3 .\" Manual for the administration protocol
5 .\" (c) 2008 Straylight/Edgeware
8 .\"----- Licensing notice ---------------------------------------------------
10 .\" This file is part of Trivial IP Encryption (TrIPE).
12 .\" TrIPE is free software; you can redistribute it and/or modify
13 .\" it under the terms of the GNU General Public License as published by
14 .\" the Free Software Foundation; either version 2 of the License, or
15 .\" (at your option) any later version.
17 .\" TrIPE is distributed in the hope that it will be useful,
18 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
19 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 .\" GNU General Public License for more details.
22 .\" You should have received a copy of the GNU General Public License
23 .\" along with TrIPE; if not, write to the Free Software Foundation,
24 .\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 .\"--------------------------------------------------------------------------
27 .so ../defs.man.in \" @@@PRE@@@
29 .\"--------------------------------------------------------------------------
30 .TH tripe-admin 5 "18 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
32 .\"--------------------------------------------------------------------------
35 tripe-admin \- administrator commands for TrIPE
37 .\"--------------------------------------------------------------------------
40 This manual page describes the administration interface provided by the
46 program can be used either interactively or in scripts to communicate
47 with the server using this interface. Alternatively, simple custom
48 clients can be written in scripting languages such as Perl, Python or
49 Tcl, or more advanced clients such as GUI monitors can be written in C
50 with little difficulty.
52 Administration commands use a textual protocol. Each client command or
53 server response consists of a line of ASCII text terminated by a single
54 linefeed character. No command may be longer than 255 characters.
55 .SS "General structure"
56 Each command or response line consists of a sequence of
57 whitespace-separated words. The number and nature of whitespace
58 characters separating two words in a client command is not significant;
59 the server always uses a single space character. The first word in a
62 identifying the type of command or response contained. Keywords in
63 client commands are not case-sensitive; the server always uses uppercase
66 For simple client command, the server responds with zero or more
68 lines, followed by either an
74 provides information requested in the command. An
76 response contains no further data. A
78 code is followed by a machine-readable explanation of why the command
81 Simple command processing is strictly synchronous: the server reads a
82 command, processes it, and responds, before reading the next command.
83 All commands can be run as simple commands. Long-running commands
88 block the client until they finish, but the rest of the server continues
90 .B "Background commands"
91 to find out how to issue long-running commands without blocking.
92 .SS "Asynchronous broadcasts"
93 There are three types of asynchronous broadcast messages which aren't
94 associated with any particular command. Clients can select which
95 broadcast messages they're interested in using the
101 message contains a machine-readable message warning of an error
102 encountered while processing a command, unexpected or unusual behaviour
103 by a peer, or a possible attack by an adversary. Under normal
104 conditions, the server shouldn't emit any warnings.
108 message contains a human-readable tracing message containing diagnostic
109 information. Trace messages are controlled using the
111 command-line option to the server, or the
113 administration command (see below). Support for tracing can be disabled
114 when the package is being configured, and may not be available in your
119 message is a machine-readable notification about some routine but
120 interesting event such as creation or destruction of peers.
121 .SS "Background commands"
126 take a long time to complete. To prevent these long-running commands
127 from tying up a server connection, they can be run in the background.
128 Not all commands can be run like this: the ones that can provide a
130 option, which must be supplied with a
133 A command may fail before it starts running in the background. In this
134 case, the server emits a
136 response, as usual. To indicate that a command has started running in
137 the background, the server emits a response of the form
138 .BI "BGDETACH " tag \fR,
141 is the value passed to the
143 option. From this point on, the server is ready to process more
144 commands and reply to them.
146 Responses to background commands are indicated by a line beginning with
152 followed by the command tag. These correspond to the
157 responses for simple commands:
159 indicates information from a background command which has not completed
164 indicates that a background command succeeded or failed, respectively.
166 A background command will never issue an
170 response: it will always detach and then issue any
175 .SS "Client-provided services"
176 .\"* 25 Service-related messages
177 An administration client can provide services to other clients.
178 Services are given names and versions. A client can attempt to
180 a particular service by issuing the
182 command. This may fail, for example, if some other client already
183 provides the same or later version of the service.
185 Other clients can issue
186 .I "service commands"
189 command; the service provider is expected to handle these commands and
192 There are three important asynchronous messages which will be sent to
195 .BI "SVCCANCEL " jobid
196 The named job has been cancelled, either because the issuing client has
197 disconnected or explicitly cancelled the job using the
201 .BI "SVCCLAIM " service " " version
202 Another client has claimed a later version of the named
203 .I service. The recipient is no longer the provider of this service.
