diff options
Diffstat (limited to 'doc/anytun.8.txt')
-rw-r--r-- | doc/anytun.8.txt | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/doc/anytun.8.txt b/doc/anytun.8.txt index 00d3e91..7896dcd 100644 --- a/doc/anytun.8.txt +++ b/doc/anytun.8.txt @@ -68,7 +68,7 @@ passed to the daemon: instead of becoming a daemon which is the default. *-u, --username '<username>'*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname '<groupname>'*:: @@ -76,30 +76,30 @@ passed to the daemon: The default is to not drop privileges. *-C, --chroot '<path>'*:: - Instruct *Anytun* to run in a chroot jail. The default is + Instruct *Anytun* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid '<filename>'*:: - Instruct *Anytun* to write it's pid to this file. The default is + Instruct *Anytun* to write it's pid to this file. The default is to not create a pid file. *-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target hast its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more the once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,anytun,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]] 'file';; log to file, parameters <level>[,<path>] 'stdout';; log to standard output, parameters <level> - 'stderr';; log to standard error, parameters <level> + 'stderr';; log to standard error, parameters <level> *-U, --debug*:: - This option instructs *Anytun* to run in debug mode. It implicits *-D* + This option instructs *Anytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -144,7 +144,7 @@ passed to the daemon: This option is only needed for tunnel endpoints consisting of multiple anycast hosts. The unicast IP address of the anycast host can be used here. This is needed for - communication with the other anycast hosts. The default is to + communication with the other anycast hosts. The default is to not use a special inteface and just bind on all interfaces. However this is only the case if synchronisation is active see *--sync-port*. @@ -170,15 +170,15 @@ passed to the daemon: disabled and therefore this is empty. Mind that the port can be omitted in which case port 2323 is used. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address - from the port, eg.: [::1]:1234. If you want to use the default port + from the port, eg.: [::1]:1234. If you want to use the default port [ and ] can be omitted. *-X, --control-host '<hostname|ip>[:<port>]'*:: fetch the config from this host. The default is not to use a control - host and therefore this is empty. Mind that the port can be omitted + host and therefore this is empty. Mind that the port can be omitted in which case port 2323 is used. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address - from the port, eg.: [::1]:1234. If you want to use the default port + from the port, eg.: [::1]:1234. If you want to use the default port [ and ] can be omitted. *-d, --dev '<name>'*:: @@ -200,7 +200,7 @@ passed to the daemon: '<prefix>';; the prefix length of the network *-x, --post-up-script '<script>'*:: - This option instructs *Anytun* to run this script after the interface + This option instructs *Anytun* to run this script after the interface is created. By default no script will be executed. *-R, --route '<net>/<prefix length>'*:: @@ -231,7 +231,7 @@ passed to the daemon: *-k, --kd--prf '<kd-prf type>'*:: key derivation pseudo random function + - The pseudo random function which is used for calculating the + The pseudo random function which is used for calculating the session keys and session salt. + Possible values: @@ -244,16 +244,16 @@ passed to the daemon: *-e, --role '<role>'*:: SATP uses different session keys for inbound and outbound traffic. The role parameter is used to determine which keys to use for outbound or - inbound packets. On both sides of a vpn connection different roles have - to be used. Possible values are 'left' and 'right'. You may also use - 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as + inbound packets. On both sides of a vpn connection different roles have + to be used. Possible values are 'left' and 'right'. You may also use + 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as a replacement for 'right'. By default 'left' is used. *-E, --passphrase '<passphrase>'*:: This passphrase is used to generate the master key and master salt. - For the master key the last n bits of the SHA256 digest of the - passphrase (where n is the length of the master key in bits) is used. - The master salt gets generated with the SHA1 digest. + For the master key the last n bits of the SHA256 digest of the + passphrase (where n is the length of the master key in bits) is used. + The master salt gets generated with the SHA1 digest. You may force a specific key and or salt by using *--key* and *--salt*. *-K, --key '<master key>'*:: @@ -282,7 +282,7 @@ passed to the daemon: *-a, --auth-algo '<algo type>'*:: message authentication algorithm + This option sets the message authentication algorithm. + - If HMAC-SHA1 is used, the packet length is increased. The additional bytes + If HMAC-SHA1 is used, the packet length is increased. The additional bytes contain the authentication data. see *--auth-tag-length* for more info. + Possible values: @@ -290,8 +290,8 @@ passed to the daemon: 'sha1';; HMAC-SHA1, default value *-b, --auth-tag-length '<length>'*:: - The number of bytes to use for the auth tag. This value defaults to 10 bytes - unless the 'null' auth algo is used in which case it defaults to 0. + The number of bytes to use for the auth tag. This value defaults to 10 bytes + unless the 'null' auth algo is used in which case it defaults to 0. EXAMPLES @@ -314,7 +314,7 @@ anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr One unicast and one anycast tunnel endpoint: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - + Unicast tunnel endpoint: ^^^^^^^^^^^^^^^^^^^^^^^^ @@ -323,7 +323,7 @@ anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null - Anycast tunnel endpoints: ^^^^^^^^^^^^^^^^^^^^^^^^^ -On the host with unicast hostname unicast1.anycast.anytun.org and anycast +On the host with unicast hostname unicast1.anycast.anytun.org and anycast hostname anycast.anytun.org: ------------------------------------------------------------------------------------------------- # anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \ @@ -374,8 +374,8 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian -Pointner. This program is free software: you can redistribute it -and/or modify it under the terms of the GNU General Public License -as published by the Free Software Foundation, either version 3 of -the License, or any later version. +Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl +and Christian Pointner. This program is free software: you can +redistribute it and/or modify it under the terms of the GNU General +Public License as published by the Free Software Foundation, either +version 3 of the License, or any later version. |