… | |
… | |
473 | |
473 | |
474 | =item private-key = relative-path-to-key |
474 | =item private-key = relative-path-to-key |
475 | |
475 | |
476 | Sets the path (relative to the config directory) to the private key |
476 | Sets the path (relative to the config directory) to the private key |
477 | (default: C<hostkey>). This is a printf format string so every C<%> must |
477 | (default: C<hostkey>). This is a printf format string so every C<%> must |
478 | be doubled. A single C<%s> is replaced by the hostname, so you could |
478 | be doubled. A single C<%s> is replaced by the hostname, so you could use |
479 | use paths like C<hostkeys/%s> to fetch the files at the location where |
479 | paths like C<hostkeys/%s> to be able to share the same config directory |
480 | C<gvpectrl> puts them. |
480 | between nodes. |
481 | |
481 | |
482 | Since only the private key file of the current node is used and the |
482 | Since only the private key file of the current node is used and the |
483 | private key file should be kept secret per-node to avoid spoofing, it is |
483 | private key file should be kept secret per-node to avoid spoofing, it is |
484 | not recommended to use this feature. |
484 | not recommended to use this feature this way though. |
485 | |
485 | |
486 | =item rekey = seconds |
486 | =item rekey = seconds |
487 | |
487 | |
488 | Sets the rekeying interval in seconds (default: C<3607>). Connections are |
488 | Sets the rekeying interval in seconds (default: C<3607>). Connections are |
489 | reestablished every C<rekey> seconds, making them use a new encryption |
489 | reestablished every C<rekey> seconds, making them use a new encryption |