… | |
… | |
372 | |
372 | |
373 | =head2 NODE SPECIFIC SETTINGS |
373 | =head2 NODE SPECIFIC SETTINGS |
374 | |
374 | |
375 | The following settings are node-specific, that is, every node can have |
375 | The following settings are node-specific, that is, every node can have |
376 | different settings, even within the same gvpe instance. Settings that are |
376 | different settings, even within the same gvpe instance. Settings that are |
377 | executed before the first node section set the defaults, settings that are |
377 | set before the first node section set the defaults, settings that are |
378 | executed within a node section only apply to the given node. |
378 | set within a node section only apply to the given node. |
379 | |
379 | |
380 | =over 4 |
380 | =over 4 |
|
|
381 | |
|
|
382 | =item allow-direct = nodename |
|
|
383 | |
|
|
384 | Allow direct connections to this node. See C<deny-direct> for more info. |
381 | |
385 | |
382 | =item compress = yes|true|on | no|false|off |
386 | =item compress = yes|true|on | no|false|off |
383 | |
387 | |
384 | Wether to compress data packets sent to this host (default: C<yes>). |
388 | Wether to compress data packets sent to this host (default: C<yes>). |
385 | Compression is really cheap even on slow computers and has no size |
389 | Compression is really cheap even on slow computers and has no size |
… | |
… | |
392 | (never initiate a connection to the given host, but accept connections), |
396 | (never initiate a connection to the given host, but accept connections), |
393 | C<ondemand> (try to establish a connection on the first packet sent, and |
397 | C<ondemand> (try to establish a connection on the first packet sent, and |
394 | take it down after the keepalive interval) or C<disabled> (node is bad, |
398 | take it down after the keepalive interval) or C<disabled> (node is bad, |
395 | don't talk to it). |
399 | don't talk to it). |
396 | |
400 | |
|
|
401 | =item deny-direct = nodename | * |
|
|
402 | |
|
|
403 | Deny direct connections to the specified node (or all nodes when C<*> |
|
|
404 | is given). Only one node can be specified, but you can use multiple |
|
|
405 | C<allow-direct> and C<deny-direct> statements. This only makes sense in |
|
|
406 | networks with routers, as routers are required for indirect connections. |
|
|
407 | |
|
|
408 | Sometimes, a node cannot reach some other nodes for reasons of network |
|
|
409 | connectivity. For example, a node behind a firewall that only allows |
|
|
410 | conenctions to/from a single other node in the network. In this case one |
|
|
411 | should specify C<deny-direct = *> and C<allow-direct = othernodename> (the other |
|
|
412 | node I<must> be a router for this to work). |
|
|
413 | |
|
|
414 | The algorithm to check wether a connection may be direct is as follows: |
|
|
415 | |
|
|
416 | 1. Other node mentioned in a C<allow-direct>? If yes, allow the connection. |
|
|
417 | |
|
|
418 | 2. Other node mentioned in a C<deny-direct>? If yes, deny direct connections. |
|
|
419 | |
|
|
420 | 3. Allow the connection. |
|
|
421 | |
|
|
422 | That is, C<allow-direct> takes precende over C<deny-direct>. |
|
|
423 | |
|
|
424 | The check is done in both directions, i.e. both nodes must allow a direct |
|
|
425 | connection before one is attempted, so you only need to specify connect |
|
|
426 | limitations on one node. |
|
|
427 | |
397 | =item dns-domain = domain-suffix |
428 | =item dns-domain = domain-suffix |
398 | |
429 | |
399 | The DNS domain suffix that points to the DNS tunnel server for this node. |
430 | The DNS domain suffix that points to the DNS tunnel server for this node. |
400 | |
431 | |
401 | The domain must point to a NS record that points to the I<dns-hostname>, |
432 | The domain must point to a NS record that points to the I<dns-hostname>, |
… | |
… | |
459 | protocol is enabled automatically). |
490 | protocol is enabled automatically). |
460 | |
491 | |
461 | NOTE: Please specify C<enable-udp = yes> if you want t use it even though |
492 | NOTE: Please specify C<enable-udp = yes> if you want t use it even though |
462 | it might get switched on automatically, as some future version might |
493 | it might get switched on automatically, as some future version might |
463 | default to another default protocol. |
494 | default to another default protocol. |
|
|
495 | |
|
|
496 | =item hostname = hostname | ip [can not be defaulted] |
|
|
497 | |
|
|
498 | Forces the address of this node to be set to the given dns hostname or ip |
|
|
499 | address. It will be resolved before each connect request, so dyndns should |
|
|
500 | work fine. If this setting is not specified and a router is available, |
|
|
501 | then the router will be queried for the address of this node. Otherwise, |
|
|
502 | the connection attempt will fail. |
464 | |
503 | |
465 | =item icmp-type = integer |
504 | =item icmp-type = integer |
466 | |
505 | |
467 | Sets the type value to be used for outgoing (and incoming) packets sent |
506 | Sets the type value to be used for outgoing (and incoming) packets sent |
468 | via the ICMP transport. |
507 | via the ICMP transport. |