From a525c9c7412fb9483dd868b3504cd1be32dc7d23 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 22 Dec 2009 20:18:51 +0000 Subject: added manpage to svn (and later to release tarball) moved manpages to doc directory --- doc/anytun-config.8 | 219 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 doc/anytun-config.8 (limited to 'doc/anytun-config.8') diff --git a/doc/anytun-config.8 b/doc/anytun-config.8 new file mode 100644 index 0000000..317aa54 --- /dev/null +++ b/doc/anytun-config.8 @@ -0,0 +1,219 @@ +'\" t +.\" Title: anytun-config +.\" Author: [see the "AUTHORS" section] +.\" Generator: DocBook XSL Stylesheets v1.75.1 +.\" Date: 12/22/2009 +.\" Manual: anytun-config user manual +.\" Source: anytun trunk +.\" Language: English +.\" +.TH "ANYTUN\-CONFIG" "8" "12/22/2009" "anytun trunk" "anytun-config user manual" +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +anytun-config \- anycast tunneling configuration utility +.SH "SYNOPSIS" +.sp +.nf +\fBanytun\-config\fR + [ \fB\-h|\-\-help\fR ] + [ \fB\-L|\-\-log\fR :[,[,[\&.\&.]]] + [ \fB\-r|\-\-remote\-host\fR ] + [ \fB\-o|\-\-remote\-port\fR ] + [ \fB\-4|\-\-ipv4\-only\fR ] + [ \fB\-6|\-\-ipv6\-only\fR ] + [ \fB\-R|\-\-route\fR / ] + [ \fB\-m|\-\-mux\fR ] + [ \fB\-w|\-\-window\-size\fR ] + [ \fB\-k|\-\-kd\-prf\fR ] + [ \fB\-e|\-\-role\fR ] + [ \fB\-E|\-\-passphrase\fR ] + [ \fB\-K|\-\-key\fR ] + [ \fB\-A|\-\-salt\fR ] +.fi +.SH "DESCRIPTION" +.sp +\fBanytun\-config\fR writes routing/connection table entries, that can be read by \fBanytun\-controld\fR\&. +.SH "OPTIONS" +.PP +\fB\-L, \-\-log :[,[,[\&.\&.]]]\fR +.RS 4 +add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&. + +The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config +\fBsyslog:3,anytun\-config,daemon\fR +is added\&. + +The following targets are supported: +.PP +\fBsyslog\fR +.RS 4 +log to syslog daemon, parameters [,[,]] +.RE +.PP +\fBfile\fR +.RS 4 +log to file, parameters [,] +.RE +.PP +\fBstdout\fR +.RS 4 +log to standard output, parameters +.RE +.PP +\fBstderr\fR +.RS 4 +log to standard error, parameters +.RE +.RE +.PP +\fB\-r, \-\-remote\-host \fR +.RS 4 +This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&. +.RE +.PP +\fB\-o, \-\-remote\-port \fR +.RS 4 +The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&. +.RE +.PP +\fB\-4, \-\-ipv4\-only\fR +.RS 4 +Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&. +.RE +.PP +\fB\-6, \-\-ipv6\-only\fR +.RS 4 +Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&. +.RE +.PP +\fB\-R, \-\-route /\fR +.RS 4 +add a route to connection\&. This can be invoked several times\&. +.RE +.PP +\fB\-m, \-\-mux \fR +.RS 4 +the multiplex id to use\&. default: 0 +.RE +.PP +\fB\-w, \-\-window\-size \fR +.RS 4 +seqence window size + +Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. +.RE +.PP +\fB\-k, \-\-kd\(emprf \fR +.RS 4 +key derivation pseudo random function + +The pseudo random function which is used for calculating the session keys and session salt\&. + +Possible values: +.PP +\fBnull\fR +.RS 4 +no random function, keys and salt are set to 0\&.\&.00 +.RE +.PP +\fBaes\-ctr\fR +.RS 4 +AES in counter mode with 128 Bits, default value +.RE +.PP +\fBaes\-ctr\-128\fR +.RS 4 +AES in counter mode with 128 Bits +.RE +.PP +\fBaes\-ctr\-192\fR +.RS 4 +AES in counter mode with 192 Bits +.RE +.PP +\fBaes\-ctr\-256\fR +.RS 4 +AES in counter mode with 256 Bits +.RE +.RE +.PP +\fB\-e, \-\-role \fR +.RS 4 +SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are +\fBleft\fR +and +\fBright\fR\&. You may also use +\fBalice\fR +or +\fBserver\fR +as a replacement for +\fBleft\fR +and +\fBbob\fR +or +\fBclient\fR +as a replacement for +\fBright\fR\&. By default +\fBleft\fR +is used\&. +.RE +.PP +\fB\-E, \-\-passphrase \fR +.RS 4 +This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using +\fB\-\-key\fR +and +\fB\-\-salt\fR\&. +.RE +.PP +\fB\-K, \-\-key \fR +.RS 4 +master key to use for key derivation + +Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&. +.RE +.PP +\fB\-A, \-\-salt \fR +.RS 4 +master salt to use for key derivation + +Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&. +.RE +.SH "EXAMPLES" +.sp +Add a client with Connection ID (Mux) 12 and add 2 Routes to this client +.sp +.if n \{\ +.RS 4 +.\} +.nf +# anytun\-config \-w 0 \-m 12 \-K 0123456789ABCDEFFEDCBA9876543210 \-A 0123456789ABCDDCBA9876543210 \e + \-R 192\&.0\&.2\&.0/24 \-R 192\&.168\&.1\&.1/32 \-e server >> routingtable +.fi +.if n \{\ +.RE +.\} +.SH "BUGS" +.sp +Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&. +.SH "SEE ALSO" +.sp +anytun(8), anytun\-controld(8), anytun\-showtables(8) +.SH "AUTHORS" +.sp +Othmar Gsenger Erwin Nindl Christian Pointner +.SH "RESOURCES" +.sp +Main web site: http://www\&.anytun\&.org/ +.SH "COPYING" +.sp +Copyright (C) 2007\-2009 Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. -- cgit v1.2.3