-'\" t
-.\" Title: uanytun
-.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\" Date: 12/14/2009
-.\" Manual: uanytun user manual
-.\" Source: uanytun 0.3.2
-.\" Language: English
-.\"
-.TH "UANYTUN" "8" "12/14/2009" "uanytun 0.3.2" "uanytun user manual"
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-uanytun \- micro anycast tunneling daemon
-.SH "SYNOPSIS"
-.sp
-.nf
-\fBuanytun\fR
- [ \fB\-h|\-\-help\fR ]
- [ \fB\-D|\-\-nodaemonize\fR ]
- [ \fB\-u|\-\-username\fR <username> ]
- [ \fB\-g|\-\-groupname\fR <groupname> ]
- [ \fB\-C|\-\-chroot\fR <path> ]
- [ \fB\-P|\-\-write\-pid\fR <filename> ]
- [ \fB\-L|\-\-log\fR <target>:<level>[,<param1>[,<param2>[\&.\&.]]] ]
- [ \fB\-i|\-\-interface\fR <ip\-address> ]
- [ \fB\-p|\-\-port\fR <port> ]
- [ \fB\-r|\-\-remote\-host\fR <hostname|ip> ]
- [ \fB\-o|\-\-remote\-port\fR <port> ]
- [ \fB\-4|\-\-ipv4\-only\fR ]
- [ \fB\-6|\-\-ipv6\-only\fR ]
- [ \fB\-d|\-\-dev\fR <name> ]
- [ \fB\-t|\-\-type\fR <tun|tap> ]
- [ \fB\-n|\-\-ifconfig\fR <local>/<prefix> ]
- [ \fB\-x|\-\-post\-up\-script\fR <script> ]
- [ \fB\-m|\-\-mux\fR <mux\-id> ]
- [ \fB\-s|\-\-sender\-id\fR <sender id> ]
- [ \fB\-w|\-\-window\-size\fR <window size> ]
- [ \fB\-k|\-\-kd\-prf\fR <kd\-prf type> ]
- [ \fB\-e|\-\-role\fR <role> ]
- [ \fB\-E|\-\-passphrase\fR <pass phrase> ]
- [ \fB\-K|\-\-key\fR <master key> ]
- [ \fB\-A|\-\-salt\fR <master salt> ]
- [ \fB\-c|\-\-cipher\fR <cipher type> ]
- [ \fB\-a|\-\-auth\-algo\fR <algo type> ]
- [ \fB\-b|\-\-auth\-tag\-length\fR <length> ]
-.fi
-.SH "DESCRIPTION"
-.sp
-\fBuAnytun\fR is a tiny implementation of the Secure Anycast Tunneling Protocol (SATP)\&. It provides a complete VPN solution similar to OpenVPN or IPsec in tunnel mode\&. The main difference is that anycast enables the setup of tunnels between an arbitrary combination of anycast, unicast and multicast hosts\&. Unlike Anytun which is a full featured implementation uAnytun has no support for multiple connections or synchronisation\&. It is a small single threaded implementation intended to act as a client on small platforms\&.
-.SH "OPTIONS"
-.sp
-\fBuAnytun\fR has been designed as a peer to peer application, so there is no difference between client and server\&. The following options can be passed to the daemon:
-.PP
-\fB\-D, \-\-nodaemonize\fR
-.RS 4
-This option instructs
-\fBuAnytun\fR
-to run in foreground instead of becoming a daemon which is the default\&.
-.RE
-.PP
-\fB\-u, \-\-username <username>\fR
-.RS 4
-run as this user\&. If no group is specified (\fB\-g\fR) the default group of the user is used\&. The default is to not drop privileges\&.
-.RE
-.PP
-\fB\-g, \-\-groupname <groupname>\fR
-.RS 4
-run as this group\&. If no username is specified (\fB\-u\fR) this gets ignored\&. The default is to not drop privileges\&.
-.RE
-.PP
-\fB\-C, \-\-chroot <path>\fR
-.RS 4
-Instruct
-\fBuAnytun\fR
-to run in a chroot jail\&. The default is to not run in chroot\&.
-.RE
-.PP
-\fB\-P, \-\-write\-pid <filename>\fR
-.RS 4
-Instruct
-\fBuAnytun\fR
-to write it\(cqs pid to this file\&. The default is to not create a pid file\&.
