1 | .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.3 |
1 | .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 |
2 | .\" |
2 | .\" |
3 | .\" Standard preamble: |
3 | .\" Standard preamble: |
4 | .\" ======================================================================== |
4 | .\" ======================================================================== |
5 | .de Sh \" Subsection heading |
5 | .de Sh \" Subsection heading |
6 | .br |
6 | .br |
… | |
… | |
127 | .\} |
127 | .\} |
128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
130 | .\" |
130 | .\" |
131 | .IX Title "GVPE.CONF 5" |
131 | .IX Title "GVPE.CONF 5" |
132 | .TH GVPE.CONF 5 "2005-06-21" "1.9" "GNU Virtual Private Ethernet" |
132 | .TH GVPE.CONF 5 "2006-08-02" "2.0" "GNU Virtual Private Ethernet" |
133 | .SH "NAME" |
133 | .SH "NAME" |
134 | gvpe.conf \- configuration file for the GNU VPE daemon |
134 | gvpe.conf \- configuration file for the GNU VPE daemon |
135 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
137 | .Vb 3 |
137 | .Vb 3 |
… | |
… | |
474 | reestablished every \f(CW\*(C`rekey\*(C'\fR seconds. |
474 | reestablished every \f(CW\*(C`rekey\*(C'\fR seconds. |
475 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
475 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
476 | .IX Subsection "NODE SPECIFIC SETTINGS" |
476 | .IX Subsection "NODE SPECIFIC SETTINGS" |
477 | The following settings are node\-specific, that is, every node can have |
477 | The following settings are node\-specific, that is, every node can have |
478 | different settings, even within the same gvpe instance. Settings that are |
478 | different settings, even within the same gvpe instance. Settings that are |
479 | executed before the first node section set the defaults, settings that are |
479 | set before the first node section set the defaults, settings that are |
480 | executed within a node section only apply to the given node. |
480 | set within a node section only apply to the given node. |
|
|
481 | .IP "allow-direct = nodename" 4 |
|
|
482 | .IX Item "allow-direct = nodename" |
|
|
483 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
481 | .IP "compress = yes|true|on | no|false|off" 4 |
484 | .IP "compress = yes|true|on | no|false|off" 4 |
482 | .IX Item "compress = yes|true|on | no|false|off" |
485 | .IX Item "compress = yes|true|on | no|false|off" |
483 | Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR). |
486 | Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR). |
484 | Compression is really cheap even on slow computers and has no size |
487 | Compression is really cheap even on slow computers and has no size |
485 | overhead at all, so enabling this is a good idea. |
488 | overhead at all, so enabling this is a good idea. |
… | |
… | |
489 | try to establish and keep a connection to the given host), \f(CW\*(C`never\*(C'\fR |
492 | try to establish and keep a connection to the given host), \f(CW\*(C`never\*(C'\fR |
490 | (never initiate a connection to the given host, but accept connections), |
493 | (never initiate a connection to the given host, but accept connections), |
491 | \&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and |
494 | \&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and |
492 | take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, |
495 | take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, |
493 | don't talk to it). |
496 | don't talk to it). |
|
|
497 | .IP "deny-direct = nodename | *" 4 |
|
|
498 | .IX Item "deny-direct = nodename | *" |
|
|
499 | Deny direct connections to the specified node (or all nodes when \f(CW\*(C`*\*(C'\fR |
|
|
500 | is given). Only one node can be specified, but you can use multiple |
|
|
501 | \&\f(CW\*(C`allow\-direct\*(C'\fR and \f(CW\*(C`deny\-direct\*(C'\fR statements. This only makes sense in |
|
|
502 | networks with routers, as routers are required for indirect connections. |
|
|
503 | .Sp |
|
|
504 | Sometimes, a node cannot reach some other nodes for reasons of network |
|
|
505 | connectivity. For example, a node behind a firewall that only allows |
|
|
506 | conenctions to/from a single other node in the network. In this case one |
|
|
507 | should specify \f(CW\*(C`deny\-direct = *\*(C'\fR and \f(CW\*(C`allow\-direct = othernodename\*(C'\fR (the other |
|
|
508 | node \fImust\fR be a router for this to work). |
|
|
509 | .Sp |
|
|
510 | The algorithm to check wether a connection may be direct is as follows: |
|
|
511 | .Sp |
|
|
512 | 1. Other node mentioned in a \f(CW\*(C`allow\-direct\*(C'\fR? If yes, allow the connection. |
|
|
513 | .Sp |
|
|
514 | 2. Other node mentioned in a \f(CW\*(C`deny\-direct\*(C'\fR? If yes, deny direct connections. |
|
|
515 | .Sp |
|
|
516 | 3. Allow the connection. |
|
|
517 | .Sp |
|
|
518 | That is, \f(CW\*(C`allow\-direct\*(C'\fR takes precedence over \f(CW\*(C`deny\-direct\*(C'\fR. |
|
|
519 | .Sp |
|
|
520 | The check is done in both directions, i.e. both nodes must allow a direct |
|
|
521 | connection before one is attempted, so you only need to specify connect |
|
|
522 | limitations on one node. |
494 | .IP "dns-domain = domain-suffix" 4 |
523 | .IP "dns-domain = domain-suffix" 4 |
495 | .IX Item "dns-domain = domain-suffix" |
524 | .IX Item "dns-domain = domain-suffix" |
496 | The \s-1DNS\s0 domain suffix that points to the \s-1DNS\s0 tunnel server for this node. |
525 | The \s-1DNS\s0 domain suffix that points to the \s-1DNS\s0 tunnel server for this node. |
497 | .Sp |
526 | .Sp |
498 | The domain must point to a \s-1NS\s0 record that points to the \fIdns-hostname\fR, |
527 | The domain must point to a \s-1NS\s0 record that points to the \fIdns-hostname\fR, |
… | |
… | |
553 | protocol is enabled automatically). |
582 | protocol is enabled automatically). |
554 | .Sp |
583 | .Sp |
555 | \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want t use it even though |
584 | \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want t use it even though |
556 | it might get switched on automatically, as some future version might |
585 | it might get switched on automatically, as some future version might |
557 | default to another default protocol. |
586 | default to another default protocol. |
|
|
587 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
|
|
588 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
|
|
589 | Forces the address of this node to be set to the given dns hostname or ip |
|
|
590 | address. It will be resolved before each connect request, so dyndns should |
|
|
591 | work fine. If this setting is not specified and a router is available, |
|
|
592 | then the router will be queried for the address of this node. Otherwise, |
|
|
593 | the connection attempt will fail. |
558 | .IP "icmp-type = integer" 4 |
594 | .IP "icmp-type = integer" 4 |
559 | .IX Item "icmp-type = integer" |
595 | .IX Item "icmp-type = integer" |
560 | Sets the type value to be used for outgoing (and incoming) packets sent |
596 | Sets the type value to be used for outgoing (and incoming) packets sent |
561 | via the \s-1ICMP\s0 transport. |
597 | via the \s-1ICMP\s0 transport. |
562 | .Sp |
598 | .Sp |