1 | .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) |
1 | .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 |
2 | .\" |
2 | .\" |
3 | .\" Standard preamble: |
3 | .\" Standard preamble: |
4 | .\" ======================================================================== |
4 | .\" ======================================================================== |
5 | .de Sh \" Subsection heading |
5 | .de Sh \" Subsection heading |
6 | .br |
6 | .br |
… | |
… | |
46 | . ds PI \(*p |
46 | . ds PI \(*p |
47 | . ds L" `` |
47 | . ds L" `` |
48 | . ds R" '' |
48 | . ds R" '' |
49 | 'br\} |
49 | 'br\} |
50 | .\" |
50 | .\" |
51 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
|
|
52 | .ie \n(.g .ds Aq \(aq |
|
|
53 | .el .ds Aq ' |
|
|
54 | .\" |
|
|
55 | .\" If the F register is turned on, we'll generate index entries on stderr for |
51 | .\" If the F register is turned on, we'll generate index entries on stderr for |
56 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
52 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
57 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
53 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
58 | .\" output yourself in some meaningful fashion. |
54 | .\" output yourself in some meaningful fashion. |
59 | .ie \nF \{\ |
55 | .if \nF \{\ |
60 | . de IX |
56 | . de IX |
61 | . tm Index:\\$1\t\\n%\t"\\$2" |
57 | . tm Index:\\$1\t\\n%\t"\\$2" |
62 | .. |
58 | .. |
63 | . nr % 0 |
59 | . nr % 0 |
64 | . rr F |
60 | . rr F |
65 | .\} |
61 | .\} |
66 | .el \{\ |
62 | .\" |
67 | . de IX |
63 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
68 | .. |
64 | .\" way too many mistakes in technical documents. |
69 | .\} |
65 | .hy 0 |
|
|
66 | .if n .na |
70 | .\" |
67 | .\" |
71 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
68 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
72 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
69 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
73 | . \" fudge factors for nroff and troff |
70 | . \" fudge factors for nroff and troff |
74 | .if n \{\ |
71 | .if n \{\ |
… | |
… | |
130 | .\} |
127 | .\} |
131 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
132 | .\" ======================================================================== |
129 | .\" ======================================================================== |
133 | .\" |
130 | .\" |
134 | .IX Title "GVPE.CONF 5" |
131 | .IX Title "GVPE.CONF 5" |
135 | .TH GVPE.CONF 5 "2009-03-23" "2.22" "GNU Virtual Private Ethernet" |
132 | .TH GVPE.CONF 5 "2011-02-15" "2.24" "GNU Virtual Private Ethernet" |
136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
|
|
137 | .\" way too many mistakes in technical documents. |
|
|
138 | .if n .ad l |
|
|
139 | .nh |
|
|
140 | .SH "NAME" |
133 | .SH "NAME" |
141 | gvpe.conf \- configuration file for the GNU VPE daemon |
134 | gvpe.conf \- configuration file for the GNU VPE daemon |
142 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
143 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
144 | .Vb 4 |
137 | .Vb 4 |
145 | \& # global options for all nodes |
138 | \& # global options for all nodes |
146 | \& udp\-port = 407 |
139 | \& udp\-port = 407 |
147 | \& mtu = 1492 |
140 | \& mtu = 1492 |
148 | \& ifname = vpn0 |
141 | \& ifname = vpn0 |
149 | \& |
142 | .Ve |
|
|
143 | .PP |
|
|
144 | .Vb 3 |
150 | \& # first node is named branch1 and is at 1.2.3.4 |
145 | \& # first node is named branch1 and is at 1.2.3.4 |
151 | \& node = branch1 |
146 | \& node = branch1 |
152 | \& hostname = 1.2.3.4 |
147 | \& hostname = 1.2.3.4 |
153 | \& |
148 | .Ve |
|
|
149 | .PP |
|
|
150 | .Vb 4 |
154 | \& # second node uses dns to resolve the address |
151 | \& # second node uses dns to resolve the address |
155 | \& node = branch2 |
152 | \& node = branch2 |
156 | \& hostname = www.example.net |
153 | \& hostname = www.example.net |
157 | \& udp\-port = 500 # this host uses a different udp\-port |
154 | \& udp\-port = 500 # this host uses a different udp\-port |
158 | \& |
155 | .Ve |
|
|
156 | .PP |
|
|
157 | .Vb 3 |
159 | \& # third node has no fixed ip address |
158 | \& # third node has no fixed ip address |
160 | \& node = branch3 |
159 | \& node = branch3 |
161 | \& connect = ondemand |
160 | \& connect = ondemand |
162 | .Ve |
161 | .Ve |
163 | .SH "DESCRIPTION" |
162 | .SH "DESCRIPTION" |
… | |
… | |
356 | other programs. |
355 | other programs. |
357 | .Sp |
356 | .Sp |
358 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
357 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
359 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
358 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
360 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
359 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
361 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241) |
360 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241). |
|
|
361 | .Sp |
|
|
362 | Many versions of Linux seem to have a bug that causes them to reorder |
|
|
363 | packets for some ip protocols (\s-1GRE\s0, \s-1ESP\s0) but not for others (\s-1AH\s0), so |
|
|
364 | choose wisely (that is, use 51, \s-1AH\s0). |
362 | .IP "http-proxy-host = hostname/ip" 4 |
365 | .IP "http-proxy-host = hostname/ip" 4 |
363 | .IX Item "http-proxy-host = hostname/ip" |
366 | .IX Item "http-proxy-host = hostname/ip" |
364 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
367 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
365 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
368 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
