| … | |
… | |
| 322 | take it down after the keepalive interval) or C<disabled> (node is bad, |
322 | take it down after the keepalive interval) or C<disabled> (node is bad, |
| 323 | don't talk to it). |
323 | don't talk to it). |
| 324 | |
324 | |
| 325 | =item dns-domain = domain-suffix |
325 | =item dns-domain = domain-suffix |
| 326 | |
326 | |
| 327 | The DNS domain suffix that points to the DNS tunnel server. Needs to be |
327 | The DNS domain suffix that points to the DNS tunnel server for this node. |
| 328 | set on both client and server. |
|
|
| 329 | |
328 | |
| 330 | The domain must point to a NS record that points to the I<dns-hostname>, |
329 | The domain must point to a NS record that points to the I<dns-hostname>, |
| 331 | i.e. |
330 | i.e. |
| 332 | |
331 | |
| 333 | dns-domainname = tunnel.example.net |
332 | dns-domainname = tunnel.example.net |
| … | |
… | |
| 344 | but for the DNS tunnel protocol only. Default: C<0.0.0.0>, but that might |
343 | but for the DNS tunnel protocol only. Default: C<0.0.0.0>, but that might |
| 345 | change. |
344 | change. |
| 346 | |
345 | |
| 347 | =item dns-port = port-number |
346 | =item dns-port = port-number |
| 348 | |
347 | |
| 349 | The port to bind the DNS tunnel socket to. Must be C<0> on all DNS tunnel |
348 | The port to bind the DNS tunnel socket to. Must be C<53> on DNS tunnel servers. |
| 350 | clients and C<53> on the server. |
349 | |
|
|
350 | =item enable-dns = yes|true|on | no|false|off |
|
|
351 | |
|
|
352 | Enable the DNS tunneling protocol on this node, either as server or as |
|
|
353 | client (only available when gvpe was compiled with C<--enable-dns>). |
|
|
354 | |
|
|
355 | This is the worst choice of transport protocol with respect to overhead |
|
|
356 | (overhead cna be 2-3 times higher than the transferred data), and probably |
|
|
357 | the best choice when tunneling through firewalls. |
| 351 | |
358 | |
| 352 | =item enable-rawip = yes|true|on | no|false|off |
359 | =item enable-rawip = yes|true|on | no|false|off |
| 353 | |
360 | |
| 354 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
361 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
| 355 | (default: C<no>). This is the best choice, since the overhead per packet |
362 | (default: C<no>). This is the best choice, since the minimum overhead per |
| 356 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
363 | packet is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
| 357 | |
364 | |
| 358 | =item enable-tcp = yes|true|on | no|false|off |
365 | =item enable-tcp = yes|true|on | no|false|off |
| 359 | |
366 | |
| 360 | Enable the TCPv4 transport using the C<tcp-port> port |
367 | Enable the TCPv4 transport using the C<tcp-port> port |
| 361 | (default: C<no>). Support for this horribly unsuitable protocol is only |
368 | (default: C<no>). Support for this horribly unsuitable protocol is only |
| 362 | available when gvpe was compiled using the C<--enable-tcp> option. Never |
369 | available when gvpe was compiled using the C<--enable-tcp> option. Never |
| 363 | use this transport unless you really must, it is horribly ineffiecent and |
370 | use this transport unless you really must, it is very inefficient and |
| 364 | resource-intensive compared to the other transports. |
371 | resource-intensive compared to the other transports (except for DNS, which |
|
|
372 | is worse). |
| 365 | |
373 | |
| 366 | =item enable-udp = yes|true|on | no|false|off |
374 | =item enable-udp = yes|true|on | no|false|off |
| 367 | |
375 | |
| 368 | Enable the UDPv4 transport using the C<udp-port> port (default: C<no>, |
376 | Enable the UDPv4 transport using the C<udp-port> port (default: C<no>, |
| 369 | unless no other protocol is enabled for a node, in which case this |
377 | unless no other protocol is enabled for a node, in which case this |
| … | |
… | |
| 381 | outgoing tunnel packets will have the same TOS setting as the packets sent |
389 | outgoing tunnel packets will have the same TOS setting as the packets sent |
| 382 | to the tunnel device, which is usually what you want. |
390 | to the tunnel device, which is usually what you want. |
| 383 | |
391 | |
| 384 | =item max-retry = positive-number |
392 | =item max-retry = positive-number |
| 385 | |
393 | |
| 386 | The maximum interval in seconds (default: C<28800>, 8 hours) between |
394 | The maximum interval in seconds (default: C<3600>, one hour) between |
| 387 | retries to establish a connection to this node. When a connection cannot |
395 | retries to establish a connection to this node. When a connection cannot |
| 388 | be established, gvpe uses exponential backoff capped at this value. It's |
396 | be established, gvpe uses exponential backoff capped at this value. It's |
| 389 | sometimes useful to set this to a much lower value (e.g. C<120>) on |
397 | sometimes useful to set this to a much lower value (e.g. C<120>) on |
| 390 | connections to routers that usually are stable but sometimes are down, to |
398 | connections to routers that usually are stable but sometimes are down, to |
| 391 | assure quick reconnections. |
399 | assure quick reconnections even after longer downtimes. |
| 392 | |
400 | |
| 393 | =item router-priority = 0 | 1 | positive-number>2 |
401 | =item router-priority = 0 | 1 | positive-number>=2 |
| 394 | |
402 | |
| 395 | Sets the router priority of the given host (default: C<0>, disabled). If |
403 | Sets the router priority of the given host (default: C<0>, disabled). If |
| 396 | some host tries to connect to another host without a hostname, it asks |
404 | some host tries to connect to another host without a hostname, it asks |
| 397 | the router host for it's IP address. The router host is the one with the |
405 | the router host for it's IP address. The router host is the one with the |
| 398 | highest priority larger than C<1> that is currently reachable. |
406 | highest priority larger than C<1> that is currently reachable. |
