| … | |
… | |
| 2 | |
2 | |
| 3 | gvpe.conf - configuration file for the GNU VPE daemon |
3 | gvpe.conf - configuration file for the GNU VPE daemon |
| 4 | |
4 | |
| 5 | =head1 SYNOPSIS |
5 | =head1 SYNOPSIS |
| 6 | |
6 | |
| 7 | enable-udp = yes |
|
|
| 8 | udp-port = 407 |
7 | udp-port = 407 |
| 9 | mtu = 1492 |
8 | mtu = 1492 |
| 10 | ifname = vpn0 |
9 | ifname = vpn0 |
| 11 | |
10 | |
| 12 | node = branch1 |
11 | node = branch1 |
| … | |
… | |
| 312 | (default: C<no>). This is the best choice, since the overhead per packet |
311 | (default: C<no>). This is the best choice, since the overhead per packet |
| 313 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
312 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
| 314 | |
313 | |
| 315 | =item enable-udp = yes|true|on | no|false|off |
314 | =item enable-udp = yes|true|on | no|false|off |
| 316 | |
315 | |
| 317 | Enable the UDPv4 transport using the C<udp-port> port (default: C<yes>, |
316 | Enable the UDPv4 transport using the C<udp-port> port (default: C<no>, |
| 318 | but this will change!). This is a good general choice since UDP tunnels |
317 | unless no other protocol is enabled for a node, in which case this |
|
|
318 | protocol is enabled automatically). This is a good general choice since |
| 319 | well through many firewalls. |
319 | UDP tunnels well through many firewalls. |
| 320 | |
320 | |
| 321 | NOTE: Please specify C<enable-udp = yes> even though it is the default, as |
321 | NOTE: Please specify C<enable-udp = yes> if you want t use it even though |
| 322 | some future version will have all protocols disabled by default. |
322 | it might get switched on automatically, as some future version might |
|
|
323 | default to another default protocol. |
| 323 | |
324 | |
| 324 | =item enable-tcp = yes|true|on | no|false|off |
325 | =item enable-tcp = yes|true|on | no|false|off |
| 325 | |
326 | |
| 326 | Enable the TCPv4 transport using the C<tcp-port> port |
327 | Enable the TCPv4 transport using the C<tcp-port> port |
| 327 | (default: C<no>). Support for this horribly unsuitable protocol is only |
328 | (default: C<no>). Support for this horribly unsuitable protocol is only |
| 328 | available when gvpe was compiled using the C<--enable-tcp> option. Never |
329 | available when gvpe was compiled using the C<--enable-tcp> option. Never |
| 329 | use this transport unless you really must, it is horribly ineffiecent and |
330 | use this transport unless you really must, it is horribly ineffiecent and |
| 330 | resource-intensive compared to the other transports. |
331 | resource-intensive compared to the other transports. |
| 331 | |
332 | |
| 332 | =item router-priority = positive-number |
333 | =item router-priority = 0 | 1 | positive-number>2 |
| 333 | |
334 | |
| 334 | Sets the router priority of the given host (default: C<0>, disabled). If |
335 | Sets the router priority of the given host (default: C<0>, disabled). If |
| 335 | some host tries to connect to another host without a hostname, it asks |
336 | some host tries to connect to another host without a hostname, it asks |
| 336 | the router host for it's IP address. The router host is the one with the |
337 | the router host for it's IP address. The router host is the one with the |
| 337 | highest priority that is currently reachable. Make sure all clients always |
338 | highest priority larger than C<1> that is currently reachable. |
|
|
339 | |
|
|
340 | Make sure all hosts always connect (C<connect = always>) to the router |
| 338 | connect to the router hosts, otherwise conencting to them is impossible. |
341 | hosts, otherwise connecting to them might be impossible. |
| 339 | |
342 | |
|
|
343 | The special value C<1> allows other hosts to route through the router |
|
|
344 | host, but they will never route through it by default. The value C<0> |
|
|
345 | disables routing. The idea behind this is that some hosts can, if |
|
|
346 | required, bump the C<router-priority> setting to higher than C<1> in their |
|
|
347 | local config to route through specific hosts. If C<router-priority> is |
|
|
348 | C<0>, then routing will be refused, so C<1> serves as a "enable, but do |
|
|
349 | not use by default" switch. |
|
|
350 | |
| 340 | =item connect = ondemand|never|always|disabled |
351 | =item connect = ondemand | never | always | disabled |
| 341 | |
352 | |
| 342 | Sets the connect mode (default: C<always>). It can be C<always> (always |
353 | Sets the connect mode (default: C<always>). It can be C<always> (always |
| 343 | try to establish and keep a conenction to the given host), C<never> |
354 | try to establish and keep a connection to the given host), C<never> |
| 344 | (nevr initiate a connection to the given host, but accept connections), |
355 | (never initiate a connection to the given host, but accept connections), |
| 345 | C<ondemand> (try to establish a connection on the first packet sent, and |
356 | C<ondemand> (try to establish a connection on the first packet sent, and |
| 346 | take it down after the keepalive interval) or C<disabled> (node is bad, |
357 | take it down after the keepalive interval) or C<disabled> (node is bad, |
| 347 | don't talk to it). |
358 | don't talk to it). |
| 348 | |
359 | |
| 349 | =item inherit-tos = yes|true|on | no|false|off |
360 | =item inherit-tos = yes|true|on | no|false|off |
| … | |
… | |
| 374 | |
385 | |
| 375 | The default (or recommended) directory layout for the config directory is: |
386 | The default (or recommended) directory layout for the config directory is: |
| 376 | |
387 | |
| 377 | =over 4 |
388 | =over 4 |
| 378 | |
389 | |
| 379 | =item gvpe.conf |
390 | =item X<gvpe.conf> |
| 380 | |
391 | |
| 381 | The config file. |
392 | The config file. |
| 382 | |
393 | |
| 383 | =item if-up |
394 | =item X<if-up> |
| 384 | |
395 | |
| 385 | The if-up script |
396 | The if-up script |
| 386 | |
397 | |
| 387 | =item node-up, node-down |
398 | =item X<node-up>, X<node-down> |
| 388 | |
399 | |
| 389 | If used the node up or node-down scripts. |
400 | If used the node up or node-down scripts. |
| 390 | |
401 | |
| 391 | =item hostkey |
402 | =item X<hostkey> |
| 392 | |
403 | |
| 393 | The private key (taken from C<hostkeys/nodename>) of the current host. |
404 | The private key (taken from C<hostkeys/nodename>) of the current host. |
| 394 | |
405 | |
| 395 | =item pubkey/nodename |
406 | =item X<pubkey/nodename> |
| 396 | |
407 | |
| 397 | The public keys of the other nodes, one file per node. |
408 | The public keys of the other nodes, one file per node. |
| 398 | |
409 | |
| 399 | =back |
410 | =back |
| 400 | |
411 | |