366 | tcp connections through a http proxy server. |
369 | tcp connections through a http proxy server. |
… | |
… | |
427 | is established (even on rekeying operations). Note that node\-up/down |
430 | is established (even on rekeying operations). Note that node\-up/down |
428 | scripts will be run asynchronously, but execution is serialised, so there |
431 | scripts will be run asynchronously, but execution is serialised, so there |
429 | will only ever be one such script running. |
432 | will only ever be one such script running. |
430 | .Sp |
433 | .Sp |
431 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
434 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
432 | environment variables will be set: |
435 | environment variables will be set (values are just examples): |
433 | .RS 4 |
436 | .RS 4 |
434 | .IP "DESTNODE=branch2" 4 |
437 | .IP "DESTNODE=branch2" 4 |
435 | .IX Item "DESTNODE=branch2" |
438 | .IX Item "DESTNODE=branch2" |
436 | The name of the remote node. |
439 | The name of the remote node. |
437 | .IP "DESTID=2" 4 |
440 | .IP "DESTID=2" 4 |
438 | .IX Item "DESTID=2" |
441 | .IX Item "DESTID=2" |
439 | The node id of the remote node. |
442 | The node id of the remote node. |
|
|
443 | .IP "DESTSI=rawip/88.99.77.55:0" 4 |
|
|
444 | .IX Item "DESTSI=rawip/88.99.77.55:0" |
|
|
445 | The \*(L"socket info\*(R" of the target node, protocol dependent but usually in |
|
|
446 | the format protocol/ip:port. |
440 | .IP "DESTIP=188.13.66.8" 4 |
447 | .IP "DESTIP=188.13.66.8" 4 |
441 | .IX Item "DESTIP=188.13.66.8" |
448 | .IX Item "DESTIP=188.13.66.8" |
442 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
449 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
443 | everywhere, as long as the other node can authenticate itself). |
450 | everywhere, as long as the other node can authenticate itself). |
444 | .IP "DESTPORT=655 # deprecated" 4 |
451 | .IP "DESTPORT=655 # deprecated" 4 |
445 | .IX Item "DESTPORT=655 # deprecated" |
452 | .IX Item "DESTPORT=655 # deprecated" |
446 | The \s-1UDP\s0 port used by the other side. |
453 | The protocol port used by the other side, if applicable. |
447 | .IP "STATE=UP" 4 |
454 | .IP "STATE=up" 4 |
448 | .IX Item "STATE=UP" |
455 | .IX Item "STATE=up" |
449 | Node-up scripts get called with STATE=UP, node-down scripts get called |
456 | Node-up scripts get called with STATE=up, node-change scripts get called |
450 | with STATE=DOWN. |
457 | with STATE=change and node-down scripts get called with STATE=down. |
451 | .RE |
458 | .RE |
452 | .RS 4 |
459 | .RS 4 |
453 | .Sp |
460 | .Sp |
454 | Here is a nontrivial example that uses nsupdate to update the name => ip |
461 | Here is a nontrivial example that uses nsupdate to update the name => ip |
455 | mapping in some \s-1DNS\s0 zone: |
462 | mapping in some \s-1DNS\s0 zone: |
… | |
… | |
461 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
468 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
462 | \& echo |
469 | \& echo |
463 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
470 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
464 | .Ve |
471 | .Ve |
465 | .RE |
472 | .RE |
|
|
473 | .IP "node-change = relative-or-absolute-path" 4 |
|
|
474 | .IX Item "node-change = relative-or-absolute-path" |
|
|
475 | Same as \f(CW\*(C`node\-change\*(C'\fR, but gets called whenever something about a |
|
|
476 | connection changes (such as the source \s-1IP\s0 address). |
466 | .IP "node-down = relative-or-absolute-path" 4 |
477 | .IP "node-down = relative-or-absolute-path" 4 |
467 | .IX Item "node-down = relative-or-absolute-path" |
478 | .IX Item "node-down = relative-or-absolute-path" |
468 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
479 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
469 | .IP "pid-file = path" 4 |
480 | .IP "pid-file = path" 4 |
470 | .IX Item "pid-file = path" |
481 | .IX Item "pid-file = path" |
… | |
… | |
501 | .Vb 1 |
512 | .Vb 1 |
502 | \& ip rule add not fwmark 1000 lookup 99 |
513 | \& ip rule add not fwmark 1000 lookup 99 |
503 | .Ve |
514 | .Ve |
504 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
515 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
505 | .IX Subsection "NODE SPECIFIC SETTINGS" |
516 | .IX Subsection "NODE SPECIFIC SETTINGS" |
506 | The following settings are node-specific, that is, every node can have |
517 | The following settings are node\-specific, that is, every node can have |
507 | different settings, even within the same gvpe instance. Settings that are |
518 | different settings, even within the same gvpe instance. Settings that are |
508 | set before the first node section set the defaults, settings that are |
519 | set before the first node section set the defaults, settings that are |
509 | set within a node section only apply to the given node. |
520 | set within a node section only apply to the given node. |
510 | .IP "allow-direct = nodename" 4 |
521 | .IP "allow-direct = nodename" 4 |
511 | .IX Item "allow-direct = nodename" |
522 | .IX Item "allow-direct = nodename" |
512 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
523 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
513 | .IP "compress = yes|true|on | no|false|off" 4 |
524 | .IP "compress = yes|true|on | no|false|off" 4 |
514 | .IX Item "compress = yes|true|on | no|false|off" |
525 | .IX Item "compress = yes|true|on | no|false|off" |
|
|
526 | For the current node, this specified whether it will accept compressed |
|
|
527 | packets, and for all other nodes, this specifies whether to try to |
