# sample configfile
# the config file must be exactly(!) the same on all nodes

rekey = 54321		# the rekeying interval
keepalive = 300		# the keepalive interval
on ruth keepalive = 120	# ruth is important and demands lower keepalives
on surfer keepalive = 40
mtu = 1492		# the mtu (minimum mtu of attached host)
ifname = vpn0		# the tunnel interface name to use
ifpersist = no		# the tun device should be persistent
inherit-tos = yes	# should tunnel packets inherit tos flags?
compress = yes		# wether compression should be used (NYI)
connect = ondemand	# connect to this host always/never or ondemand
router-priority = 1	# route for everybody - if necessary

loglevel = notice	# info logs connects, notice only important messages
on mobil loglevel = info
on doom loglevel = info
on ruth loglevel = info

udp-port = 407		# the udp port to use for sending/receiving packets
tcp-port = 443		# the tcp port to listen for connections (we use https over proxy)
ip-proto = 50		# (ab)use the ipsec protocol as rawip
icmp-type = 0		# (ab)use echo replies for tunneling
enable-udp = yes	# udp is spoken almost everywhere
enable-tcp = no		# tcp is not spoken everywhere
enable-rawip = no	# rawip is not spoken everywhere
enable-icmp = no	# most hosts don't bother to icmp

# every "node =" introduces a new node in the network
# the options following it don't set defaults but are
# node-specific.

# marc@lap
node = mobil

# marc@home
node = doom
enable-rawip = yes
enable-tcp = yes

# marc@uni
node = ruth
enable-rawip = yes
enable-tcp = yes
enable-icmp = yes
hostname = 200.100.162.95
connect = always
router-priority = 30
on ruth node-up = node-up
on ruth node-down = node-up

# marc@mu
node = frank
enable-rawip = yes
hostname = 44.88.167.250
router-priority = 20
connect = always

# nethype
node = rain
enable-rawip = yes
hostname = 145.253.105.130
router-priority = 10
connect = always

# marco@home
node = marco
enable-rawip = yes

# stefan@ka
node = wappla
connect = never

# stefan@lap
node = stefan
udp-port = 408
connect = never

# paul@wg
node = n8geil
on ruth enable-icmp = yes
on n8geil enable-icmp = yes
enable-udp = no

# paul@lap
node = syrr

# paul@lu
node = donomos

# marco@hn
node = core

# elmex@home
node = elmex
enable-rawip = yes
hostname = 100.251.143.181

# stefan@kwc.at
node = fwkw
connect = never
on stefan connect = always
on wappla connect = always
hostname = 182.73.81.146

# elmex@home
node = jungfrau
enable-rawip = yes

# uni main router
node = surfer
enable-rawip = yes
enable-tcp = no
enable-icmp = yes
hostname = 200.100.162.79
connect = always
router-priority = 40

# jkneer@marvin
node = marvin
enable-rawip = yes
enable-udp = no

# jkneer@entrophy
node = entrophy
enable-udp = no
enable-tcp = yes

# mr. primitive
node = voyager
enable-udp = no
enable-tcp = no
on voyager enable-tcp = yes
on voyager enable-udp = yes

# v-server (barbados.dn-systems.de)
#node = vserver
#enable-udp = yes
#hostname = 193.108.181.74