added manpage to svn (and later to release tarball)

moved manpages to doc directory

7 files changed, 6 insertions, 940 deletions

diff --git a/src/Makefile b/src/Makefile
index 9d1b4b0..a53336e 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -182,7 +182,7 @@ distclean: cleanall
 	rm -f include.mk
 
 cleanall: clean
-	$(MAKE) --directory=$(CURDIR)/man clean
+	$(MAKE) --directory="../doc" clean
 
 clean:
 	rm -f *.o
@@ -196,7 +196,7 @@ clean:
 	$(MAKE) --directory=$(CURDIR)/anyrtpproxy clean
 
 manpage:
-	@cd man ; $(MAKE)
+	$(MAKE) --directory="../doc" manpage
 
 
 INSTALL_TARGETS := install-bin install-etc
@@ -263,10 +263,10 @@ install-examples:
 
 install-man: manpage
 	$(INSTALL) -d $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun.8 $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun-config.8 $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun-controld.8 $(DESTDIR)$(MANDIR)/man8/
-	$(INSTALL) -m 644 man/anytun-showtables.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun-config.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun-controld.8 $(DESTDIR)$(MANDIR)/man8/
+	$(INSTALL) -m 644 ../doc/anytun-showtables.8 $(DESTDIR)$(MANDIR)/man8/
 
 uninstall: remove
 
diff --git a/src/man/Makefile b/src/man/Makefile
deleted file mode 100644
index adc9919..0000000
--- a/src/man/Makefile
+++ /dev/null
@@ -1,57 +0,0 @@
-##
-##  anytun
-##
-##  The secure anycast tunneling protocol (satp) defines a protocol used
-##  for communication between any combination of unicast and anycast
-##  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
-##  mode and allows tunneling of every ETHER TYPE protocol (e.g.
-##  ethernet, ip, arp ...). satp directly includes cryptography and
-##  message authentication based on the methodes used by SRTP.  It is
-##  intended to deliver a generic, scaleable and secure solution for
-##  tunneling and relaying of packets of any protocol.
-##
-##
-##  Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, 
-##                          Christian Pointner <satp@wirdorange.org>
-##
-##  This file is part of Anytun.
-##
-##  Anytun is free software: you can redistribute it and/or modify
-##  it under the terms of the GNU General Public License as published by
-##  the Free Software Foundation, either version 3 of the License, or
-##  any later version.
-##
-##  Anytun is distributed in the hope that it will be useful,
-##  but WITHOUT ANY WARRANTY; without even the implied warranty of
-##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-##  GNU General Public License for more details.
-##
-##  You should have received a copy of the GNU General Public License
-##  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
-##
-
-VERSION=$(shell cat ../../version)
-
-MANPAGES := anytun.8 anytun-controld.8 anytun-config.8 anytun-showtables.8 #anyrtpproxy.8
-XML := $(MANPAGES:%.8=%.8.xml) 
-
-.PHONY: clean
-
-all: manpage
-
-define create-manpage
-	a2x -f manpage $(1)
-	@ sed -i -e 's/\[FIXME: source\]/anytun ${VERSION}/' $(2)
-	@ sed -i -e 's/\[FIXME: manual\]/$(2:.8=) user manual/' $(2)
-	@ sed -i -e 's/^\($(subst -,\\-,$(2:.8=))\)$$/\\fB\1\\fR/' $(2)
-	@ sed -i -e 's/^  \[ \([^ ]*\)/  [ \\fB\1\\fR/' $(2)
-endef
-
-%.8: %.8.txt
-	$(call create-manpage,$<,$@)
-
-manpage: $(MANPAGES)
-
-clean:
-	rm -f $(MANPAGES)
-	rm -f $(XML)
diff --git a/src/man/anyrtpproxy.8.txt b/src/man/anyrtpproxy.8.txt
deleted file mode 100644
index a92d2e6..0000000
--- a/src/man/anyrtpproxy.8.txt
+++ /dev/null
@@ -1,150 +0,0 @@
-anyrtpproxy(8)
-==============
-
-NAME
-----
-anyrtpproxy - anycast rtpproxy
-
-SYNOPSIS
---------
-
-....
