ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/doc/gvpe.conf.5.pod
(Generate patch)

Comparing gvpe/doc/gvpe.conf.5.pod (file contents):
Revision 1.12 by pcg, Wed Mar 23 17:03:58 2005 UTC vs.
Revision 1.17 by pcg, Wed Nov 22 22:55:15 2006 UTC

21=head1 DESCRIPTION 21=head1 DESCRIPTION
22 22
23The gvpe config file consists of a series of lines that contain C<variable 23The gvpe config file consists of a series of lines that contain C<variable
24= value> pairs. Empty lines are ignored. Comments start with a C<#> and 24= value> pairs. Empty lines are ignored. Comments start with a C<#> and
25extend to the end of the line. They can be used on their own lines, or 25extend to the end of the line. They can be used on their own lines, or
26after any directives. Spaces are allowed before or after the C<=> sign or 26after any directives. Whitespace is allowed around the C<=> sign or after
27after values, but not within the variable names or values themselves. 27values, but not within the variable names or values themselves.
28 28
29The only exception to the above is the "on" directive that can prefix any 29The only exception to the above is the "on" directive that can prefix any
30C<name = value> setting and will only "execute" it on the named node, or 30C<name = value> setting and will only "execute" it on the named node, or
31(if the nodename starts with "!") on all nodes except the named one. 31(if the nodename starts with "!") on all nodes except the named one.
32 32
116get request timeouts. The default of C<8> means that the DNS transport 116get request timeouts. The default of C<8> means that the DNS transport
117will resend the request when no reply has been received for longer than 117will resend the request when no reply has been received for longer than
118eight times the minimum (= expected) latency, assuming the request or 118eight times the minimum (= expected) latency, assuming the request or
119reply has been lost. 119reply has been lost.
120 120
121For congested links a higher value might be necessary (e.g. C<30>). If the 121For congested links a higher value might be necessary (e.g. C<30>). If
122link is very stable lower values (e.g. C<2>) might work nicely. Values 122the link is very stable lower values (e.g. C<2>) might work
123near or below C<1> makes no sense whatsoever. 123nicely. Values near or below C<1> makes no sense whatsoever.
124 124
125The default should be working ok for most links. 125The default should be working ok for most links but will result in low
126throughput if packet loss is high.
126 127
127=item if-up = relative-or-absolute-path 128=item if-up = relative-or-absolute-path
128 129
129Sets the path of a script that should be called immediately after the 130Sets the path of a script that should be called immediately after the
130network interface is initialized (but not neccessarily up). The following 131network interface is initialized (but not neccessarily up). The following
131environment variables are passed to it (the values are just examples): 132environment variables are passed to it (the values are just examples).
133
134Variables that have the same value on all nodes:
132 135
133=over 4 136=over 4
134 137
135=item CONFBASE=/etc/gvpe 138=item CONFBASE=/etc/gvpe
136 139
137The configuration base directory. 140The configuration base directory.
138 141
139=item IFNAME=vpn0 142=item IFNAME=vpn0
140 143
141The interface to initialize. 144The network interface to initialize.
145
146=item IFTYPE=native # or tincd
147
148=item IFSUBTYPE=linux # or freebsd, darwin etc..
149
150The interface type (C<native> or C<tincd>) and the subtype (usually the
151OS name in lowercase) that this GVPE was configured for. Can be used to
152select the correct syntax to use for network-related commands.
142 153
143=item MTU=1436 154=item MTU=1436
144 155
145The MTU to set the interface to. You can use lower values (if done 156The MTU to set the interface to. You can use lower values (if done
146consistently on all hosts), but this is usually ineffective. 157consistently on all hosts), but this is usually ineffective.
147 158
159=item NODES=5
160
161The number of nodes in this GVPE network.
162
163=back
164
165Variables that are node-specific and with values pertaining to the node
166running this GVPE:
167
168=over 4
169
170=item IFUPDATA=string
171
172The value of the configuration directive C<if-up-data>.
173
148=item MAC=fe:fd:80:00:00:01 174=item MAC=fe:fd:80:00:00:01
149 175
150The MAC address to set the interface to. The script *must* set the 176The MAC address the network interface has to use.