205 .BI "SVCJOB " jobid " " service " " command " " args \fR...
206 Announces the arrival of a new job. The
208 is a simple token consisting of alphanumeric characters which
210 uses to identify this job.
212 The service provider can reply to the job using the commands
217 The first of these sends an
219 response and leaves the job active; the other two send an
223 response respectively, and mark the job as being complete.
227 is a potentially long-running command, it can be run in the background.
228 This detail is hidden from service providers:
230 will issue the corresponding
232 responses when appropriate.)
233 .SS "Network addresses"
234 A network address is a sequence of words. The first is a token
235 identifying the network address family. The length of an address and
236 the meanings of the subsequent words depend on the address family.
237 Address family tokens are not case-sensitive on input; on output, they
238 are always in upper-case.
240 At present, only one address family is understood.
242 .BI "INET " address " \fR[" port \fR]
243 An Internet socket, naming an IPv4 address and UDP port. On output, the
244 address is always in numeric dotted-quad form, and the port is given as
245 a plain number. On input, DNS hostnames and symbolic port names are
246 permitted; if omitted, the default port 4070 is used. Name resolution
247 does not block the main server, but will block the requesting client,
248 unless the command is run in the background.
250 If, on input, no recognised address family token is found, the following
251 words are assumed to represent an
253 address. Addresses output by the server always have an address family
255 .SS "Key-value output"
260 produce output in the form of
262 pairs, one per word. Neither the
268 Commands which enable or disable kinds of output (e.g.,
272 work in similar ways. They take a single optional argument, which
273 consists of a string of letters selecting message types, optionally
278 to disable, the subsequently listed types.
280 If the argument is omitted, the available message types are displayed,
283 line, in a fixed-column format. Column zero contains the key letter for
284 selecting that message type; column one contains either a space or a
286 sign, if the message type is disabled or enabled respectively; and a
287 textual description of the message type begins at column 3 and continues
288 to the end of the line.
290 Lowercase key letters control individual message types. Uppercase key
291 letters control collections of message types.
293 .\"--------------------------------------------------------------------------
294 .SH "COMMAND REFERENCE"
297 The commands provided are:
299 .BI "ADD \fR[" options "\fR] " peer " " address "\fR..."
300 Adds a new peer. The peer is given the name
302 the peer's public key is assumed to be in the file
304 (or whatever alternative file was specified in the
306 option on the command line). The
308 is the network address (see above for the format) at which the peer can
309 be contacted. The following options are recognised.
313 .BI "\-background " tag
314 Run the command in the background, using the given
318 Don't send an immediate challenge to the peer; instead, wait until it
319 sends us something before responding.
321 .BI "\-keepalive " time
322 Send a no-op packet if we've not sent a packet to the peer in the last
324 interval. This is useful for persuading port-translating firewalls to
325 believe that the `connection' is still active. The
327 is expressed as a nonnegative integer followed optionally by
333 for days, hours, minutes, or seconds respectively; if no suffix is
334 given, seconds are assumed.
336 .BI "\-tunnel " tunnel
337 Use the named tunnel driver, rather than the default.
344 line reporting the IP address and port number stored for
348 Cancels the background job with the named
351 .BI "CHECKCHAL " challenge
352 Verifies a challenge as being one earlier issued by
354 and not previously either passed to
356 or in a greeting message.
359 Causes the server to disassociate itself from its terminal and become a
360 background task. This only works once. A warning is issued.
362 .BI "EPING \fR[" options "\fR] " peer
363 Sends an encrypted ping to the peer, and expects an encrypted response.
364 This checks that the peer is running (and not being impersonated), and
365 that it can encrypt and decrypt packets correctly. Options and
366 responses are the same as for the
371 Requests the server to begin a new key exchange with
376 Requests a challenge. The challenge is returned in an
378 line, as a base64-encoded string. See
381 .BI "GREET " peer " " challenge
382 Sends a greeting packet containing the
384 (base-64 encoded) to the named
386 The expectation is that this will cause the peer to recognize us and
387 begin a key-exchange.
390 Causes the server to emit an
392 line for each command it supports. Each line lists the command name,
393 followed by the names of the arguments. This may be helpful as a memory
394 aid for interactive use, or for program clients probing for features.