-.RE
-.PP
-\fB\-L, \-\-log <target>:<level>[,<param1>[,<param2>[\&.\&.]]]\fR
-.RS 4
-add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&.
-
-The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config
-\fBsyslog:3,uanytun,daemon\fR
-is added\&.
-
-The following targets are supported:
-.PP
-\fBsyslog\fR
-.RS 4
-log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
-.RE
-.PP
-\fBfile\fR
-.RS 4
-log to file, parameters <level>[,<path>]
-.RE
-.PP
-\fBstdout\fR
-.RS 4
-log to standard output, parameters <level>
-.RE
-.PP
-\fBstderr\fR
-.RS 4
-log to standard error, parameters <level>
-.RE
-.RE
-.PP
-\fB\-i, \-\-interface <ip address>\fR
-.RS 4
-This IP address is used as the sender address for outgoing packets\&. The default is to not use a special inteface and just bind on all interfaces\&.
-.RE
-.PP
-\fB\-p, \-\-port <port>\fR
-.RS 4
-The local UDP port that is used to send and receive the payload data\&. The two tunnel endpoints can use different ports\&. default: 4444
-.RE
-.PP
-\fB\-r, \-\-remote\-host <hostname|ip>\fR
-.RS 4
-This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&.
-.RE
-.PP
-\fB\-o, \-\-remote\-port <port>\fR
-.RS 4
-The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&.
-.RE
-.PP
-\fB\-4, \-\-ipv4\-only\fR
-.RS 4
-Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
-.RE
-.PP
-\fB\-6, \-\-ipv6\-only\fR
-.RS 4
-Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&.
-.RE
-.PP
-\fB\-d, \-\-dev <name>\fR
-.RS 4
-device name
-
-By default, tapN is used for Ethernet tunnel interfaces, and tunN for IP tunnels, respectively\&. This option can be used to manually override these defaults\&.
-.RE
-.PP
-\fB\-t, \-\-type <tun|tap>\fR
-.RS 4
-device type
-
-Type of the tunnels to create\&. Use tap for Ethernet tunnels, tun for IP tunnels\&.
-.RE
-.PP
-\fB\-n, \-\-ifconfig <local>/<prefix>\fR
-.RS 4
-The local IP address and prefix length\&. The remote tunnel endpoint has to use a different IP address in the same subnet\&.
-.PP
-\fB<local>\fR
-.RS 4
-the local IP address for the tun/tap device
-.RE
-.PP
-\fB<prefix>\fR
-.RS 4
-the prefix length of the network
-.RE
-.RE
-.PP
-\fB\-x, \-\-post\-up\-script <script>\fR
-.RS 4
-This option instructs
-\fBuAnytun\fR
-to run this script after the interface is created\&. By default no script will be executed\&.
-.RE
-.PP
-\fB\-m, \-\-mux <mux\-id>\fR
-.RS 4
-the multiplex id to use\&. default: 0
-.RE
-.PP
-\fB\-s, \-\-sender\-id <sender id>\fR
-.RS 4
-Each anycast tunnel endpoint needs a unique sender id (1, 2, 3, \&...)\&. It is needed to distinguish the senders in case of replay attacks\&. As
-\fBuAnytun\fR
-does not support synchronisation it can\(cqt be used as an anycast endpoint therefore this option is quite useless but implemented for compability reasons\&. default: 0
-.RE
-.PP
-\fB\-w, \-\-window\-size <window size>\fR
-.RS 4
-seqence window size
-
-Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\' sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&.
-.RE
-.PP
-\fB\-k, \-\-kd\(emprf <kd\-prf type>\fR
-.RS 4
-key derivation pseudo random function
-
-The pseudo random function which is used for calculating the session keys and session salt\&.
-
-Possible values:
-.PP
-\fBnull\fR
-.RS 4
-no random function, keys and salt are set to 0\&.\&.00
-.RE
-.PP
-\fBaes\-ctr\fR
-.RS 4
-AES in counter mode with 128 Bits, default value
-.RE
-.PP
-\fBaes\-ctr\-128\fR
-.RS 4
-AES in counter mode with 128 Bits
-.RE
-.PP
-\fBaes\-ctr\-192\fR
-.RS 4
-AES in counter mode with 192 Bits
-.RE
-.PP
-\fBaes\-ctr\-256\fR
-.RS 4
-AES in counter mode with 256 Bits
-.RE
-.RE
-.PP
-\fB\-e, \-\-role <role>\fR
-.RS 4
-SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are
-\fBleft\fR
-and
-\fBright\fR\&. You may also use
-\fBalice\fR
-or
-\fBserver\fR
-as a replacement for
-\fBleft\fR
-and
-\fBbob\fR
-or
-\fBclient\fR
-as a replacement for
-\fBright\fR\&. By default
-\fBleft\fR
-is used\&.
