… | |
… | |
127 | .\} |
127 | .\} |
128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
130 | .\" |
130 | .\" |
131 | .IX Title "GVPE.CONF 5" |
131 | .IX Title "GVPE.CONF 5" |
132 | .TH GVPE.CONF 5 "2005-03-14" "1.8" "GNU Virtual Private Ethernet" |
132 | .TH GVPE.CONF 5 "2005-03-17" "1.8" "GNU Virtual Private Ethernet" |
133 | .SH "NAME" |
133 | .SH "NAME" |
134 | gvpe.conf \- configuration file for the GNU VPE daemon |
134 | gvpe.conf \- configuration file for the GNU VPE daemon |
135 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
137 | .Vb 3 |
137 | .Vb 3 |
… | |
… | |
455 | .IP "dns-port = port-number" 4 |
455 | .IP "dns-port = port-number" 4 |
456 | .IX Item "dns-port = port-number" |
456 | .IX Item "dns-port = port-number" |
457 | The port to bind the \s-1DNS\s0 tunnel socket to. Must be \f(CW53\fR on \s-1DNS\s0 tunnel servers. |
457 | The port to bind the \s-1DNS\s0 tunnel socket to. Must be \f(CW53\fR on \s-1DNS\s0 tunnel servers. |
458 | .IP "enable-dns = yes|true|on | no|false|off" 4 |
458 | .IP "enable-dns = yes|true|on | no|false|off" 4 |
459 | .IX Item "enable-dns = yes|true|on | no|false|off" |
459 | .IX Item "enable-dns = yes|true|on | no|false|off" |
|
|
460 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1DNS\s0 transport |
|
|
461 | protocol. Avoid this protocol if you can. |
|
|
462 | .Sp |
460 | Enable the \s-1DNS\s0 tunneling protocol on this node, either as server or as |
463 | Enable the \s-1DNS\s0 tunneling protocol on this node, either as server or as |
461 | client (only available when gvpe was compiled with \f(CW\*(C`\-\-enable\-dns\*(C'\fR). |
464 | client. Support for this transport protocol is only available when gvpe |
|
|
465 | was compiled using the \f(CW\*(C`\-\-enable\-dns\*(C'\fR option. |
|
|
466 | .IP "enable-icmp = yes|true|on | no|false|off" 4 |
|
|
467 | .IX Item "enable-icmp = yes|true|on | no|false|off" |
|
|
468 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1ICMP\s0 transport protocol. |
462 | .Sp |
469 | .Sp |
463 | \&\fB\s-1WARNING:\s0\fR Parsing and generating \s-1DNS\s0 packets is rather tricky. The code |
470 | Enable the \s-1ICMP\s0 transport using icmp packets of type \f(CW\*(C`icmp\-type\*(C'\fR on this |
464 | almost certainly contains buffer overflows and other, likely exploitable, |
471 | node. |
465 | bugs. You have been warned. |
|
|
466 | .Sp |
|
|
467 | This is the worst choice of transport protocol with respect to overhead |
|
|
468 | (overhead can be 2\-3 times higher than the transferred data), and probably |
|
|
469 | the best choice when tunneling through firewalls. |
|
|
470 | .IP "enable-rawip = yes|true|on | no|false|off" 4 |
472 | .IP "enable-rawip = yes|true|on | no|false|off" 4 |
471 | .IX Item "enable-rawip = yes|true|on | no|false|off" |
473 | .IX Item "enable-rawip = yes|true|on | no|false|off" |
|
|
474 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1RAW\s0 \s-1IP\s0 transport protocol. |
|
|
475 | .Sp |
472 | Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol |
476 | Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol |
473 | (default: \f(CW\*(C`no\*(C'\fR). This is the best choice, since the minimum overhead per |
477 | (default: \f(CW\*(C`no\*(C'\fR). |
474 | packet is only 38 bytes, as opposed to \s-1UDP\s0's 58 (or \s-1TCP\s0's 60+). |
|
|
475 | .IP "enable-tcp = yes|true|on | no|false|off" 4 |
478 | .IP "enable-tcp = yes|true|on | no|false|off" 4 |
476 | .IX Item "enable-tcp = yes|true|on | no|false|off" |
479 | .IX Item "enable-tcp = yes|true|on | no|false|off" |
|
|
480 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1TCP\s0 transport protocol. |
|
|
481 | .Sp |
477 | Enable the TCPv4 transport using the \f(CW\*(C`tcp\-port\*(C'\fR port |
482 | Enable the TCPv4 transport using the \f(CW\*(C`tcp\-port\*(C'\fR port |
478 | (default: \f(CW\*(C`no\*(C'\fR). Support for this horribly unsuitable protocol is only |
483 | (default: \f(CW\*(C`no\*(C'\fR). Support for this transport protocol is only available |
479 | available when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. Never |
484 | when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. |
480 | use this transport unless you really must, it is very inefficient and |
|
|
481 | resource-intensive compared to the other transports (except for \s-1DNS\s0, which |
|
|
482 | is worse). |
|
|
483 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
485 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
484 | .IX Item "enable-udp = yes|true|on | no|false|off" |
486 | .IX Item "enable-udp = yes|true|on | no|false|off" |
|
|
487 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
|
|
488 | .Sp |
485 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR, |
489 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR, |
486 | unless no other protocol is enabled for a node, in which case this |
490 | unless no other protocol is enabled for a node, in which case this |
487 | protocol is enabled automatically). This is a good general choice since |
491 | protocol is enabled automatically). |
488 | \&\s-1UDP\s0 tunnels well through many firewalls. |
|
|
489 | .Sp |
492 | .Sp |
490 | \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want t use it even though |
493 | \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want t use it even though |
491 | it might get switched on automatically, as some future version might |
494 | it might get switched on automatically, as some future version might |
492 | default to another default protocol. |
495 | default to another default protocol. |
|
|
496 | .IP "icmp-type = integer" 4 |
|
|
497 | .IX Item "icmp-type = integer" |
|
|
498 | Sets the type value to be used for outgoing (and incoming) packets sent |
|
|
499 | via the \s-1ICMP\s0 transport. |
|
|
500 | .Sp |
|
|
501 | The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as |
|
|
502 | \&\*(L"ping\-replies\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. |
|
|
503 | \&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. |
493 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
504 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
494 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
505 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
495 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
506 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
496 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
507 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
497 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
508 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |