summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd-option-letters4
-rw-r--r--src/man/anytun-config.8.txt117
-rw-r--r--src/man/anytun-controld.8.txt92
-rw-r--r--src/man/anytun-showtables.8.txt2
-rw-r--r--src/man/anytun.8.txt237
-rw-r--r--src/options.cpp4
6 files changed, 310 insertions, 146 deletions
diff --git a/cmd-option-letters b/cmd-option-letters
index 87ccc0f..b9c8eae 100644
--- a/cmd-option-letters
+++ b/cmd-option-letters
@@ -2,7 +2,7 @@
6: resolv ipv6 only (payload socket)
a: auth algo
-b:
+b: auth tag length (not yet)
c: cipher
d: device name
e:
@@ -33,7 +33,7 @@ B:
C: chroot directory
D: do not daemonize
E: passphrase
-F: config file
+F: config file (not yet)
G:
H:
I: local sync interface
diff --git a/src/man/anytun-config.8.txt b/src/man/anytun-config.8.txt
index 258bec8..b1e31a3 100644
--- a/src/man/anytun-config.8.txt
+++ b/src/man/anytun-config.8.txt
@@ -10,13 +10,20 @@ SYNOPSIS
*anytun-config*
[ *-h|--help* ]
+[ *-L|--log* <target>:<level>[,<param1>[,<param2>[..]]]
[ *-r|--remote-host* <hostname|ip> ]
[ *-o|--remote-port* <port> ]
-[ *-w|--window-size* <window size> ]
+[ *-4|--ipv4-only* ]
+[ *-6|--ipv6-only* ]
+[ *-R|--route* <net>/<prefix length> ]
[ *-m|--mux* <mux-id> ]
+[ *-w|--window-size* <window size> ]
+[ *-k|--kd-prf* <kd-prf type> ]
+[ *-l|--ld-kdr* <ld-kdr> ]
+[ *-O|--anytun02-compat* ]
+[ *-E|--passphrase* <pass phrase> ]
[ *-K|--key* <master key> ]
[ *-A|--salt* <master salt> ]
-[ *-T|--route* <net>/<prefix length> ]
DESCRIPTION
-----------
@@ -26,6 +33,27 @@ DESCRIPTION
OPTIONS
-------
+-L|--log <target>:<level>[,<param1>[,<param2>[..]]]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+add log target to logging system. This can be invoked several times
+in order to log to different targets at the same time. Every target
+hast its own log level which is a number between 0 and 5. Where 0 means
+disabling log and 5 means debug messages are enabled.
+
+The following targets are supported:
+
+* *syslog* - log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+* *file* - log to file, parameters <level>[,<path>]
+* *stdout* - log to standard output, parameters <level>
+* *stderr* - log to standard error, parameters <level>
+
+The file target can be used more the once with different levels.
+If no target is provided at the command line a single target with the
+following config is added:
+
+*syslog:3,uanytun,daemon*
+
-r|--remote-host <hostname|ip>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -46,6 +74,28 @@ The UDP port used for payload data by the remote host
a port, it is automatically determined after receiving
the first data packet.
+-4|--ipv4-only
+~~~~~~~~~~~~~~
+
+Resolv to IPv4 addresses only. The default is to resolv both
+IPv4 and IPv6 addresses.
+
+-6|--ipv6-only
+~~~~~~~~~~~~~~
+
+Resolv to IPv6 addresses only. The default is to resolv both
+IPv4 and IPv6 addresses.
+
+-R|--route <net>/<prefix length>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+add a route to connection. This can be invoked several times.
+
+-m|--mux <mux-id>
+~~~~~~~~~~~~~~~~~
+
+the multiplex id to use. default: 0
+
-w|--window-size <window size>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -63,45 +113,76 @@ by filtering packets according to their secuence number.
By default the sequence window is disabled and therefore a
window size of 0 is used.
--m|--mux <mux-id>
-~~~~~~~~~~~~~~~~~
+-k|--kd--prf <kd-prf type>
+~~~~~~~~~~~~~~~~~~~~~~~~~~
-the multiplex id to use. default: 0
+key derivation pseudo random function.
