From 041985d1488f81ba1cc060721eb5290fdc52dd0a Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 25 Nov 2008 14:08:42 +0000 Subject: updated manpages some cleanups --- src/man/anytun-config.8.txt | 10 ++++-- src/man/anytun-controld.8.txt | 30 +++++++++++------- src/man/anytun.8.txt | 74 ++++++++++++++++++++++++++++--------------- 3 files changed, 74 insertions(+), 40 deletions(-) (limited to 'src/man') diff --git a/src/man/anytun-config.8.txt b/src/man/anytun-config.8.txt index d0b5798..5f0f2db 100644 --- a/src/man/anytun-config.8.txt +++ b/src/man/anytun-config.8.txt @@ -42,7 +42,9 @@ the first data packet. remote port The UDP port used for payload data by the remote host -(specified with -p on the remote host). +(specified with -p on the remote host). If you do not specify +a port, it is automatically determined after receiving +the first data packet. -w|--window-size ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -58,11 +60,13 @@ the list anymore, this is interpreted as a replay attack and the packet is dropped. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number. +By default the sequence window is disabled and therefore a +window size of 0 is used. -m|--mux ~~~~~~~~~~~~~~~~~ -the multiplex id to use +the multiplex id to use. default: 0 -K|--key ~~~~~~~~~~~~~~~~~~~~~ @@ -85,7 +89,7 @@ of 28 characters (14 bytes). -R|--route / ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -add a route to connection, can be invoked several times +add a route to connection. This can be invoked several times. EXAMPLES diff --git a/src/man/anytun-controld.8.txt b/src/man/anytun-controld.8.txt index 030af72..e97daac 100644 --- a/src/man/anytun-controld.8.txt +++ b/src/man/anytun-controld.8.txt @@ -11,7 +11,7 @@ SYNOPSIS *anytun-controld* [ *-h|--help* ] [ *-f|--file* ] -[ *-X|--control-host* ] +[ *-X|--control-host* < [:port>] | : > ] [ *-D|--nodaemonize* ] [ *-C|--chroot* ] [ *-u|--username* ] @@ -21,7 +21,7 @@ SYNOPSIS DESCRIPTION ----------- -*anytun-controld* provides the multi-connection support for *anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *anytun* servers. When the control daemon is restarted with a new connection/routing table all *anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys. +*anytun-controld* configures the multi-connection support for *anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *anytun* servers. When the control daemon is restarted with a new connection/routing table all *anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys. OPTIONS ------- @@ -29,38 +29,46 @@ OPTIONS -f|--file ~~~~~~~~~~~~~~~~ -path to config file +The path to the config file. --X|--control-host : -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-X|--control-host < [:] | : > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -local ip address and tcp port to bind to +The local ip address and or tcp port to bind to. Mind that if an +address is given the port can be omitted in which case port 2323 +is used. You can also specify to listen on an specific port but on +all interfaces by omitting the address. If you want to specify an +ipv6 address and a port you have to use [ and ] to seperate the address +from the port, eg.: [::1]:1234. If you want to use the default port +[ and ] can be omitted. default: 127.0.0.1:2323 -D|--nodaemonize ~~~~~~~~~~~~~~~~ This option instructs *anytun-controld* to run in the foreground -instead of becoming a daemon. +instead of becoming a daemon which is the default. -C|--chroot ~~~~~~~~~~~ -chroot and drop privileges +Instruct *anytun* to run in a chroot chail and drop privileges. The +default is not to run in chroot. -u|--username ~~~~~~~~~~~~~~~~~~~~~~~~ -if chroot change to this user +if chroot change to this user. default: nobody -H|--chroot-dir ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -chroot to this directory +chroot to this directory. default: /var/run/anytun-controld -P|--write-pid ~~~~~~~~~~~~~~~~~~~~~ -write pid to this file +Instruct *anytun-controld* to write it's pid to this file. +The default is not to create a pid file. BUGS diff --git a/src/man/anytun.8.txt b/src/man/anytun.8.txt index 72162f2..6a6dd0f 100644 --- a/src/man/anytun.8.txt +++ b/src/man/anytun.8.txt @@ -20,8 +20,8 @@ SYNOPSIS [ *-p|--port* ] [ *-I|--sync-interface* ] [ *-S|--sync-port* port> ] -[ *-M|--sync-hosts* :[,:[...]] ] -[ *-X|--control-host* : +[ *-M|--sync-hosts* [:][,[:][...]] ] +[ *-X|--control-host* [:] [ *-r|--remote-host* ] [ *-o|--remote-port* ] [ *-d|--dev* ] @@ -55,28 +55,29 @@ passed to the daemon: ~~~~~~~~~~~~~~~~ This option instructs *anytun* to run in the foreground -instead of becoming a daemon. - +instead of becoming a daemon which is the default. -C|--chroot ~~~~~~~~~~~ -chroot and