summaryrefslogtreecommitdiff
path: root/doc/anytun-config.8
diff options
context:
space:
mode:
Diffstat (limited to 'doc/anytun-config.8')
-rw-r--r--doc/anytun-config.8219
1 files changed, 219 insertions, 0 deletions
diff --git a/doc/anytun-config.8 b/doc/anytun-config.8
new file mode 100644
index 0000000..317aa54
--- /dev/null
+++ b/doc/anytun-config.8
@@ -0,0 +1,219 @@
+'\" t
+.\" Title: anytun-config
+.\" Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
+.\" Date: 12/22/2009
+.\" Manual: anytun-config user manual
+.\" Source: anytun trunk
+.\" Language: English
+.\"
+.TH "ANYTUN\-CONFIG" "8" "12/22/2009" "anytun trunk" "anytun-config user manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+anytun-config \- anycast tunneling configuration utility
+.SH "SYNOPSIS"
+.sp
+.nf
+\fBanytun\-config\fR
+ [ \fB\-h|\-\-help\fR ]
+ [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]]
+ [ \fB\-r|\-\-remote\-host\fR <hostname|ip> ]
+ [ \fB\-o|\-\-remote\-port\fR <port> ]
+ [ \fB\-4|\-\-ipv4\-only\fR ]
+ [ \fB\-6|\-\-ipv6\-only\fR ]
+ [ \fB\-R|\-\-route\fR <net>/<prefix length> ]
+ [ \fB\-m|\-\-mux\fR <mux\-id> ]
+ [ \fB\-w|\-\-window\-size\fR <window size> ]
+ [ \fB\-k|\-\-kd\-prf\fR <kd\-prf type> ]
+ [ \fB\-e|\-\-role\fR <role> ]
+ [ \fB\-E|\-\-passphrase\fR <pass phrase> ]
+ [ \fB\-K|\-\-key\fR <master key> ]
+ [ \fB\-A|\-\-salt\fR <master salt> ]
+.fi
+.SH "DESCRIPTION"
+.sp
+\fBanytun\-config\fR writes routing/connection table entries, that can be read by \fBanytun\-controld\fR\&.
+.SH "OPTIONS"
+.PP
+\fB\-L, \-\-log <target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR
+.RS 4
+add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
+
+The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
+\fBsyslog:3,anytun\-config,daemon\fR
+is added\&.
+
+The following targets are supported:
+.PP
+\fBsyslog\fR
+.RS 4
+log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
+.RE
+.PP
+\fBfile\fR
+.RS 4
+log to file, parameters <level>[,<path>]
+.RE
+.PP
+\fBstdout\fR
+.RS 4
+log to standard output, parameters <level>
+.RE
+.PP
+\fBstderr\fR
+.RS 4
+log to standard error, parameters <level>
+.RE
+.RE
+.PP
+\fB\-r, \-\-remote\-host <hostname|ip>\fR
+.RS 4
+This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-o, \-\-remote\-port <port>\fR
+.RS 4
+The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&.
+.RE
+.PP
+\fB\-4, \-\-ipv4\-only\fR
+.RS 4
+Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-6, \-\-ipv6\-only\fR
+.RS 4
+Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
+.RE
+.PP
+\fB\-R, \-\-route <net>/<prefix length>\fR
+.RS 4
+add a route to connection\&. This can be invoked several times\&.
+.RE
+.PP
+\fB\-m, \-\-mux <mux\-id>\fR
+.RS 4
+the multiplex id to use\&. default: 0
+.RE
+.PP
+\fB\-w, \-\-window\-size <window size>\fR
+.RS 4
+seqence window size
+
+Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.
+.RE
+.PP
+\fB\-k, \-\-kd\(emprf <kd\-prf type>\fR
+.RS 4
+key derivation pseudo random function
+
+The pseudo random function which is used for calculating the session keys and session salt\&.
+
+Possible values:
+.PP
+\fBnull\fR
+.RS 4
+no random function, keys and salt are set to 0\&.\&.00
+.RE
+.PP
+\fBaes\-ctr\fR
+.RS 4
+AES in counter mode with 128 Bits, default value
+.RE
+.PP
+\fBaes\-ctr\-128\fR
+.RS 4
+AES in counter mode with 128 Bits
+.RE
+.PP
+\fBaes\-ctr\-192\fR
+.RS 4
+AES in counter mode with 192 Bits
+.RE
+.PP
+\fBaes\-ctr\-256\fR
+.RS 4
+AES in counter mode with 256 Bits
+.RE
+.RE
+.PP
+\fB\-e, \-\-role <role>\fR
+.RS 4
+SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are
+\fBleft\fR
+and
+\fBright\fR\&. You may also use
+\fBalice\fR
+or
+\fBserver\fR
+as a replacement for
+\fBleft\fR
+and
+\fBbob\fR
+or
+\fBclient\fR
+as a replacement for
+\fBright\fR\&. By default
+\fBleft\fR
+is used\&.
+.RE
+.PP
+\fB\-E, \-\-passphrase <pass phrase>\fR
+.RS 4
+This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using
+\fB\-\-key\fR
+and
+\fB\-\-salt\fR\&.
+.RE
+.PP
+\fB\-K, \-\-key <master key>\fR
+.RS 4
+master key to use for key derivation
+
+Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&.
+.RE
+.PP
+\fB\-A, \-\-salt <master salt>\fR
+.RS 4
+master salt to use for key derivation
+
+Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&.
+.RE
+.SH "EXAMPLES"
+.sp
+Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# anytun\-config \-w 0 \-m 12 \-K 0123456789ABCDEFFEDCBA9876543210 \-A 0123456789ABCDDCBA9876543210 \e
+ \-R 192\&.0\&.2\&.0/24 \-R 192\&.168\&.1\&.1/32 \-e server >> routingtable
+.fi
+.if n \{\
+.RE
+.\}
+.SH "BUGS"
+.sp
+Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&.
+.SH "SEE ALSO"
+.sp
+anytun(8), anytun\-controld(8), anytun\-showtables(8)
+.SH "AUTHORS"
+.sp
+Othmar Gsenger <otti@anytun\&.org> Erwin Nindl <nine@anytun\&.org> Christian Pointner <equinox@anytun\&.org>
+.SH "RESOURCES"
+.sp
+Main web site: http://www\&.anytun\&.org/
+.SH "COPYING"
+.sp
+Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.