diff options
Diffstat (limited to 'doc/uanytun.8.txt')
| -rw-r--r-- | doc/uanytun.8.txt | 62 |
1 files changed, 32 insertions, 30 deletions
diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index 1ebed47..ed978d4 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -51,9 +51,9 @@ DESCRIPTION (SATP). It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode. The main difference is that anycast enables the setup of tunnels between an arbitrary combination of anycast, unicast -and multicast hosts. Unlike Anytun which is a full featured implementation -uAnytun has no support for multiple connections or synchronisation. It is a -small single threaded implementation intended to act as a client on small +and multicast hosts. Unlike Anytun which is a full featured implementation +uAnytun has no support for multiple connections or synchronisation. It is a +small single threaded implementation intended to act as a client on small platforms. @@ -69,7 +69,7 @@ passed to the daemon: instead of becoming a daemon which is the default. *-u, --username '<username>'*:: - run as this user. If no group is specified (*-g*) the default group of + run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname '<groupname>'*:: @@ -77,30 +77,30 @@ passed to the daemon: The default is to not drop privileges. *-C, --chroot '<path>'*:: - Instruct *uAnytun* to run in a chroot jail. The default is + Instruct *uAnytun* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid <filename>*:: - Instruct *uAnytun* to write it's pid to this file. The default is + Instruct *uAnytun* to write it's pid to this file. The default is to not create a pid file. *-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*:: add log target to logging system. This can be invoked several times - in order to log to different targets at the same time. Every target + in order to log to different targets at the same time. Every target has its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more than once with different levels. - If no target is provided at the command line a single target with the + If no target is provided at the command line a single target with the config 'syslog:3,uanytun,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]] 'file';; log to file, parameters <level>[,<path>] 'stdout';; log to standard output, parameters <level> - 'stderr';; log to standard error, parameters <level> + 'stderr';; log to standard error, parameters <level> *-U, --debug*:: - This option instructs *uAnytun* to run in debug mode. It implicits *-D* + This option instructs *uAnytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. @@ -155,7 +155,7 @@ passed to the daemon: '<prefix>';; the prefix length of the network *-x, --post-up-script '<script>'*:: - This option instructs *uAnytun* to run this script after the interface + This option instructs *uAnytun* to run this script after the interface is created. By default no script will be executed. *-m, --mux '<mux-id>'*:: @@ -164,9 +164,9 @@ passed to the daemon: *-s, --sender-id '<sender id>'*:: Each anycast tunnel endpoint needs a unique sender id (1, 2, 3, ...). It is needed to distinguish the senders - in case of replay attacks. As *uAnytun* does not support - synchronisation it can't be used as an anycast endpoint therefore - this option is quite useless but implemented for compatibility + in case of replay attacks. As *uAnytun* does not support + synchronisation it can't be used as an anycast endpoint therefore + this option is quite useless but implemented for compatibility reasons. default: 0 *-w, --window-size '<window size>'*:: @@ -185,7 +185,7 @@ passed to the daemon: *-k, --kd--prf '<kd-prf type>'*:: key derivation pseudo random function + - The pseudo random function which is used for calculating the + The pseudo random function which is used for calculating the session keys and session salt. + Possible values: @@ -198,16 +198,16 @@ passed to the daemon: *-e, --role '<role>'*:: SATP uses different session keys for inbound and outbound traffic. The role parameter is used to determine which keys to use for outbound or - inbound packets. On both sides of a vpn connection different roles have - to be used. Possible values are 'left' and 'right'. You may also use - 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as + inbound packets. On both sides of a vpn connection different roles have + to be used. Possible values are 'left' and 'right'. You may also use + 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as a replacement for 'right'. By default 'left' is used. *-E, --passphrase '<pass phrase>'*:: This passphrase is used to generate the master key and master salt. - For the master key the last n bits of the SHA256 digest of the - passphrase (where n is the length of the master key in bits) is used. - The master salt gets generated with the SHA1 digest. + For the master key the last n bits of the SHA256 digest of the + passphrase (where n is the length of the master key in bits) is used. + The master salt gets generated with the SHA1 digest. You may force a specific key and or salt by using *--key* and *--salt*. *-K, --key '<master key>'*:: @@ -236,7 +236,7 @@ passed to the daemon: *-a, --auth-algo '<algo type>'*:: message authentication algorithm + This option sets the message authentication algorithm. + - If HMAC-SHA1 is used, the packet length is increased. The additional bytes + If HMAC-SHA1 is used, the packet length is increased. The additional bytes contain the authentication data. see *--auth-tag-length* for more info. + Possible values: @@ -244,8 +244,8 @@ passed to the daemon: 'sha1';; HMAC-SHA1, default value *-b, --auth-tag-length '<length>'*:: - The number of bytes to use for the auth tag. This value defaults to 10 bytes - unless the 'null' auth algo is used in which case it defaults to 0. + The number of bytes to use for the auth tag. This value defaults to 10 bytes + unless the 'null' auth algo is used in which case it defaults to 0. EXAMPLES @@ -257,17 +257,18 @@ P2P Setup between two unicast enpoints: Host A: ^^^^^^^ -uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \ +uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 -E have_a_very_safe_and_productive_day -e left Host B: ^^^^^^^ -uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \ +uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 -E have_a_very_safe_and_productive_day -e right + One unicast and one anycast tunnel endpoint: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - + Unicast tunnel endpoint: ^^^^^^^^^^^^^^^^^^^^^^^^ @@ -281,6 +282,7 @@ have to use *Anytun* for that job. BUGS ---- + Most likely there are some bugs in *uAnytun*. If you find a bug, please let the developers know at uanytun@anytun.org. Of course, patches are preferred. @@ -300,7 +302,7 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2008-2010 Christian Pointner. This program is free -software: you can redistribute it and/or modify it under the terms -of the GNU General Public License as published by the Free Software +Copyright \(C) 2008-2014 Christian Pointner. This program is free +software: you can redistribute it and/or modify it under the terms +of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. |