-anyrtpproxy
-  [ -h|--help ]
-  [ -D|--nodaemonize ]
-  [ -C|--chroot ]
-  [ -u|--username <username> ]
-  [ -H|--chroot-dir <directory> ]
-  [ -P|--write-pid <filename> ]
-  [ -i|--interface <ip-address> ]
-  [ -s|--control <hostname|ip>[:<port>] ]
-  [ -p|--port-range <start> <end> ]
-  [ -n|--nat ]
-  [ -o|--no-nat-once ]
-  [ -S|--sync-port port> ]
-  [ -M|--sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] ]
-....
-
-
-DESCRIPTION
------------
-
-*anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses
-the same control protocol than rtpproxy though it can be controled through the nathelper
-plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun* 
-to sync the session information among all anycast instances.
-
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
-   This option instructs *anyrtpproxy* to run in the foreground
-   instead of becoming a daemon.
-
-*-C, --chroot*::
-   chroot and drop privileges
-
-*-u, --username <username>*::
-   if chroot change to this user
-
-*-H, --chroot-dir <directory>*::
-   chroot to this directory
-
-*-P, --write-pid <filename>*::
-   write pid to this file
-
-*-i, --interface <ip address>*::
-  The local interface to listen on for RTP packets
-
-*-s, --control <hostname|ip>[:<port>]*::
-   The local address and port to listen on for control messages from openser
-
-*-p, --port-range <start> <end>*::
-   A pool of ports which should be used by *anyrtpproxy* to relay RTP packets. 
-   The range may not overlap between the anycast instances
-
-*-n, --nat*::
-   Allow to learn the remote address and port in order to handle clients behind nat.
-   This option should only be enabled if the source is authenticated (i.e. through 
-   *anytun*) 
-
-*-o, --no-nat-once*::
-   Disable learning of remote address and port in case the first packet does not 
-   come from the client which is specified by openser during configuration. Invoking
-   this parameter increases the security level of the system but in case of nat needs
-   a working nat transversal such as stun.
-
-*-S, --sync-port <port>*::
-   local unicast(sync) port to bind to +
-   This port is used by anycast hosts to synchronize information about tunnel
-   endpoints. No payload data is transmitted via this port. +
-   It is possible to obtain a list of active connections by telnetting into 
-   this port. This port is read-only and unprotected by default. It is advised 
-   to protect this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>:<port>,[<hostname|ip>:<port>[...]]*::
-   remote hosts to sync with +
-   Here, one has to specify all unicast IP addresses of all 
-   other anycast hosts that comprise the anycast tunnel endpoint.
-
-EXAMPLES
---------
-
-Anycast Setup with 3 instances:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast 
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \
-              -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 25000 30000 -S 2342 \
-              -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anyrtpproxy -i anycast.anytun.org -p 30000 35000 -S 2342 \
-              -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
-
-
-BUGS
-----
-Most likely there are some bugs in *anyrtpproxy*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
-
diff --git a/src/man/anytun-config.8.txt b/src/man/anytun-config.8.txt
deleted file mode 100644
index 6a80b4d..0000000
--- a/src/man/anytun-config.8.txt
+++ /dev/null
@@ -1,173 +0,0 @@
-anytun-config(8)
-================
-
-NAME
-----
-anytun-config - anycast tunneling configuration utility
-
-SYNOPSIS
---------
-
-....
-anytun-config
-  [ -h|--help ]
-  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]]
-  [ -r|--remote-host <hostname|ip> ]
-  [ -o|--remote-port <port> ]
-  [ -4|--ipv4-only ]
-  [ -6|--ipv6-only ]
-  [ -R|--route <net>/<prefix length> ]
-  [ -m|--mux <mux-id> ]
-  [ -w|--window-size <window size> ]
-  [ -k|--kd-prf <kd-prf type> ]
-  [ -e|--role <role> ]
-  [ -E|--passphrase <pass phrase> ]
-  [ -K|--key <master key> ]
-  [ -A|--salt <master salt> ]
-....
