+++ /dev/null
-anytun-config(8)
-================
-
-NAME
-----
-anytun-config - anycast tunneling configuration utility
-
-SYNOPSIS
---------
-
-....
-anytun-config
- [ -h|--help ]
- [ -L|--log <target>:<level>[,<param1>[,<param2>[..]]]
- [ -r|--remote-host <hostname|ip> ]
- [ -o|--remote-port <port> ]
- [ -4|--ipv4-only ]
- [ -6|--ipv6-only ]
- [ -R|--route <net>/<prefix length> ]
- [ -m|--mux <mux-id> ]
- [ -w|--window-size <window size> ]
- [ -k|--kd-prf <kd-prf type> ]
- [ -e|--role <role> ]
- [ -E|--passphrase <pass phrase> ]
- [ -K|--key <master key> ]
- [ -A|--salt <master salt> ]
-....
-
-DESCRIPTION
------------
-
-*anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*.
-
-OPTIONS
--------
-
-*-L, --log <target>:<level>[,<param1>[,<param2>[..]]]*::
- add log target to logging system. This can be invoked several times
- in order to log to different targets at the same time. Every target
- hast its own log level which is a number between 0 and 5. Where 0 means
- disabling log and 5 means debug messages are enabled. +
- The file target can be used more the once with different levels.
- If no target is provided at the command line a single target with the
- config *syslog:3,anytun-config,daemon* is added. +
- The following targets are supported:
-
- *syslog*;; log to syslog daemon, parameters <level>[,<logname>[,<facility>]]
- *file*;; log to file, parameters <level>[,<path>]
- *stdout*;; log to standard output, parameters <level>
- *stderr*;; log to standard error, parameters <level>
-
-*-r, --remote-host <hostname|ip>*::
- This option can be used to specify the remote tunnel
- endpoint. In case of anycast tunnel endpoints, the
- anycast IP address has to be used. If you do not specify
- an address, it is automatically determined after receiving
- the first data packet.
-
-*-o, --remote-port <port>*::
- The UDP port used for payload data by the remote host
- (specified with -p on the remote host). If you do not specify
- a port, it is automatically determined after receiving
- the first data packet.
-
-*-4, --ipv4-only*::
- Resolv to IPv4 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-6, --ipv6-only*::
- Resolv to IPv6 addresses only. The default is to resolv both
- IPv4 and IPv6 addresses.
-
-*-R, --route <net>/<prefix length>*::
- add a route to connection. This can be invoked several times.
-
-*-m, --mux <mux-id>*::
- the multiplex id to use. default: 0
-
-*-w, --window-size <window size>*::
- seqence window size +
- Sometimes, packets arrive out of order on the receiver
- side. This option defines the size of a list of received
- packets' sequence numbers. If, according to this list,
- a received packet has been previously received or has
- been transmitted in the past, and is therefore not in
- the list anymore, this is interpreted as a replay attack
- and the packet is dropped. A value of 0 deactivates this
- list and, as a consequence, the replay protection employed
- by filtering packets according to their secuence number.
- By default the sequence window is disabled and therefore a
- window size of 0 is used.
-
-*-k, --kd--prf <kd-prf type>*::
- key derivation pseudo random function +
- The pseudo random function which is used for calculating the
- session keys and session salt. +
- Possible values:
-
- *null*;; no random function, keys and salt are set to 0..00
- *aes-ctr*;; AES in counter mode with 128 Bits, default value
- *aes-ctr-128*;; AES in counter mode with 128 Bits
- *aes-ctr-192*;; AES in counter mode with 192 Bits
- *aes-ctr-256*;; AES in counter mode with 256 Bits
-
-*-e, --role <role>*::
- SATP uses different session keys for inbound and outbound traffic. The
- role parameter is used to determine which keys to use for outbound or
- inbound packets. On both sides of a vpn connection different roles have
- to be used. Possible values are *left* and *right*. You may also use
- *alice* or *server* as a replacement for *left* and *bob* or *client* as
- a replacement for *right*. By default *left* is used.
-
-*-E, --passphrase <pass phrase>*::
- This passphrase is used to generate the master key and master salt.
- For the master key the last n bits of the SHA256 digest of the
- passphrase (where n is the length of the master key in bits) is used.
- The master salt gets generated with the SHA1 digest.
- You may force a specific key and or salt by using *--key* and *--salt*.
-
-*-K, --key <master key>*::
- master key to use for key derivation +
- Master key in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
- of 32, 48 or 64 characters (128, 192 or 256 bits).
-
-*-A, --salt <master salt>*::
- master salt to use for key derivation +
- Master salt in hexadecimal notation, e.g.
- 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length
- of 28 characters (14 bytes).
-
-
-EXAMPLES
---------
-
-Add a client with Connection ID (Mux) 12 and add 2 Routes to this client
-
-------------------------------------------------------------------------------------------------
-# anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \
- -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable
-------------------------------------------------------------------------------------------------
-
-BUGS
-----
-Most likely there are some bugs in *Anytun*. If you find a bug, please let
-the developers know at satp@anytun.org. Of course, patches are preferred.
-
-SEE ALSO
---------
-anytun(8), anytun-controld(8), anytun-showtables(8)
-
-AUTHORS
--------
-
-Othmar Gsenger <otti@anytun.org>
-Erwin Nindl <nine@anytun.org>
-Christian Pointner <equinox@anytun.org>
-
-
-RESOURCES
----------
-
-Main web site: http://www.anytun.org/
-
-
-COPYING
--------
-
-Copyright \(C) 2007-2009 Othmar Gsenger, Erwin Nindl and Christian
-Pointner. This program is free software: you can redistribute it
-and/or modify it under the terms of the GNU General Public License
-as published by the Free Software Foundation, either version 3 of
-the License, or any later version.
projects / anytun.git / blobdiff