--- gvpe/doc/gvpe.conf.5.pod 2009/03/23 15:22:00 1.23 +++ gvpe/doc/gvpe.conf.5.pod 2011/02/12 04:15:29 1.26 @@ -239,7 +239,11 @@ The default is 47 (GRE), which has a good chance of tunneling through firewalls (but note that gvpe's rawip protocol is not GRE compatible). Other common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 -(IPIP tunnels) or 98 (ENCAP, rfc1241) +(IPIP tunnels) or 98 (ENCAP, rfc1241). + +Many versions of Linux seem to have a bug that causes them to reorder +packets for some ip protocols (GRE, ESP) but not for others (AH), so +choose wisely (that is, use 51, AH). =item http-proxy-host = hostname/ip @@ -316,7 +320,7 @@ will only ever be one such script running. In addition to all the variables passed to C scripts, the following -environment variables will be set: +environment variables will be set (values are just examples): =over 4 @@ -328,6 +332,11 @@ The node id of the remote node. +=item DESTSI=rawip/88.99.77.55:0 + +The "socket info" of the target node, protocol dependent but usually in +the format protocol/ip:port. + =item DESTIP=188.13.66.8 The numerical IP address of the remote node (gvpe accepts connections from @@ -335,12 +344,12 @@ =item DESTPORT=655 # deprecated -The UDP port used by the other side. +The protocol port used by the other side, if applicable. -=item STATE=UP +=item STATE=up -Node-up scripts get called with STATE=UP, node-down scripts get called -with STATE=DOWN. +Node-up scripts get called with STATE=up, node-change scripts get called +with STATE=change and node-down scripts get called with STATE=down. =back @@ -354,6 +363,11 @@ echo } | nsupdate -d -k $CONFBASE:key.example.net. +=item node-change = relative-or-absolute-path + +Same as C, but gets called whenever something about a +connection changes (such as the source IP address). + =item node-down = relative-or-absolute-path Same as C, but gets called whenever a connection is lost. @@ -412,9 +426,12 @@ =item compress = yes|true|on | no|false|off -Wether to compress data packets sent to this node (default: C). -Compression is really cheap even on slow computers and has no size -overhead at all, so enabling this is often a good idea. +For the current node, this specified whether it will accept compressed +packets, and for all other nodes, this specifies whether to try to +compress data packets sent to this node (default: C). Compression is +really cheap even on slow computers, has no size overhead at all and will +only be used when the other side supports compression, so enabling this is +often a good idea. =item connect = ondemand | never | always | disabled @@ -550,7 +567,7 @@ =item inherit-tos = yes|true|on | no|false|off -Wether to inherit the TOS settings of packets sent to the tunnel when +Whether to inherit the TOS settings of packets sent to the tunnel when sending packets to this node (default: C). If set to C then outgoing tunnel packets will have the same TOS setting as the packets sent to the tunnel device, which is usually what you want.