399 line containing the name of the network interface used to collect IP
400 packets which are to be encrypted and sent to
402 Used by configuration scripts so that they can set up routing tables
403 appropriately after adding new peers.
408 line giving the tag for each outstanding background job.
411 Causes the server to forget all about
413 All keys are destroyed, and no more packets are sent. No notification
414 is sent to the peer: if it's important that the peer be notified, you
415 must think of a way to do that yourself.
418 For each currently-known peer, an
420 line is written containing the peer's name, as given to
423 .BI "NOTIFY " tokens\fR...
426 notification to all interested administration clients.
429 Returns information about a peer, in key-value form. The following keys
434 The tunnel driver used for this peer.
437 The keepalive interval, in seconds, or zero if no keepalives are to be
441 .BI "PING \fR[" options "\fR] " peer
442 Send a transport-level ping to the peer. The ping and its response are
443 not encrypted or authenticated. This command, possibly in conjunction
444 with tracing, is useful for ensuring that UDP packets are actually
445 flowing in both directions. See also the
451 line is printed describing the outcome:
454 .BI "ping-ok " millis
455 A response was received
457 after the ping was sent.
460 No response was received within the time allowed.
463 The peer was killed (probably by another admin connection) before a
464 response was received.
467 Options recognized for this command are:
471 .BI "\-background " tag
472 Run the command in the background, using the given
475 .BI "\-timeout " time
478 seconds before giving up on a response. The default is 5 seconds. The
480 is expressed as a nonnegative integer followed optionally by
486 for days, hours, minutes, or seconds respectively; if no suffix is
487 given, seconds are assumed.
494 line containing just the number of the UDP port used by the
496 server. If you've allowed your server to allocate a port dynamically,
497 this is how to find out which one it chose.
500 Instructs the server to recheck its keyring files. The server checks
501 these periodically anyway but it may be necessary to force a recheck,
502 for example after adding a new peer key.
505 Instructs the server to exit immediately. A warning is sent.
508 Returns information about the server, in the form of key-value pairs.
509 The following keys are used.
513 A keyword naming the implementation of the
515 server. The current implementation is called
519 The server's version number, as reported by
527 if the server has or hasn't (respectively) become a daemon.
530 .BI "SETIFNAME " peer " " new-name
531 Informs the server that the
533 tunnel-interface name has been changed to
535 This is useful if firewalling decisions are made based on interface
536 names: a setup script for a particular peer can change the name, and
537 then update the server's records so that they're accurate.
539 .BI "SVCCLAIM " service " " version
540 Attempts to claim the named
544 The claim is successful if the service is currently unclaimed, or if
545 a version earlier than
547 is provided; otherwise the command fails with the error
548 .BR "service-exists" .
550 .BI "SVCENSURE " service " \fR[" version \fR]
553 is provided, and (if specified) to at least the given
555 An error is reported if these conditions are not met; otherwise the
556 command succeeds silently.
558 .BI "SVCFAIL " jobid " " tokens \fR...
563 response to the service job with the given
567 as the reason for failure. The job is closed.
569 .BI "SVCINFO " jobid " " tokens \fR...
574 response to the service job with the given
578 as the info message. The job remains open.
581 Output a line of the form
588 for each service currently provided.
596 response to the service job with the given
600 .BI "SVCQUERY " service
603 lines in key-value format, describing the named
605 The following keys are used.
612 The service's version string.
615 .BI "SVCRELEASE " service
616 Announce that the client no longer wishes to provide the named
619 .BI "SVCSUBMIT \fR[" options "\fR] " service " " command " " arguments \fR...
620 Submit a job to the provider of the given
626 The following options are accepted.
630 .BI "\-background " tag
631 Run the command in the background, using the given
634 .BI "\-version " version
635 Ensure that at least the given
637 of the service is available before submitting the job.
644 lines, each containing one or more statistics in the form
645 .IB name = value \fR.
646 The statistics-gathering is experimental and subject to change.
648 .BR "TRACE " [\fIoptions\fP]
649 Selects trace outputs: see
651 above. Message types provided are:
654 Currently, the following tracing options are supported:
657 Tunnel events: reception of packets to be encrypted, and injection of
658 successfully-decrypted packets.
661 Peer management events: creation and destruction of peer attachments,
662 and arrival of messages.
665 Administration interface: acceptance of new connections, and handling of
666 the backgroud name-resolution required by the
671 Handling of symmetric keysets: creation and expiry of keysets, and
672 encryption and decryption of messages.