drop privileges +Instruct *anytun* to run in a chroot chail and drop privileges. The +default is not to run in chroot. -u|--username ~~~~~~~~~~~~~~~~~~~~~~~~ -if chroot change to this user +if chroot change to this user. default: nobody -H|--chroot-dir ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -chroot to this directory +chroot to this directory. default: /var/run/anytun -P|--write-pid ~~~~~~~~~~~~~~~~~~~~~~~~~ -write pid to this file +Instruct *anytun* to write it's pid to this file. The default is +not to create a pid file. -s|--sender-id ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -84,7 +85,7 @@ write pid to this file Each anycast tunnel endpoint needs a uniqe sender id (1, 2, 3, ...). It is needed to distinguish the senders in case of replay attacks. This option is ignored by -unicast endpoints. +unicast endpoints. default: 0 -i|--interface ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -93,7 +94,8 @@ This IP address is used as the sender address for outgoing packets. In case of anycast tunnel endpoints, the anycast IP has to be used. In case of unicast endpoints, the address is usually derived correctly from the routing -table. +table. The default is to not use a special inteface and just +bind on all interfaces. -p|--port ~~~~~~~~~~~~~~~~ @@ -103,7 +105,7 @@ local anycast(data) port to bind to The local UDP port that is used to send and receive the payload data. The two tunnel endpoints can use different ports. If a tunnel endpoint consists of multiple anycast -hosts, all hosts have to use the same port. +hosts, all hosts have to use the same port. default: 4444 -I|--sync-interface ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -113,7 +115,9 @@ local unicast(sync) ip address to bind to This option is only needed for tunnel endpoints consisting of multiple anycast hosts. The unicast IP address of the anycast host can be used here. This is needed for -communication with the other anycast hosts. +communication with the other anycast hosts. The default is to +not use a special inteface and just bind on all interfaces. However +this is only the case if synchronisation is active see *--sync-port*. -S|--sync-port ~~~~~~~~~~~~~~~~~~~~~ @@ -124,26 +128,38 @@ This option is only needed for tunnel endpoints consisting of multiple anycast hosts. This port is used by anycast hosts to synchronize information about tunnel endpoints. No payload data is transmitted via this port. +By default the synchronisation is disabled an therefore the +port is kept empty. It is possible to obtain a list of active connections by telnetting into this port. This port is read-only and unprotected by default. It is advised to protect this port using firewall rules and, eventually, IPsec. --M|--sync-hosts :,[:[...]] -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-M|--sync-hosts [:],[[:][...]] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ remote hosts to sync with This option is only needed for tunnel endpoints consisting of multiple anycast hosts. Here, one has to specify all unicast IP addresses of all other anycast hosts that -comprise the anycast tunnel endpoint. - --X|--control-host : -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -fetch the config from this host +comprise the anycast tunnel endpoint. By default synchronisation is +disabled and therefore this is empty. Mind that the port can be +omitted in which case port 2323 is used. If you want to specify an +ipv6 address and a port you have to use [ and ] to seperate the address +from the port, eg.: [::1]:1234. If you want to use the default port +[ and ] can be omitted. + +-X|--control-host [:] +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +fetch the config from this host. The default is not to use a control +host and therefore this is empty. Mind that the port can be omitted +in which case port 2323 is used. If you want to specify an +ipv6 address and a port you have to use [ and ] to seperate the address +from the port, eg.: [::1]:1234. If you want to use the default port +[ and ] can be omitted. -r|--remote-host ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -161,7 +177,9 @@ the first data packet. remote port The UDP port used for payload data by the remote host -(specified with -p on the remote host). +(specified with -p on the remote host). If you do not specify +a port, it is automatically determined after receiving +the first data packet. -d|--dev ~~~~~~~~~~~~~~~ @@ -195,14 +213,15 @@ has to use a different IP address in the same subnet. In tun/IP tunnel mode: -The local IP address of the tunnel interface ant the +The local IP address of the tunnel interface and the IP address of the tunnel interface on the remote tunnel endpoint. -x|--post-up-script