-
-DESCRIPTION
------------
-
-*anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*.
-
-OPTIONS
--------
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
-   add log target to logging system. This can be invoked several times
-   in order to log to different targets at the same time. Every target 
-   hast its own log level which is a number between 0 and 5. Where 0 means
-   disabling log and 5 means debug messages are enabled. +
-   The file target can be used more the once with different levels.
-   If no target is provided at the command line a single target with the 
-   config *syslog:3,anytun-config,daemon* is added. +
-   The following targets are supported:
-
-   *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
-   *file*;; log to file, parameters <level>[,<path>]
-   *stdout*;; log to standard output, parameters <level>
-   *stderr*;; log to standard error, parameters <level> 
-
-*-r, --remote-host <hostname|ip>*::
-   This option can be used to specify the remote tunnel
-   endpoint. In case of anycast tunnel endpoints, the
-   anycast IP address has to be used. If you do not specify
-   an address, it is automatically determined after receiving
-   the first data packet.
-
-*-o, --remote-port <port>*::
-   The UDP port used for payload data by the remote host
-   (specified with -p on the remote host). If you do not specify
-   a port, it is automatically determined after receiving
-   the first data packet.
-
-*-4, --ipv4-only*::
-   Resolv to IPv4 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
-   Resolv to IPv6 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-R, --route <net>/<prefix length>*::
-   add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
-   the multiplex id to use. default: 0
-
-*-w, --window-size <window size>*::
-   seqence window size +
-   Sometimes, packets arrive out of order on the receiver
-   side. This option defines the size of a list of received
-   packets' sequence numbers. If, according to this list,
-   a received packet has been previously received or has
-   been transmitted in the past, and is therefore not in
-   the list anymore, this is interpreted as a replay attack
-   and the packet is dropped. A value of 0 deactivates this
-   list and, as a consequence, the replay protection employed
-   by filtering packets according to their secuence number.
-   By default the sequence window is disabled and therefore a
-   window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
-   key derivation pseudo random function +
-   The pseudo random function which is used for calculating the 
-   session keys and session salt. +
-   Possible values:
-
-   *null*;; no random function, keys and salt are set to 0..00
-   *aes-ctr*;; AES in counter mode with 128 Bits, default value
-   *aes-ctr-128*;; AES in counter mode with 128 Bits
-   *aes-ctr-192*;; AES in counter mode with 192 Bits
-   *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
-   SATP uses different session keys for inbound and outbound traffic. The
-   role parameter is used to determine which keys to use for outbound or
-   inbound packets. On both sides of a vpn connection different roles have 
-   to be used. Possible values are *left* and *right*. You may also use 
-   *alice* or *server* as a replacement for *left* and *bob* or *client* as 
-   a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
-   This passphrase is used to generate the master key and master salt.
-   For the master key the last n bits of the SHA256 digest of the 
-   passphrase (where n is the length of the master key in bits) is used. 
-   The master salt gets generated with the SHA1 digest. 
-   You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
-   master key to use for key derivation +
-   Master key in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-   of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
-   master salt to use for key derivation +
-   Master salt in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
-   of 28 characters (14 bytes).
-
-
-EXAMPLES
---------
-
-Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
-
------------------------------------------------------------------------------------------------- 
-# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
-                -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable
------------------------------------------------------------------------------------------------- 
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
diff --git a/src/man/anytun-controld.8.txt b/src/man/anytun-controld.8.txt
deleted file mode 100644
index 0d3e0b8..0000000
--- a/src/man/anytun-controld.8.txt
+++ /dev/null
@@ -1,110 +0,0 @@
-anytun-controld(8)
-==================
-
-NAME
-----
-anytun-controld - anycast tunneling control daemon
-
-SYNOPSIS
---------
-
-....
