anytun-0.3.6/0000775000175000017500000000000012737611465013016 5ustar equinoxequinoxanytun-0.3.6/AUTHORS0000664000175000017500000000021112737611424014053 0ustar equinoxequinoxMarkus Grüneis Othmar Gsenger Erwin Nindl Christian Pointner anytun-0.3.6/ChangeLog0000664000175000017500000000540212737611424014564 0ustar equinoxequinox2016.07.08 -- Version 0.3.6 * fixed build for GCC-6 and C++0x * fixed some libgcrypt warnings @ anytun-showtables and anytun-config * added systemd unit files and gernator 2014.08.26 -- Version 0.3.5 * added an exception to the license which allows linking with OpenSSL * added support for clang * added libnettle as additional crypto library option * fixed mutli-threading support for libgcrypt 1.6.0 and newer 2011.12.30 -- Version 0.3.4 * Service Release: several build fixes for newer versions of libboost and gcc * formatting cleanups 2010.2.16 -- Version 0.3.3 * Security fix: packet length check errors * fixed dropping of priveleges on FreeBSD * added sysExec for Windows * added multi socket support which allows simultanous usage of IPv4 and IPv6 even on operating systems without V4_MAPPED address support * added workaround for signalhandling on Debian GNU/kFreebsd * added -v|--version option * added prebuilt manpage to release tarball (less build deps) 2009.12.02 -- Version 0.3.2 * added 64bit build target to windows build system * added install target to build system * cleaned up manpages * moved to new svn location 2009.10.28 -- Version 0.3.1 svn852 * switched to GPLv3 or higher * Changed Windows TAP driver version to support 64-bit windows * fixed some memory errors * improved logging * improved post up script execution * builds on FreeBSD now 2009.5.1 -- Version 0.3 svn834 * updated to new protocol specification (extended label and crypto role) Due to this changes this version is incompatible to version 0.2 and prior * the auth tag length can now be configured * added extended logging support (syslog, file stdout and stderr) * changed -n|--ifconfig parameter to new behavior tun and tap devices now use the same syntax * added seperate resolver thread * fixed packet length errors * dropping privileges is now possible wihtout chroot * full ipv6 support - ipv6 multiple connection routing - syncronisation over ipv6 - 4in6,6in6 tunnels * replaced several dependencies with boost libs * ported basic functionality to Windows * dropped OpenBSD Port due to multi threading issues * code cleanup 2008.6.20 -- Version 0.2.1svn556 * finished own tun/tap devices and removed openvpn source code currently there are tun/tap devices for Linux, FreeBSD, OpenBSD and NetBSD * several fixes for building on OpenBSD * added manpages for all binaries * switched to GPLv3 2008.4.12 -- Version 0.2svn490 * updated to Internet Draft Revision 02 Mind that the this version is incompatible to version 0.1 However this is only the case if you use encryption. There shouldn't be any Problem with NULL cipher * several fixes for tunneling IPv6 2008.3.18 -- Version 0.1svn441 * Initial release. * IPv4 tunnel over UDP, with AES-CTR cipher and SHA1 HMAC signature. anytun-0.3.6/LICENSE.OpenSSL0000664000175000017500000002157712737611424015314 0ustar equinoxequinox/* * anytun * * The secure anycast tunneling protocol (satp) defines a protocol used * for communication between any combination of unicast and anycast * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * * * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl, * Christian Pointner * * This file is part of Anytun. * * Anytun is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * any later version. * * Anytun is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Anytun. If not, see . * * In addition, as a special exception, the copyright holders give * permission to link the code of portions of this program with the * OpenSSL library under certain conditions as described in each * individual source file, and distribute linked combinations * including the two. * You must obey the GNU General Public License in all respects * for all of the code used other than OpenSSL. If you modify * file(s) with this exception, you may extend this exception to your * version of the file(s), but you are not obligated to do so. If you * do not wish to do so, delete this exception statement from your * version. If you delete this exception statement from all source * files in the program, then also delete it here. */ Certain source files in this program permit linking with the OpenSSL library (http://www.openssl.org), which otherwise wouldn't be allowed under the GPL. For purposes of identifying OpenSSL, most source files giving this permission limit it to versions of OpenSSL having a license identical to that listed in this file (LICENSE.OpenSSL). It is not necessary for the copyright years to match between this file and the OpenSSL version in question. However, note that because this file is an extension of the license statements of these source files, this file may not be changed except with permission from all copyright holders of source files in this program which reference this file. LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. OpenSSL License --------------- /* ==================================================================== * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ Original SSLeay License ----------------------- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ anytun-0.3.6/doc/0000775000175000017500000000000012737611435013560 5ustar equinoxequinoxanytun-0.3.6/doc/anytun-controld.8.txt0000664000175000017500000000761612737611424017637 0ustar equinoxequinoxanytun-controld(8) ================== NAME ---- anytun-controld - anycast tunneling control daemon SYNOPSIS -------- .... anytun-controld [ -h|--help ] [ -D|--nodaemonize ] [ -u|--username ] [ -g|--groupname ] [ -C|--chroot ] [ -P|--write-pid ] [ -L|--log :[,[,[..]]] ] [ -U|--debug ] [ -f|--file ] [ -X|--control-host < [:port>] | : > ] .... DESCRIPTION ----------- *anytun-controld* configures the multi-connection support for *Anytun*. It reads a connection/routing table and outputs it via a tcp socket to all connected *Anytun* servers. When the control daemon is restarted with a new connection/routing table all *Anytun* servers automatically load the new configuration. Please make sure to protect that information as it contains the connection keys. OPTIONS ------- *-D, --nodaemonize*:: This option instructs *anytun-controld* to run in foreground instead of becoming a daemon which is the default. *-u, --username ''*:: run as this user. If no group is specified (*-g*) the default group of the user is used. The default is to not drop privileges. *-g, --groupname ''*:: run as this group. If no username is specified (*-u*) this gets ignored. The default is to not drop privileges. *-C, --chroot ''*:: Instruct *anytun-controld* to run in a chroot jail. The default is to not run in chroot. *-P, --write-pid ''*:: Instruct *anytun-controld* to write it's pid to this file. The default is to not create a pid file. *-L, --log ':[,[,[..]]]'*:: add log target to logging system. This can be invoked several times in order to log to different targets at the same time. Every target hast its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more the once with different levels. If no target is provided at the command line a single target with the config 'syslog:3,anytun-controld,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters [,[,]] 'file';; log to file, parameters [,] 'stdout';; log to standard output, parameters 'stderr';; log to standard error, parameters *-U, --debug*:: This option instructs *Anytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. *-f, --file ''*:: The path to the file which holds the sync information. *-X, --control-host '[:]'*:: fetch the config from this host. The default is not to use a control host and therefore this is empty. Mind that the port can be omitted in which case port 2323 is used. If you want to specify an ipv6 address and a port you have to use [ and ] to separate the address from