From 3ace50d8eef058d378169c913d727bcb7d25a07e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 17 Mar 2009 12:28:56 +0000 Subject: removed key derivation rate entirely added new role based label updated configs and manpages --- src/man/anytun-config.8.txt | 16 ++++++++++------ src/man/anytun.8.txt | 38 +++++++++++++++++++++----------------- 2 files changed, 31 insertions(+), 23 deletions(-) (limited to 'src/man') diff --git a/src/man/anytun-config.8.txt b/src/man/anytun-config.8.txt index 5c0c7a1..8eb2839 100644 --- a/src/man/anytun-config.8.txt +++ b/src/man/anytun-config.8.txt @@ -19,7 +19,7 @@ SYNOPSIS [ *-m|--mux* ] [ *-w|--window-size* ] [ *-k|--kd-prf* ] -[ *-O|--anytun02-compat* ] +[ *-e|--role * ] [ *-E|--passphrase* ] [ *-K|--key* ] [ *-A|--salt* ] @@ -128,11 +128,15 @@ Possible values: * *aes-ctr-192* - AES in counter mode with 192 Bits * *aes-ctr-256* - AES in counter mode with 256 Bits --O|--anytun02-compat -~~~~~~~~~~~~~~~~~~~~ +-e|--role +~~~~~~~~~~~~~~~~ -Enable compatibility mode with version of anytun 0.2.x and prior. -This is for backwards compaitbility to old internet draft of satp. +SATP uses different session keys for inbound and outbound traffic. The +role parameter is used to determine which keys to use for outbound or +inbound packets. On both sides of a vpn connection different roles have +to be used. Possible values are *left* and *right*. You may also use +*alice* or *server* as a replacement for *left* and *bob* or *client* as +a replacement for *right*. By default *left* is used. -E|--passphrase ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -169,7 +173,7 @@ Add a client with Connection ID (Mux) 12 and add 2 Routes to this client ------------------------------------------------------------------------------------------------ # anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \ - -R 192.0.2.0/24 -R 192.168.1.1/32 >> routingtable + -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable ------------------------------------------------------------------------------------------------ BUGS diff --git a/src/man/anytun.8.txt b/src/man/anytun.8.txt index e393b70..05a650c 100644 --- a/src/man/anytun.8.txt +++ b/src/man/anytun.8.txt @@ -35,7 +35,7 @@ SYNOPSIS [ *-s|--sender-id* ] [ *-w|--window-size* ] [ *-k|--kd-prf* ] -[ *-O|--anytun02-compat* ] +[ *-e|--role * ] [ *-E|--passphrase* ] [ *-K|--key* ] [ *-A|--salt* ] @@ -298,11 +298,15 @@ Possible values: * *aes-ctr-192* - AES in counter mode with 192 Bits * *aes-ctr-256* - AES in counter mode with 256 Bits --O|--anytun02-compat -~~~~~~~~~~~~~~~~~~~~ +-e|--role +~~~~~~~~~~~~~~~~ -Enable compatibility mode with version of anytun 0.2.x and prior. -This is for backwards compaitbility to old internet draft of satp. +SATP uses different session keys for inbound and outbound traffic. The +role parameter is used to determine which keys to use for outbound or +inbound packets. On both sides of a vpn connection different roles have +to be used. Possible values are *left* and *right*. You may also use +*alice* or *server* as a replacement for *left* and *bob* or *client* as +a replacement for *right*. By default *left* is used. -E|--passphrase ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -372,12 +376,12 @@ Host A: ^^^^^^^ anytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \ - -E have_a_very_safe_and_productive_day + -E have_a_very_safe_and_productive_day -e left Host B: ^^^^^^^ anytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \ - -E have_a_very_safe_and_productive_day + -E have_a_very_safe_and_productive_day -e right One unicast and one anycast tunnel endpoint: @@ -386,31 +390,31 @@ One unicast and one anycast tunnel endpoint: Unicast tunnel endpoint: ^^^^^^^^^^^^^^^^^^^^^^^^ -anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 +anytun -r anycast.anytun.org -d anytun0 -t tun -n 192.0.2.2/30 -a null -c null -w 0 -e client Anycast tunnel endpoints: ^^^^^^^^^^^^^^^^^^^^^^^^^ On the host with unicast hostname unicast1.anycast.anytun.org and anycast hostname anycast.anytun.org: ---------------------------------------------------------------------------------------- -# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 \ +------------------------------------------------------------------------------------------------- +# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \ -S 2342 -M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342 ---------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------------- On the host with unicast hostname unicast2.anycast.anytun.org and anycast hostname anycast.anytun.org: ---------------------------------------------------------------------------------------- -# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 \ +------------------------------------------------------------------------------------------------- +# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \ -S 2342 -M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342 ---------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------------- On the host with unicast hostname unicast3.anycast.anytun.org and anycast hostname anycast.anytun.org: ---------------------------------------------------------------------------------------- -# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 \ +------------------------------------------------------------------------------------------------- +# anytun -i anycast.anytun.org -d anytun0 -t tun -n 192.0.2.1/30 -a null -c null -w 0 -e server \ -S 2342 -M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342 ---------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------------- For more sophisticated examples (like multiple unicast endpoints to one anycast tunnel endpoint) please consult the man page of anytun-config(8). -- cgit v1.2.3