updated sample config

6 files changed, 201 insertions, 162 deletions

diff --git a/etc/uanytun/client1/config b/etc/uanytun/client1/config
index 65f57a4..702a7a6 100644
--- a/etc/uanytun/client1/config
+++ b/etc/uanytun/client1/config
@@ -1,67 +1,58 @@
-###----------------------------------------###
-### Global Parameters                      ###
-###----------------------------------------###
+#############################
+## Main options             #
+#############################
 
-## don't run in background
-#nodaemonize
-
-## change user and group after init
-username nobody
-groupname nogroup
-
-## chroot to /var/run/anytun
-#chroot /var/run/uanytun
-
-## log to syslog with level of 3
-log syslog:3,uanytun-client1,daemon
-
-## local anycast(data) ip address to bind to
-#interface <ip-address>
-
-## local anycast(data) port to bind to
-#port 4444
+## Client ID
+##  (has to be unique for each client)
+mux 1
 
-## the sender id to use (has to be unique for multible anycast servers)
-#sender-id 1
+## device type tun = ip/ipv6, tap = ethernet
+type tun
 
 ## payload encryption algorithm
-# cipher null
-# cipher aes-ctr-128
-# cipher aes-ctr-192
-# cipher aes-ctr-256
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
 cipher aes-ctr
 
 ## message authentication algorithm
-# auth-algo null
+#auth-algo null
 auth-algo sha1
 
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy
 
-## Device name
-#dev anytun0
+## The remote host and port
+remote-host example.com
+remote-port 4444
 
-# device type tun = ip/ipv6, tap = ethernet
-type tun
+#############################
+## Debug options            #
+#############################
 
-## Automaticaly configure the interface and set a route
-ifconfig 192.168.123.1/24
+## don't run in background
+#nodaemonize
 
+## additional log to standard output with a level of 5
+#log stdout:5
 
-###----------------------------------------###
-### Connection Parameters                  ###
-###----------------------------------------###
 
-## remote host
-remote-host example.com
+#############################
+## Expert options           #
+#############################
 
-## remote port
-remote-port 4444
+## log to syslog with a level of 3
+log syslog:3,uanytun-client1,daemon
 
-##seqence number window size
-## 0 turns off replay protection (for manualk keying)
-window-size 0
+## change user and group after init
+username nobody
+groupname nogroup
 
-## the multiplex id to use
-mux 1
+## chroot to /var/run/uanytun
+#chroot /var/run/uanytun
 
 ## key derivation pseudo random function
 #kd-prf null
@@ -70,14 +61,29 @@ mux 1
 #kd-prf aes-ctr-192
 #kd-prf aes-ctr-256
 
-## log2 of key derivation rate
-#ld-kdr 0
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
 
-## master key to use for encryption
-#key 0123456789ABCDEF0123456789ABCDEF
+## local port to bind to (for tunnel data)
+## make sure to use a different port for every server and client!
+port 4444
 
-## master salt to use for encryption
+## Device name
+#dev uanytun0
+
+## Automaticaly configure the interface an set a route
+##
+## We highly recommend the use of the post up script to do this
+##
+## the address hast to be supplied in CIDR notation
+#ifconfig <local>/<prefix length>
+
+## Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 0123456789ABCDEF0123456789ABCDEF
 #salt 0123456789ABCD0123456789ABCD
 
-## derive master key and or salt from passphrase
-passphrase hello-world-one
+## Setting a window size > 0 will enable replay protection
+## This most likely will only work with external rekeying
+#window-size 0
diff --git a/etc/uanytun/client1/post-up.sh b/etc/uanytun/client1/post-up.sh
index 18c42fb..dd18fe5 100755
--- a/etc/uanytun/client1/post-up.sh
+++ b/etc/uanytun/client1/post-up.sh
@@ -1,5 +1,12 @@
 #!/bin/sh
 
-ip addr add dev $1 fde5:30c9:1984::1/48
+ip link set dev $1 up
+ip link set dev $1 mtu 1400
+ip addr add dev $1 192.168.123.1/24
+ip addr add dev $1 fec0::1/128
+
+# disable ICMP redirects as they don't work within the tunnel
+echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects
+echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects
 
 exit 0
diff --git a/etc/uanytun/client2/config b/etc/uanytun/client2/config
index 7914976..629e222 100644
--- a/etc/uanytun/client2/config
+++ b/etc/uanytun/client2/config
@@ -1,67 +1,58 @@
-###----------------------------------------###
-### Global Parameters                      ###
-###----------------------------------------###
+#############################
+## Main options             #
+#############################
 
