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
-
-------------------------------------------------------------------------------------------------
-# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
- -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable
-------------------------------------------------------------------------------------------------
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
diff --git a/src/man/anytun-controld.8.txt b/src/man/anytun-controld.8.txt
deleted file mode 100644
index 0d3e0b8..0000000
--- a/src/man/anytun-controld.8.txt
+++ /dev/null
@@ -1,110 +0,0 @@
-anytun-controld(8)
-==================
-
-NAME
-----
-anytun-controld - anycast tunneling control daemon
-
-SYNOPSIS
---------
-
-....
-anytun-controld
- [ -h|--help ]
- [ -D|--nodaemonize ]
- [ -u|--username <username> ]
- [ -g|--groupname <groupname> ]
- [ -C|--chroot <path> ]
- [ -P|--write-pid <filename> ]
- [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
- [ -f|--file <path> ]
- [ -X|--control-host < <host>[:port>] | :<port> > ]
-....
-
-DESCRIPTION
------------
-
-*anytun-controld* configures the multi-connection support for *Anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *Anytun* servers. When the control daemon is restarted with a new connection/routing table all *Anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys.
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
- This option instructs *anytun-controld* to run in foreground
- instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
- run as this user. If no group is specified (*-g*) the default group of
- the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
- run as this group. If no username is specified (*-u*) this gets ignored.
- The default is to not drop privileges.
-
-*-C, --chroot <path>*::
- Instruct *anytun-controld* to run in a chroot jail. The default is
- to not run in chroot.
-
-*-P, --write-pid <filename>*::
- Instruct *anytun-controld* to write it's pid to this file. The default is
- to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
- add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
- disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
- config *syslog:3,anytun-controld,daemon* is added. +
- The following targets are supported:
-
- *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
- *file*;; log to file, parameters <level>[,<path>]
- *stdout*;; log to standard output, parameters <level>
- *stderr*;; log to standard error, parameters <level>
-
-*-f, --file <path>*::
- The path to the file which holds the sync information.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
- fetch the config from this host. The default is not to use a control
- host and therefore this is empty. Mind that the port can be omitted
- in which case port 2323 is used. If you want to specify an
- ipv6 address and a port you have to use [ and ] to seperate the address
- from the port, eg.: [::1]:1234. If you want to use the default port
- [ and ] can be omitted.
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-config(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
-
diff --git a/src/man/anytun-showtables.8.txt b/src/man/anytun-showtables.8.txt
deleted file mode 100644
index 3a1fa8d..0000000
--- a/src/man/anytun-showtables.8.txt
+++ /dev/null
@@ -1,71 +0,0 @@
-anytun-showtables(8)
-====================
-
-NAME
-----
-anytun-showtables - anycast tunneling routing table visualization utility
-
-SYNOPSIS
---------
-
-....
-anytun-showtables
-....
-
-DESCRIPTION
------------
-
-*anytun-showtables* displays routing and connection tables used by *Anytun*. It can be used to display a saved routing/connection table used by *anytun-controld* or to connect to a the sync port of *Anytun*.
-
-OPTIONS
--------
-
-This Tool does not take any options. It takes the sync information from
-the standard input and prints the routing table to the standard output.
-
-EXAMPLES
---------
-
-Print routing table stored in local file
-
------------------------------------------------------------------------------------
-# perl -ne 'chomp; print' < routingtable | ./anytun-showtables
------------------------------------------------------------------------------------
-
-Print current routing table and watch changes
-
------------------------------------------------------------------------------------
-# nc unicast1.anycast.anytun.org 23 | ./anytun-showtables
------------------------------------------------------------------------------------
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-config(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
diff --git a/src/man/anytun.8.txt b/src/man/anytun.8.txt
deleted file mode 100644
index 377bb2d..0000000
--- a/src/man/anytun.8.txt
+++ /dev/null
@@ -1,373 +0,0 @@
-anytun(8)
-=========
-
-NAME
-----
-anytun - anycast tunneling daemon
-
-SYNOPSIS
---------
-
-....