the port, eg.: [::1]:1234. If you want to use the default port [ and ] can be omitted. BUGS ---- Most likely there are some bugs in *Anytun*. If you find a bug, please let the developers know at satp@anytun.org. Of course, patches are preferred. SEE ALSO -------- anytun(8), anytun-config(8), anytun-showtables(8) AUTHORS ------- Othmar Gsenger Erwin Nindl Christian Pointner RESOURCES --------- Main web site: http://www.anytun.org/ COPYING ------- Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. anytun-0.3.6/doc/anytun-showtables.8.txt0000664000175000017500000000353612737611424020163 0ustar equinoxequinoxanytun-showtables(8) ==================== NAME ---- anytun-showtables - anycast tunneling routing table visualization utility SYNOPSIS -------- .... anytun-showtables .... DESCRIPTION ----------- *anytun-showtables* displays routing and connection tables used by *Anytun*. It can be used to display a saved routing/connection table used by *anytun-controld* or to connect to a the sync port of *Anytun*. OPTIONS ------- This Tool does not take any options. It takes the sync information from the standard input and prints the routing table to the standard output. EXAMPLES -------- Print routing table stored in local file ----------------------------------------------------------------------------------- # perl -ne 'chomp; print' < routingtable | ./anytun-showtables ----------------------------------------------------------------------------------- Print current routing table and watch changes ----------------------------------------------------------------------------------- # nc unicast1.anycast.anytun.org 23 | ./anytun-showtables ----------------------------------------------------------------------------------- BUGS ---- Most likely there are some bugs in *Anytun*. If you find a bug, please let the developers know at satp@anytun.org. Of course, patches are preferred. SEE ALSO -------- anytun(8), anytun-controld(8), anytun-config(8) AUTHORS ------- Othmar Gsenger Erwin Nindl Christian Pointner RESOURCES --------- Main web site: http://www.anytun.org/ COPYING ------- Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. anytun-0.3.6/doc/anytun-config.8.txt0000664000175000017500000001443012737611424017250 0ustar equinoxequinoxanytun-config(8) ================ NAME ---- anytun-config - anycast tunneling configuration utility SYNOPSIS -------- .... anytun-config [ -h|--help ] [ -L|--log :[,[,[..]]] [ -U|--debug ] [ -r|--remote-host ] [ -o|--remote-port ] [ -4|--ipv4-only ] [ -6|--ipv6-only ] [ -R|--route / ] [ -m|--mux ] [ -w|--window-size ] [ -k|--kd-prf ] [ -e|--role ] [ -E|--passphrase ] [ -K|--key ] [ -A|--salt ] .... DESCRIPTION ----------- *anytun-config* writes routing/connection table entries, that can be read by *anytun-controld*. OPTIONS ------- *-L, --log ':[,[,[..]]]'*:: add log target to logging system. This can be invoked several times in order to log to different targets at the same time. Every target hast its own log level which is a number between 0 and 5. Where 0 means disabling log and 5 means debug messages are enabled. + The file target can be used more the once with different levels. If no target is provided at the command line a single target with the config 'syslog:3,anytun-config,daemon' is added. + The following targets are supported: 'syslog';; log to syslog daemon, parameters [,[,]] 'file';; log to file, parameters [,] 'stdout';; log to standard output, parameters 'stderr';; log to standard error, parameters *-U, --debug*:: This option instructs *Anytun* to run in debug mode. It implicits *-D* (don't daemonize) and adds a log target with the configuration 'stdout:5' (logging with maximum level). In future releases there might be additional output when this option is supplied. *-r, --remote-host ''*:: This option can be used to specify the remote tunnel endpoint. In case of anycast tunnel endpoints, the anycast IP address has to be used. If you do not specify an address, it is automatically determined after receiving the first data packet. *-o, --remote-port ''*:: The UDP port used for payload data by the remote host (specified with -p on the remote host). If you do not specify a port, it is automatically determined after receiving the first data packet. *-4, --ipv4-only*:: Resolv to IPv4 addresses only. The default is to resolv both IPv4 and IPv6 addresses. *-6, --ipv6-only*:: Resolv to IPv6 addresses only. The default is to resolv both IPv4 and IPv6 addresses. *-R, --route '/'*:: add a route to connection. This can be invoked several times. *-m, --mux ''*:: the multiplex id to use. default: 0 *-w, --window-size ''*:: seqence window size + Sometimes, packets arrive out of order on the receiver side. This option defines the size of a list of received packets' sequence numbers. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number. By default the sequence window is disabled and therefore a window size of 0 is used. *-k, --kd--prf ''*:: key derivation pseudo random function + The pseudo random function which is used for calculating the session keys and session salt. + Possible values: 'null';; no random function, keys and salt are set to 0..00 'aes-ctr';; AES in counter mode with 128 Bits, default value 'aes-ctr-128';; AES in counter mode with 128 Bits 'aes-ctr-192';; AES in counter mode with 192 Bits 'aes-ctr-256';; AES in counter mode with 256 Bits *-e, --role ''*:: SATP uses different session keys for inbound and outbound traffic. The role parameter is used to determine which keys to use for outbound or inbound packets. On both sides of a vpn connection different roles have to be used. Possible values are *left* and *right*. You may also use *alice* or *server* as a replacement for *left* and *bob* or *client* as a replacement for *right*. By default *left* is used. *-E, --passphrase ''*:: This passphrase is used to generate the master key and master salt. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used. The master salt gets generated with the SHA1 digest. You may force a specific key and or salt by using *--key* and *--salt*. *-K, --key ''*:: master key to use for key derivation + Master key in hexadecimal notation, e.g. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits). *-A, --salt ''*:: master salt to use for key derivation + Master salt in hexadecimal notation, e.g. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes). EXAMPLES -------- Add a client with Connection ID (Mux) 12 and add 2 Routes to this client ------------------------------------------------------------------------------------------------ # anytun-config -w 0 -m 12 -K 0123456789ABCDEFFEDCBA9876543210 -A 0123456789ABCDDCBA9876543210 \ -R 192.0.2.0/24 -R 192.168.1.1/32 -e server >> routingtable ------------------------------------------------------------------------------------------------ BUGS ---- Most likely there are some bugs in *Anytun*. If you find a bug, please let the developers know at satp@anytun.org. Of course, patches are preferred. SEE ALSO -------- anytun(8), anytun-controld(8), anytun-showtables(8) AUTHORS ------- Othmar Gsenger Erwin Nindl Christian Pointner RESOURCES --------- Main web site: http://www.anytun.org/ COPYING ------- Copyright \(C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. anytun-0.3.6/doc/anytun-config.80000664000175000017500000001764612737611435016450 0ustar equinoxequinox'\" t .\" Title: anytun-config .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 07/08/2016 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "ANYTUN\-CONFIG" "8" "07/08/2016" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" anytun-config \- anycast tunneling configuration utility .SH "SYNOPSIS" .sp .nf \fBanytun\-config\fR [ \fB\-h|\-\-help\fR ] [ \fB\-L|\-\-log\fR :[,[,[\&.\&.]]] [ \fB\-U|\-\-debug\fR ] [ \fB\-r|\-\-remote\-host\fR ] [ \fB\-o|\-\-remote\-port\fR ] [ \fB\-4|\-\-ipv4\-only\fR ] [ \fB\-6|\-\-ipv6\-only\fR ] [ \fB\-R|\-\-route\fR / ] [ \fB\-m|\-\-mux\fR ] [ \fB\-w|\-\-window\-size\fR ] [ \fB\-k|\-\-kd\-prf\fR ] [ \fB\-e|\-\-role\fR ] [ \fB\-E|\-\-passphrase\fR ] [ \fB\-K|\-\-key\fR ] [ \fB\-A|\-\-salt\fR ] .fi .SH "DESCRIPTION" .sp \fBanytun\-config\fR writes routing/connection table entries, that can be read by \fBanytun\-controld\fR\&. .SH "OPTIONS" .PP \fB\-L, \-\-log \fR\fB\fI:[,[,[\&.\&.]]]\fR\fR .RS 4 add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target hast its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&. The file target can be used more the once with different levels\&. If no target is provided at the command line a single target with the config \fIsyslog:3,anytun\-config,daemon\fR is added\&. The following targets are supported: .PP \fIsyslog\fR .RS 4 log to syslog daemon, parameters [,[,]] .RE .PP \fIfile\fR .RS 4 log to file, parameters [,] .RE .PP \fIstdout\fR .RS 4 log to standard output, parameters .RE .PP \fIstderr\fR .RS 4 log to standard error, parameters .RE .RE .PP \fB\-U, \-\-debug\fR .RS 4 This option instructs \fBAnytun\fR to run in debug mode\&. It implicits \fB\-D\fR (don\(cqt daemonize) and adds a log target with the configuration \fIstdout:5\fR (logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&. .RE .PP \fB\-r, \-\-remote\-host \fR\fB\fI\fR\fR .RS 4 This option can be used to specify the remote tunnel endpoint\&. In case of anycast tunnel endpoints, the anycast IP address has to be used\&. If you do not specify an address, it is automatically determined after receiving the first data packet\&. .RE .PP \fB\-o, \-\-remote\-port \fR\fB\fI\fR\fR .RS 4 The UDP port used for payload data by the remote host (specified with \-p on the remote host)\&. If you do not specify a port, it is automatically determined after receiving the first data packet\&. .RE .PP \fB\-4, \-\-ipv4\-only\fR .RS 4 Resolv to IPv4 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&. .RE .PP \fB\-6, \-\-ipv6\-only\fR .RS 4 Resolv to IPv6 addresses only\&. The default is to resolv both IPv4 and IPv6 addresses\&. .RE .PP \fB\-R, \-\-route \fR\fB\fI/\fR\fR .RS 4 add a route to connection\&. This can be invoked several times\&. .RE .PP \fB\-m, \-\-mux \fR\fB\fI\fR\fR .RS 4 the multiplex id to use\&. default: 0 .RE .PP \fB\-w, \-\-window\-size \fR\fB\fI\fR\fR .RS 4 seqence window size Sometimes, packets arrive out of order on the receiver side\&. This option defines the size of a list of received packets\*(Aq sequence numbers\&. If, according to this list, a received packet has been previously received or has been transmitted in the past, and is therefore not in the list anymore, this is interpreted as a replay attack and the packet is dropped\&. A value of 0 deactivates this list and, as a consequence, the replay protection employed by filtering packets according to their secuence number\&. By default the sequence window is disabled and therefore a window size of 0 is used\&. .RE .PP \fB\-k, \-\-kd\(emprf \fR\fB\fI\fR\fR .RS 4 key derivation pseudo random function The pseudo random function which is used for calculating the session keys and session salt\&. Possible values: .PP \fInull\fR .RS 4 no random function, keys and salt are set to 0\&.\&.00 .RE .PP \fIaes\-ctr\fR .RS 4 AES in counter mode with 128 Bits, default value .RE .PP \fIaes\-ctr\-128\fR .RS 4 AES in counter mode with 128 Bits .RE .PP \fIaes\-ctr\-192\fR .RS 4 AES in counter mode with 192 Bits .RE .PP \fIaes\-ctr\-256\fR .RS 4 AES in counter mode with 256 Bits .RE .RE .PP \fB\-e, \-\-role \fR\fB\fI\fR\fR .RS 4 SATP uses different session keys for inbound and outbound traffic\&. The role parameter is used to determine which keys to use for outbound or inbound packets\&. On both sides of a vpn connection different roles have to be used\&. Possible values are \fBleft\fR and \fBright\fR\&. You may also use \fBalice\fR or \fBserver\fR as a replacement for \fBleft\fR and \fBbob\fR or \fBclient\fR as a replacement for \fBright\fR\&. By default \fBleft\fR is used\&. .RE .PP \fB\-E, \-\-passphrase \fR\fB\fI\fR\fR .RS 4 This passphrase is used to generate the master key and master salt\&. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used\&. The master salt gets generated with the SHA1 digest\&. You may force a specific key and or salt by using \fB\-\-key\fR and \fB\-\-salt\fR\&. .RE .PP \fB\-K, \-\-key \fR\fB\fI\fR\fR .RS 4 master key to use for key derivation Master key in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length of 32, 48 or 64 characters (128, 192 or 256 bits)\&. .RE .PP \fB\-A, \-\-salt \fR\fB\fI\fR\fR .RS 4 master salt to use for key derivation Master salt in hexadecimal notation, e\&.g\&. 01a2b3c4d5e6f708a9b0cadbecfd, with a mandatory length of 28 characters (14 bytes)\&. .RE .SH "EXAMPLES" .sp Add a client with Connection ID (Mux) 12 and add 2 Routes to this client .sp .if n \{\ .RS 4 .\} .nf # anytun\-config \-w 0 \-m 12 \-K 0123456789ABCDEFFEDCBA9876543210 \-A 0123456789ABCDDCBA9876543210 \e \-R 192\&.0\&.2\&.0/24 \-R 192\&.168\&.1\&.1/32 \-e server >> routingtable .fi .if n \{\ .RE .\} .SH "BUGS" .sp Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&. .SH "SEE ALSO" .sp anytun(8), anytun\-controld(8), anytun\-showtables(8) .SH "AUTHORS" .sp Othmar Gsenger Erwin Nindl Christian Pointner .SH "RESOURCES" .sp Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp Copyright (C) 2007\-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. anytun-0.3.6/doc/anytun-showtables.80000664000175000017500000000547512737611435017353 0ustar equinoxequinox'\" t .\" Title: anytun-showtables .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 07/08/2016 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "ANYTUN\-SHOWTABLES" "8" "07/08/2016" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" anytun-showtables \- anycast tunneling routing table visualization utility .SH "SYNOPSIS" .sp .nf \fBanytun\-showtables\fR .fi .SH "DESCRIPTION" .sp \fBanytun\-showtables\fR displays routing and connection tables used by \fBAnytun\fR\&. It can be used to display a saved routing/connection table used by \fBanytun\-controld\fR or to connect to a the sync port of \fBAnytun\fR\&. .SH "OPTIONS" .sp This Tool does not take any options\&. It takes the sync information from the standard input and prints the routing table to the standard output\&. .SH "EXAMPLES" .sp Print routing table stored in local file .sp .if n \{\ .RS 4 .\} .nf # perl \-ne \*(Aqchomp; print\*(Aq < routingtable | \&./anytun\-showtables .fi .if n \{\ .RE .\} .sp Print current routing table and watch changes .sp .if n \{\ .RS 4 .\} .nf # nc unicast1\&.anycast\&.anytun\&.org 23 | \&./anytun\-showtables .fi .if n \{\ .RE .\} .SH "BUGS" .sp Most likely there are some bugs in \fBAnytun\fR\&. If you find a bug, please let the developers know at satp@anytun\&.org\&. Of course, patches are preferred\&. .SH "SEE ALSO" .sp anytun(8), anytun\-controld(8), anytun\-config(8) .SH "AUTHORS" .sp Othmar Gsenger Erwin Nindl Christian Pointner .SH "RESOURCES" .sp Main web site: http://www\&.anytun\&.org/ .SH "COPYING" .sp Copyright (C) 2007\-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl and Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&. anytun-0.3.6/doc/anytun.80000664000175000017500000004157012737611435015176 0ustar equinoxequinox'\" t .\" Title: anytun .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: 07/08/2016 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "ANYTUN" "8" "07/08/2016" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" anytun \- anycast tunneling daemon .SH "SYNOPSIS" .sp .nf \fBanytun\fR [ \fB\-h|\-\-help\fR ] [ \fB\-D|\-\-nodaemonize\fR ] [ \fB\-u|\-\-username\fR ] [ \fB\-g|\-\-groupname\fR ] [ \fB\-C|\-\-chroot\fR ] [ \fB\-P|\-\-write\-pid\fR ] [ \fB\-L|\-\-log\fR :[,[,[\&.\&.]]] ] [ \fB\-U|\-\-debug\fR ] [ \fB\-i|\-\-interface\fR ] [ \fB\-p|\-\-port\fR ] [ \fB\-r|\-\-remote\-host\fR ] [ \fB\-o|\-\-remote\-port\fR ] [ \fB\-4|\-\-ipv4\-only\fR ] [ \fB\-6|\-\-ipv6\-only\fR ] [ \fB\-I|\-\-sync\-interface\fR ] [ \fB\-S|\-\-sync\-port\fR port> ] [ \fB\-M|\-\-sync\-hosts\fR [:][,[:][\&.\&.\&.]] ] [ \fB\-X|\-\-control\-host\fR [:] [ \fB\-d|\-\-dev\fR ] [ \fB\-t|\-\-type\fR ] [ \fB\-n|\-\-ifconfig\fR / ] [ \fB\-x|\-\-post\-up\-script\fR