doc/complex-example/gvpe.conf

# sample configfile
# the config file must be exactly(!) the same on all nodes

rekey = 54321           # the rekeying interval
keepalive = 300         # the keepalive interval
on ruth keepalive = 120 # ruth is important and demands lower keepalives
on surfer keepalive = 40
mtu = 1492              # the mtu (minimum mtu of attached host)
ifname = vpn0           # the tunnel interface name to use
ifpersist = no          # the tun device should be persistent
inherit-tos = yes       # should tunnel packets inherit tos flags?
compress = yes          # wether compression should be used (NYI)
connect = ondemand      # connect to this host always/never or ondemand
router-priority = 1     # route for everybody - if necessary

loglevel = notice       # info logs connects, notice only important messages
on mobil loglevel = info
on doom loglevel = info
on ruth loglevel = info

udp-port = 407          # the udp port to use for sending/receiving packets
tcp-port = 443          # the tcp port to listen for connections (we use https over proxy)
ip-proto = 50           # (ab)use the ipsec protocol as rawip
icmp-type = 0           # (ab)use echo replies for tunneling
enable-udp = yes        # udp is spoken almost everywhere
enable-tcp = no         # tcp is not spoken everywhere
enable-rawip = no       # rawip is not spoken everywhere
enable-icmp = no        # most hosts don't bother to icmp

# every "node =" introduces a new node in the network
# the options following it don't set defaults but are
# node-specific.

# marc@lap
node = mobil

# marc@home
node = doom
enable-rawip = yes
enable-tcp = yes

# marc@uni
node = ruth
enable-rawip = yes
enable-tcp = yes
enable-icmp = yes
hostname = 200.100.162.95
connect = always
router-priority = 30
on ruth node-up = node-up
on ruth node-down = node-up

# marc@mu
node = frank
enable-rawip = yes
hostname = 44.88.167.250
router-priority = 20
connect = always

# nethype
node = rain
enable-rawip = yes
hostname = 145.253.105.130
router-priority = 10
connect = always

# marco@home
node = marco
enable-rawip = yes

# stefan@ka
node = wappla
connect = never

# stefan@lap
node = stefan
udp-port = 408
connect = never

# paul@wg
node = n8geil
on ruth enable-icmp = yes
on n8geil enable-icmp = yes
enable-udp = no

# paul@lap
node = syrr

# paul@lu
node = donomos

# marco@hn
node = core

# elmex@home
node = elmex
enable-rawip = yes
hostname = 100.251.143.181

# stefan@kwc.at
node = fwkw
connect = never
on stefan connect = always
on wappla connect = always
hostname = 182.73.81.146

# elmex@home
node = jungfrau
enable-rawip = yes

# uni main router
node = surfer
enable-rawip = yes
enable-tcp = no
enable-icmp = yes
hostname = 200.100.162.79
connect = always
router-priority = 40

# jkneer@marvin
node = marvin
enable-rawip = yes
enable-udp = no

# jkneer@entrophy
node = entrophy
enable-udp = no
enable-tcp = yes

# mr. primitive
node = voyager
enable-udp = no
enable-tcp = no
on voyager enable-tcp = yes
on voyager enable-udp = yes

# v-server (barbados.dn-systems.de)
#node = vserver
#enable-udp = yes
#hostname = 193.108.181.74

Revision:	1.1
Committed:	Fri Jun 11 15:56:29 2004 UTC (21 years, 11 months ago) by pcg
Branch:	MAIN
CVS Tags:	rel-1_9, rel-1_8, rel-2_01, rel-3_0, rel-2_2, rel-2_0, rel-1_7, rel-2_21, rel-2_22, rel-2_25, HEAD
Log Message:	* empty log message *
#	User	Rev	Content
1	pcg	1.1	# sample configfile
2			# the config file must be exactly(!) the same on all nodes
3
4			rekey = 54321 # the rekeying interval
5			keepalive = 300 # the keepalive interval
6			on ruth keepalive = 120 # ruth is important and demands lower keepalives
7			on surfer keepalive = 40
8			mtu = 1492 # the mtu (minimum mtu of attached host)
9			ifname = vpn0 # the tunnel interface name to use
10			ifpersist = no # the tun device should be persistent
11			inherit-tos = yes # should tunnel packets inherit tos flags?
12			compress = yes # wether compression should be used (NYI)
13			connect = ondemand # connect to this host always/never or ondemand
14			router-priority = 1 # route for everybody - if necessary
15
16			loglevel = notice # info logs connects, notice only important messages
17			on mobil loglevel = info
18			on doom loglevel = info
19			on ruth loglevel = info
20
21			udp-port = 407 # the udp port to use for sending/receiving packets
22			tcp-port = 443 # the tcp port to listen for connections (we use https over proxy)
23			ip-proto = 50 # (ab)use the ipsec protocol as rawip
24			icmp-type = 0 # (ab)use echo replies for tunneling
25			enable-udp = yes # udp is spoken almost everywhere
26			enable-tcp = no # tcp is not spoken everywhere
27			enable-rawip = no # rawip is not spoken everywhere
28			enable-icmp = no # most hosts don't bother to icmp
29
30			# every "node =" introduces a new node in the network
31			# the options following it don't set defaults but are
32			# node-specific.
33
34			# marc@lap
35			node = mobil
36
37			# marc@home
38			node = doom
39			enable-rawip = yes
40			enable-tcp = yes
41
42			# marc@uni
43			node = ruth
44			enable-rawip = yes
45			enable-tcp = yes
46			enable-icmp = yes
47			hostname = 200.100.162.95
48			connect = always
49			router-priority = 30
50			on ruth node-up = node-up
51			on ruth node-down = node-up
52
53			# marc@mu
54			node = frank
55			enable-rawip = yes
56			hostname = 44.88.167.250
57			router-priority = 20
58			connect = always
59
60			# nethype
61			node = rain
62			enable-rawip = yes
63			hostname = 145.253.105.130
64			router-priority = 10
65			connect = always
66
67			# marco@home
68			node = marco
69			enable-rawip = yes
70
71			# stefan@ka
72			node = wappla
73			connect = never
74
75			# stefan@lap
76			node = stefan
77			udp-port = 408
78			connect = never
79
80			# paul@wg
81			node = n8geil
82			on ruth enable-icmp = yes
83			on n8geil enable-icmp = yes
84			enable-udp = no
85
86			# paul@lap
87			node = syrr
88
89			# paul@lu
90			node = donomos
91
92			# marco@hn
93			node = core
94
95			# elmex@home
96			node = elmex
97			enable-rawip = yes
98			hostname = 100.251.143.181
99
100			# stefan@kwc.at
101			node = fwkw
102			connect = never
103			on stefan connect = always
104			on wappla connect = always
105			hostname = 182.73.81.146
106
107			# elmex@home
108			node = jungfrau
109			enable-rawip = yes
110
111			# uni main router
112			node = surfer
113			enable-rawip = yes
114			enable-tcp = no
115			enable-icmp = yes
116			hostname = 200.100.162.79
117			connect = always
118			router-priority = 40
119
120			# jkneer@marvin
121			node = marvin
122			enable-rawip = yes
123			enable-udp = no
124
125			# jkneer@entrophy
126			node = entrophy
127			enable-udp = no
128			enable-tcp = yes
129
130			# mr. primitive
131			node = voyager
132			enable-udp = no
133			enable-tcp = no
134			on voyager enable-tcp = yes
135			on voyager enable-udp = yes
136
137			# v-server (barbados.dn-systems.de)
138			#node = vserver
139			#enable-udp = yes
140			#hostname = 193.108.181.74
141