Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  SRATUNNEL (1)


sratunnel - SIE Remote Access (SRA) Tunnel


Environment Variables
See Also


[-VdOR] [-C count] [-r rate-limit] [-E ciphers] [-S certs] [-A interval]
[-P pidfile] -s SRA-server -c channel -w watch -o out-addr


Sratunnel transfers selected Security Information Exchange (SIE) data from remote servers to the local network. The connection to the server is created and restored after problems with binary exponential delays between retries.

Sratunnel is a programming example for using the Advanced Exchange Access (AXA) applications programming interface, the AXA protocol. It also demonstrates the use of the AXA helper library, libaxa.a.


The following arguments are available:
-V displays the version of sratunnel and its preferred version of the AXA protocol.
-d enable debugging reports or increase them after the first -d .
-t enable tracing reports on the server or increase them after the first -t .
-O enable a spinning bar output indicator on stdout.
-R switches from SRA to RAD mode. In SRA mode, -a is not allowed and -c is required. In RAD mode, -a is required and -c is not allowed.
-C count
  stops sratunnel after count SIE messages and raw IP packets.
-r rate-limit
  tells the server to send at most rate-limit SIE messages and raw IP packets per second.
-E ciphers
  specifies a list ciphers for TLS connections.
-S certs
  overrides the default directory containing SSL certificates and keys. Its default is /usr/local/etc/axa/certs.
-A interval
  specifies the accounting interval. Every interval seconds an accounting request will be made to server and the results will be emitted to stdout. When specifying this mode, you also need to specify -d at the command line.
-P pidfile
  will result in the current PID being written to pidfile. The file will be deleted upon program exit.
-s server
  specifies the server that is the source of the SIE data. The server can be specified with any of the following:
Sm off ssh:[user@host Sm on]
  The server will be contacted using the ssh protocol. These connections usually use default ssh ssh_config(1) files to specify the required public keys and optionally the fully qualified host name and user names associated with the public key. Use -dddd to diagnose ssh connection problems.
Sm off tcp: user@ host,port Sm on
  The connection will be made with the host name or IP address and port number using clear text over TCP/IP.
Sm off unix: user@ /ud/socket Sm on
  This connection uses a UNIX domain socket connected to a local server.
  Use the TLS protocol with the certificate in the cert file and the private key in the key file. If not absolute, the files are in the -S certs directory.
-c channel
  There must be at least one -c argument naming an SIE channel that server will watch for interesting nmsg messages or IP packets.

Channels are specified as chXX or all

-w watch
  There must be at least one -w with an SRA or RAD watch to specify the interesting SIE messages or dark channel IP packets.

.Sm off ip= IP [/ n]
.Sm on
  The IPv4 or IPv6 address IP specifies a host address unless a prefix length is specified.

.Sm off dns= [*.] dom
.Sm on
  watches for the domain anywhere in the IP packets or SIE messages on the channels selected with -c . A wild card watches for occurrences of the domain and all sub-domains.

Sm off ch=ch N Sm on
  selects SIE messages or IP packets on the specified channel number or all channels.

  selects SIE messages or IP packets that could not be decoded.

With -R and so in RAD mode, channel and error watches are not permitted. In addition, (shared) can be appended to IP and dns watches to indicate addresses or domains that are not used exclusively.
-o out-addr
  specifies the destination of the SIE data. It can be forwarded as nmsg messages to a UDP or TCP port or as raw IP packets to a file, FIFO, or network interface.

.Sm off nmsg: [tcp:|udp:] host,port
.Sm on
  sends nmsg messages to the tcp or udp host name and port number host,port. UDP is the default. IP packets are converted to nmsg messages.

.Sm off nmsg:file: path
.Sm on
  sends nmsg messages to the file. IP packets are converted to nmsg messages.

.Sm off pcap [-fifo]: file
.Sm on
  sends IP packets to a file or FIFO for examination with tcpdump(1) or another packet tracing tool. An ordinary file is the default. Only IP packets but not nmsg messages are sent.

.Sm off pcap-if: [dst /] ifname
.Sm on
  transmits IP packets on the network interface named ifname for examination with tcpdump(1) or another packet tracing tool. dst optionally specifies a destination 48-bit Ethernet address other than all 0:0:0:0:0:0 default. This output usually requires that sratunnel be run by root. Only IP packets but not nmsg messages are sent.


The following sends all new domain reports on channel 212 seen by the SRA server at to the local UDP port 8000 on
sratunnel -s -o nmsg:127.1,8000 \
        -c ch212 -w ch=ch212

Beware of specifying more data than will fit in the TCP/IP connections between the server and sratunnel. The following is likely to be only a network stress test:

sratunnel -s -o nmsg:127.1,8000 \
        -c all -w ip=128.0/1  -w ip=0/1


certs is the directory set with -S that contains TLS certificate and key files.
  is the ssh_config(5) configuration file used with connect ssh:... connections. "Host" stanzas in the file can simplify connections to servers.


If set, AXACONF specifies the AXA configuration directory instead of the default, ~/.axa or /usr/local/etc/axa.


radtunnel(1), sratool(1), radtool(1), mkfifo(1), and nmsgtool(1).
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.