+
+The pseudo random function which is used for calculating the
+session keys and session salt.
+
+Possible values:
+
+* *null* - no random function, keys and salt are set to 0..00
+* *aes-ctr* - AES in counter mode with 128 Bits, default value
+* *aes-ctr-128* - AES in counter mode with 128 Bits
+* *aes-ctr-192* - AES in counter mode with 192 Bits
+* *aes-ctr-256* - AES in counter mode with 256 Bits
+
+-l|--ld-kdr <ld-kdr>
+~~~~~~~~~~~~~~~~~~~~
+
+The log2 of the key derivation rate. This is used by the key
+derivation to determine how often a new session key has to be
+generated. A value of -1 means to generate only one key and use
+it forever. The default is 0 which means to calculate a new key
+for every packet. A value of 1 would tell the key derivation
+to generate a new key after 2 packets, for 2 its 4 packets and
+so on.
+
+-O|--anytun02-compat
+~~~~~~~~~~~~~~~~~~~~
+
+Enable compatibility mode with version of anytun 0.2.x and prior.
+This is for backwards compaitbility to old internet draft of satp.
+
+-E|--passphrase <pass phrase>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This passphrase is used to generate the master key and master salt.
+For the master key the last n bits of the SHA256 digest of the
+passphrase (where n is the length of the master key in bits) is used.
+The master salt gets generated with the SHA1 digest.
+You may force a specific key and or salt by using *--key* and *--salt*.
-K|--key <master key>
~~~~~~~~~~~~~~~~~~~~~
-master key to use for encryption
+master key to use for key derivation
Master key in hexadecimal notation, eg
01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-of 32 characters (16 bytes).
+of 32, 48 or 64 characters (128, 192 or 256 bits).
-A|--salt <master salt>
~~~~~~~~~~~~~~~~~~~~~~~
-master salt to use for encryption
+master salt to use for key derivation
Master salt in hexadecimal notation, eg
01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
of 28 characters (14 bytes).
--T|--route <net>/<prefix length>
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-add a route to connection. This can be invoked several times.
-
EXAMPLES
--------
Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
-
---------------------------------------------------------------------------------------
-# anytun -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
- -R 192.0.2.0/24 -R 192.168.1.1/32 >> routingtable
---------------------------------------------------------------------------------------
+------------------------------------------------------------------------------------------------
+# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
+ -R 192.0.2.0/24 -R 192.168.1.1/32 >> routingtable
+------------------------------------------------------------------------------------------------
BUGS
----
diff --git a/src/man/anytun-controld.8.txt b/src/man/anytun-controld.8.txt
index e97daac..2b1c7a1 100644
--- a/src/man/anytun-controld.8.txt
+++ b/src/man/anytun-controld.8.txt
@@ -10,13 +10,14 @@ SYNOPSIS
*anytun-controld*
[ *-h|--help* ]
-[ *-f|--file* <path> ]
-[ *-X|--control-host* < <host>[:port>] | :<port> > ]
[ *-D|--nodaemonize* ]
-[ *-C|--chroot* ]
[ *-u|--username* <username> ]
-[ *-H|--chroot-dir* <path> ]
-[ *-P|--write-pid* <path> ]
+[ *-g|--groupname* <groupname> ]
+[ *-C|--chroot* <path> ]
+[ *-P|--write-pid* <filename> ]
+[ *-L|--log* <target>:<level>[,<param1>[,<param2>[..]]] ]
+[ *-f|--file* <path> ]
+[ *-X|--control-host* < <host>[:port>] | :<port> > ]
DESCRIPTION
-----------
@@ -26,49 +27,72 @@ DESCRIPTION
OPTIONS
-------
--f|--file <path>
+-D|--nodaemonize
~~~~~~~~~~~~~~~~
-The path to the config file.
+This option instructs *anytun* to run in foreground
+instead of becoming a daemon which is the default.
