diff options
Diffstat (limited to 'etc/uanytun')
-rw-r--r-- | etc/uanytun/client1/config | 112 | ||||
-rwxr-xr-x | etc/uanytun/client1/post-up.sh | 9 | ||||
-rw-r--r-- | etc/uanytun/client2/config | 112 | ||||
-rwxr-xr-x | etc/uanytun/client2/post-up.sh | 9 | ||||
-rw-r--r-- | etc/uanytun/client3/config | 112 | ||||
-rwxr-xr-x | etc/uanytun/client3/post-up.sh | 9 |
6 files changed, 201 insertions, 162 deletions
diff --git a/etc/uanytun/client1/config b/etc/uanytun/client1/config index 65f57a4..702a7a6 100644 --- a/etc/uanytun/client1/config +++ b/etc/uanytun/client1/config @@ -1,67 +1,58 @@ -###----------------------------------------### -### Global Parameters ### -###----------------------------------------### +############################# +## Main options # +############################# -## don't run in background -#nodaemonize - -## change user and group after init -username nobody -groupname nogroup - -## chroot to /var/run/anytun -#chroot /var/run/uanytun - -## log to syslog with level of 3 -log syslog:3,uanytun-client1,daemon - -## local anycast(data) ip address to bind to -#interface <ip-address> - -## local anycast(data) port to bind to -#port 4444 +## Client ID +## (has to be unique for each client) +mux 1 -## the sender id to use (has to be unique for multible anycast servers) -#sender-id 1 +## device type tun = ip/ipv6, tap = ethernet +type tun ## payload encryption algorithm -# cipher null -# cipher aes-ctr-128 -# cipher aes-ctr-192 -# cipher aes-ctr-256 +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 cipher aes-ctr ## message authentication algorithm -# auth-algo null +#auth-algo null auth-algo sha1 +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy -## Device name -#dev anytun0 +## The remote host and port +remote-host example.com +remote-port 4444 -# device type tun = ip/ipv6, tap = ethernet -type tun +############################# +## Debug options # +############################# -## Automaticaly configure the interface and set a route -ifconfig 192.168.123.1/24 +## don't run in background +#nodaemonize +## additional log to standard output with a level of 5 +#log stdout:5 -###----------------------------------------### -### Connection Parameters ### -###----------------------------------------### -## remote host -remote-host example.com +############################# +## Expert options # +############################# -## remote port -remote-port 4444 +## log to syslog with a level of 3 +log syslog:3,uanytun-client1,daemon -##seqence number window size -## 0 turns off replay protection (for manualk keying) -window-size 0 +## change user and group after init +username nobody +groupname nogroup -## the multiplex id to use -mux 1 +## chroot to /var/run/uanytun +#chroot /var/run/uanytun ## key derivation pseudo random function #kd-prf null @@ -70,14 +61,29 @@ mux 1 #kd-prf aes-ctr-192 #kd-prf aes-ctr-256 -## log2 of key derivation rate -#ld-kdr 0 +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface <ip-address> -## master key to use for encryption -#key 0123456789ABCDEF0123456789ABCDEF +## local port to bind to (for tunnel data) +## make sure to use a different port for every server and client! +port 4444 -## master salt to use for encryption +## Device name +#dev uanytun0 + +## Automaticaly configure the interface an set a route +## +## We highly recommend the use of the post up script to do this +## +## the address hast to be supplied in CIDR notation +#ifconfig <local>/<prefix length> + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 0123456789ABCDEF0123456789ABCDEF #salt 0123456789ABCD0123456789ABCD -## derive master key and or salt from passphrase -passphrase hello-world-one +## Setting a window size > 0 will enable replay protection +## This most likely will only work with external rekeying +#window-size 0 diff --git a/etc/uanytun/client1/post-up.sh b/etc/uanytun/client1/post-up.sh index 18c42fb..dd18fe5 100755 --- a/etc/uanytun/client1/post-up.sh +++ b/etc/uanytun/client1/post-up.sh @@ -1,5 +1,12 @@ #!/bin/sh -ip addr add dev $1 fde5:30c9:1984::1/48 +ip link set dev $1 up +ip link set dev $1 mtu 1400 +ip addr add dev $1 192.168.123.1/24 +ip addr add dev $1 fec0::1/128 + +# disable ICMP redirects as they don't work within the tunnel +echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects +echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects exit 0 diff --git a/etc/uanytun/client2/config b/etc/uanytun/client2/config index 7914976..629e222 100644 --- a/etc/uanytun/client2/config +++ b/etc/uanytun/client2/config @@ -1,67 +1,58 @@ -###----------------------------------------### -### Global Parameters ### -###----------------------------------------### +############################# +## Main options # +############################# -## don't run in background -#nodaemonize +## Client ID +## (has to be unique for each client) +mux 2 -## change user and group after init -username nobody -groupname nogroup - -## chroot to /var/run/anytun -#chroot /var/run/uanytun - -## log to syslog with level of 3 -log syslog:3,uanytun-client2,daemon - -## local anycast(data) ip address to bind to -#interface <ip-address> - -## local anycast(data) port to bind to -#port 4444 - -## the sender id to use (has to be unique for multible anycast servers) -#sender-id 1 +## device type tun = ip/ipv6, tap = ethernet +type tun ## payload encryption algorithm -# cipher null -# cipher aes-ctr-128 -# cipher aes-ctr-192 -# cipher aes-ctr-256 +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 cipher aes-ctr ## message authentication algorithm -# auth-algo null +#auth-algo null auth-algo sha1 +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy -## Device name -#dev anytun0 +## The remote host and port +remote-host example.com +remote-port 4444 -# device type tun = ip/ipv6, tap = ethernet -type tun +############################# +## Debug options # +############################# -## Automaticaly configure the interface and set a route -ifconfig 192.168.123.2/24 +## don't run in background +#nodaemonize +## additional log to standard output with a level of 5 +#log stdout:5 -###----------------------------------------### -### Connection Parameters ### -###----------------------------------------### -## remote host -remote-host example.com +############################# +## Expert options # +############################# -## remote port -remote-port 4444 +## log to syslog with a level of 3 +log syslog:3,uanytun-client2,daemon -##seqence number window size -## 0 turns off replay protection (for manualk keying) -window-size 0 +## change user and group after init +username nobody +groupname nogroup -## the multiplex id to use -mux 1 +## chroot to /var/run/uanytun +#chroot /var/run/uanytun ## key derivation pseudo random function #kd-prf null @@ -70,14 +61,29 @@ mux 1 #kd-prf aes-ctr-192 #kd-prf aes-ctr-256 -## log2 of key derivation rate -#ld-kdr 0 +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface <ip-address> -## master key to use for encryption -#key 2123456789ABCDEF0123456789ABCDEF +## local port to bind to (for tunnel data) +## make sure to use a different port for every server and client! +port 4444 -## master salt to use for encryption +## Device name +#dev uanytun0 + +## Automaticaly configure the interface an set a route +## +## We highly recommend the use of the post up script to do this +## +## the address hast to be supplied in CIDR notation +#ifconfig <local>/<prefix length> + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 2123456789ABCDEF0123456789ABCDEF #salt 2123456789ABCD0123456789ABCD -## derive master key and or salt from passphrase -passphrase hello-world-two +## Setting a window size > 0 will enable replay protection +## This most likely will only work with external rekeying +#window-size 0 diff --git a/etc/uanytun/client2/post-up.sh b/etc/uanytun/client2/post-up.sh index d04d6df..9348f47 100755 --- a/etc/uanytun/client2/post-up.sh +++ b/etc/uanytun/client2/post-up.sh @@ -1,5 +1,12 @@ #!