-anytun-controld
-  [ -h|--help ]
-  [ -D|--nodaemonize ]
-  [ -u|--username <username> ]
-  [ -g|--groupname <groupname> ]
-  [ -C|--chroot <path> ]
-  [ -P|--write-pid <filename> ]
-  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
-  [ -f|--file <path> ]
-  [ -X|--control-host < <host>[:port>] | :<port> > ]
-....
-
-DESCRIPTION
------------
-
-*anytun-controld* configures the multi-connection support for *Anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *Anytun* servers. When the control daemon is restarted with a new connection/routing table all *Anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys.
-
-OPTIONS
--------
-
-*-D, --nodaemonize*::
-   This option instructs *anytun-controld* to run in foreground
-   instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
-   run as this user. If no group is specified (*-g*) the default group of 
-   the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
-   run as this group. If no username is specified (*-u*) this gets ignored.
-   The default is to not drop privileges.
-
-*-C, --chroot <path>*::
-   Instruct *anytun-controld* to run in a chroot jail. The default is 
-   to not run in chroot.
-
-*-P, --write-pid <filename>*::
-   Instruct *anytun-controld* to write it's pid to this file. The default is 
-   to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
-   add log target to logging system. This can be invoked several times
-   in order to log to different targets at the same time. Every target 
-   hast its own log level which is a number between 0 and 5. Where 0 means
-   disabling log and 5 means debug messages are enabled. +
-   The file target can be used more the once with different levels.
-   If no target is provided at the command line a single target with the 
-   config *syslog:3,anytun-controld,daemon* is added. +
-   The following targets are supported:
-
-   *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
-   *file*;; log to file, parameters <level>[,<path>]
-   *stdout*;; log to standard output, parameters <level>
-   *stderr*;; log to standard error, parameters <level> 
-
-*-f, --file <path>*::
-   The path to the file which holds the sync information.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
-   fetch the config from this host. The default is not to use a control
-   host and therefore this is empty. Mind that the port can be omitted 
-   in which case port 2323 is used. If you want to specify an
-   ipv6 address and a port you have to use [ and ] to seperate the address
-   from the port, eg.: [::1]:1234. If you want to use the default port 
-   [ and ] can be omitted.
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-config(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
-
diff --git a/src/man/anytun-showtables.8.txt b/src/man/anytun-showtables.8.txt
deleted file mode 100644
index 3a1fa8d..0000000
--- a/src/man/anytun-showtables.8.txt
+++ /dev/null
@@ -1,71 +0,0 @@
-anytun-showtables(8)
-====================
-
-NAME
-----
-anytun-showtables - anycast tunneling routing table visualization utility
-
-SYNOPSIS
---------
-
-....
-anytun-showtables
-....
-
-DESCRIPTION
------------
-
-*anytun-showtables* displays routing and connection tables used by *Anytun*. It can be used to display a saved routing/connection table used by *anytun-controld* or to connect to a the sync port of *Anytun*.
-
-OPTIONS
--------
-
-This Tool does not take any options. It takes the sync information from
-the standard input and prints the routing table to the standard output.
-
-EXAMPLES
---------
-
-Print routing table stored in local file
-
------------------------------------------------------------------------------------
-# perl -ne 'chomp; print' < routingtable | ./anytun-showtables
------------------------------------------------------------------------------------
-
-Print current routing table and watch changes
-
------------------------------------------------------------------------------------
-# nc unicast1.anycast.anytun.org 23 | ./anytun-showtables
------------------------------------------------------------------------------------
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-config(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.
diff --git a/src/man/anytun.8.txt b/src/man/anytun.8.txt
deleted file mode 100644
index 377bb2d..0000000
--- a/src/man/anytun.8.txt
+++ /dev/null
@@ -1,373 +0,0 @@
-anytun(8)
-=========
-
-NAME
-----
-anytun - anycast tunneling daemon
-
-SYNOPSIS
---------
-
-....
-anytun
-  [ -h|--help ]
-  [ -D|--nodaemonize ]
-  [ -u|--username <username> ]
-  [ -g|--groupname <groupname> ]
-  [ -C|--chroot <path> ]
-  [ -P|--write-pid <filename> ]
-  [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]] ]
-  [ -i|--interface <ip-address> ]
-  [ -p|--port <port> ]
-  [ -r|--remote-host <hostname|ip> ]
-  [ -o|--remote-port <port> ]
-  [ -4|--ipv4-only ]
-  [ -6|--ipv6-only ]
-  [ -I|--sync-interface <ip-address> ]
-  [ -S|--sync-port port> ]
-  [ -M|--sync-hosts <hostname|ip>[:<port>][,<hostname|ip>[:<port>][...]] ]
-  [ -X|--control-host <hostname|ip>[:<port>]
-  [ -d|--dev <name> ]
-  [ -t|--type <tun|tap> ]
-  [ -n|--ifconfig <local>/<prefix> ]
-  [ -x|--post-up-script <script> ]
-  [ -R|--route <net>/<prefix length> ]
-  [ -m|--mux <mux-id> ]
-  [ -s|--sender-id <sender id> ]
-  [ -w|--window-size <window size> ]
-  [ -k|--kd-prf <kd-prf type> ]
-  [ -e|--role <role> ]
-  [ -E|--passphrase <pass phrase> ]
-  [ -K|--key <master key> ]
-  [ -A|--salt <master salt> ]
-  [ -c|--cipher <cipher type> ]
-  [ -a|--auth-algo <algo type> ]
-  [ -b|--auth-tag-length <length> ]
-....
-
-DESCRIPTION
------------
-
-*Anytun* is an implementation of the Secure Anycast Tunneling Protocol
-(SATP). It provides a complete VPN solution similar to OpenVPN or
-IPsec in tunnel mode. The main difference is that anycast allows a
-setup of tunnels between an arbitrary combination of anycast, unicast
-and multicast hosts.
-
-OPTIONS
--------
-
-*Anytun* has been designed as a peer to peer application, so there is
-no difference between client and server. The following options can be
-passed to the daemon:
-
-*-D, --nodaemonize*::
-   This option instructs *Anytun* to run in foreground
-   instead of becoming a daemon which is the default.
-
-*-u, --username <username>*::
-   run as this user. If no group is specified (*-g*) the default group of 
-   the user is used. The default is to not drop privileges.
-
-*-g, --groupname <groupname>*::
-   run as this group. If no username is specified (*-u*) this gets ignored.
-   The default is to not drop privileges.
-
-*-C, --chroot <path>*::
-   Instruct *Anytun* to run in a chroot jail. The default is 
-   to not run in chroot.
-
-*-P, --write-pid <filename>*::
-   Instruct *Anytun* to write it's pid to this file. The default is 
-   to not create a pid file.
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
-   add log target to logging system. This can be invoked several times
-   in order to log to different targets at the same time. Every target 
-   hast its own log level which is a number between 0 and 5. Where 0 means
-   disabling log and 5 means debug messages are enabled. +
-   The file target can be used more the once with different levels.
-   If no target is provided at the command line a single target with the 
-   config *syslog:3,anytun,daemon* is added. +
-   The following targets are supported:
-
-   *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
-   *file*;; log to file, parameters <level>[,<path>]
-   *stdout*;; log to standard output, parameters <level>
-   *stderr*;; log to standard error, parameters <level> 
-
-*-i, --interface <ip address>*::
-   This IP address is used as the sender address for outgoing
-   packets. In case of anycast tunnel endpoints, the anycast
-   IP has to be used. In case of unicast endpoints, the
-   address is usually derived correctly from the routing
-   table. The default is to not use a special inteface and just
-   bind on all interfaces.