675 Key exchange: reception, parsing and emission of key exchange messages.
678 Key management: loading keys and checking for file modifications.
681 Display information about challenge issuing and verification.
684 Display contents of packets sent and received by the tunnel and/or peer
688 Display inputs, outputs and intermediate results of cryptographic
689 operations. This includes plaintext and key material. Use with
701 outputs provide extra detail for other outputs. Specifying
707 isn't useful; neither is specifying
718 For each available tunnel driver, an
720 line is printed giving its name.
723 Causes the server to emit an
725 line stating its software version, as two words: the server name, and
726 its version string. The server name
728 is reserved to the Straylight/Edgeware implementation.
730 .BR "WATCH " [\fIoptions\fP]
731 Enables or disables asynchronous broadcasts
732 .IR "for the current connection only" .
735 above. The default watch state for the connection the server opens
736 automatically on stdin/stdout is to show warnings and trace messages;
737 other connections show no asynchronous broadcast messages. (This is
738 done in order to guarantee that a program reading the server's stdout
739 does not miss any warnings.)
742 Message types provided are:
760 .BI "WARN " tokens\fR...
763 warning to all interested administration clients.
765 .\"--------------------------------------------------------------------------
768 .\"* 20 Error messages (FAIL codes)
773 messages are sent to clients as a result of errors during command
781 server is already running as a daemon.
783 .BI "bad-addr-syntax " message
784 (For commands accepting socket addresses.) The address couldn't be
787 .BI "bad-syntax " cmd " " message
788 (For any command.) The command couldn't be understood: e.g., the number
789 of arguments was wrong.
791 .BI "bad-time-spec " word
794 is not a valid time interval specification. Acceptable time
795 specifications are nonnegative integers followed optionally by
801 for days, hours, minutes, or seconds, respectively.
803 .BI "bad-trace-option " char
806 An unknown trace option was requested.
808 .BI "bad-watch-option " char
811 An unknown watch option was requested.
813 .BI "daemon-error " ecode " " message
816 An error occurred during the attempt to become a daemon, as reported by
819 .BI "invalid-port " number
822 The given port number is out of range.
824 .BI "not-service-provider " service
827 The invoking client is not the current provider of the named
829 and is therefore not allowed to release it.
831 .BI "peer-create-fail " peer
836 failed for some reason. A warning should have been emitted explaining
839 .BI "peer-addr-exists " address\fR...
842 There is already a peer with the given
845 .BI "peer-exists " peer
848 There is already a peer named
851 .B "ping-send-failed"
852 The attempt to send a ping packet failed, probably due to lack of
855 .BI "resolve-error " hostname
860 could not be resolved.
862 .BI "resolver-timeout " hostname
867 took too long to resolve.
869 .BI "service-exists " service " " version
872 Another client is already providing the stated
877 .BI "service-too-old " service " " version
886 is available, which does not meet the stated requirements.
888 .BI "tag-exists " tag
889 (For long-running commands.) The named
891 is already the tag of an outstanding job.
893 .BI "unknown-command " token
898 .BI "unknown-peer " name
906 There is no peer called
909 .BI "unknown-port " port
917 .BI "unknown-service " service
926 is not recognized as the name of a client-provided service.
928 .BI "unknown-tag " tag
933 is not the tag for any outstanding background job. It may have just
936 .\"--------------------------------------------------------------------------
939 .\"* 30 Notification broadcasts (NOTE codes)
940 The following notifications are sent to clients who request them.
942 .BI "ADD " peer " " ifname " " address \fR...
943 A new peer has been added. The peer's name is
945 its tunnel is network interface
947 and its network address is
951 The server has forked off into the sunset and become a daemon.
953 .BI "GREET " challenge " " address \fR...
954 A valid greeting was received, with the given challenge (exactly as it
967 finished successfully.
972 has begun or restarted. If key exchange keeps failing, this message
973 will be repeated periodically.
975 .BI "NEWIFNAME " peer " " old-name " " new-name
978 tunnel interface name has been changed from
986 .BI "SVCCLAIM " service " " version
989 is now available, at the stated
992 .BI "SVCRELEASE " service
995 is no longer available.
997 .BI "USER " tokens\fR...
