diff options
author | Yves Fischer <yvesf-git@xapek.org> | 2014-08-11 23:26:36 +0200 |
---|---|---|
committer | Yves Fischer <yvesf-git@xapek.org> | 2014-08-11 23:26:36 +0200 |
commit | 5d8801d4687035ae45143f0f3bc3eeaf75dc17ec (patch) | |
tree | bf4395fd5938eb1865ba90b6e52e169d727d9404 /jni/iodine/man | |
parent | 1251ce0d7cf2619f9b41637dcb88bebb66e54fb3 (diff) | |
download | andiodine-5d8801d4687035ae45143f0f3bc3eeaf75dc17ec.tar.gz andiodine-5d8801d4687035ae45143f0f3bc3eeaf75dc17ec.zip |
Upgrade code to iodine 0.7.0 and improve logging
Diffstat (limited to 'jni/iodine/man')
-rw-r--r-- | jni/iodine/man/iodine.8 | 54 |
1 files changed, 42 insertions, 12 deletions
diff --git a/jni/iodine/man/iodine.8 b/jni/iodine/man/iodine.8 index 6eee603..1d1e333 100644 --- a/jni/iodine/man/iodine.8 +++ b/jni/iodine/man/iodine.8 @@ -1,5 +1,5 @@ .\" groff -man -Tascii iodine.8 -.TH IODINE 8 "DEC 2009" "User Manuals" +.TH IODINE 8 "JUN 2014" "User Manuals" .SH NAME iodine, iodined \- tunnel IPv4 over DNS .SH SYNOPSIS @@ -7,7 +7,7 @@ iodine, iodined \- tunnel IPv4 over DNS .B iodine [-h] -.B iodine [-f] [-r] [-u +.B iodine [-4] [-6] [-f] [-r] [-u .I user .B ] [-P .I password @@ -17,6 +17,8 @@ iodine, iodined \- tunnel IPv4 over DNS .I chrootdir .B ] [-d .I device +.B ] [-R +.I rdomain .B ] [-m .I fragsize .B ] [-M @@ -56,7 +58,11 @@ iodine, iodined \- tunnel IPv4 over DNS .B ] [-p .I port .B ] [-n +( +.B auto +| .I external_ip +) .B ] [-b .I dnsport .B ] [-P @@ -65,6 +71,8 @@ iodine, iodined \- tunnel IPv4 over DNS .I context .B ] [-F .I pidfile +.B ] [-i +.I max_idle_time .B ] .I tunnel_ip .B [ @@ -124,11 +132,20 @@ Apply SELinux 'context' after initialization. Create 'pidfile' and write process id in it. .SS Client Options: .TP +.B -4 +Force IPv4 DNS queries +.TP +.B -6 +Force IPv6 DNS queries +.TP .B -r Skip raw UDP mode. If not used, iodine will try getting the public IP address of the iodined host and test if it is reachable directly. If it is, traffic will be sent to the server instead of the DNS relay. .TP +.B -R rdomain +Use OpenBSD routing domain 'rdomain' for the DNS connection. +.TP .B -m fragsize Force maximum downstream fragment size. Not setting this will cause the client to automatically probe the maximum accepted downstream fragment size. @@ -139,7 +156,7 @@ Usable range ca. 100 to 255. Use this option to scale back upstream bandwidth in favor of downstream bandwidth. Also useful for DNS servers that perform unreliably when using full-length -hostnames, noticable when fragment size autoprobe returns very +hostnames, noticeable when fragment size autoprobe returns very different results each time. .TP .B -T dnstype @@ -152,6 +169,7 @@ more bandwidth. In that case, use this option to override the autodetection. In (expected) decreasing bandwidth order, the supported DNS request types are: .IR NULL , +.IR PRIVATE , .IR TXT , .IR SRV , .IR MX , @@ -166,7 +184,10 @@ and .I A may/will cause additional lookups by "smart" caching nameservers to get an actual IP address, which may either slow down or fail -completely. +completely. The +.IR PRIVATE +type uses value 65399 (in the 'private use' range) and requires servers +implementing RFC 3597. .TP .B -O downenc Force downstream encoding type for all query type responses except NULL. @@ -218,7 +239,7 @@ connection after 60 seconds of inactivity. .TP .B -c Disable checking the client IP address on all incoming requests. -By default, requests originating from non-matching IP adresses will be +By default, requests originating from non-matching IP addresses will be rejected, however this will cause problems when requests are routed via a cluster of DNS servers. .TP @@ -232,10 +253,10 @@ Increase debug level. Level 1 prints info about each RX/TX packet. Implies the .B -f option. -On level 2 (-DD) or higher, DNS queries will be printed literally. +On level 2 (\-DD) or higher, DNS queries will be printed literally. When using Base128 upstream encoding, this is best viewed as ISO Latin-1 text instead of (illegal) UTF-8. -This is easily done with : "LC_ALL=C luit iodined -DD ..." +This is easily done with : "LC_ALL=C luit iodined \-DD ..." (see luit(1)). .TP .B -m mtu @@ -250,26 +271,36 @@ By default, incoming requests are accepted from all interfaces. .TP .B -p port Make the server listen on 'port' instead of 53 for traffic. +If 'listen_ip' does not include localhost, this 'port' can be the same +as 'dnsport'. .B Note: You must make sure the dns requests are forwarded to this port yourself. .TP -.B -n external_ip +.B -n auto|external_ip The IP address to return in NS responses. Default is to return the address used as destination in the query. +If external_ip is 'auto', iodined will use externalip.net web service to +retrieve the external IP of the host and use that for NS responses. .TP .B -b dnsport If this port is specified, all incoming requests not inside the tunnel domain will be forwarded to this port on localhost, to be handled by a real dns. +If 'listen_ip' does not include localhost, this 'dnsport' can be the +same as 'port'. .B Note: The forwarding is not fully transparent, and not advised for use in production environments. +.TP +.B -i max_idle_time +Make the server stop itself after max_idle_time seconds if no traffic have been received. +This should be combined with systemd or upstart on demand activation for being effective. .SS Client Arguments: .TP .B nameserver The nameserver to use to relay the dns traffic. This can be any relaying nameserver or the server running iodined if reachable. This field can be -given as an IP address, or as a hostname. This argument is optional, and -if not specified a nameserver will be read from the +given as an IPv4/IPv6 address or as a hostname. This argument is optional, +and if not specified a nameserver will be read from the .I /etc/resolv.conf file. .TP @@ -285,7 +316,7 @@ must be the same on both the client and the server. .B tunnel_ip[/netmask] This is the server's ip address on the tun interface. The client will be given the next ip number in the range. It is recommended to use the -10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overriden +10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overridden by specifying it here. Using a smaller network will limit the number of concurrent users. .TP @@ -327,7 +358,6 @@ is set, iodined will use the value it is set to as password instead of asking for one. The .B -P option still has precedence. -.El .SH SEE ALSO The README file in the source distribution contains some more elaborate information. |