-anytun
- [ -h|--help ]
- [ -D|--nodaemonize ]
- [ -u|--username <username> ]
- [ -g|--groupname <groupname> ]
- [ -C|--chroot <path> ]
- [ -P|--write-pid <filename> ]
- [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
- [ -i|--interface <ip-address> ]
- [ -p|--port <port> ]
- [ -r|--remote-host <hostname|ip> ]
- [ -o|--remote-port <port> ]
- [ -4|--ipv4-only ]
- [ -6|--ipv6-only ]
- [ -I|--sync-interface <ip-address> ]
- [ -S|--sync-port port> ]
- [ -M|--sync-hosts <hostname|ip>[:<port>][,<hostname|ip>[:<port>][...]] ]
- [ -X|--control-host <hostname|ip>[:<port>]
- [ -d|--dev <name> ]
- [ -t|--type <tun|tap> ]
- [ -n|--ifconfig <local>/<prefix> ]
- [ -x|--post-up-script <script> ]
- [ -R|--route <net>/<prefix length> ]
- [ -m|--mux <mux-id> ]
- [ -s|--sender-id <sender id> ]
- [ -w|--window-size <window size> ]
- [ -k|--kd-prf <kd-prf type> ]
- [ -e|--role <role> ]
- [ -E|--passphrase <pass phrase> ]
- [ -K|--key <master key> ]
- [ -A|--salt <master salt> ]
- [ -c|--cipher <cipher type> ]
- [ -a|--auth-algo <algo type> ]
- [ -b|--auth-tag-length <length> ]
-....
-
-DESCRIPTION
------------
-
-*Anytun* is an implementation of the Secure Anycast Tunneling Protocol
-(SATP). It provides a complete VPN solution similar to OpenVPN or
-IPsec in tunnel mode. The main difference is that anycast allows a
-setup of tunnels between an arbitrary combination of anycast, unicast
-and multicast hosts.
-
-OPTIONS
--------
-
-*Anytun* has been designed as a peer to peer application, so there is
-no difference between client and server. The following options can be
-passed to the daemon:
-
-*-D, --nodaemonize*::
- This option instructs *Anytun* to run in foreground
- instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
- run as this user. If no group is specified (*-g*) the default group of
- the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
- run as this group. If no username is specified (*-u*) this gets ignored.
- The default is to not drop privileges.
-
-*-C, --chroot <path>*::
- Instruct *Anytun* to run in a chroot jail. The default is
- to not run in chroot.
-
-*-P, --write-pid <filename>*::
- Instruct *Anytun* to write it's pid to this file. The default is
- to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
- add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
- disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
- config *syslog:3,anytun,daemon* is added. +
- The following targets are supported:
-
- *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
- *file*;; log to file, parameters <level>[,<path>]
- *stdout*;; log to standard output, parameters <level>
- *stderr*;; log to standard error, parameters <level>
-
-*-i, --interface <ip address>*::
- This IP address is used as the sender address for outgoing
- packets. In case of anycast tunnel endpoints, the anycast
- IP has to be used. In case of unicast endpoints, the
- address is usually derived correctly from the routing
- table. The default is to not use a special inteface and just
- bind on all interfaces.
-
-*-p, --port <port>*::
- The local UDP port that is used to send and receive the
- payload data. The two tunnel endpoints can use different
- ports. If a tunnel endpoint consists of multiple anycast
- hosts, all hosts have to use the same port. default: 4444
-
-*-r, --remote-host <hostname|ip>*::
- This option can be used to specify the remote tunnel
- endpoint. In case of anycast tunnel endpoints, the
- anycast IP address has to be used. If you do not specify
- an address, it is automatically determined after receiving
- the first data packet.
-
-*-o, --remote-port <port>*::
- The UDP port used for payload data by the remote host
- (specified with -p on the remote host). If you do not specify
- a port, it is automatically determined after receiving
- the first data packet.
-
-*-4, --ipv4-only*::
- Resolv to IPv4 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
- Resolv to IPv6 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-I, --sync-interface <ip-address>*::
- local unicast(sync) ip address to bind to +
- This option is only needed for tunnel endpoints consisting
- of multiple anycast hosts. The unicast IP address of
- the anycast host can be used here. This is needed for
- communication with the other anycast hosts. The default is to
- not use a special inteface and just bind on all interfaces. However
- this is only the case if synchronisation is active see *--sync-port*.
-
-*-S, --sync-port <port>*::
- local unicast(sync) port to bind to +
- This option is only needed for tunnel endpoints
- consisting of multiple anycast hosts. This port is used
- by anycast hosts to synchronize information about tunnel
- endpoints. No payload data is transmitted via this port.
- By default the synchronisation is disabled an therefore the
- port is kept empty. +
- It is possible to obtain a list of active connections
- by telnetting into this port. This port is read-only
- and unprotected by default. It is advised to protect
- this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>[:<port>],[<hostname|ip>[:<port>][...]]*::
- remote hosts to sync with +
- This option is only needed for tunnel endpoints consisting
- of multiple anycast hosts. Here, one has to specify all
- unicast IP addresses of all other anycast hosts that
- comprise the anycast tunnel endpoint. By default synchronisation is
- disabled and therefore this is empty. Mind that the port can be
- omitted in which case port 2323 is used. If you want to specify an
- ipv6 address and a port you have to use [ and ] to seperate the address
- from the port, eg.: [::1]:1234. If you want to use the default port
- [ and ] can be omitted.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
- fetch the config from this host. The default is not to use a control
- host and therefore this is empty. Mind that the port can be omitted
- in which case port 2323 is used. If you want to specify an
- ipv6 address and a port you have to use [ and ] to seperate the address
- from the port, eg.: [::1]:1234. If you want to use the default port
- [ and ] can be omitted.
