| … | |
… | |
| 473 | |
473 | |
| 474 | =item private-key = relative-path-to-key |
474 | =item private-key = relative-path-to-key |
| 475 | |
475 | |
| 476 | Sets the path (relative to the config directory) to the private key |
476 | Sets the path (relative to the config directory) to the private key |
| 477 | (default: C<hostkey>). This is a printf format string so every C<%> must |
477 | (default: C<hostkey>). This is a printf format string so every C<%> must |
| 478 | be doubled. A single C<%s> is replaced by the hostname, so you could |
478 | be doubled. A single C<%s> is replaced by the hostname, so you could use |
| 479 | use paths like C<hostkeys/%s> to fetch the files at the location where |
479 | paths like C<hostkeys/%s> to be able to share the same config directory |
| 480 | C<gvpectrl> puts them. |
480 | between nodes. |
| 481 | |
481 | |
| 482 | Since only the private key file of the current node is used and the |
482 | Since only the private key file of the current node is used and the |
| 483 | private key file should be kept secret per-node to avoid spoofing, it is |
483 | private key file should be kept secret per-node to avoid spoofing, it is |
| 484 | not recommended to use this feature. |
484 | not recommended to use this feature this way though. |
| 485 | |
485 | |
| 486 | =item rekey = seconds |
486 | =item rekey = seconds |
| 487 | |
487 | |
| 488 | Sets the rekeying interval in seconds (default: C<3607>). Connections are |
488 | Sets the rekeying interval in seconds (default: C<3607>). Connections are |
| 489 | reestablished every C<rekey> seconds, making them use a new encryption |
489 | reestablished every C<rekey> seconds, making them use a new encryption |
