1 files changed, 64 insertions, 46 deletions

diff --git a/etc/anytun/client2/config b/etc/anytun/client2/config
index 007c58b..41da4d7 100644
--- a/etc/anytun/client2/config
+++ b/etc/anytun/client2/config
@@ -1,52 +1,70 @@
-## Global Parameters
-## don't run in background
-#nodaemonize
-## the sender id to use (has to be unique for multible anycast servers)
-#sender-id 1
-## log to syslog with level of 3
-log syslog:3,anytun-client2,daemon
-## local anycast ip address to bind to
-#interface <ip-address>
-## local anycast(data) port to bind to
-#port 4444
-## local unicast(sync) ip address to bind to
-# sync-interface <ip-address>
-## local unicast(sync) port to bind to
-#sync-port 1234
-## remote hosts to sync with
-#sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]]
-## Device name
-#dev anytun0
-# device type tun = ip/ipv6, tap = ethernet
+#############################
+## Main options             #
+#############################
+
+## Client ID
+##  (has to be unique for each client)
+mux 2
+
+## device type tun = ip/ipv6, tap = ethernet
 type tun
+
 ## payload encryption algorithm
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
 cipher aes-ctr
-# cipher null
+
 ## message authentication algorithm
+#auth-algo null
 auth-algo sha1
-# auth-algo null
+
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy
+
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
+
+## local port to bind to (for tunnel data)
+## make sure to use a different port for every server and client!
+port 4444
+
+## log to syslog with a level of 3
+log syslog:3,anytun-client2,daemon
+
+#############################
+## Debug options            #
+#############################
+
+## don't run in background
+#nodaemonize
+
+## additional log to standard output with a level of 5
+#log stdout:5
+
+#############################
+## Expert options           #
+#############################
+
+## Device name
+#dev anytun0
+
 ## Automaticaly configure the interface an set a route
-## 1st argument the local address for the tun/tap device
-## 2nd argument is either the remote address(tun) or netmask(tap)
-#ifconfig <local> <remote|netmask>
-## Controll Host for multi client support
-#control-host 127.0.0.1:4445
-
-### Connection Parameters (for clients without config server)
-## Allow all ipv4 and ipv6 traffic 
-## this does not set operating system routes
-route 0.0.0.0/0
-route ::/0
-## remote host
-remote-host example.com
-## remote port
-remote-port 4444
-##seqence number window size
-## 0 turns off replay protection (for manualk keying)
-window-size 0
-## the multiplex id to use
-mux 2
-## master key to use for encryption
-key 2123456789ABCDEF0123456789ABCDEF
-## master salt to use for encryption
-salt 2123456789ABCD0123456789ABCD
+##
+## We highly recommend the use of the post up script to do this
+##
+## the address hast to be supplied in CIDR notation
+#ifconfig <local>/<prefix length>
+
+##Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 2123456789ABCDEF0123456789ABCDEF
+#salt 2123456789ABCD0123456789ABCD
+
+## Setting a window size > 0 will enable replay protection
+## This most likely will only work with external rekeying
+#window-size 0