151interface MAC to this value. You will most likely use one of these:
152 177
153 ip link set $IFNAME address $MAC mtu $MTU up # GNU/Linux 178Might be used to initialize interfaces on platforms where GVPE does not
154 ifconfig $IFNAME ether $MAC mtu $MTU up # FreeBSD 179do this automatically. Please see the C<gvpe.osdep(5)> manpage for
155 180platform-specific information.
156Please see the C<gvpe.osdep(5)> manpage for platform-specific information.
157
158=item IFTYPE=native # or tincd
159
160=item IFSUBTYPE=linux # or freebsd, darwin etc..
161
162The interface type (C<native> or C<tincd>) and the subtype (usually the os
163name in lowercase) that this gvpe was configured for. Can be used to select
164the correct syntax to use for network-related commands.
165 181
166=item NODENAME=branch1 182=item NODENAME=branch1
167 183
168The nickname of the current node, as passed to the gvpe daemon. 184The nickname of the node.
169 185
170=item NODEID=1 186=item NODEID=1
171 187
172The numerical node id of the current node. The first node mentioned in the 188The numerical node ID of the node running this instance of GVPE. The first
173config file gets ID 1, the second ID 2 and so on. 189node mentioned in the config file gets ID 1, the second ID 2 and so on.
174 190
175=back 191=back
176 192
193In addition, all node-specific variables (except C<NODEID>) will be
194available with a postfix of C<_nodeid>, which contains the value for that
195node, e.g. the C<MAC_1> variable contains the MAC address of node #1, while
196the C<NODENAME_22> variable contains the name of node #22.
197
177Here is a simple if-up script: 198Here is a simple if-up script:
178 199
179 #!/bin/sh 200 #!/bin/sh
180 ip link set $IFNAME address $MAC mtu $MTU up 201 ip link set $IFNAME up
181 [ $NODENAME = branch1 ] && ip addr add 10.0.0.1 dev $IFNAME 202 [ $NODENAME = branch1 ] && ip addr add 10.0.0.1 dev $IFNAME
182 [ $NODENAME = branch2 ] && ip addr add 10.1.0.1 dev $IFNAME 203 [ $NODENAME = branch2 ] && ip addr add 10.1.0.1 dev $IFNAME
183 ip route add 10.0.0.0/8 dev $IFNAME 204 ip route add 10.0.0.0/8 dev $IFNAME
184 205
185More complicated examples (using routing to reduce arp traffic) can be 206More complicated examples (using routing to reduce arp traffic) can be
280argument to the gvpe daemon. 301argument to the gvpe daemon.
281 302
282=item node-up = relative-or-absolute-path 303=item node-up = relative-or-absolute-path
283 304
284Sets a command (default: no script) that should be called whenever a 305Sets a command (default: no script) that should be called whenever a
285connection is established (even on rekeying operations). In addition 306connection is established (even on rekeying operations). In addition to
286to the variables passed to C<if-up> scripts, the following environment 307all the variables passed to C<if-up> scripts, the following environment
287variables will be set: 308variables will be set:
288 309
289=over 4 310=over 4
290 311
291=item DESTNODE=branch2 312=item DESTNODE=branch2
352 373
353=head2 NODE SPECIFIC SETTINGS 374=head2 NODE SPECIFIC SETTINGS
354 375
355The following settings are node-specific, that is, every node can have 376The following settings are node-specific, that is, every node can have
356different settings, even within the same gvpe instance. Settings that are 377different settings, even within the same gvpe instance. Settings that are
357executed before the first node section set the defaults, settings that are 378set before the first node section set the defaults, settings that are
358executed within a node section only apply to the given node. 379set within a node section only apply to the given node.
359 380
360=over 4 381=over 4
382
383=item allow-direct = nodename
384
385Allow direct connections to this node. See C<deny-direct> for more info.
361 386
362=item compress = yes|true|on | no|false|off 387=item compress = yes|true|on | no|false|off
363 388
364Wether to compress data packets sent to this host (default: C<yes>). 389Wether to compress data packets sent to this host (default: C<yes>).
