From bd0d88050efd3d7664a8ca48c460d83891c854a0 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 27 Feb 2009 18:52:04 +0000 Subject: updated sample config --- etc/uanytun/client2/config | 112 ++++++++++++++++++++++++--------------------- 1 file changed, 59 insertions(+), 53 deletions(-) (limited to 'etc/uanytun/client2/config') diff --git a/etc/uanytun/client2/config b/etc/uanytun/client2/config index 7914976..629e222 100644 --- a/etc/uanytun/client2/config +++ b/etc/uanytun/client2/config @@ -1,67 +1,58 @@ -###----------------------------------------### -### Global Parameters ### -###----------------------------------------### +############################# +## Main options # +############################# -## don't run in background -#nodaemonize +## Client ID +## (has to be unique for each client) +mux 2 -## change user and group after init -username nobody -groupname nogroup - -## chroot to /var/run/anytun -#chroot /var/run/uanytun - -## log to syslog with level of 3 -log syslog:3,uanytun-client2,daemon - -## local anycast(data) ip address to bind to -#interface - -## local anycast(data) port to bind to -#port 4444 - -## the sender id to use (has to be unique for multible anycast servers) -#sender-id 1 +## device type tun = ip/ipv6, tap = ethernet +type tun ## payload encryption algorithm -# cipher null -# cipher aes-ctr-128 -# cipher aes-ctr-192 -# cipher aes-ctr-256 +#cipher null +#cipher aes-ctr-128 +#cipher aes-ctr-192 +#cipher aes-ctr-256 cipher aes-ctr ## message authentication algorithm -# auth-algo null +#auth-algo null auth-algo sha1 +## Passphrase +## this is used to generate the crypto-key and salt +## this should be al least 30 characters +passphrase Creating_VPN_Tunnels_With_Anytun_Is_Easy -## Device name -#dev anytun0 +## The remote host and port +remote-host example.com +remote-port 4444 -# device type tun = ip/ipv6, tap = ethernet -type tun +############################# +## Debug options # +############################# -## Automaticaly configure the interface and set a route -ifconfig 192.168.123.2/24 +## don't run in background +#nodaemonize +## additional log to standard output with a level of 5 +#log stdout:5 -###----------------------------------------### -### Connection Parameters ### -###----------------------------------------### -## remote host -remote-host example.com +############################# +## Expert options # +############################# -## remote port -remote-port 4444 +## log to syslog with a level of 3 +log syslog:3,uanytun-client2,daemon -##seqence number window size -## 0 turns off replay protection (for manualk keying) -window-size 0 +## change user and group after init +username nobody +groupname nogroup -## the multiplex id to use -mux 1 +## chroot to /var/run/uanytun +#chroot /var/run/uanytun ## key derivation pseudo random function #kd-prf null @@ -70,14 +61,29 @@ mux 1 #kd-prf aes-ctr-192 #kd-prf aes-ctr-256 -## log2 of key derivation rate -#ld-kdr 0 +## local ip address to bind to (for tunnel data) +## (if you run an anycast cluster this has to be the anycast ip address) +#interface -## master key to use for encryption -#key 2123456789ABCDEF0123456789ABCDEF +## local port to bind to (for tunnel data) +## make sure to use a different port for every server and client! +port 4444 -## master salt to use for encryption +## Device name +#dev uanytun0 + +## Automaticaly configure the interface an set a route +## +## We highly recommend the use of the post up script to do this +## +## the address hast to be supplied in CIDR notation +#ifconfig / + +## Manually set encryption key and salt +## (this replaces the passphrase) +#key 2123456789ABCDEF0123456789ABCDEF #salt 2123456789ABCD0123456789ABCD -## derive master key and or salt from passphrase -passphrase hello-world-two +## Setting a window size > 0 will enable replay protection +## This most likely will only work with external rekeying +#window-size 0 -- cgit v1.2.3