998 An administration client issued a notification using the
1002 .\"--------------------------------------------------------------------------
1005 .\"* 40 Warning broadcasts (WARN codes)
1007 There are many possible warnings. They are categorized according to
1010 Many of these warnings report system errors. These are reported as a
1011 pair of tokens, described below as
1017 is a string of the form
1021 value of the error; the
1023 is the `human-readable' form of the message, as reported by
1025 .SS "ABORT warnings"
1026 These all indicate that the
1028 server has become unable to continue. If enabled, the server will dump
1029 core in its configuration directory.
1031 .BI "ABORT repeated-select-errors"
1032 The main event loop is repeatedly failing. If the server doesn't quit,
1033 it will probably waste all available CPU doing nothing.
1034 .SS "ADMIN warnings"
1035 These indicate a problem with the administration socket interface.
1037 .BI "ADMIN accept-error " ecode " " message
1038 There was an error while attempting to accept a connection from a new
1041 .BI "ADMIN client-write-error " ecode " " message
1042 There was an error sending data to a client. The connection to the
1043 client has been closed.
1045 These indicate errors in challenges, either in the
1047 command or in greeting packets.
1049 .B "CHAL impossible-challenge"
1050 The server hasn't issued any challenges yet. Quite how anyone else
1051 thought he could make one up is hard to imagine.
1053 .B "CHAL incorrect-tag"
1054 Challenge received contained the wrong authentication data. It might be
1055 very stale, or a forgery.
1057 .B "CHAL invalid-challenge"
1058 Challenge received was the wrong length. We might have changed MAC
1059 algorithms since the challenge was issued, or it might just be rubbish.
1061 .B "CHAL replay duplicated-sequence"
1062 Challenge received was a definite replay of an old challenge. Someone's
1065 .B "CHAL replay old-sequence"
1066 Challenge received was old, but maybe not actually a replay. Try again.
1067 .SS "KEYMGMT warnings"
1068 These indicate a problem with the keyring files, or the keys stored in
1071 .BI "KEYMGMT bad-private-key " message
1072 The private key could not be read, or failed a consistency check. If
1073 there was a problem with the file, usually there will have been
1075 warnings before this.
1077 .BI "KEYMGMT bad-public-keyring " message
1078 The public keyring couldn't be read. Usually, there will have been
1080 warnings before this.
1082 .BI "KEYMGMT key-file-error " file ":" line " " message
1083 Reports a specific error with the named keyring file. This probably
1087 .BI "KEYMGMT public-key " tag " " tokens\fR...
1088 These messages all indicate a problem with the public key named
1091 .BI "KEYMGMT public-key " tag " algorithm-mismatch"
1092 The algorithms specified on the public key don't match the ones for our
1093 private key. All the peers in a network have to use the same
1096 .BI "KEYMGMT public-key " tag " bad " message
1097 The public key couldn't be read, or is invalid.
1099 .BI "KEYMGMT public-key " tag " bad-public-group-element"
1100 The public key is invalid. This may indicate a malicious attempt to
1101 introduce a bogus key.
1103 .BI "KEYMGMT public-key " tag " bad-algorithm-selection"
1104 The algorithms listed on the public key couldn't be understood. The
1105 algorithm selection attributes are probably malformed and need fixing.
1107 .BI "KEYMGMT public-key " tag " incorrect-group"
1108 The public key doesn't use the same group as our private key. All the
1109 peers in a network have to use the same group.
1111 .BI "KEYMGMT public-key " tag " not-found"
1112 The public key for peer
1114 wasn't in the public keyring.
1116 .BI "KEYMGMT public-key " tag " unknown-type"
1117 The type of the public key isn't understood. Maybe you need to upgrade
1120 (Even if you do, you'll have to regenerate your keys.)
1122 These indicate problems during key-exchange. Many indicate either a bug
1123 in the server (either yours or the remote one), or some kind of attack
1124 in progress. All name a
1126 as the second token: this is the peer the packet is apparently from,
1127 though it may have been sent by an attacker instead.
1129 In the descriptions below,
1131 is one of the tokens
1140 .BI "KX " peer " bad-expected-reply-log"
1143 uses in its protocol contain a check value which proves that the
1144 challenge is honest. This message indicates that the check value
1145 supplied is wrong: someone is attempting to use bogus challenges to
1148 server to leak private key information. No chance!