-
-*-p, --port <port>*::
-   The local UDP port that is used to send and receive the
-   payload data. The two tunnel endpoints can use different
-   ports. If a tunnel endpoint consists of multiple anycast
-   hosts, all hosts have to use the same port. default: 4444
-
-*-r, --remote-host <hostname|ip>*::
-   This option can be used to specify the remote tunnel
-   endpoint. In case of anycast tunnel endpoints, the
-   anycast IP address has to be used. If you do not specify
-   an address, it is automatically determined after receiving
-   the first data packet.
-
-*-o, --remote-port <port>*::
-   The UDP port used for payload data by the remote host
-   (specified with -p on the remote host). If you do not specify
-   a port, it is automatically determined after receiving
-   the first data packet.
-
-*-4, --ipv4-only*::
-   Resolv to IPv4 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
-   Resolv to IPv6 addresses only. The default is to resolv both
-   IPv4 and IPv6 addresses.
-
-*-I, --sync-interface <ip-address>*::
-   local unicast(sync) ip address to bind to +
-   This option is only needed for tunnel endpoints consisting
-   of multiple anycast hosts. The unicast IP address of
-   the anycast host can be used here. This is needed for
-   communication with the other anycast hosts. The default is to 
-   not use a special inteface and just bind on all interfaces. However
-   this is only the case if synchronisation is active see *--sync-port*.
-
-*-S, --sync-port <port>*::
-   local unicast(sync) port to bind to +
-   This option is only needed for tunnel endpoints
-   consisting of multiple anycast hosts. This port is used
-   by anycast hosts to synchronize information about tunnel
-   endpoints. No payload data is transmitted via this port.
-   By default the synchronisation is disabled an therefore the
-   port is kept empty. +
-   It is possible to obtain a list of active connections
-   by telnetting into this port. This port is read-only
-   and unprotected by default. It is advised to protect
-   this port using firewall rules and, eventually, IPsec.
-
-*-M, --sync-hosts <hostname|ip>[:<port>],[<hostname|ip>[:<port>][...]]*::
-   remote hosts to sync with +
-   This option is only needed for tunnel endpoints consisting
-   of multiple anycast hosts. Here, one has to specify all
-   unicast IP addresses of all other anycast hosts that
-   comprise the anycast tunnel endpoint. By default synchronisation is
-   disabled and therefore this is empty. Mind that the port can be
-   omitted in which case port 2323 is used. If you want to specify an
-   ipv6 address and a port you have to use [ and ] to seperate the address
-   from the port, eg.: [::1]:1234. If you want to use the default port 
-   [ and ] can be omitted.
-
-*-X, --control-host <hostname|ip>[:<port>]*::
-   fetch the config from this host. The default is not to use a control
-   host and therefore this is empty. Mind that the port can be omitted 
-   in which case port 2323 is used. If you want to specify an
-   ipv6 address and a port you have to use [ and ] to seperate the address
-   from the port, eg.: [::1]:1234. If you want to use the default port 
-   [ and ] can be omitted.
-
-*-d, --dev <name>*::
-   device name +
-   By default, tapN is used for Ethernet tunnel interfaces,
-   and tunN for IP tunnels, respectively. This option can
-   be used to manually override these defaults.
-
-*-t, --type <tun|tap>*::
-   device type +
-   Type of the tunnels to create. Use tap for Ethernet
-   tunnels, tun for IP tunnels.
-
-*-n, --ifconfig <local>/<prefix>*::
-   The local IP address and prefix length. The remote tunnel endpoint
-   has to use a different IP address in the same subnet.
-
-   *<local>*;; the local IP address for the tun/tap device
-   *<prefix>*;; the prefix length of the network
-
-*-x, --post-up-script <script>*::
-   This option instructs *Anytun* to run this script after the interface 
-   is created. By default no script will be executed.
