diff options
-rw-r--r-- | doc/uanytun.8.txt | 27 | ||||
-rw-r--r-- | src/options.c | 2 |
2 files changed, 28 insertions, 1 deletions
diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index df51dd0..e258a6e 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -28,7 +28,9 @@ SYNOPSIS [ *-m|--mux* <mux-id> ] [ *-c|--cipher* <cipher type> ] [ *-a|--auth-algo* <algo type> ] +[ *-k|--kd-prf* <kd-prf type> ] [ *-l|--ld-kdr* <ld-kdr> ] +[ *-E|--passphrase <pass phrase> ] [ *-K|--key* <master key> ] [ *-A|--salt* <master salt> ] @@ -220,6 +222,22 @@ Possible values: If HMAC-SHA1 is used, the packet length is increased by 10 bytes. These 10 bytes contain the authentication data. +-k|--kd--prf <kd-prf type> +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +key derivation pseudo random function. + +The pseudo random function which is used for calculating the +session keys and session salt. + +Possible values: + +* *null* - no random function, keys and salt are set to 0..00 +* *aes-ctr* - AES in counter mode with 128 Bits, default value +* *aes-ctr-128* - AES in counter mode with 128 Bits +* *aes-ctr-192* - AES in counter mode with 192 Bits +* *aes-ctr-256* - AES in counter mode with 256 Bits + -l|--ld-kdr <ld-kdr> ~~~~~~~~~~~~~~~~~~~~ @@ -231,6 +249,15 @@ for every packet. A value of 1 would tell the key derivation to generate a new key after 2 packets, for 2 its 4 packets and so on. +-E|--passphrase <pass phrase> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This passphrase is used to generate the master key and master salt. +For the master key the last n bits of the SHA256 digest of the +passphrase (where n is the length of the master key in bits) is used. +The master salt gets generated with the SHA1 digest. +This overrides any setting for *--key* or *--salt*. + -K|--key <master key> ~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/options.c b/src/options.c index 31dc498..c751b36 100644 --- a/src/options.c +++ b/src/options.c @@ -239,7 +239,7 @@ void options_default(options_t* opt) opt->ifconfig_param_local_ = NULL; opt->ifconfig_param_remote_netmask_ = NULL; opt->post_up_script_ = NULL; - opt->seq_window_size_ = 100; + opt->seq_window_size_ = 0; #ifndef NO_CRYPT opt->cipher_ = strdup("aes-ctr"); opt->kd_prf_ = strdup("aes-ctr"); |