--X|--control-host < <host>[:<port>] | :<port> >
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-u|--username <username>
+~~~~~~~~~~~~~~~~~~~~~~~~
-The local ip address and or tcp port to bind to. Mind that if an
-address is given the port can be omitted in which case port 2323
-is used. You can also specify to listen on an specific port but on
-all interfaces by omitting the address. If you want to specify an
-ipv6 address and a port you have to use [ and ] to seperate the address
-from the port, eg.: [::1]:1234. If you want to use the default port
-[ and ] can be omitted. default: 127.0.0.1:2323
+run as this user. If no group is specified (*-g*) the default group of
+the user is used. The default is to not drop privileges.
--D|--nodaemonize
-~~~~~~~~~~~~~~~~
+-g|--groupname <groupname>
+~~~~~~~~~~~~~~~~~~~~~~~~~~
-This option instructs *anytun-controld* to run in the foreground
-instead of becoming a daemon which is the default.
+run as this group. If no username is specified (*-u*) this gets ignored.
+The default is to not drop privileges.
--C|--chroot
-~~~~~~~~~~~
+-C|--chroot <path>
+~~~~~~~~~~~~~~~~~~
-Instruct *anytun* to run in a chroot chail and drop privileges. The
-default is not to run in chroot.
+Instruct *anytun* to run in a chroot jail. The default is
+to not run in chroot.
--u|--username <username>
-~~~~~~~~~~~~~~~~~~~~~~~~
+-P|--write-pid <filename>
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Instruct *anytun* to write it's pid to this file. The default is
+to not create a pid file.
+
+-L|--log <target>:<level>[,<param1>[,<param2>[..]]]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-if chroot change to this user. default: nobody
+add log target to logging system. This can be invoked several times
+in order to log to different targets at the same time. Every target
+hast its own log level which is a number between 0 and 5. Where 0 means
+disabling log and 5 means debug messages are enabled.
--H|--chroot-dir <directory>
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The following targets are supported:
+
+* *syslog* - log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+* *file* - log to file, parameters <level>[,<path>]
+* *stdout* - log to standard output, parameters <level>
+* *stderr* - log to standard error, parameters <level>
+
+The file target can be used more the once with different levels.
+If no target is provided at the command line a single target with the
+following config is added:
+
+*syslog:3,uanytun,daemon*
+
+-f|--file <path>
+~~~~~~~~~~~~~~~~
-chroot to this directory. default: /var/run/anytun-controld
+The path to the file which holds the sync information.
--P|--write-pid <path>
-~~~~~~~~~~~~~~~~~~~~~
+-X|--control-host < <host>[:<port>] | :<port> >
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Instruct *anytun-controld* to write it's pid to this file.
-The default is not to create a pid file.
+The local ip address and or tcp port to bind to. Mind that if an
+address is given the port can be omitted in which case port 2323
+is used. You can also specify to listen on an specific port but on
+all interfaces by omitting the address. If you want to specify an
+ipv6 address and a port you have to use [ and ] to seperate the address
+from the port, eg.: [::1]:1234. If you want to use the default port
+[ and ] can be omitted. default: 127.0.0.1:2323
BUGS
diff --git a/src/man/anytun-showtables.8.txt b/src/man/anytun-showtables.8.txt
index d7b1782..9a04f26 100644
--- a/src/man/anytun-showtables.8.txt
+++ b/src/man/anytun-showtables.8.txt
@@ -18,7 +18,7 @@ DESCRIPTION
OPTIONS
-------
-This Tool does not take any Options. It takes the sync information from
+This Tool does not take any options. It takes the sync information from
the standard input and prints the routing table to the standard output.
EXAMPLES
diff --git a/src/man/anytun.8.txt b/src/man/anytun.8.txt
index 65f5c97..7890a50 100644
--- a/src/man/anytun.8.txt
+++ b/src/man/anytun.8.txt
@@ -11,21 +11,24 @@ SYNOPSIS
*anytun*
[ *-h|--help* ]
[ *-D|--nodaemonize* ]
-[ *-C|--chroot* ]
[ *-u|--username* <username> ]
-[ *-H|--chroot-dir* <directory> ]
+[ *-g|--groupname* <groupname> ]
+[ *-C|--chroot* <path> ]
[ *-P|--write-pid* <filename> ]
+[ *-L|--log* <target>:<level>[,<param1>[,<param2>[..]]] ]
[ *-i|--interface* <ip-address> ]
[ *-p|--port* <port> ]
[ *-r|--remote-host* <hostname|ip> ]
[ *-o|--remote-port* <port> ]
+[ *-4|--ipv4-only* ]
+[ *-6|--ipv6-only* ]
[ *-I|--sync-interface* <ip-address> ]
[ *-S|--sync-port* port> ]
[ *-M|--sync-hosts* <hostname|ip>[:<port>][,<hostname|ip>[:<port>][...]] ]
[ *-X|--control-host* <hostname|ip>[:<port>]
[ *-d|--dev* <name> ]
[ *-t|--type* <tun|tap> ]
-[ *-n|--ifconfig* <local> <remote|netmask> ]
+[ *-n|--ifconfig* <local>/<prefix> ]
[ *-x|--post-up-script* <script> ]
[ *-R|--route* <net>/<prefix length> ]
[ *-m|--mux* <mux-id> ]
@@ -33,10 +36,12 @@ SYNOPSIS
[ *-w|--window-size* <window size> ]
[ *-k|--kd-prf* <kd-prf type> ]
[ *-l|--ld-kdr* <ld-kdr> ]
-[ *-c|--cipher* <cipher type> ]
-[ *-a|--auth-algo* <algo type> ]
+[ *-O|--anytun02-compat* ]
+[ *-E|--passphrase* <pass phrase> ]
[ *-K|--key* <master key> ]
[ *-A|--salt* <master salt> ]
+[ *-c|--cipher* <cipher type> ]
+[ *-a|--auth-algo* <algo type> ]
DESCRIPTION
-----------
@@ -57,30 +62,53 @@ passed to the daemon:
-D|--nodaemonize
~~~~~~~~~~~~~~~~
-This option instructs *anytun* to run in the foreground
+This option instructs *anytun* to run in foreground
instead of becoming a daemon which is the default.
--C|--chroot
-~~~~~~~~~~~
-
-Instruct *anytun* to run in a chroot chail and drop privileges. The
-default is not to run in chroot.
-
-u|--username <username>
~~~~~~~~~~~~~~~~~~~~~~~~
-if chroot change to this user. default: nobody
+run as this user. If no group is specified (*-g*) the default group of
+the user is used. The default is to not drop privileges.
--H|--chroot-dir <directory>
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-g|--groupname <groupname>
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+run as this group. If no username is specified (*-u*) this gets ignored.
+The default is to not drop privileges.
-chroot to this directory. default: /var/run/anytun
+-C|--chroot <path>
+~~~~~~~~~~~~~~~~~~
+
+Instruct *anytun* to run in a chroot jail. The default is
+to not run in chroot.
-P|--write-pid <filename>
~~~~~~~~~~~~~~~~~~~~~~~~~
Instruct *anytun* to write it's pid to this file. The default is
-not to create a pid file.
+to not create a pid file.
+
+-L|--log <target>:<level>[,<param1>[,<param2>[..]]]
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+add log target to logging system. This can be invoked several times
+in order to log to different targets at the same time. Every target
+hast its own log level which is a number between 0 and 5. Where 0 means
+disabling log and 5 means debug messages are enabled.
+
+The following targets are supported:
+
+* *syslog* - log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+* *file* - log to file, parameters <level>[,<path>]
+* *stdout* - log to standard output, parameters <level>
+* *stderr* - log to standard error, parameters <level>
+
+The file target can be used more the once with different levels.
+If no target is provided at the command line a single target with the
+following config is added:
+
+*syslog:3,uanytun,daemon*
-i|--interface <ip address>
~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -122,6 +150,18 @@ The UDP port used for payload data by the remote host
a port, it is automatically determined after receiving
the first data packet.
+-4|--ipv4-only
+~~~~~~~~~~~~~~
+
+Resolv to IPv4 addresses only. The default is to resolv both
+IPv4 and IPv6 addresses.
+
+-6|--ipv6-only
+~~~~~~~~~~~~~~
+
+Resolv to IPv6 addresses only. The default is to resolv both
+IPv4 and IPv6 addresses.