1150 .BI "KX " peer " decrypt-failed reply\fR|\fBswitch-ok"
1151 A symmetrically-encrypted portion of a key-exchange message failed to
1154 .BI "KX " peer " invalid " msgtoken
1155 A key-exchange message was malformed. This almost certainly indicates a
1158 .BI "KX " peer " incorrect cookie\fR|\fBswitch-rq\fR|\fBswitch-ok"
1159 A message didn't contain the right magic data. This may be a replay of
1160 some old exchange, or random packets being sent in an attempt to waste
1163 .BI "KX " peer " public-key-expired"
1164 The peer's public key has expired. It's maintainer should have given
1165 you a replacement before now.
1167 .BI "KX " peer " sending-cookie"
1168 We've received too many bogus pre-challenge messages. Someone is trying
1169 to flood us with key-exchange messages and make us waste CPU on doing
1170 hard asymmetric crypto sums.
1172 .BI "KX " peer " unexpected " msgtoken
1173 The message received wasn't appropriate for this stage of the key
1174 exchange process. This may mean that one of our previous packets got
1177 it may simply mean that the peer has recently restarted.
1179 .BI "KX " peer " unknown-challenge"
1180 The peer is asking for an answer to a challenge which we don't know
1181 about. This may mean that we've been inundated with challenges from
1182 some malicious source
1183 .I who can read our messages
1184 and discarded the valid one.
1186 .BI "KX " peer " unknown-message 0x" nn
1187 An unknown key-exchange message arrived.
1189 These are largely concerned with management of peers and the low-level
1190 details of the network protocol. The second word is usually the name of
1193 if none is relevant.
1195 .BI "PEER " peer " bad-packet no-type"
1196 An empty packet arrived. This is very strange.
1198 .BI "PEER " peer " bad-packet unknown-category 0x" nn
1199 The message category
1201 (in hex) isn't understood. Probably a strange random packet from
1202 somewhere; could be an unlikely bug.
1204 .BI "PEER " peer " bad-packet unknown-type 0x" nn
1207 (in hex) isn't understood. Probably a strange random packet from
1208 somewhere; could be an unlikely bug.
1210 .BI "PEER " peer " corrupt-encrypted-ping"
1211 The peer sent a ping response which matches an outstanding ping, but its
1212 payload is wrong. There's definitely a bug somewhere.
1214 .BI "PEER " peer " corrupt-transport-ping"
1215 The peer (apparently) sent a ping response which matches an outstanding
1216 ping, but its payload is wrong. Either there's a bug, or the bad guys
1217 are playing tricks on you.
1219 .BI "PEER " peer " decrypt-failed"
1220 An encrypted IP packet failed to decrypt. It may have been mangled in
1221 transit, or may be a very old packet from an expired previous session
1222 key. There is usually a considerable overlap in the validity periods of
1223 successive session keys, so this shouldn't occur unless the key exchange
1224 takes ages or fails.
1226 .BI "PEER " peer " malformed-encrypted-ping"
1227 The peer sent a ping response which is hopelessly invalid. There's
1228 definitely a bug somewhere.
1230 .BI "PEER " peer " malformed-transport-ping"
1231 The peer (apparently) sent a ping response which is hopelessly invalid.
1232 Either there's a bug, or the bad guys are playing tricks on you.
1234 .BI "PEER " peer " packet-build-failed"
1235 There wasn't enough space in our buffer to put the packet we wanted to
1236 send. Shouldn't happen.
1238 .BI "PEER \- socket-read-error " ecode " " message
1239 An error occurred trying to read an incoming packet.
1241 .BI "PEER " peer " socket-write-error " ecode " " message
1242 An error occurred attempting to send a network packet. We lost that
1245 .BI "PEER " peer " unexpected-encrypted-ping 0x" id
1246 The peer sent an encrypted ping response whose id doesn't match any
1247 outstanding ping. Maybe it was delayed for longer than the server was
1248 willing to wait, or maybe the peer has gone mad.
1250 .BI "PEER \- unexpected-source " address\fR...
1251 A packet arrived from
1253 (a network address \(en see above), but no peer is known at that
1254 address. This may indicate a misconfiguration, or simply be a result of
1255 one end of a connection being set up before the other.
1257 .BI "PEER " peer " unexpected-transport-ping 0x" id
1258 The peer (apparently) sent a transport ping response whose id doesn't
1259 match any outstanding ping. Maybe it was delayed for longer than the
1260 server was willing to wait, or maybe the peer has gone mad; or maybe
1261 there are bad people trying to confuse you.
1262 .SS "SERVER warnings"
1263 These indicate problems concerning the server process as a whole.
1265 .BI "SERVER ignore signal " name
1266 A signal arrived, but the server ignored it. Currently this happens for
1268 because that's a popular way of telling daemons to re-read their
1269 configuration files. Since
1271 re-reads its keyrings automatically and has no other configuration
1272 files, it's not relevant, but it seemed better to ignore the signal than
1275 .BI "SERVER quit signal " \fR[\fInn\fR|\fIname\fR]
1276 A signal arrived and
1280 .BI "SERVER quit admin-request"
1281 A client of the administration interface issued a
1285 .BI "SERVER quit foreground-eof"
1286 The server is running in foreground mode (the
1288 option), and encountered end-of-file on standard input.
1290 .BI "SERVER select-error " ecode " " message
1291 An error occurred in the server's main event loop. This is bad: if it
1292 happens too many times, the server will abort.
1294 These are concerned with the symmetric encryption and decryption
1297 .BI "SYMM replay old-sequence"
1298 A packet was received with an old sequence number. It may just have
1299 been delayed or duplicated, or it may have been an attempt at a replay
1302 .BI "SYMM replay duplicated-sequence"
1303 A packet was received with a sequence number we've definitely seen
1304 before. It may be an accidental duplication because the 'net is like
1305 that, or a deliberate attempt at a replay.
1307 These concern the workings of the system-specific tunnel driver. The
1308 second word is the name of the tunnel interface in question, or
1312 .BI "TUN \- bsd no-tunnel-devices"
1313 The driver couldn't find an available tunnel device. Maybe if you
1316 files, it will work.
1318 .BI "TUN \- " tun-name " open-error " device " " ecode " " message
1319 An attempt to open the tunnel device file
1323 .BI "TUN \- linux config-error " ecode " " message
1324 Configuring the Linux TUN/TAP interface failed.
1326 .BI "TUN " ifname " " tun-name " read-error " ecode " " message
1327 Reading from the tunnel device failed.
1329 .BI "TUN " ifname " slip bad-escape"
1330 The SLIP driver encountered a escaped byte it wasn't expecting to see.
1331 The erroneous packet will be ignored.
1333 .BI "TUN " ifname " slip eof"
1334 The SLIP driver encountered end-of-file on its input descriptor.
1335 Pending data is discarded, and no attempt is made to read any more data
1336 from that interface ever.
1338 .BI "TUN " ifname " slip escape-end"
1339 The SLIP driver encountered an escaped `end' marker. This probably
1340 means that someone's been sending it junk. The erroneous packet is
1341 discarded, and we hope that we've rediscovered synchronization.
1343 .BI "TUN \- slip fork-error " ecode " " message
1344 The SLIP driver encountered an error forking a child process while
1345 allocating a new dynamic interface.
1347 .BI "TUN \- slip no-slip-interfaces"
1348 The driver ran out of static SLIP interfaces. Either preallocate more,
1349 or use dynamic SLIP interface allocation.
1351 .BI "TUN " ifname " slip overflow"
1352 The SLIP driver gave up reading a packet because it got too large.
1354 .BI "TUN \- slip pipe-error " ecode " " message
1355 The SLIP driver encountered an error creating pipes while allocating a
1356 new dynamic interface.
1358 .BI "TUN \- slip read-ifname-failed " ecode " " message
1359 The SLIP driver encountered an error reading the name of a dynamically
1360 allocated interface. Maybe the allocation script is broken.
1362 .BI "TUN \- unet config-error " ecode " " message
1363 Configuring the Linux Unet interface failed. Unet is obsolete and
1364 shouldn't be used any more.
1366 .BI "TUN \- unet getinfo-error " ecode " " message
1367 Reading information about the Unet interface failed. Unet is obsolete
1368 and shouldn't be used any more.
1370 These are issued by administration clients using the
1374 .BI "USER " tokens\fR...
1375 An administration client issued a warning.
1378 .\"--------------------------------------------------------------------------
1381 .SS "Command responses"
1384 .BI "BGFAIL " tag " " tokens \fR...
1385 .BI "BGINFO " tag " " tokens \fR...
1387 .BI "FAIL " tokens \fR...
1388 .BI "INFO " tokens \fR...
1393 .\"--------------------------------------------------------------------------
1399 .IR "The Trivial IP Encryption Protocol" .
1401 .\"--------------------------------------------------------------------------
1404 Mark Wooding, <mdw@distorted.org.uk>
1406 .\"----- That's all, folks --------------------------------------------------