-
-*-d, --dev <name>*::
- device name +
- By default, tapN is used for Ethernet tunnel interfaces,
- and tunN for IP tunnels, respectively. This option can
- be used to manually override these defaults.
-
-*-t, --type <tun|tap>*::
- device type +
- Type of the tunnels to create. Use tap for Ethernet
- tunnels, tun for IP tunnels.
-
-*-n, --ifconfig <local>/<prefix>*::
- The local IP address and prefix length. The remote tunnel endpoint
- has to use a different IP address in the same subnet.
-
- *<local>*;; the local IP address for the tun/tap device
- *<prefix>*;; the prefix length of the network
-
-*-x, --post-up-script <script>*::
- This option instructs *Anytun* to run this script after the interface
- is created. By default no script will be executed.
-
-*-R, --route <net>/<prefix length>*::
- add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
- the multiplex id to use. default: 0
-
-*-s, --sender-id <sender id>*::
- Each anycast tunnel endpoint needs a uniqe sender id
- (1, 2, 3, ...). It is needed to distinguish the senders
- in case of replay attacks. This option can be ignored on
- unicast endpoints. default: 0
-
-*-w, --window-size <window size>*::
- seqence window size +
- Sometimes, packets arrive out of order on the receiver
- side. This option defines the size of a list of received
- packets' sequence numbers. If, according to this list,
- a received packet has been previously received or has
- been transmitted in the past, and is therefore not in
- the list anymore, this is interpreted as a replay attack
- and the packet is dropped. A value of 0 deactivates this
- list and, as a consequence, the replay protection employed
- by filtering packets according to their secuence number.
- By default the sequence window is disabled and therefore a
- window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
- key derivation pseudo random function +
- The pseudo random function which is used for calculating the
- session keys and session salt. +
- Possible values:
-
- *null*;; no random function, keys and salt are set to 0..00
- *aes-ctr*;; AES in counter mode with 128 Bits, default value
- *aes-ctr-128*;; AES in counter mode with 128 Bits
- *aes-ctr-192*;; AES in counter mode with 192 Bits
- *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
- SATP uses different session keys for inbound and outbound traffic. The
- role parameter is used to determine which keys to use for outbound or
- inbound packets. On both sides of a vpn connection different roles have
- to be used. Possible values are *left* and *right*. You may also use
- *alice* or *server* as a replacement for *left* and *bob* or *client* as
- a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
- This passphrase is used to generate the master key and master salt.
- For the master key the last n bits of the SHA256 digest of the
- passphrase (where n is the length of the master key in bits) is used.
- The master salt gets generated with the SHA1 digest.
- You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
- master key to use for key derivation +
- Master key in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
- of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
- master salt to use for key derivation +
- Master salt in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
- of 28 characters (14 bytes).
-
-*-c, --cipher <cipher type>*::
- payload encryption algorithm +
- Encryption algorithm used for encrypting the payload +
- Possible values:
-
- *null*;; no encryption
- *aes-ctr*;; AES in counter mode with 128 Bits, default value
- *aes-ctr-128*;; AES in counter mode with 128 Bits
- *aes-ctr-192*;; AES in counter mode with 192 Bits
- *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-a, --auth-algo <algo type>*::
- message authentication algorithm +
- This option sets the message authentication algorithm. +
- If HMAC-SHA1 is used, the packet length is increased. The additional bytes
- contain the authentication data. see *--auth-tag-length* for more info. +
- Possible values:
-
- *null*;; no message authentication
- *sha1*;; HMAC-SHA1, default value
-
-*-b, --auth-tag-length <length>*::
- The number of bytes to use for the auth tag. This value defaults to 10 bytes
- unless the *null* auth algo is used in which case it defaults to 0.
-
-
-EXAMPLES
---------
-
-P2P Setup between two unicast enpoints:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Host A:
-^^^^^^^
-
-anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
- -E have_a_very_safe_and_productive_day -e left
-
-Host B:
-^^^^^^^
-anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
- -E have_a_very_safe_and_productive_day -e right
-
-
-One unicast and one anycast tunnel endpoint:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Unicast tunnel endpoint:
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 -e client
-
-Anycast tunnel endpoints:
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
- -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
- -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
- -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-For more sophisticated examples (like multiple unicast endpoints to one
-anycast tunnel endpoint) please consult the man page of anytun-config(8).
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun-config(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.