1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
anyrtpproxy(8)
==============
NAME
----
anyrtpproxy - anycast rtpproxy
SYNOPSIS
--------
....
anyrtpproxy
[ -h|--help ]
[ -D|--nodaemonize ]
[ -C|--chroot ]
[ -u|--username <username> ]
[ -H|--chroot-dir <directory> ]
[ -P|--write-pid <filename> ]
[ -i|--interface <ip-address> ]
[ -s|--control <hostname|ip>[:<port>] ]
[ -p|--port-range <start> <end> ]
[ -n|--nat ]
[ -o|--no-nat-once ]
[ -S|--sync-port port> ]
[ -M|--sync-hosts <hostname|ip>:<port>[,<hostname|ip>:<port>[...]] ]
....
DESCRIPTION
-----------
*anyrtpproxy* is a rtpproxy which can be used in combination with anycast. It uses
the same control protocol than rtpproxy though it can be controled through the nathelper
plugin of openser. *anyrtpproxy* uses the same synchronisation protocol than *Anytun*
to sync the session information among all anycast instances.
OPTIONS
-------
*-D, --nodaemonize*::
This option instructs *anyrtpproxy* to run in the foreground
instead of becoming a daemon.
*-C, --chroot*::
chroot and drop privileges
*-u, --username <username>*::
if chroot change to this user
*-H, --chroot-dir <directory>*::
chroot to this directory
*-P, --write-pid <filename>*::
write pid to this file
*-i, --interface <ip address>*::
The local interface to listen on for RTP packets
*-s, --control <hostname|ip>[:<port>]*::
The local address and port to listen on for control messages from openser
*-p, --port-range <start> <end>*::
A pool of ports which should be used by *anyrtpproxy* to relay RTP packets.
The range may not overlap between the anycast instances
*-n, --nat*::
Allow to learn the remote address and port in order to handle clients behind nat.
This option should only be enabled if the source is authenticated (i.e. through
*anytun*)
*-o, --no-nat-once*::
Disable learning of remote address and port in case the first packet does not
come from the client which is specified by openser during configuration. Invoking
this parameter increases the security level of the system but in case of nat needs
a working nat transversal such as stun.
*-S, --sync-port <port>*::
local unicast(sync) port to bind to +
This port is used by anycast hosts to synchronize information about tunnel
endpoints. No payload data is transmitted via this port. +
It is possible to obtain a list of active connections by telnetting into
this port. This port is read-only and unprotected by default. It is advised
to protect this port using firewall rules and, eventually, IPsec.
*-M, --sync-hosts <hostname|ip>:<port>,[<hostname|ip>:<port>[...]]*::
remote hosts to sync with +
Here, one has to specify all unicast IP addresses of all
other anycast hosts that comprise the anycast tunnel endpoint.
EXAMPLES
--------
Anycast Setup with 3 instances:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On the host with unicast hostname unicast1.anycast.anytun.org and anycast
hostname anycast.anytun.org:
--------------------------------------------------------------------------------------
# anyrtpproxy -i anycast.anytun.org -p 20000 25000 -S 2342 \
-M unicast2.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------
On the host with unicast hostname unicast2.anycast.anytun.org and anycast
hostname anycast.anytun.org:
--------------------------------------------------------------------------------------
# anyrtpproxy -i anycast.anytun.org -p 25000 30000 -S 2342 \
-M unicast1.anycast.anytun.org:2342,unicast3.anycast.anytun.org:2342
--------------------------------------------------------------------------------------
On the host with unicast hostname unicast3.anycast.anytun.org and anycast
hostname anycast.anytun.org:
--------------------------------------------------------------------------------------
# anyrtpproxy -i anycast.anytun.org -p 30000 35000 -S 2342 \
-M unicast1.anycast.anytun.org:2342,unicast2.anycast.anytun.org:2342
--------------------------------------------------------------------------------------
BUGS
----
Most likely there are some bugs in *anyrtpproxy*. If you find a bug, please let
the developers know at satp@anytun.org. Of course, patches are preferred.
SEE ALSO
--------
anytun(8)
AUTHORS
-------
Othmar Gsenger <otti@anytun.org>
Erwin Nindl <nine@anytun.org>
Christian Pointner <equinox@anytun.org>
RESOURCES
---------
Main web site: http://www.anytun.org/
COPYING
-------
Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl
and Christian Pointner. This program is free software: you can
redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either
version 3 of the License, or any later version.
|