+
-I|--sync-interface <ip-address>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -180,8 +220,8 @@ from the port, eg.: [::1]:1234. If you want to use the default port
~~~~~~~~~~~~~~~
device name
-By default, tap0 is used for Ethernet tunnel interfaces,
-and tun0 for IP tunnels, respectively. This option can
+By default, tapN is used for Ethernet tunnel interfaces,
+and tunN for IP tunnels, respectively. This option can
be used to manually override these defaults.
-t|--type <tun|tap>
@@ -192,25 +232,15 @@ device type
Type of the tunnels to create. Use tap for Ethernet
tunnels, tun for IP tunnels.
--n|--ifconfig <local> <remote|netmask>
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-n|--ifconfig <local>/<prefix>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*<local>* the local IP address for the tun/tap device
-*<remote|netmask>* the remote IP address (tun) or netmask (tap)
+*<prefix>* the prefix length of the network
-In tap/Ethernet tunnel mode:
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The local IP address and subnet mask of the tunnel
-interface, in ifconfig style. The remote tunnel endpoint
-has to use a different IP address in the same subnet.
-
-In tun/IP tunnel mode:
-
-The local IP address of the tunnel interface and the
-IP address of the tunnel interface on the remote tunnel
-endpoint.
+The local IP address and prefix length. The remote tunnel endpoint
+has to use a different IP address in the same subnet
-x|--post-up-script <script>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -223,19 +253,19 @@ is created. By default no script will be executed.
add a route to connection. This can be invoked several times.
+-m|--mux <mux-id>
+~~~~~~~~~~~~~~~~~
+
+the multiplex id to use. default: 0
+
-s|--sender-id <sender id>
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Each anycast tunnel endpoint needs a uniqe sender id
(1, 2, 3, ...). It is needed to distinguish the senders
-in case of replay attacks. This option is ignored by
+in case of replay attacks. This option can be ignored on
unicast endpoints. default: 0
--m|--mux <mux-id>
-~~~~~~~~~~~~~~~~~
-
-the multiplex id to use. default: 0
-
-w|--window-size <window size>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -253,37 +283,6 @@ by filtering packets according to their secuence number.
By default the sequence window is disabled and therefore a
window size of 0 is used.
--c|--cipher <cipher type>
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-payload encryption algorithm
-
-Encryption algorithm used for encrypting the payload
-
-Possible values:
-
-* *null* - no encryption
-* *aes-ctr* - AES in counter mode with 128 Bits, default value
-* *aes-ctr-128* - AES in counter mode with 128 Bits
-* *aes-ctr-192* - AES in counter mode with 192 Bits
-* *aes-ctr-256* - AES in counter mode with 256 Bits
-
--a|--auth-algo <algo type>
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-message authentication algorithm
-
-This option sets the message authentication algorithm.
-
-Possible values:
-
-* *null* - no message authentication
-* *sha1* - HMAC-SHA1, default value
-
-
-If HMAC-SHA1 is used, the packet length is increased by
-10 bytes. These 10 bytes contain the authentication data.
-
-k|--kd--prf <kd-prf type>
~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -304,66 +303,126 @@ Possible values:
~~~~~~~~~~~~~~~~~~~~
The log2 of the key derivation rate. This is used by the key
-derivation to determine how ofen a new session key has to be
+derivation to determine how often a new session key has to be
generated. A value of -1 means to generate only one key and use
it forever. The default is 0 which means to calculate a new key
for every packet. A value of 1 would tell the key derivation
to generate a new key after 2 packets, for 2 its 4 packets and
so on.
+-O|--anytun02-compat
+~~~~~~~~~~~~~~~~~~~~
+
+Enable compatibility mode with version of anytun 0.2.x and prior.
+This is for backwards compaitbility to old internet draft of satp.
+
+-E|--passphrase <pass phrase>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This passphrase is used to generate the master key and master salt.
+For the master key the last n bits of the SHA256 digest of the
+passphrase (where n is the length of the master key in bits) is used.
+The master salt gets generated with the SHA1 digest.
+You may force a specific key and or salt by using *--key* and *--salt*.