-
-*-R, --route <net>/<prefix length>*::
-   add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
-   the multiplex id to use. default: 0
-
-*-s, --sender-id  <sender id>*::
-   Each anycast tunnel endpoint needs a uniqe sender id
-   (1, 2, 3, ...). It is needed to distinguish the senders
-   in case of replay attacks. This option can be ignored on
-   unicast endpoints. default: 0
-
-*-w, --window-size <window size>*::
-   seqence window size +
-   Sometimes, packets arrive out of order on the receiver
-   side. This option defines the size of a list of received
-   packets' sequence numbers. If, according to this list,
-   a received packet has been previously received or has
-   been transmitted in the past, and is therefore not in
-   the list anymore, this is interpreted as a replay attack
-   and the packet is dropped. A value of 0 deactivates this
-   list and, as a consequence, the replay protection employed
-   by filtering packets according to their secuence number.
-   By default the sequence window is disabled and therefore a
-   window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
-   key derivation pseudo random function +
-   The pseudo random function which is used for calculating the 
-   session keys and session salt. +
-   Possible values:
-
-   *null*;; no random function, keys and salt are set to 0..00
-   *aes-ctr*;; AES in counter mode with 128 Bits, default value
-   *aes-ctr-128*;; AES in counter mode with 128 Bits
-   *aes-ctr-192*;; AES in counter mode with 192 Bits
-   *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
-   SATP uses different session keys for inbound and outbound traffic. The
-   role parameter is used to determine which keys to use for outbound or
-   inbound packets. On both sides of a vpn connection different roles have 
-   to be used. Possible values are *left* and *right*. You may also use 
-   *alice* or *server* as a replacement for *left* and *bob* or *client* as 
-   a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
-   This passphrase is used to generate the master key and master salt.
-   For the master key the last n bits of the SHA256 digest of the 
-   passphrase (where n is the length of the master key in bits) is used. 
-   The master salt gets generated with the SHA1 digest. 
-   You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
-   master key to use for key derivation +
-   Master key in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-   of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
-   master salt to use for key derivation +
-   Master salt in hexadecimal notation, e.g.
-   01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
-   of 28 characters (14 bytes).
-
-*-c, --cipher <cipher type>*::
-   payload encryption algorithm +
-   Encryption algorithm used for encrypting the payload +
-   Possible values:
-
-   *null*;; no encryption
-   *aes-ctr*;; AES in counter mode with 128 Bits, default value
-   *aes-ctr-128*;; AES in counter mode with 128 Bits
-   *aes-ctr-192*;; AES in counter mode with 192 Bits
-   *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-a, --auth-algo <algo type>*::
-   message authentication algorithm +
-   This option sets the message authentication algorithm. +
-   If HMAC-SHA1 is used, the packet length is increased. The additional bytes 
-   contain the authentication data. see *--auth-tag-length* for more info. +
-   Possible values:
-
-   *null*;; no message authentication
-   *sha1*;; HMAC-SHA1, default value
-
-*-b, --auth-tag-length <length>*::
-   The number of bytes to use for the auth tag. This value defaults to 10 bytes 
-   unless the *null* auth algo is used in which case it defaults to 0. 
-
-
-EXAMPLES
---------
-
-P2P Setup between two unicast enpoints:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Host A:
-^^^^^^^
-
-anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
-       -E have_a_very_safe_and_productive_day -e left
-
-Host B:
-^^^^^^^
-anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
-       -E have_a_very_safe_and_productive_day -e right
-
-
-One unicast and one anycast tunnel endpoint:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 
-Unicast tunnel endpoint:
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 -e client
-
-Anycast tunnel endpoints:
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-On the host with unicast hostname unicast1.anycast.anytun.org and anycast 
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
-         -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast2.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
-         -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-On the host with unicast hostname unicast3.anycast.anytun.org and anycast
-hostname anycast.anytun.org:
--------------------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \
-         -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
--------------------------------------------------------------------------------------------------
-
-For more sophisticated examples (like multiple unicast endpoints to one
-anycast tunnel endpoint) please consult the man page of anytun-config(8).
-
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun-config(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This  program is  free software: you can redistribute it 
-and/or modify it under the terms of the GNU General Public License 
-as published by the Free Software Foundation, either version 3 of 
-the License, or any later version.