365Compression is really cheap even on slow computers and has no size 390Compression is really cheap even on slow computers and has no size
372(never initiate a connection to the given host, but accept connections), 397(never initiate a connection to the given host, but accept connections),
373C<ondemand> (try to establish a connection on the first packet sent, and 398C<ondemand> (try to establish a connection on the first packet sent, and
374take it down after the keepalive interval) or C<disabled> (node is bad, 399take it down after the keepalive interval) or C<disabled> (node is bad,
375don't talk to it). 400don't talk to it).
376 401
402=item deny-direct = nodename | *
403
404Deny direct connections to the specified node (or all nodes when C<*>
405is given). Only one node can be specified, but you can use multiple
406C<allow-direct> and C<deny-direct> statements. This only makes sense in
407networks with routers, as routers are required for indirect connections.
408
409Sometimes, a node cannot reach some other nodes for reasons of network
410connectivity. For example, a node behind a firewall that only allows
411conenctions to/from a single other node in the network. In this case one
412should specify C<deny-direct = *> and C<allow-direct = othernodename> (the other
413node I<must> be a router for this to work).
414
415The algorithm to check wether a connection may be direct is as follows:
416
4171. Other node mentioned in a C<allow-direct>? If yes, allow the connection.
418
4192. Other node mentioned in a C<deny-direct>? If yes, deny direct connections.
420
4213. Allow the connection.
422
423That is, C<allow-direct> takes precedence over C<deny-direct>.
424
425The check is done in both directions, i.e. both nodes must allow a direct
426connection before one is attempted, so you only need to specify connect
427limitations on one node.
428
377=item dns-domain = domain-suffix 429=item dns-domain = domain-suffix
378 430
379The DNS domain suffix that points to the DNS tunnel server for this node. 431The DNS domain suffix that points to the DNS tunnel server for this node.
380 432
381The domain must point to a NS record that points to the I<dns-hostname>, 433The domain must point to a NS record that points to the I<dns-hostname>,
440 492
441NOTE: Please specify C<enable-udp = yes> if you want t use it even though 493NOTE: Please specify C<enable-udp = yes> if you want t use it even though
442it might get switched on automatically, as some future version might 494it might get switched on automatically, as some future version might
443default to another default protocol. 495default to another default protocol.
444 496
497=item hostname = hostname | ip [can not be defaulted]
498
499Forces the address of this node to be set to the given dns hostname or ip
500address. It will be resolved before each connect request, so dyndns should
501work fine. If this setting is not specified and a router is available,
502then the router will be queried for the address of this node. Otherwise,
503the connection attempt will fail.
504
445=item icmp-type = integer 505=item icmp-type = integer
446 506
447Sets the type value to be used for outgoing (and incoming) packets sent 507Sets the type value to be used for outgoing (and incoming) packets sent
448via the ICMP transport. 508via the ICMP transport.
449 509
450The default is C<0> (which is C<echo-reply>, also known as 510The default is C<0> (which is C<echo-reply>, also known as
451"ping-replies"). Other useful values include C<8> (C<echo-request>, a.k.a. 511"ping-replies"). Other useful values include C<8> (C<echo-request>, a.k.a.
452"ping") and C<11> (C<time-exceeded>), but any 8-bit value can be used. 512"ping") and C<11> (C<time-exceeded>), but any 8-bit value can be used.
513
514=item if-up-data = value
515
516The value specified using this directive will be passed to the C<if-up>
517script in the environment variable C<IFUPDATA>.
453 518
454=item inherit-tos = yes|true|on | no|false|off 519=item inherit-tos = yes|true|on | no|false|off
455 520
456Wether to inherit the TOS settings of packets sent to the tunnel when 521Wether to inherit the TOS settings of packets sent to the tunnel when
457sending packets to this node (default: C<yes>). If set to C<yes> then 522sending packets to this node (default: C<yes>). If set to C<yes> then
528 593
529gvpe(5), gvpe(8), gvpectrl(8). 594gvpe(5), gvpe(8), gvpectrl(8).
530 595
531=head1 AUTHOR 596=head1 AUTHOR
532 597
533Marc Lehmann <gvpe@plan9.de> 598Marc Lehmann <gvpe@schmorp.de>
534 599

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines