summaryrefslogtreecommitdiff
path: root/jni/iodine/man/iodine.8
diff options
context:
space:
mode:
Diffstat (limited to 'jni/iodine/man/iodine.8')
-rw-r--r--jni/iodine/man/iodine.854
1 files changed, 42 insertions, 12 deletions
diff --git a/jni/iodine/man/iodine.8 b/jni/iodine/man/iodine.8
index 6eee603..1d1e333 100644
--- a/jni/iodine/man/iodine.8
+++ b/jni/iodine/man/iodine.8
@@ -1,5 +1,5 @@
.\" groff -man -Tascii iodine.8
-.TH IODINE 8 "DEC 2009" "User Manuals"
+.TH IODINE 8 "JUN 2014" "User Manuals"
.SH NAME
iodine, iodined \- tunnel IPv4 over DNS
.SH SYNOPSIS
@@ -7,7 +7,7 @@ iodine, iodined \- tunnel IPv4 over DNS
.B iodine [-h]
-.B iodine [-f] [-r] [-u
+.B iodine [-4] [-6] [-f] [-r] [-u
.I user
.B ] [-P
.I password
@@ -17,6 +17,8 @@ iodine, iodined \- tunnel IPv4 over DNS
.I chrootdir
.B ] [-d
.I device
+.B ] [-R
+.I rdomain
.B ] [-m
.I fragsize
.B ] [-M
@@ -56,7 +58,11 @@ iodine, iodined \- tunnel IPv4 over DNS
.B ] [-p
.I port
.B ] [-n
+(
+.B auto
+|
.I external_ip
+)
.B ] [-b
.I dnsport
.B ] [-P
@@ -65,6 +71,8 @@ iodine, iodined \- tunnel IPv4 over DNS
.I context
.B ] [-F
.I pidfile
+.B ] [-i
+.I max_idle_time
.B ]
.I tunnel_ip
.B [
@@ -124,11 +132,20 @@ Apply SELinux 'context' after initialization.
Create 'pidfile' and write process id in it.
.SS Client Options:
.TP
+.B -4
+Force IPv4 DNS queries
+.TP
+.B -6
+Force IPv6 DNS queries
+.TP
.B -r
Skip raw UDP mode. If not used, iodine will try getting the public IP address
of the iodined host and test if it is reachable directly. If it is, traffic
will be sent to the server instead of the DNS relay.
.TP
+.B -R rdomain
+Use OpenBSD routing domain 'rdomain' for the DNS connection.
+.TP
.B -m fragsize
Force maximum downstream fragment size. Not setting this will cause the
client to automatically probe the maximum accepted downstream fragment size.
@@ -139,7 +156,7 @@ Usable range ca. 100 to 255.
Use this option to scale back upstream bandwidth in favor of downstream
bandwidth.
Also useful for DNS servers that perform unreliably when using full-length
-hostnames, noticable when fragment size autoprobe returns very
+hostnames, noticeable when fragment size autoprobe returns very
different results each time.
.TP
.B -T dnstype
@@ -152,6 +169,7 @@ more bandwidth.
In that case, use this option to override the autodetection.
In (expected) decreasing bandwidth order, the supported DNS request types are:
.IR NULL ,
+.IR PRIVATE ,
.IR TXT ,
.IR SRV ,
.IR MX ,
@@ -166,7 +184,10 @@ and
.I A
may/will cause additional lookups by "smart" caching
nameservers to get an actual IP address, which may either slow down or fail
-completely.
+completely. The
+.IR PRIVATE
+type uses value 65399 (in the 'private use' range) and requires servers
+implementing RFC 3597.
.TP
.B -O downenc
Force downstream encoding type for all query type responses except NULL.
@@ -218,7 +239,7 @@ connection after 60 seconds of inactivity.
.TP
.B -c
Disable checking the client IP address on all incoming requests.
-By default, requests originating from non-matching IP adresses will be
+By default, requests originating from non-matching IP addresses will be
rejected, however this will cause problems when requests are routed
via a cluster of DNS servers.
.TP
@@ -232,10 +253,10 @@ Increase debug level. Level 1 prints info about each RX/TX packet.
Implies the
.B -f
option.
-On level 2 (-DD) or higher, DNS queries will be printed literally.
+On level 2 (\-DD) or higher, DNS queries will be printed literally.
When using Base128 upstream encoding, this is best viewed as
ISO Latin-1 text instead of (illegal) UTF-8.
-This is easily done with : "LC_ALL=C luit iodined -DD ..."
+This is easily done with : "LC_ALL=C luit iodined \-DD ..."
(see luit(1)).
.TP
.B -m mtu
@@ -250,26 +271,36 @@ By default, incoming requests are accepted from all interfaces.
.TP
.B -p port
Make the server listen on 'port' instead of 53 for traffic.
+If 'listen_ip' does not include localhost, this 'port' can be the same
+as 'dnsport'.
.B Note:
You must make sure the dns requests are forwarded to this port yourself.
.TP
-.B -n external_ip
+.B -n auto|external_ip
The IP address to return in NS responses. Default is to return the address used
as destination in the query.
+If external_ip is 'auto', iodined will use externalip.net web service to
+retrieve the external IP of the host and use that for NS responses.
.TP
.B -b dnsport
If this port is specified, all incoming requests not inside the tunnel domain
will be forwarded to this port on localhost, to be handled by a real dns.
+If 'listen_ip' does not include localhost, this 'dnsport' can be the
+same as 'port'.
.B Note:
The forwarding is not fully transparent, and not advised for use
in production environments.
+.TP
+.B -i max_idle_time
+Make the server stop itself after max_idle_time seconds if no traffic have been received.
+This should be combined with systemd or upstart on demand activation for being effective.
.SS Client Arguments:
.TP
.B nameserver
The nameserver to use to relay the dns traffic. This can be any relaying
nameserver or the server running iodined if reachable. This field can be
-given as an IP address, or as a hostname. This argument is optional, and
-if not specified a nameserver will be read from the
+given as an IPv4/IPv6 address or as a hostname. This argument is optional,
+and if not specified a nameserver will be read from the
.I /etc/resolv.conf
file.
.TP
@@ -285,7 +316,7 @@ must be the same on both the client and the server.
.B tunnel_ip[/netmask]
This is the server's ip address on the tun interface. The client will be
given the next ip number in the range. It is recommended to use the
-10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overriden
+10.0.0.0 or 172.16.0.0 ranges. The default netmask is /27, can be overridden
by specifying it here. Using a smaller network will limit the number of
concurrent users.
.TP
@@ -327,7 +358,6 @@ is set, iodined will use the value it is set to as password instead of asking
for one. The
.B -P
option still has precedence.
-.El
.SH SEE ALSO
The README file in the source distribution contains some more elaborate
information.