| … | |
… | |
| 322 | take it down after the keepalive interval) or C<disabled> (node is bad, |
322 | take it down after the keepalive interval) or C<disabled> (node is bad, |
| 323 | don't talk to it). |
323 | don't talk to it). |
| 324 | |
324 | |
| 325 | =item dns-domain = domain-suffix |
325 | =item dns-domain = domain-suffix |
| 326 | |
326 | |
| 327 | The DNS domain suffix that points to the DNS tunnel server. Needs to be |
327 | The DNS domain suffix that points to the DNS tunnel server for this node. |
| 328 | set on both client and server. |
|
|
| 329 | |
328 | |
| 330 | The domain must point to a NS record that points to the I<dns-hostname>, |
329 | The domain must point to a NS record that points to the I<dns-hostname>, |
| 331 | i.e. |
330 | i.e. |
| 332 | |
331 | |
| 333 | dns-domainname = tunnel.example.net |
332 | dns-domainname = tunnel.example.net |
| … | |
… | |
| 344 | but for the DNS tunnel protocol only. Default: C<0.0.0.0>, but that might |
343 | but for the DNS tunnel protocol only. Default: C<0.0.0.0>, but that might |
| 345 | change. |
344 | change. |
| 346 | |
345 | |
| 347 | =item dns-port = port-number |
346 | =item dns-port = port-number |
| 348 | |
347 | |
| 349 | The port to bind the DNS tunnel socket to. Must be C<0> on all DNS tunnel |
348 | The port to bind the DNS tunnel socket to. Must be C<53> on DNS tunnel servers. |
| 350 | clients and C<53> on the server. |
349 | |
|
|
350 | =item enable-dns = yes|true|on | no|false|off |
|
|
351 | |
|
|
352 | Enable the DNS tunneling protocol on this node, either as server or as |
|
|
353 | client (only available when gvpe was compiled with C<--enable-dns>). |
|
|
354 | |
|
|
355 | B<WARNING:> Parsing and generating DNS packets is rather tricky. The code |
|
|
356 | almost certainly contains buffer overflows and other, likely exploitable, |
|
|
357 | bugs. You have been warned. |
|
|
358 | |
|
|
359 | This is the worst choice of transport protocol with respect to overhead |
|
|
360 | (overhead can be 2-3 times higher than the transferred data), and probably |
|
|
361 | the best choice when tunneling through firewalls. |
| 351 | |
362 | |
| 352 | =item enable-rawip = yes|true|on | no|false|off |
363 | =item enable-rawip = yes|true|on | no|false|off |
| 353 | |
364 | |
| 354 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
365 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
| 355 | (default: C<no>). This is the best choice, since the overhead per packet |
366 | (default: C<no>). This is the best choice, since the minimum overhead per |
| 356 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
367 | packet is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
| 357 | |
368 | |
| 358 | =item enable-tcp = yes|true|on | no|false|off |
369 | =item enable-tcp = yes|true|on | no|false|off |
| 359 | |
370 | |
| 360 | Enable the TCPv4 transport using the C<tcp-port> port |
371 | Enable the TCPv4 transport using the C<tcp-port> port |
| 361 | (default: C<no>). Support for this horribly unsuitable protocol is only |
372 | (default: C<no>). Support for this horribly unsuitable protocol is only |
| 362 | available when gvpe was compiled using the C<--enable-tcp> option. Never |
373 | available when gvpe was compiled using the C<--enable-tcp> option. Never |
| 363 | use this transport unless you really must, it is horribly ineffiecent and |
374 | use this transport unless you really must, it is very inefficient and |
| 364 | resource-intensive compared to the other transports. |
375 | resource-intensive compared to the other transports (except for DNS, which |
|
|
376 | is worse). |
| 365 | |
377 | |
| 366 | =item enable-udp = yes|true|on | no|false|off |
378 | =item enable-udp = yes|true|on | no|false|off |
| 367 | |
379 | |
| 368 | Enable the UDPv4 transport using the C<udp-port> port (default: C<no>, |
380 | Enable the UDPv4 transport using the C<udp-port> port (default: C<no>, |
| 369 | unless no other protocol is enabled for a node, in which case this |
381 | unless no other protocol is enabled for a node, in which case this |
| … | |
… | |
| 381 | outgoing tunnel packets will have the same TOS setting as the packets sent |
393 | outgoing tunnel packets will have the same TOS setting as the packets sent |
| 382 | to the tunnel device, which is usually what you want. |
394 | to the tunnel device, which is usually what you want. |
| 383 | |
395 | |
| 384 | =item max-retry = positive-number |
396 | =item max-retry = positive-number |
| 385 | |
397 | |
| 386 | The maximum interval in seconds (default: C<28800>, 8 hours) between |
398 | The maximum interval in seconds (default: C<3600>, one hour) between |
| 387 | retries to establish a connection to this node. When a connection cannot |
399 | retries to establish a connection to this node. When a connection cannot |
| 388 | be established, gvpe uses exponential backoff capped at this value. It's |
400 | be established, gvpe uses exponential backoff capped at this value. It's |
| 389 | sometimes useful to set this to a much lower value (e.g. C<120>) on |
401 | sometimes useful to set this to a much lower value (e.g. C<120>) on |
| 390 | connections to routers that usually are stable but sometimes are down, to |
402 | connections to routers that usually are stable but sometimes are down, to |
| 391 | assure quick reconnections. |
403 | assure quick reconnections even after longer downtimes. |
| 392 | |
404 | |
| 393 | =item router-priority = 0 | 1 | positive-number>2 |
405 | =item router-priority = 0 | 1 | positive-number>=2 |
| 394 | |
406 | |
| 395 | Sets the router priority of the given host (default: C<0>, disabled). If |
407 | Sets the router priority of the given host (default: C<0>, disabled). If |
| 396 | some host tries to connect to another host without a hostname, it asks |
408 | some host tries to connect to another host without a hostname, it asks |
| 397 | the router host for it's IP address. The router host is the one with the |
409 | the router host for it's IP address. The router host is the one with the |
| 398 | highest priority larger than C<1> that is currently reachable. |
410 | highest priority larger than C<1> that is currently reachable. |