+
-K|--key <master key>
~~~~~~~~~~~~~~~~~~~~~
-master key to use for encryption
+master key to use for key derivation
Master key in hexadecimal notation, eg
01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-of 32 characters (16 bytes).
+of 32, 48 or 64 characters (128, 192 or 256 bits).
-A|--salt <master salt>
~~~~~~~~~~~~~~~~~~~~~~~
-master salt to use for encryption
+master salt to use for key derivation
Master salt in hexadecimal notation, eg
01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
of 28 characters (14 bytes).
+-c|--cipher <cipher type>
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+payload encryption algorithm
+
+Encryption algorithm used for encrypting the payload
+
+Possible values:
+
+* *null* - no encryption
+* *aes-ctr* - AES in counter mode with 128 Bits, default value
+* *aes-ctr-128* - AES in counter mode with 128 Bits
+* *aes-ctr-192* - AES in counter mode with 192 Bits
+* *aes-ctr-256* - AES in counter mode with 256 Bits
+
+-a|--auth-algo <algo type>
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+message authentication algorithm
+
+This option sets the message authentication algorithm.
+
+Possible values:
+
+* *null* - no message authentication
+* *sha1* - HMAC-SHA1, default value
+
+If HMAC-SHA1 is used, the packet length is increased by
+10 bytes. These 10 bytes contain the authentication data.
+
+
EXAMPLES
--------
+P2P Setup between two unicast enpoints:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Host A:
+^^^^^^^
+
+anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
+ -E have_a_very_safe_and_productive_day
+
+Host B:
+^^^^^^^
+anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
+ -E have_a_very_safe_and_productive_day
+
+
One unicast and one anycast tunnel endpoint:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unicast tunnel endpoint:
^^^^^^^^^^^^^^^^^^^^^^^^
-anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2
-192.0.2.1 -w 0 -c null
+anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0
Anycast tunnel endpoints:
^^^^^^^^^^^^^^^^^^^^^^^^^
On the host with unicast hostname unicast1.anycast.anytun.org and anycast
hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1 192.0.2.2 -w 0 -S 2342 \
- -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
+---------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 \
+ -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+---------------------------------------------------------------------------------------
On the host with unicast hostname unicast2.anycast.anytun.org and anycast
hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1 192.0.2.2 -w 0 -S 2342 \
- -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
+---------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 \
+ -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
+---------------------------------------------------------------------------------------
On the host with unicast hostname unicast3.anycast.anytun.org and anycast
hostname anycast.anytun.org:
---------------------------------------------------------------------------------------
-# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1 192.0.2.2 -w 0 -S 2342 \
- -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
---------------------------------------------------------------------------------------
+---------------------------------------------------------------------------------------
+# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 \
+ -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
+---------------------------------------------------------------------------------------
For more sophisticated examples (like multiple unicast endpoints to one
anycast tunnel endpoint) please consult the man page of anytun-config(8).
diff --git a/src/options.cpp b/src/options.cpp
index ce1a6fa..fda188c 100644
--- a/src/options.cpp
+++ b/src/options.cpp
@@ -342,7 +342,7 @@ bool Options::parse(int argc, char* argv[])
PARSE_INVERSE_BOOL_PARAM("-D","--nodaemonize", daemonize_)
PARSE_SCALAR_PARAM("-u","--username", username_)
PARSE_SCALAR_PARAM("-g","--groupname", groupname_)
- PARSE_SCALAR_PARAM("-C","--chroot-dir", chroot_dir_)
+ PARSE_SCALAR_PARAM("-C","--chroot", chroot_dir_)
PARSE_SCALAR_PARAM("-P","--write-pid", pid_file_)
#endif
@@ -461,7 +461,7 @@ void Options::printUsage()
std::cout << " [-D|--nodaemonize] don't run in background" << std::endl;
std::cout << " [-u|--username] <username> change to this user" << std::endl;
std::cout << " [-g|--groupname] <groupname> change to this group" << std::endl;
- std::cout << " [-C|--chroot-dir] <path> chroot to this directory" << std::endl;
+ std::cout << " [-C|--chroot] <path> chroot to this directory" << std::endl;
std::cout << " [-P|--write-pid] <path> write pid to this file" << std::endl;
#endif