X-Git-Url: https://git.syn-net.org/debian/?a=blobdiff_plain;f=src%2Fman%2Fanytun-config.8.txt;h=6a80b4d1bedeb5227d8f585e2972a739c10b7ba9;hb=f9ad69dfae6bcec427652b0c4230603e465bd544;hp=8eb2839f989f16d6cb32954faac61d16992482e4;hpb=058ae090a970436caec3b3059e9e18b310dd6b0d;p=anytun.git diff --git a/src/man/anytun-config.8.txt b/src/man/anytun-config.8.txt index 8eb2839..6a80b4d 100644 --- a/src/man/anytun-config.8.txt +++ b/src/man/anytun-config.8.txt @@ -8,21 +8,23 @@ anytun-config - anycast tunneling configuration utility SYNOPSIS -------- -*anytun-config* -[ *-h|--help* ] -[ *-L|--log* :[,[,[..]]] -[ *-r|--remote-host* ] -[ *-o|--remote-port* ] -[ *-4|--ipv4-only* ] -[ *-6|--ipv6-only* ] -[ *-R|--route* / ] -[ *-m|--mux* ] -[ *-w|--window-size* ] -[ *-k|--kd-prf* ] -[ *-e|--role * ] -[ *-E|--passphrase* ] -[ *-K|--key* ] -[ *-A|--salt* ] +.... +anytun-config + [ -h|--help ] + [ -L|--log :[,[,[..]]] + [ -r|--remote-host ] + [ -o|--remote-port ] + [ -4|--ipv4-only ] + [ -6|--ipv6-only ] + [ -R|--route / ] + [ -m|--mux ] + [ -w|--window-size ] + [ -k|--kd-prf ] + [ -e|--role ] + [ -E|--passphrase ] + [ -K|--key ] + [ -A|--salt ] +.... DESCRIPTION ----------- @@ -32,138 +34,100 @@ DESCRIPTION OPTIONS ------- --L|--log :[,[,[..]]] -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -add log target to logging system. This can be invoked several times -in order to log to different targets at the same time. Every target -hast its own log level which is a number between 0 and 5. Where 0 means -disabling log and 5 means debug messages are enabled. - -The following targets are supported: - -* *syslog* - log to syslog daemon, parameters [,[,]] -* *file* - log to file, parameters [,] -* *stdout* - log to standard output, parameters -* *stderr* - log to standard error, parameters - -The file target can be used more the once with different levels. -If no target is provided at the command line a single target with the -following config is added: - -*syslog:3,uanytun,daemon* - --r|--remote-host -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -remote host - -This option can be used to specify the remote tunnel -endpoint. In case of anycast tunnel endpoints, the -anycast IP address has to be used. If you do not specify -an address, it is automatically determined after receiving -the first data packet. - --o|--remote-port -~~~~~~~~~~~~~~~~~~~~~~~ -remote port - -The UDP port used for payload data by the remote host -(specified with -p on the remote host). If you do not specify -a port, it is automatically determined after receiving -the first data packet. - --4|--ipv4-only -~~~~~~~~~~~~~~ - -Resolv to IPv4 addresses only. The default is to resolv both -IPv4 and IPv6 addresses. - --6|--ipv6-only -~~~~~~~~~~~~~~ - -Resolv to IPv6 addresses only. The default is to resolv both -IPv4 and IPv6 addresses. - --R|--route / -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -add a route to connection. This can be invoked several times. - --m|--mux -~~~~~~~~~~~~~~~~~ - -the multiplex id to use. default: 0 - --w|--window-size -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -seqence window size - -Sometimes, packets arrive out of order on the receiver -side. This option defines the size of a list of received -packets' sequence numbers. If, according to this list, -a received packet has been previously received or has -been transmitted in the past, and is therefore not in -the list anymore, this is interpreted as a replay attack -and the packet is dropped. A value of 0 deactivates this -list and, as a consequence, the replay protection employed -by filtering packets according to their secuence number. -By default the sequence window is disabled and therefore a -window size of 0 is used. - --k|--kd--prf -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -key derivation pseudo random function. - -The pseudo random function which is used for calculating the -session keys and session salt. - -Possible values: - -* *null* - no random function, keys and salt are set to 0..00 -* *aes-ctr* - AES in counter mode with 128 Bits, default value -* *aes-ctr-128* - AES in counter mode with 128 Bits -* *aes-ctr-192* - AES in counter mode with 192 Bits -* *aes-ctr-256* - AES in counter mode with 256 Bits - --e|--role -~~~~~~~~~~~~~~~~ - -SATP uses different session keys for inbound and outbound traffic. The -role parameter is used to determine which keys to use for outbound or -inbound packets. On both sides of a vpn connection different roles have -to be used. Possible values are *left* and *right*. You may also use -*alice* or *server* as a replacement for *left* and *bob* or *client* as -a replacement for *right*. By default *left* is used. - --E|--passphrase -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This passphrase is used to generate the master key and master salt. -For the master key the last n bits of the SHA256 digest of the -passphrase (where n is the length of the master key in bits) is used. -The master salt gets generated with the SHA1 digest. -You may force a specific key and or salt by using *--key* and *--salt*. - --K|--key -~~~~~~~~~~~~~~~~~~~~~ - -master key to use for key derivation - -Master key in hexadecimal notation, eg -01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length -of 32, 48 or 64 characters (128, 192 or 256 bits). - --A|--salt -~~~~~~~~~~~~~~~~~~~~~~~ - -master salt to use for key derivation - -Master salt in hexadecimal notation, eg -01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length -of 28 characters (14 bytes). +*-L, --log :[,[,[..]]]