.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.12. .TH FREELAN "1" "January 2020" "freelan 2.2.0 (2.2) Sun 12 Jan 2020" "User Commands" .SH NAME freelan \- peer-to-peer VPN .SH DESCRIPTION .SS "Generic options:" .TP \fB\-h\fR [ \fB\-\-help\fR ] Produce help message. .TP \fB\-v\fR [ \fB\-\-version\fR ] Get the program version. .TP \fB\-d\fR [ \fB\-\-debug\fR ] Enables debug output. .TP \fB\-t\fR [ \fB\-\-threads\fR ] arg (=0) The number of threads to use. .TP \fB\-c\fR [ \fB\-\-configuration_file\fR ] arg The configuration file to use. .PP Configuration: .PP Configuration: .SS "FreeLAN Secure Channel Protocol (FSCP) options:" .TP \fB\-\-fscp\fR.hostname_resolution_protocol arg (=ipv4) The hostname resolution protocol to use. .HP \fB\-\-fscp\fR.listen_on arg (=0.0.0.0:12000) The endpoint to listen on. .TP \fB\-\-fscp\fR.listen_on_device arg The endpoint to listen on. .TP \fB\-\-fscp\fR.hello_timeout arg (=3000) The default timeout for HELLO messages, in milliseconds. .TP \fB\-\-fscp\fR.contact arg The address of an host to contact. .TP \fB\-\-fscp\fR.accept_contact_requests arg (=yes) Whether to accept CONTACT\-REQUEST messages. .TP \fB\-\-fscp\fR.accept_contacts arg (=yes) Whether to accept CONTACT messages. .TP \fB\-\-fscp\fR.dynamic_contact_file arg The certificate of an host to dynamically contact. .TP \fB\-\-fscp\fR.never_contact arg A network address to avoid when dynamically contacting hosts. .TP \fB\-\-fscp\fR.cipher_suite_capability arg A cipher suite to allow. .TP \fB\-\-fscp\fR.elliptic_curve_capability arg A elliptic curve to allow. .TP \fB\-\-fscp\fR.upnp_enabled arg (=yes) Enable UPnP. .TP \fB\-\-fscp\fR.max_unauthenticated_messages_per_second arg (=1) Maximum unauthenticated messages from one host per second. .SS "Security options:" .TP \fB\-\-security\fR.passphrase arg A passphrase to generate the pre \- shared key from. .TP \fB\-\-security\fR.passphrase_salt arg (=freelan) The salt to use during the pre\-shared key derivation. .TP \fB\-\-security\fR.passphrase_iterations_count arg (=2000) The number of iterations to use during the pre\-shared key derivation. .TP \fB\-\-security\fR.signature_certificate_file arg The certificate file to use for signing. .TP \fB\-\-security\fR.signature_private_key_file arg The private key file to use for signing. .TP \fB\-\-security\fR.certificate_validation_method arg (=default) The certificate validation method. .TP \fB\-\-security\fR.certificate_validation_script arg (="") The certificate validation script to use. .TP \fB\-\-security\fR.authority_certificate_file arg An authority certificate file to use. .TP \fB\-\-security\fR.certificate_revocation_validation_method arg (=none) The certificate revocation validation method. .TP \fB\-\-security\fR.certificate_revocation_list_file arg A certificate revocation list file to use. .SS "Tap adapter options:" .TP \fB\-\-tap_adapter\fR.type arg (=tap) The TAP adapter type. .TP \fB\-\-tap_adapter\fR.enabled arg (=yes) Whether to enable the tap adapter. .TP \fB\-\-tap_adapter\fR.name arg The name of the tap adapter to use or create. .TP \fB\-\-tap_adapter\fR.mtu arg (=auto) The MTU of the tap adapter. .TP \fB\-\-tap_adapter\fR.mss_override arg (=auto) The MSS override. .TP \fB\-\-tap_adapter\fR.metric arg (=auto) The metric of the tap adapter. .TP \fB\-\-tap_adapter\fR.ipv4_address_prefix_length arg The tap adapter IPv4 address and prefix length. .TP \fB\-\-tap_adapter\fR.ipv4_dhcp arg (=0) The tap adapter IPv4 DHCP status. .TP \fB\-\-tap_adapter\fR.ipv6_address_prefix_length arg The tap adapter IPv6 address and prefix length. .HP \fB\-\-tap_adapter\fR.remote_ipv4_address arg The tap adapter IPv4 remote address. .TP \fB\-\-tap_adapter\fR.arp_proxy_enabled arg (=0) Whether to enable the ARP proxy. .TP \fB\-\-tap_adapter\fR.arp_proxy_fake_ethernet_address arg (=00:aa:bb:cc:dd:ee) The ARP proxy fake ethernet address. .TP \fB\-\-tap_adapter\fR.dhcp_proxy_enabled arg (=1) Whether to enable the DHCP proxy. .TP \fB\-\-tap_adapter\fR.dhcp_server_ipv4_address_prefix_length arg (=9.0.0.0/24) The DHCP proxy server IPv4 address and prefix length. .TP \fB\-\-tap_adapter\fR.dhcp_server_ipv6_address_prefix_length arg (=fe80::/10) The DHCP proxy server IPv6 address and prefix length. .TP \fB\-\-tap_adapter\fR.up_script arg (="") The tap adapter up script. .TP \fB\-\-tap_adapter\fR.down_script arg (="") The tap adapter down script. .SS "Switch options:" .HP \fB\-\-switch\fR.routing_method arg (=switch) The routing method for messages. .HP \fB\-\-switch\fR.relay_mode_enabled arg (=no) Whether to enable the relay mode. .SS "Router options:" .TP \fB\-\-router\fR.local_ip_route arg A route to advertise to the other peers. .TP \fB\-\-router\fR.local_dns_server arg A DNS server to advertise to the other peers. .TP \fB\-\-router\fR.client_routing_enabled arg (=yes) Whether to enable client routing. .TP \fB\-\-router\fR.accept_routes_requests arg (=yes) Whether to accept routes requests. .TP \fB\-\-router\fR.internal_route_acceptance_policy arg (=unicast_in_network) The internal route acceptance policy. .TP \fB\-\-router\fR.system_route_acceptance_policy arg (=none) The system route acceptance policy. .TP \fB\-\-router\fR.maximum_routes_limit arg (=1) The maximum count of routes to accept for a given host. .TP \fB\-\-router\fR.dns_servers_acceptance_policy arg (=in_network) The DNS servers acceptance policy. .TP \fB\-\-router\fR.dns_script arg (="") The DNS script. .SS "FreeLAN Client options:" .TP \fB\-\-client\fR.enabled arg (=no) Whether to enable the client mechanism. .TP \fB\-\-client\fR.server_endpoint arg (=127.0.0.1:443) The endpoint to connect to. .TP \fB\-\-client\fR.protocol arg (=https) The protocol to use to contact the server. .TP \fB\-\-client\fR.disable_peer_verification arg (=no) Whether to disable peer verification. .TP \fB\-\-client\fR.disable_host_verification arg (=no) Whether to disable host verification. .TP \fB\-\-client\fR.username arg The client username. .TP \fB\-\-client\fR.password arg The client password. .TP \fB\-\-client\fR.public_endpoint arg A hostname or IP address to advertise. .SS "Daemon:" .TP \fB\-f\fR [ \fB\-\-foreground\fR ] Do not run as a daemon. .TP \fB\-s\fR [ \fB\-\-syslog\fR ] Always log to syslog (useful when running with \fB\-\-foreground\fR on OSX with launchd). .TP \fB\-p\fR [ \fB\-\-pid_file\fR ] arg A pid file to use. .SS "Miscellaneous:" .TP \fB\-\-nocolor\fR Disable color output. .SH "SEE ALSO" The full documentation for .B freelan is maintained as a Texinfo manual. If the .B info and .B freelan programs are properly installed at your site, the command .IP .B info freelan .PP should give you access to the complete manual.