From cf901dc485a5d490afa1d76354d8f93894efabf8 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 28 Feb 2009 15:05:28 +0000 Subject: added p2p example configs changed default user name and group improved init script (chroot) --- etc/anytun/client1/config | 6 ++-- etc/anytun/client2/config | 6 ++-- etc/anytun/client3/config | 6 ++-- etc/anytun/p2p-a/config | 82 +++++++++++++++++++++++++++++++++++++++++++++++ etc/anytun/p2p-b/config | 82 +++++++++++++++++++++++++++++++++++++++++++++++ etc/init.d/anytun | 9 +++--- 6 files changed, 178 insertions(+), 13 deletions(-) create mode 100644 etc/anytun/p2p-a/config create mode 100644 etc/anytun/p2p-b/config (limited to 'etc') diff --git a/etc/anytun/client1/config b/etc/anytun/client1/config index a4fc1a0..8e7970a 100644 --- a/etc/anytun/client1/config +++ b/etc/anytun/client1/config @@ -48,10 +48,10 @@ remote-port 4444 log syslog:3,anytun-client1,daemon ## change user and group after init -username nobody -groupname nogroup +username anytun +groupname anytun -## chroot to /var/run/anytun +## chroot to users home directory #chroot /var/run/anytun ## key derivation pseudo random function diff --git a/etc/anytun/client2/config b/etc/anytun/client2/config index e487515..a33419e 100644 --- a/etc/anytun/client2/config +++ b/etc/anytun/client2/config @@ -48,10 +48,10 @@ remote-port 4444 log syslog:3,anytun-client2,daemon ## change user and group after init -username nobody -groupname nogroup +username anytun +groupname anytun -## chroot to /var/run/anytun +## chroot to users home directory #chroot /var/run/anytun ## key derivation pseudo random function diff --git a/etc/anytun/client3/config b/etc/anytun/client3/config index 59bb925..5799470 100644 --- a/etc/anytun/client3/config +++ b/etc/anytun/client3/config @@ -48,10 +48,10 @@ remote-port 4444 log syslog:3,anytun-client3,daemon ## change user and group after init -username nobody -groupname nogroup +username anytun +groupname anytun -## chroot to /var/run/anytun +## chroot to users home directory #chroot /var/run/anytun ## key derivation pseudo random function diff --git a/etc/anytun/p2p-a/config b/etc/anytun/p2p-a/config new file mode 100644 index 0000000..1fa5763 --- /dev/null +++ b/etc/anytun/p2p-a/config @@ -0,0 +1,82 @@ +############################# +## Main options # +############################# + +## device type tun = ip/ipv6, tap = ethernet +type tun + +## Automaticaly configure the interface +## the address hast to be supplied in CIDR notation +ifconfig 192.168.223.1/30 + +## payload encryption algorithm +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 +cipher aes-ctr + +## message authentication algorithm +#auth-algo null +auth-algo sha1 + +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase Creating_P2P_VPN_Tunnels_With_Anytun_Is_Easy + +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface + +## local port to bind to (for tunnel data) +## make sure to use a different port for every server and client! +port 4445 + +## The remote host and port +remote-host p2p-b.example.com +remote-port 4445 + +############################# +## Debug options # +############################# + +## don't run in background +#nodaemonize + +## additional log to standard output with a level of 5 +#log stdout:5 + + +############################# +## Expert options # +############################# + +## log to syslog with a level of 3 +log syslog:3,anytun-p2p-a,daemon + +## change user and group after init +username anytun +groupname anytun + +## chroot to users home directory +#chroot /var/run/anytun + +## key derivation pseudo random function +#kd-prf null +#kd-prf aes-ctr +#kd-prf aes-ctr-128 +#kd-prf aes-ctr-192 +#kd-prf aes-ctr-256 + +## Device name +#dev uanytun0 + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 0123456789ABCDEF0123456789ABCDEF +#salt 0123456789ABCD0123456789ABCD + +## Setting a window size > 0 will enable replay protection +## This most likely will only work with external rekeying +#window-size 0 diff --git a/etc/anytun/p2p-b/config b/etc/anytun/p2p-b/config new file mode 100644 index 0000000..340545a --- /dev/null +++ b/etc/anytun/p2p-b/config @@ -0,0 +1,82 @@ +############################# +## Main options # +############################# + +## device type tun = ip/ipv6, tap = ethernet +type tun + +## Automaticaly configure the interface +## the address hast to be supplied in CIDR notation +ifconfig 192.168.223.2/30 + +## payload encryption algorithm +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 +cipher aes-ctr + +## message authentication algorithm +#auth-algo null +auth-algo sha1 + +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase Creating_P2P_VPN_Tunnels_With_Anytun_Is_Easy + +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface + +## local port to bind to (for tunnel data) +## make sure to use a different port for every server and client! +port 4445 + +## The remote host and port +remote-host p2p-a.example.com +remote-port 4445 + +############################# +## Debug options # +############################# + +## don't run in background +#nodaemonize + +## additional log to standard output with a level of 5 +#log stdout:5 + + +############################# +## Expert options # +############################# + +## log to syslog with a level of 3 +log syslog:3,anytun-p2p-b,daemon + +## change user and group after init +username anytun +groupname anytun + +## chroot to users home directory +#chroot /var/run/anytun + +## key derivation pseudo random function +#kd-prf null +#kd-prf aes-ctr +#kd-prf aes-ctr-128 +#kd-prf aes-ctr-192 +#kd-prf aes-ctr-256 + +## Device name +#dev uanytun0 + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 0123456789ABCDEF0123456789ABCDEF +#salt 0123456789ABCD0123456789ABCD + +## Setting a window size > 0 will enable replay protection +## This most likely will only work with external rekeying +#window-size 0 diff --git a/etc/init.d/anytun b/etc/init.d/anytun index 740c77b..d0299d4 100755 --- a/etc/init.d/anytun +++ b/etc/init.d/anytun @@ -12,8 +12,6 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/anytun ANYTUNCONFIG=/usr/bin/anytun-config CONTROLDAEMON=/usr/bin/anytun-controld -CHROOTDIR='/var/run/anytun' -# DAEMONOPTS="--username nobody --groupname nogroup --chroot $CHROOTDIR" NAME=anytun DESC=anytun CONFIG_DIR=/etc/anytun @@ -31,7 +29,11 @@ start_vpn () { if [ -f $CONFIG_DIR/$NAME/config ] ; then POSTUP='' test -f $CONFIG_DIR/$NAME/post-up.sh && POSTUP="-x $CONFIG_DIR/$NAME/post-up.sh" - DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '` + CHROOTDIR=`grep '^chroot' < $CONFIG_DIR/$NAME/config | sed 's/chroot\s*//'` + if [ -n "$CHROOTDIR" ] ; then + test -d $CHROOTDIR || mkdir -p $CHROOTDIR + fi + DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '` $DAEMON --write-pid /var/run/anytun.$NAME.pid $POSTUP \ $DAEMONOPTS $DAEMONARG || STATUS="FAILED" else @@ -74,7 +76,6 @@ set -e case "$1" in start) echo -n "Starting $DESC:" - test -d $CHROOTDIR || mkdir -p $CHROOTDIR if test -z "$2" ; then if [ -f $CONFIG_DIR/autostart ] ; then for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do -- cgit v1.2.3