*:: + add log target to logging system. This can be invoked several times + in order to log to different targets at the same time. Every target + hast its own log level which is a number between 0 and 5. Where 0 means + disabling log and 5 means debug messages are enabled. + + The file target can be used more the once with different levels. + If no target is provided at the command line a single target with the + config *syslog:3,anytun-config,daemon* is added. + + The following targets are supported: + + *syslog*;; log to syslog daemon, parameters [,[,]] + *file*;; log to file, parameters [,] + *stdout*;; log to standard output, parameters + *stderr*;; log to standard error, parameters + +*-r, --remote-host *:: + This option can be used to specify the remote tunnel + endpoint. In case of anycast tunnel endpoints, the + anycast IP address has to be used. If you do not specify + an address, it is automatically determined after receiving + the first data packet. + +*-o, --remote-port *:: + The UDP port used for payload data by the remote host + (specified with -p on the remote host). If you do not specify + a port, it is automatically determined after receiving + the first data packet. + +*-4, --ipv4-only*:: + Resolv to IPv4 addresses only. The default is to resolv both + IPv4 and IPv6 addresses. + +*-6, --ipv6-only*:: + Resolv to IPv6 addresses only. The default is to resolv both + IPv4 and IPv6 addresses. + +*-R, --route /*:: + add a route to connection. This can be invoked several times. + +*-m, --mux *:: + the multiplex id to use. default: 0 + +*-w, --window-size *:: + seqence window size + + Sometimes, packets arrive out of order on the receiver + side. This option defines the size of a list of received + packets' sequence numbers. If, according to this list, + a received packet has been previously received or has + been transmitted in the past, and is therefore not in + the list anymore, this is interpreted as a replay attack + and the packet is dropped. A value of 0 deactivates this + list and, as a consequence, the replay protection employed + by filtering packets according to their secuence number. + By default the sequence window is disabled and therefore a + window size of 0 is used. + +*-k, --kd--prf *:: + key derivation pseudo random function + + The pseudo random function which is used for calculating the + session keys and session salt. + + Possible values: + + *null*;; no random function, keys and salt are set to 0..00 + *aes-ctr*;; AES in counter mode with 128 Bits, default value + *aes-ctr-128*;; AES in counter mode with 128 Bits + *aes-ctr-192*;; AES in counter mode with 192 Bits + *aes-ctr-256*;; AES in counter mode with 256 Bits + +*-e, --role *:: + SATP uses different session keys for inbound and outbound traffic. The + role parameter is used to determine which keys to use for outbound or + inbound packets. On both sides of a vpn connection different roles have + to be used. Possible values are *left* and *right*. You may also use + *alice* or *server* as a replacement for *left* and *bob* or *client* as + a replacement for *right*. By default *left* is used. + +*-E, --passphrase *:: + This passphrase is used to generate the master key and master salt. + For the master key the last n bits of the SHA256 digest of the + passphrase (where n is the length of the master key in bits) is used. + The master salt gets generated with the SHA1 digest. + You may force a specific key and or salt by using *--key* and *--salt*. + +*-K, --key *:: + master key to use for key derivation + + Master key in hexadecimal notation, e.g. + 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length + of 32, 48 or 64 characters (128, 192 or 256 bits). + +*-A, --salt *:: + master salt to use for key derivation + + Master salt in hexadecimal notation, e.g. + 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length + of 28 characters (14 bytes). EXAMPLES @@ -178,7 +142,7 @@ Add a client with Connection ID (Mux) 12 and add 2 Routes to this client BUGS ---- -Most likely there are some bugs in *anytun*. If you find a bug, please let +Most likely there are some bugs in *Anytun*. If you find a bug, please let the developers know at satp@anytun.org. Of course, patches are preferred. SEE ALSO @@ -187,19 +151,11 @@ anytun(8), anytun-controld(8), anytun-showtables(8) AUTHORS ------- -Design of SATP and wizards of this implementation: Othmar Gsenger Erwin Nindl Christian Pointner -Debian packaging: - -Andreas Hirczy - -Manual page: - -Alexander List RESOURCES --------- @@ -210,8 +166,8 @@ Main web site: http://www.anytun.org/ COPYING ------- -Copyright \(C) 2007-2008 Othmar Gsenger, Erwin Nindl and Christian -Pointner. This program is free software; you can redistribute -it and/or modify it under the terms of the GNU General Public License -version 2 as published by the Free Software Foundation. - +Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian +Pointner. This program is free software: you can redistribute it +and/or modify it under the terms of the GNU General Public License +as published by the Free Software Foundation, either version 3 of +the License, or any later version.