doc/complex-example/gvpe.conf

# sample configfile
# the config file must be exactly(!) the same on all nodes

rekey = 54321           # the rekeying interval
keepalive = 300         # the keepalive interval
on ruth keepalive = 120 # ruth is important and demands lower keepalives
on surfer keepalive = 40
mtu = 1492              # the mtu (minimum mtu of attached host)
ifname = vpn0           # the tunnel interface name to use
ifpersist = no          # the tun device should be persistent
inherit-tos = yes       # should tunnel packets inherit tos flags?
compress = yes          # wether compression should be used (NYI)
connect = ondemand      # connect to this host always/never or ondemand
router-priority = 1     # route for everybody - if necessary

loglevel = notice       # info logs connects, notice only important messages
on mobil loglevel = info
on doom loglevel = info
on ruth loglevel = info

udp-port = 407          # the udp port to use for sending/receiving packets
tcp-port = 443          # the tcp port to listen for connections (we use https over proxy)
ip-proto = 50           # (ab)use the ipsec protocol as rawip
icmp-type = 0           # (ab)use echo replies for tunneling
enable-udp = yes        # udp is spoken almost everywhere
enable-tcp = no         # tcp is not spoken everywhere
enable-rawip = no       # rawip is not spoken everywhere
enable-icmp = no        # most hosts don't bother to icmp

# every "node =" introduces a new node in the network
# the options following it don't set defaults but are
# node-specific.

# marc@lap
node = mobil

# marc@home
node = doom
enable-rawip = yes
enable-tcp = yes

# marc@uni
node = ruth
enable-rawip = yes
enable-tcp = yes
enable-icmp = yes
hostname = 200.100.162.95
connect = always
router-priority = 30
on ruth node-up = node-up
on ruth node-down = node-up

# marc@mu
node = frank
enable-rawip = yes
hostname = 44.88.167.250
router-priority = 20
connect = always

# nethype
node = rain
enable-rawip = yes
hostname = 145.253.105.130
router-priority = 10
connect = always

# marco@home
node = marco
enable-rawip = yes

# stefan@ka
node = wappla
connect = never

# stefan@lap
node = stefan
udp-port = 408
connect = never

# paul@wg
node = n8geil
on ruth enable-icmp = yes
on n8geil enable-icmp = yes
enable-udp = no

# paul@lap
node = syrr

# paul@lu
node = donomos

# marco@hn
node = core

# elmex@home
node = elmex
enable-rawip = yes
hostname = 100.251.143.181

# stefan@kwc.at
node = fwkw
connect = never
on stefan connect = always
on wappla connect = always
hostname = 182.73.81.146

# elmex@home
node = jungfrau
enable-rawip = yes

# uni main router
node = surfer
enable-rawip = yes
enable-tcp = no
enable-icmp = yes
hostname = 200.100.162.79
connect = always
router-priority = 40

# jkneer@marvin
node = marvin
enable-rawip = yes
enable-udp = no

# jkneer@entrophy
node = entrophy
enable-udp = no
enable-tcp = yes

# mr. primitive
node = voyager
enable-udp = no
enable-tcp = no
on voyager enable-tcp = yes
on voyager enable-udp = yes

# v-server (barbados.dn-systems.de)
#node = vserver
#enable-udp = yes
#hostname = 193.108.181.74

Revision:	1.1
Committed:	Fri Jun 11 15:56:29 2004 UTC (21 years, 9 months ago) by pcg
Branch:	MAIN
CVS Tags:	rel-1_9, rel-1_8, rel-2_01, rel-3_0, rel-2_2, rel-2_0, rel-1_7, rel-2_21, rel-2_22, rel-2_25, HEAD
Log Message:	* empty log message *
#	Content
1	# sample configfile
2	# the config file must be exactly(!) the same on all nodes
3
4	rekey = 54321 # the rekeying interval
5	keepalive = 300 # the keepalive interval
6	on ruth keepalive = 120 # ruth is important and demands lower keepalives
7	on surfer keepalive = 40
8	mtu = 1492 # the mtu (minimum mtu of attached host)
9	ifname = vpn0 # the tunnel interface name to use
10	ifpersist = no # the tun device should be persistent
11	inherit-tos = yes # should tunnel packets inherit tos flags?
12	compress = yes # wether compression should be used (NYI)
13	connect = ondemand # connect to this host always/never or ondemand
14	router-priority = 1 # route for everybody - if necessary
15
16	loglevel = notice # info logs connects, notice only important messages
17	on mobil loglevel = info
18	on doom loglevel = info
19	on ruth loglevel = info
20
21	udp-port = 407 # the udp port to use for sending/receiving packets
22	tcp-port = 443 # the tcp port to listen for connections (we use https over proxy)
23	ip-proto = 50 # (ab)use the ipsec protocol as rawip
24	icmp-type = 0 # (ab)use echo replies for tunneling
25	enable-udp = yes # udp is spoken almost everywhere
26	enable-tcp = no # tcp is not spoken everywhere
27	enable-rawip = no # rawip is not spoken everywhere
28	enable-icmp = no # most hosts don't bother to icmp
29
30	# every "node =" introduces a new node in the network
31	# the options following it don't set defaults but are
32	# node-specific.
33
34	# marc@lap
35	node = mobil
36
37	# marc@home
38	node = doom
39	enable-rawip = yes
40	enable-tcp = yes
41
42	# marc@uni
43	node = ruth
44	enable-rawip = yes
45	enable-tcp = yes
46	enable-icmp = yes
47	hostname = 200.100.162.95
48	connect = always
49	router-priority = 30
50	on ruth node-up = node-up
51	on ruth node-down = node-up
52
53	# marc@mu
54	node = frank
55	enable-rawip = yes
56	hostname = 44.88.167.250
57	router-priority = 20
58	connect = always
59
60	# nethype
61	node = rain
62	enable-rawip = yes
63	hostname = 145.253.105.130
64	router-priority = 10
65	connect = always
66
67	# marco@home
68	node = marco
69	enable-rawip = yes
70
71	# stefan@ka
72	node = wappla
73	connect = never
74
75	# stefan@lap
76	node = stefan
77	udp-port = 408
78	connect = never
79
80	# paul@wg
81	node = n8geil
82	on ruth enable-icmp = yes
83	on n8geil enable-icmp = yes
84	enable-udp = no
85
86	# paul@lap
87	node = syrr
88
89	# paul@lu
90	node = donomos
91
92	# marco@hn
93	node = core
94
95	# elmex@home
96	node = elmex
97	enable-rawip = yes
98	hostname = 100.251.143.181
99
100	# stefan@kwc.at
101	node = fwkw
102	connect = never
103	on stefan connect = always
104	on wappla connect = always
105	hostname = 182.73.81.146
106
107	# elmex@home
108	node = jungfrau
109	enable-rawip = yes
110
111	# uni main router
112	node = surfer
113	enable-rawip = yes
114	enable-tcp = no
115	enable-icmp = yes
116	hostname = 200.100.162.79
117	connect = always
118	router-priority = 40
119
120	# jkneer@marvin
121	node = marvin
122	enable-rawip = yes
123	enable-udp = no
124
125	# jkneer@entrophy
126	node = entrophy
127	enable-udp = no
128	enable-tcp = yes
129
130	# mr. primitive
131	node = voyager
132	enable-udp = no
133	enable-tcp = no
134	on voyager enable-tcp = yes
135	on voyager enable-udp = yes
136
137	# v-server (barbados.dn-systems.de)
138	#node = vserver
139	#enable-udp = yes
140	#hostname = 193.108.181.74
141