/bin/sh -ip addr add dev $1 fde5:30c9:1984::2/48 +ip link set dev $1 up +ip link set dev $1 mtu 1400 +ip addr add dev $1 192.168.123.2/24 +ip addr add dev $1 fec0::2/128 + +# disable ICMP redirects as they don't work within the tunnel +echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects +echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects exit 0 diff --git a/etc/uanytun/client3/config b/etc/uanytun/client3/config index 900e7e9..bf409ac 100644 --- a/etc/uanytun/client3/config +++ b/etc/uanytun/client3/config @@ -1,67 +1,58 @@ -###----------------------------------------### -### Global Parameters ### -###----------------------------------------### +############################# +## Main options # +############################# -## don't run in background -#nodaemonize +## Client ID +## (has to be unique for each client) +mux 3 -## change user and group after init -username nobody -groupname nogroup - -## chroot to /var/run/anytun -#chroot /var/run/uanytun - -## log to syslog with level of 3 -log syslog:3,uanytun-client3,daemon - -## local anycast(data) ip address to bind to -#interface <ip-address> - -## local anycast(data) port to bind to -#port 4444 - -## the sender id to use (has to be unique for multible anycast servers) -#sender-id 1 +## device type tun = ip/ipv6, tap = ethernet +type tun ## payload encryption algorithm -# cipher null -# cipher aes-ctr-128 -# cipher aes-ctr-192 -# cipher aes-ctr-256 +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 cipher aes-ctr ## message authentication algorithm -# auth-algo null +#auth-algo null auth-algo sha1 +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy -## Device name -#dev anytun0 +## The remote host and port +remote-host example.com +remote-port 4444 -# device type tun = ip/ipv6, tap = ethernet -type tun +############################# +## Debug options # +############################# -## Automaticaly configure the interface and set a route -ifconfig 192.168.123.3/24 +## don't run in background +#nodaemonize +## additional log to standard output with a level of 5 +#log stdout:5 -###----------------------------------------### -### Connection Parameters ### -###----------------------------------------### -## remote host -remote-host example.com +############################# +## Expert options # +############################# -## remote port -remote-port 4444 +## log to syslog with a level of 3 +log syslog:3,uanytun-client3,daemon -##seqence number window size -## 0 turns off replay protection (for manualk keying) -window-size 0 +## change user and group after init +username nobody +groupname nogroup -## the multiplex id to use -mux 1 +## chroot to /var/run/uanytun +#chroot /var/run/uanytun ## key derivation pseudo random function #kd-prf null @@ -70,14 +61,29 @@ mux 1 #kd-prf aes-ctr-192 #kd-prf aes-ctr-256 -## log2 of key derivation rate -#ld-kdr 0 +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface <ip-address> -## master key to use for encryption -#key 3123456789ABCDEF0123456789ABCDEF +## local port to bind to (for tunnel data) +## make sure to use a different port for every server and client! +port 4444 -## master salt to use for encryption +## Device name +#dev uanytun0 + +## Automaticaly configure the interface an set a route +## +## We highly recommend the use of the post up script to do this +## +## the address hast to be supplied in CIDR notation +#ifconfig <local>/<prefix length> + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 3123456789ABCDEF0123456789ABCDEF #salt 3123456789ABCD0123456789ABCD -## derive master key and or salt from passphrase -passphrase hello-world-three +## Setting a window size > 0 will enable replay protection +## This most likely will only work with external rekeying +#window-size 0 diff --git a/etc/uanytun/client3/post-up.sh b/etc/uanytun/client3/post-up.sh index ac4afd7..9348f47 100755 --- a/etc/uanytun/client3/post-up.sh +++ b/etc/uanytun/client3/post-up.sh @@ -1,5 +1,12 @@ #!/bin/sh -ip addr add dev $1 fde5:30c9:1984::3/48 +ip link set dev $1 up +ip link set dev $1 mtu 1400 +ip addr add dev $1 192.168.123.2/24 +ip addr add dev $1 fec0::2/128 + +# disable ICMP redirects as they don't work within the tunnel +echo 0 > /proc/sys/net/ipv4/conf/$1/send_redirects +echo 0 > /proc/sys/net/ipv4/conf/$1/accept_redirects exit 0 |