… | |
… | |
322 | take it down after the keepalive interval) or C<disabled> (node is bad, |
322 | take it down after the keepalive interval) or C<disabled> (node is bad, |
323 | don't talk to it). |
323 | don't talk to it). |
324 | |
324 | |
325 | =item dns-domain = domain-suffix |
325 | =item dns-domain = domain-suffix |
326 | |
326 | |
327 | The DNS domain suffix that points to the DNS tunnel server. Needs to be |
327 | The DNS domain suffix that points to the DNS tunnel server for this node. |
328 | set on both client and server. |
|
|
329 | |
328 | |
330 | The domain must point to a NS record that points to the I<dns-hostname>, |
329 | The domain must point to a NS record that points to the I<dns-hostname>, |
331 | i.e. |
330 | i.e. |
332 | |
331 | |
333 | dns-domainname = tunnel.example.net |
332 | dns-domainname = tunnel.example.net |
… | |
… | |
344 | but for the DNS tunnel protocol only. Default: C<0.0.0.0>, but that might |
343 | but for the DNS tunnel protocol only. Default: C<0.0.0.0>, but that might |
345 | change. |
344 | change. |
346 | |
345 | |
347 | =item dns-port = port-number |
346 | =item dns-port = port-number |
348 | |
347 | |
349 | The port to bind the DNS tunnel socket to. Must be C<0> on all DNS tunnel |
348 | The port to bind the DNS tunnel socket to. Must be C<53> on DNS tunnel servers. |
350 | clients and C<53> on the server. |
349 | |
|
|
350 | =item enable-dns = yes|true|on | no|false|off |
|
|
351 | |
|
|
352 | See gvpe.protocol(7) for a description of the DNS transport |
|
|
353 | protocol. Avoid this protocol if you can. |
|
|
354 | |
|
|
355 | Enable the DNS tunneling protocol on this node, either as server or as |
|
|
356 | client. Support for this transport protocol is only available when gvpe |
|
|
357 | was compiled using the C<--enable-dns> option. |
|
|
358 | |
|
|
359 | =item enable-icmp = yes|true|on | no|false|off |
|
|
360 | |
|
|
361 | See gvpe.protocol(7) for a description of the ICMP transport protocol. |
|
|
362 | |
|
|
363 | Enable the ICMP transport using icmp packets of type C<icmp-type> on this |
|
|
364 | node. |
351 | |
365 | |
352 | =item enable-rawip = yes|true|on | no|false|off |
366 | =item enable-rawip = yes|true|on | no|false|off |
353 | |
367 | |
|
|
368 | See gvpe.protocol(7) for a description of the RAW IP transport protocol. |
|
|
369 | |
354 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
370 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
355 | (default: C<no>). This is the best choice, since the overhead per packet |
371 | (default: C<no>). |
356 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
357 | |
372 | |
358 | =item enable-tcp = yes|true|on | no|false|off |
373 | =item enable-tcp = yes|true|on | no|false|off |
359 | |
374 | |
|
|
375 | See gvpe.protocol(7) for a description of the TCP transport protocol. |
|
|
376 | |
360 | Enable the TCPv4 transport using the C<tcp-port> port |
377 | Enable the TCPv4 transport using the C<tcp-port> port |
361 | (default: C<no>). Support for this horribly unsuitable protocol is only |
378 | (default: C<no>). Support for this transport protocol is only available |
362 | available when gvpe was compiled using the C<--enable-tcp> option. Never |
379 | when gvpe was compiled using the C<--enable-tcp> option. |
363 | use this transport unless you really must, it is horribly ineffiecent and |
|
|
364 | resource-intensive compared to the other transports. |
|
|
365 | |
380 | |
366 | =item enable-udp = yes|true|on | no|false|off |
381 | =item enable-udp = yes|true|on | no|false|off |
|
|
382 | |
|
|
383 | See gvpe.protocol(7) for a description of the UDP transport protocol. |
367 | |
384 | |
368 | Enable the UDPv4 transport using the C<udp-port> port (default: C<no>, |
385 | Enable the UDPv4 transport using the C<udp-port> port (default: C<no>, |
369 | unless no other protocol is enabled for a node, in which case this |
386 | unless no other protocol is enabled for a node, in which case this |
370 | protocol is enabled automatically). This is a good general choice since |
387 | protocol is enabled automatically). |
371 | UDP tunnels well through many firewalls. |
|
|
372 | |
388 | |
373 | NOTE: Please specify C<enable-udp = yes> if you want t use it even though |
389 | NOTE: Please specify C<enable-udp = yes> if you want t use it even though |
374 | it might get switched on automatically, as some future version might |
390 | it might get switched on automatically, as some future version might |
375 | default to another default protocol. |
391 | default to another default protocol. |
|
|
392 | |
|
|
393 | =item icmp-type = integer |
|
|
394 | |
|
|
395 | Sets the type value to be used for outgoing (and incoming) packets sent |
|
|
396 | via the ICMP transport. |
|
|
397 | |
|
|
398 | The default is C<0> (which is C<echo-reply>, also known as |
|
|
399 | "ping-replies"). Other useful values include C<8> (C<echo-request>, a.k.a. |
|
|
400 | "ping") and C<11> (C<time-exceeded>), but any 8-bit value can be used. |
376 | |
401 | |
377 | =item inherit-tos = yes|true|on | no|false|off |
402 | =item inherit-tos = yes|true|on | no|false|off |
378 | |
403 | |
379 | Wether to inherit the TOS settings of packets sent to the tunnel when |
404 | Wether to inherit the TOS settings of packets sent to the tunnel when |
380 | sending packets to this node (default: C<yes>). If set to C<yes> then |
405 | sending packets to this node (default: C<yes>). If set to C<yes> then |
381 | outgoing tunnel packets will have the same TOS setting as the packets sent |
406 | outgoing tunnel packets will have the same TOS setting as the packets sent |
382 | to the tunnel device, which is usually what you want. |
407 | to the tunnel device, which is usually what you want. |
383 | |
408 | |
384 | =item max-retry = positive-number |
409 | =item max-retry = positive-number |
385 | |
410 | |
386 | The maximum interval in seconds (default: C<28800>, 8 hours) between |
411 | The maximum interval in seconds (default: C<3600>, one hour) between |
387 | retries to establish a connection to this node. When a connection cannot |
412 | retries to establish a connection to this node. When a connection cannot |
388 | be established, gvpe uses exponential backoff capped at this value. It's |
413 | be established, gvpe uses exponential backoff capped at this value. It's |
389 | sometimes useful to set this to a much lower value (e.g. C<120>) on |
414 | sometimes useful to set this to a much lower value (e.g. C<120>) on |
390 | connections to routers that usually are stable but sometimes are down, to |
415 | connections to routers that usually are stable but sometimes are down, to |
391 | assure quick reconnections. |
416 | assure quick reconnections even after longer downtimes. |
392 | |
417 | |
393 | =item router-priority = 0 | 1 | positive-number>2 |
418 | =item router-priority = 0 | 1 | positive-number>=2 |
394 | |
419 | |
395 | Sets the router priority of the given host (default: C<0>, disabled). If |
420 | Sets the router priority of the given host (default: C<0>, disabled). If |
396 | some host tries to connect to another host without a hostname, it asks |
421 | some host tries to connect to another host without a hostname, it asks |
397 | the router host for it's IP address. The router host is the one with the |
422 | the router host for it's IP address. The router host is the one with the |
398 | highest priority larger than C<1> that is currently reachable. |
423 | highest priority larger than C<1> that is currently reachable. |