table of contents
other versions
| FREELAN(1) | User Commands | FREELAN(1) |
NAME¶
freelan - peer-to-peer VPN
DESCRIPTION¶
Generic options:¶
- -h [ --help ]
- Produce help message.
- -v [ --version ]
- Get the program version.
- -d [ --debug ]
- Enables debug output.
- -t [ --threads ] arg (=0)
- The number of threads to use.
- -c [ --configuration_file ] arg
- The configuration file to use.
Configuration:
Configuration:
FreeLAN Secure Channel Protocol (FSCP) options:¶
- --fscp.hostname_resolution_protocol arg (=ipv4)
- The hostname resolution protocol to use.
--fscp.listen_on arg (=0.0.0.0:12000) The endpoint to listen on.
- --fscp.listen_on_device arg
- The endpoint to listen on.
- --fscp.hello_timeout arg (=3000)
- The default timeout for HELLO messages, in milliseconds.
- --fscp.contact arg
- The address of an host to contact.
- --fscp.accept_contact_requests arg (=yes)
- Whether to accept CONTACT-REQUEST messages.
- --fscp.accept_contacts arg (=yes)
- Whether to accept CONTACT messages.
- --fscp.dynamic_contact_file arg
- The certificate of an host to dynamically contact.
- --fscp.never_contact arg
- A network address to avoid when dynamically contacting hosts.
- --fscp.cipher_suite_capability arg
- A cipher suite to allow.
- --fscp.elliptic_curve_capability arg
- A elliptic curve to allow.
- --fscp.upnp_enabled arg (=yes)
- Enable UPnP.
- --fscp.max_unauthenticated_messages_per_second arg (=1)
- Maximum unauthenticated messages from one host per second.
Security options:¶
- --security.passphrase arg
- A passphrase to generate the pre - shared key from.
- --security.passphrase_salt arg (=freelan)
- The salt to use during the pre-shared key derivation.
- --security.passphrase_iterations_count arg (=2000)
- The number of iterations to use during the pre-shared key derivation.
- --security.signature_certificate_file arg
- The certificate file to use for signing.
- --security.signature_private_key_file arg
- The private key file to use for signing.
- --security.certificate_validation_method arg (=default)
- The certificate validation method.
- --security.certificate_validation_script arg (="")
- The certificate validation script to use.
- --security.authority_certificate_file arg
- An authority certificate file to use.
- --security.certificate_revocation_validation_method arg (=none)
- The certificate revocation validation method.
- --security.certificate_revocation_list_file arg
- A certificate revocation list file to use.
Tap adapter options:¶
- --tap_adapter.type arg (=tap)
- The TAP adapter type.
- --tap_adapter.enabled arg (=yes)
- Whether to enable the tap adapter.
- --tap_adapter.name arg
- The name of the tap adapter to use or create.
- --tap_adapter.mtu arg (=auto)
- The MTU of the tap adapter.
- --tap_adapter.mss_override arg (=auto)
- The MSS override.
- --tap_adapter.metric arg (=auto)
- The metric of the tap adapter.
- --tap_adapter.ipv4_address_prefix_length arg
- The tap adapter IPv4 address and prefix length.
- --tap_adapter.ipv4_dhcp arg (=0)
- The tap adapter IPv4 DHCP status.
- --tap_adapter.ipv6_address_prefix_length arg
- The tap adapter IPv6 address and prefix length.
--tap_adapter.remote_ipv4_address arg The tap adapter IPv4 remote address.
- --tap_adapter.arp_proxy_enabled arg (=0)
- Whether to enable the ARP proxy.
- --tap_adapter.arp_proxy_fake_ethernet_address arg (=00:aa:bb:cc:dd:ee)
- The ARP proxy fake ethernet address.
- --tap_adapter.dhcp_proxy_enabled arg (=1)
- Whether to enable the DHCP proxy.
- --tap_adapter.dhcp_server_ipv4_address_prefix_length arg (=9.0.0.0/24)
- The DHCP proxy server IPv4 address and prefix length.
- --tap_adapter.dhcp_server_ipv6_address_prefix_length arg (=fe80::/10)
- The DHCP proxy server IPv6 address and prefix length.
- --tap_adapter.up_script arg (="")
- The tap adapter up script.
- --tap_adapter.down_script arg (="")
- The tap adapter down script.
Switch options:¶
--switch.routing_method arg (=switch) The routing method for messages.
--switch.relay_mode_enabled arg (=no) Whether to enable the relay mode.
Router options:¶
- --router.local_ip_route arg
- A route to advertise to the other peers.
- --router.local_dns_server arg
- A DNS server to advertise to the other peers.
- --router.client_routing_enabled arg (=yes)
- Whether to enable client routing.
- --router.accept_routes_requests arg (=yes)
- Whether to accept routes requests.
- --router.internal_route_acceptance_policy arg (=unicast_in_network)
- The internal route acceptance policy.
- --router.system_route_acceptance_policy arg (=none)
- The system route acceptance policy.
- --router.maximum_routes_limit arg (=1)
- The maximum count of routes to accept for a given host.
- --router.dns_servers_acceptance_policy arg (=in_network)
- The DNS servers acceptance policy.
- --router.dns_script arg (="")
- The DNS script.
FreeLAN Client options:¶
- --client.enabled arg (=no)
- Whether to enable the client mechanism.
- --client.server_endpoint arg (=127.0.0.1:443)
- The endpoint to connect to.
- --client.protocol arg (=https)
- The protocol to use to contact the server.
- --client.disable_peer_verification arg (=no)
- Whether to disable peer verification.
- --client.disable_host_verification arg (=no)
- Whether to disable host verification.
- --client.username arg
- The client username.
- --client.password arg
- The client password.
- --client.public_endpoint arg
- A hostname or IP address to advertise.
Daemon:¶
- -f [ --foreground ]
- Do not run as a daemon.
- -s [ --syslog ]
- Always log to syslog (useful when running with --foreground on OSX with launchd).
- -p [ --pid_file ] arg
- A pid file to use.
Miscellaneous:¶
- --nocolor
- Disable color output.
SEE ALSO¶
The full documentation for freelan is maintained as a Texinfo manual. If the info and freelan programs are properly installed at your site, the command
- info freelan
should give you access to the complete manual.
| January 2020 | freelan 2.2.0 (2.2) Sun 12 Jan 2020 |