-.RE
-.PP
-\fB\-E, \-\-passphrase <pass phrase>\fR
-.RS 4
-This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using
-\fB\-\-key\fR
-and
-\fB\-\-salt\fR\&.
-.RE
-.PP
-\fB\-K, \-\-key <master key>\fR
-.RS 4
-master key to use for key derivation
-
-Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&.
-.RE
-.PP
-\fB\-A, \-\-salt <master salt>\fR
-.RS 4
-master salt to use for key derivation
-
-Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&.
-.RE
-.PP
-\fB\-c, \-\-cipher <cipher type>\fR
-.RS 4
-payload encryption algorithm
-
-Encryption algorithm used for encrypting the payload
-
-Possible values:
-.PP
-\fBnull\fR
-.RS 4
-no encryption
-.RE
-.PP
-\fBaes\-ctr\fR
-.RS 4
-AES in counter mode with 128 Bits, default value
-.RE
-.PP
-\fBaes\-ctr\-128\fR
-.RS 4
-AES in counter mode with 128 Bits
-.RE
-.PP
-\fBaes\-ctr\-192\fR
-.RS 4
-AES in counter mode with 192 Bits
-.RE
-.PP
-\fBaes\-ctr\-256\fR
-.RS 4
-AES in counter mode with 256 Bits
-.RE
-.RE
-.PP
-\fB\-a, \-\-auth\-algo <algo type>\fR
-.RS 4
-message authentication algorithm
-
-This option sets the message authentication algorithm\&.
-
-If HMAC\-SHA1 is used, the packet length is increased\&. The additional bytes contain the authentication data\&. see
-\fB\-\-auth\-tag\-length\fR
-for more info\&.
-
-Possible values:
-.PP
-\fBnull\fR
-.RS 4
-no message authentication
-.RE
-.PP
-\fBsha1\fR
-.RS 4
-HMAC\-SHA1, default value
-.RE
-.RE
-.PP
-\fB\-b, \-\-auth\-tag\-length <length>\fR
-.RS 4
-The number of bytes to use for the auth tag\&. This value defaults to 10 bytes unless the
-\fBnull\fR
-auth algo is used in which case it defaults to 0\&.
-.RE
-.SH "EXAMPLES"
-.SS "P2P Setup between two unicast enpoints:"
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBHost A:\fR
-.RS 4
-.sp
-uanytun \-r hostb\&.example\&.com \-t tun \-n 192\&.168\&.123\&.1/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e left
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBHost B:\fR
-.RS 4
-.sp
-uanytun \-r hosta\&.example\&.com \-t tun \-n 192\&.168\&.123\&.2/30 \-c aes\-ctr\-256 \-k aes\-ctr\-256 \e \-E have_a_very_safe_and_productive_day \-e right
-.RE
-.SS "One unicast and one anycast tunnel endpoint:"
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBUnicast tunnel endpoint:\fR
-.RS 4
-.sp
-uanytun \-r anycast\&.anytun\&.org \-d anytun0 \-t tun \-n 192\&.0\&.2\&.2/30 \-a null \-c null \-w 0 \-e client
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBAnycast tunnel endpoints:\fR
-.RS 4
-.sp
-As \fBuAnytun\fR can\(cqt work as an anycast endpoint it can\(cqt be used for this purpose\&. You have to use \fBAnytun\fR for that job\&.
-.RE
-.SH "BUGS"
-.sp
-Most likely there are some bugs in \fBuAnytun\fR\&. If you find a bug, please let the developers know at uanytun@anytun\&.org\&. Of course, patches are preferred\&.
-.SH "AUTHORS"
-.sp
-Christian Pointner <equinox@anytun\&.org>
-.SH "RESOURCES"
-.sp
-Main web site: http://www\&.anytun\&.org/
-.SH "COPYING"
-.sp
-Copyright (C) 2008\-2009 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.
projects / debian / uanytun.git / commitdiff