515 | Wether to compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). |
528 | compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). Compression is |
516 | Compression is really cheap even on slow computers and has no size |
529 | really cheap even on slow computers, has no size overhead at all and will |
517 | overhead at all, so enabling this is often a good idea. |
530 | only be used when the other side supports compression, so enabling this is |
|
|
531 | often a good idea. |
518 | .IP "connect = ondemand | never | always | disabled" 4 |
532 | .IP "connect = ondemand | never | always | disabled" 4 |
519 | .IX Item "connect = ondemand | never | always | disabled" |
533 | .IX Item "connect = ondemand | never | always | disabled" |
520 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
534 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
521 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
535 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
522 | (never initiate a connection to the given host, but accept connections), |
536 | (never initiate a connection to the given host, but accept connections), |
… | |
… | |
607 | when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. |
621 | when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. |
608 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
622 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
609 | .IX Item "enable-udp = yes|true|on | no|false|off" |
623 | .IX Item "enable-udp = yes|true|on | no|false|off" |
610 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
624 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
611 | .Sp |
625 | .Sp |
612 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR, |
626 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR). |
613 | unless no other protocol is enabled for a node, in which case this |
|
|
614 | protocol is enabled automatically). |
|
|
615 | .Sp |
|
|
616 | \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want to use it even though |
|
|
617 | it might get switched on automatically, as some future version might |
|
|
618 | default to another default protocol. |
|
|
619 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
627 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
620 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
628 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
621 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
629 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
622 | address. It will be resolved before each connect request, so dyndns should |
630 | address. It will be resolved before each connect request, so dyndns should |
623 | work fine. If this setting is not specified and a router is available, |
631 | work fine. If this setting is not specified and a router is available, |
… | |
… | |
630 | .IX Item "icmp-type = integer" |
638 | .IX Item "icmp-type = integer" |
631 | Sets the type value to be used for outgoing (and incoming) packets sent |
639 | Sets the type value to be used for outgoing (and incoming) packets sent |
632 | via the \s-1ICMP\s0 transport. |
640 | via the \s-1ICMP\s0 transport. |
633 | .Sp |
641 | .Sp |
634 | The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as |
642 | The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as |
635 | \&\*(L"ping-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. |
643 | \&\*(L"ping\-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. |
636 | \&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. |
644 | \&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. |
637 | .IP "if-up-data = value" 4 |
645 | .IP "if-up-data = value" 4 |
638 | .IX Item "if-up-data = value" |
646 | .IX Item "if-up-data = value" |
639 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
647 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
640 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
648 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
641 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
649 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
642 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
650 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
643 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
651 | Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
644 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
652 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
645 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
653 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
646 | to the tunnel device, which is usually what you want. |
654 | to the tunnel device, which is usually what you want. |
647 | .IP "max-retry = positive-number" 4 |
655 | .IP "max-retry = positive-number" 4 |
648 | .IX Item "max-retry = positive-number" |
656 | .IX Item "max-retry = positive-number" |
… | |
… | |
705 | .IX Item "gvpe.conf" |
713 | .IX Item "gvpe.conf" |
706 | The config file. |
714 | The config file. |
707 | .IP "if-up" 4 |
715 | .IP "if-up" 4 |
708 | .IX Item "if-up" |
716 | .IX Item "if-up" |
709 | The if-up script |
717 | The if-up script |
710 | .IP "node-up, node-down" 4 |
718 | .IP "node\-up, node-down" 4 |
711 | .IX Item "node-up, node-down" |
719 | .IX Item "node-up, node-down" |
712 | If used the node up or node-down scripts. |
720 | If used the node up or node-down scripts. |
713 | .IP "hostkey" 4 |
721 | .IP "hostkey" 4 |
714 | .IX Item "hostkey" |
722 | .IX Item "hostkey" |
715 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |
723 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |