(SATP). It provides a complete VPN solution similar to OpenVPN or
IPsec in tunnel mode. The main difference is that anycast enables the
setup of tunnels between an arbitrary combination of anycast, unicast
-and multicast hosts. Unlike Anytun which is a full featured implementation
-uAnytun has no support for multiple connections or synchronisation. It is a
-small single threaded implementation intended to act as a client on small
+and multicast hosts. Unlike Anytun which is a full featured implementation
+uAnytun has no support for multiple connections or synchronisation. It is a
+small single threaded implementation intended to act as a client on small
platforms.
instead of becoming a daemon which is the default.
*-u, --username '<username>'*::
- run as this user. If no group is specified (*-g*) the default group of
+ run as this user. If no group is specified (*-g*) the default group of
the user is used. The default is to not drop privileges.
*-g, --groupname '<groupname>'*::
The default is to not drop privileges.
*-C, --chroot '<path>'*::
- Instruct *uAnytun* to run in a chroot jail. The default is
+ Instruct *uAnytun* to run in a chroot jail. The default is
to not run in chroot.
*-P, --write-pid <filename>*::
- Instruct *uAnytun* to write it's pid to this file. The default is
+ Instruct *uAnytun* to write it's pid to this file. The default is
to not create a pid file.
*-L, --log '<target>:<level>[,<param1>[,<param2>[..]]]'*::
add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
+ in order to log to different targets at the same time. Every target
+ has its own log level which is a number between 0 and 5. Where 0 means
disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
+ The file target can be used more than once with different levels.
+ If no target is provided at the command line a single target with the
config 'syslog:3,uanytun,daemon' is added. +
The following targets are supported:
'syslog';; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
'file';; log to file, parameters <level>[,<path>]
'stdout';; log to standard output, parameters <level>
- 'stderr';; log to standard error, parameters <level>
+ 'stderr';; log to standard error, parameters <level>
*-U, --debug*::
- This option instructs *uAnytun* to run in debug mode. It implicits *-D*
+ This option instructs *uAnytun* to run in debug mode. It implicits *-D*
(don't daemonize) and adds a log target with the configuration
'stdout:5' (logging with maximum level). In future releases there might
be additional output when this option is supplied.
'<prefix>';; the prefix length of the network
*-x, --post-up-script '<script>'*::
- This option instructs *uAnytun* to run this script after the interface
+ This option instructs *uAnytun* to run this script after the interface
is created. By default no script will be executed.
*-m, --mux '<mux-id>'*::
*-s, --sender-id '<sender id>'*::
Each anycast tunnel endpoint needs a unique sender id
(1, 2, 3, ...). It is needed to distinguish the senders
- in case of replay attacks. As *uAnytun* does not support
- synchronisation it can't be used as an anycast endpoint therefore
- this option is quite useless but implemented for compatibility
+ in case of replay attacks. As *uAnytun* does not support
+ synchronisation it can't be used as an anycast endpoint therefore
+ this option is quite useless but implemented for compatibility
reasons. default: 0
*-w, --window-size '<window size>'*::
*-k, --kd--prf '<kd-prf type>'*::
key derivation pseudo random function +
- The pseudo random function which is used for calculating the
+ The pseudo random function which is used for calculating the
session keys and session salt. +
Possible values:
*-e, --role '<role>'*::
SATP uses different session keys for inbound and outbound traffic. The
role parameter is used to determine which keys to use for outbound or
- inbound packets. On both sides of a vpn connection different roles have
- to be used. Possible values are 'left' and 'right'. You may also use
- 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as
+ inbound packets. On both sides of a vpn connection different roles have
+ to be used. Possible values are 'left' and 'right'. You may also use
+ 'alice' or 'server' as a replacement for 'left' and 'bob' or 'client' as
a replacement for 'right'. By default 'left' is used.
*-E, --passphrase '<pass phrase>'*::
This passphrase is used to generate the master key and master salt.
- For the master key the last n bits of the SHA256 digest of the
- passphrase (where n is the length of the master key in bits) is used.
- The master salt gets generated with the SHA1 digest.
+ For the master key the last n bits of the SHA256 digest of the
+ passphrase (where n is the length of the master key in bits) is used.
+ The master salt gets generated with the SHA1 digest.
You may force a specific key and or salt by using *--key* and *--salt*.
*-K, --key '<master key>'*::
*-a, --auth-algo '<algo type>'*::
message authentication algorithm +
This option sets the message authentication algorithm. +
- If HMAC-SHA1 is used, the packet length is increased. The additional bytes
+ If HMAC-SHA1 is used, the packet length is increased. The additional bytes
contain the authentication data. see *--auth-tag-length* for more info. +
Possible values:
'sha1';; HMAC-SHA1, default value
*-b, --auth-tag-length '<length>'*::
- The number of bytes to use for the auth tag. This value defaults to 10 bytes
- unless the 'null' auth algo is used in which case it defaults to 0.
+ The number of bytes to use for the auth tag. This value defaults to 10 bytes
+ unless the 'null' auth algo is used in which case it defaults to 0.
EXAMPLES
Host A:
^^^^^^^
-uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256 \
+uanytun -r hostb.example.com -t tun -n 192.168.123.1/30 -c aes-ctr-256 -k aes-ctr-256
-E have_a_very_safe_and_productive_day -e left
Host B:
^^^^^^^
-uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256 \
+uanytun -r hosta.example.com -t tun -n 192.168.123.2/30 -c aes-ctr-256 -k aes-ctr-256
-E have_a_very_safe_and_productive_day -e right
+
One unicast and one anycast tunnel endpoint:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
+
Unicast tunnel endpoint:
^^^^^^^^^^^^^^^^^^^^^^^^
BUGS
----
+
Most likely there are some bugs in *uAnytun*. If you find a bug, please let
the developers know at uanytun@anytun.org. Of course, patches are preferred.
COPYING
-------
-Copyright \(C) 2008-2010 Christian Pointner. This program is free
-software: you can redistribute it and/or modify it under the terms
-of the GNU General Public License as published by the Free Software
+Copyright \(C) 2008-2014 Christian Pointner. This program is free
+software: you can redistribute it and/or modify it under the terms
+of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or any later version.
projects / debian / uanytun.git / blobdiff