-## don't run in background
-#nodaemonize
+## Client ID
+##  (has to be unique for each client)
+mux 2
 
-## change user and group after init
-username nobody
-groupname nogroup
-
-## chroot to /var/run/anytun
-#chroot /var/run/uanytun
-
-## log to syslog with level of 3
-log syslog:3,uanytun-client2,daemon
-
-## local anycast(data) ip address to bind to
-#interface <ip-address>
-
-## local anycast(data) port to bind to
-#port 4444
-
-## the sender id to use (has to be unique for multible anycast servers)
-#sender-id 1
+## device type tun = ip/ipv6, tap = ethernet
+type tun
 
 ## payload encryption algorithm
-# cipher null
-# cipher aes-ctr-128
-# cipher aes-ctr-192
-# cipher aes-ctr-256
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
 cipher aes-ctr
 
 ## message authentication algorithm
-# auth-algo null
+#auth-algo null
 auth-algo sha1
 
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy
 
-## Device name
-#dev anytun0
+## The remote host and port
+remote-host example.com
+remote-port 4444
 
-# device type tun = ip/ipv6, tap = ethernet
-type tun
+#############################
+## Debug options            #
+#############################
 
-## Automaticaly configure the interface and set a route
-ifconfig 192.168.123.2/24
+## don't run in background
+#nodaemonize
 
+## additional log to standard output with a level of 5
+#log stdout:5
 
-###----------------------------------------###
-### Connection Parameters                  ###
-###----------------------------------------###
 
-## remote host
-remote-host example.com
+#############################
+## Expert options           #
+#############################
 
-## remote port
-remote-port 4444
+## log to syslog with a level of 3
+log syslog:3,uanytun-client2,daemon
 
-##seqence number window size
-## 0 turns off replay protection (for manualk keying)
-window-size 0
+## change user and group after init
+username nobody
+groupname nogroup
 
-## the multiplex id to use
-mux 1
+## chroot to /var/run/uanytun
+#chroot /var/run/uanytun
 
 ## key derivation pseudo random function
 #kd-prf null
@@ -70,14 +61,29 @@ mux 1
 #kd-prf aes-ctr-192
 #kd-prf aes-ctr-256
 
-## log2 of key derivation rate
-#ld-kdr 0
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
 
-## master key to use for encryption
-#key 2123456789ABCDEF0123456789ABCDEF
+## local port to bind to (for tunnel data)
+## make sure to use a different port for every server and client!
+port 4444
 
-## master salt to use for encryption
+## Device name
+#dev uanytun0
+
+## Automaticaly configure the interface an set a route
+##
+## We highly recommend the use of the post up script to do this
+##
+## the address hast to be supplied in CIDR notation
+#ifconfig <local>/<prefix length>
+
+## Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 2123456789ABCDEF0123456789ABCDEF
 #salt 2123456789ABCD0123456789ABCD
 
-## derive master key and or salt from passphrase
-passphrase hello-world-two
+## Setting a window size > 0 will enable replay protection
+## This most likely will only work with external rekeying
+#window-size 0
diff --git a/etc/uanytun/client2/post-up.sh b/etc/uanytun/client2/post-up.sh
index d04d6df..9348f47 100755
--- a/etc/uanytun/client2/post-up.sh
+++ b/etc/uanytun/client2/post-up.sh
@@ -1,5 +1,12 @@
 #!/bin/sh
 
-ip addr add dev $1 fde5:30c9:1984::2/48
+ip link set dev $1 up
+ip link set dev $1 mtu 1400
+ip addr add dev $1 192.168.123.2/24
+ip addr add dev $1 fec0::2/128
+
+# disable ICMP redirects as they don't work within the tunnel
+echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects
+echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects
 
 exit 0
diff --git a/etc/uanytun/client3/config b/etc/uanytun/client3/config
index 900e7e9..bf409ac 100644
--- a/etc/uanytun/client3/config
+++ b/etc/uanytun/client3/config
@@ -1,67 +1,58 @@
-###----------------------------------------###
-### Global Parameters                      ###
-###----------------------------------------###
+#############################
+## Main options             #
+#############################
 
-## don't run in background
-#nodaemonize
+## Client ID
+##  (has to be unique for each client)
+mux 3
 
-## change user and group after init
-username nobody
-groupname nogroup
-
-## chroot to /var/run/anytun
-#chroot /var/run/uanytun
-
-## log to syslog with level of 3
-log syslog:3,uanytun-client3,daemon
-
-## local anycast(data) ip address to bind to
-#interface <ip-address>
-
-## local anycast(data) port to bind to
-#port 4444
-
-## the sender id to use (has to be unique for multible anycast servers)
-#sender-id 1
+## device type tun = ip/ipv6, tap = ethernet
+type tun
 
 ## payload encryption algorithm
-# cipher null
-# cipher aes-ctr-128
-# cipher aes-ctr-192
-# cipher aes-ctr-256
+#cipher null
+#cipher aes-ctr-128
+#cipher aes-ctr-192
+#cipher aes-ctr-256
 cipher aes-ctr
 
 ## message authentication algorithm
-# auth-algo null
+#auth-algo null
 auth-algo sha1
 
+## Passphrase
+## this is used to generate the crypto-key and salt
+## this should be al least 30 characters
+passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy
 
-## Device name
-#dev anytun0
+## The remote host and port
+remote-host example.com
+remote-port 4444
 
-# device type tun = ip/ipv6, tap = ethernet
-type tun
+#############################
+## Debug options            #
+#############################
 
-## Automaticaly configure the interface and set a route
-ifconfig 192.168.123.3/24
+## don't run in background
+#nodaemonize
 
+## additional log to standard output with a level of 5
+#log stdout:5
 
-###----------------------------------------###
-### Connection Parameters                  ###
-###----------------------------------------###
 
-## remote host
-remote-host example.com
+#############################
+## Expert options           #
+#############################
 
-## remote port
-remote-port 4444
+## log to syslog with a level of 3
+log syslog:3,uanytun-client3,daemon
 
-##seqence number window size
-## 0 turns off replay protection (for manualk keying)
-window-size 0
+## change user and group after init
+username nobody
+groupname nogroup
 
-## the multiplex id to use
-mux 1
+## chroot to /var/run/uanytun
+#chroot /var/run/uanytun
 
 ## key derivation pseudo random function
 #kd-prf null
@@ -70,14 +61,29 @@ mux 1
 #kd-prf aes-ctr-192
 #kd-prf aes-ctr-256
 
-## log2 of key derivation rate
-#ld-kdr 0
+## local ip address to bind to (for tunnel data)
+## (if you run an anycast cluster this has to be the anycast ip address)
+#interface <ip-address>
 
-## master key to use for encryption
-#key 3123456789ABCDEF0123456789ABCDEF
+## local port to bind to (for tunnel data)
+## make sure to use a different port for every server and client!
+port 4444
 
-## master salt to use for encryption
+## Device name
+#dev uanytun0
+
+## Automaticaly configure the interface an set a route
+##
+## We highly recommend the use of the post up script to do this
+##
+## the address hast to be supplied in CIDR notation
+#ifconfig <local>/<prefix length>
+
+## Manually set encryption key and salt
+## (this replaces the passphrase)
+#key 3123456789ABCDEF0123456789ABCDEF
 #salt 3123456789ABCD0123456789ABCD
 
-## derive master key and or salt from passphrase
-passphrase hello-world-three
+## Setting a window size > 0 will enable replay protection
+## This most likely will only work with external rekeying
+#window-size 0
diff --git a/etc/uanytun/client3/post-up.sh b/etc/uanytun/client3/post-up.sh
index ac4afd7..9348f47 100755
--- a/etc/uanytun/client3/post-up.sh
+++ b/etc/uanytun/client3/post-up.sh
@@ -1,5 +1,12 @@
 #!/bin/sh
 
-ip addr add dev $1 fde5:30c9:1984::3/48
+ip link set dev $1 up
+ip link set dev $1 mtu 1400
+ip addr add dev $1 192.168.123.2/24
+ip addr add dev $1 fec0::2/128
+
+# disable ICMP redirects as they don't work within the tunnel
+echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects
+echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects
 
 exit 0