| 1 | .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) |
1 | .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 |
| 2 | .\" |
2 | .\" |
| 3 | .\" Standard preamble: |
3 | .\" Standard preamble: |
| 4 | .\" ======================================================================== |
4 | .\" ======================================================================== |
| 5 | .de Sh \" Subsection heading |
5 | .de Sh \" Subsection heading |
| 6 | .br |
6 | .br |
| … | |
… | |
| 46 | . ds PI \(*p |
46 | . ds PI \(*p |
| 47 | . ds L" `` |
47 | . ds L" `` |
| 48 | . ds R" '' |
48 | . ds R" '' |
| 49 | 'br\} |
49 | 'br\} |
| 50 | .\" |
50 | .\" |
| 51 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
|
|
| 52 | .ie \n(.g .ds Aq \(aq |
|
|
| 53 | .el .ds Aq ' |
|
|
| 54 | .\" |
|
|
| 55 | .\" If the F register is turned on, we'll generate index entries on stderr for |
51 | .\" If the F register is turned on, we'll generate index entries on stderr for |
| 56 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
52 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
| 57 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
53 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
| 58 | .\" output yourself in some meaningful fashion. |
54 | .\" output yourself in some meaningful fashion. |
| 59 | .ie \nF \{\ |
55 | .if \nF \{\ |
| 60 | . de IX |
56 | . de IX |
| 61 | . tm Index:\\$1\t\\n%\t"\\$2" |
57 | . tm Index:\\$1\t\\n%\t"\\$2" |
| 62 | .. |
58 | .. |
| 63 | . nr % 0 |
59 | . nr % 0 |
| 64 | . rr F |
60 | . rr F |
| 65 | .\} |
61 | .\} |
| 66 | .el \{\ |
62 | .\" |
| 67 | . de IX |
63 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
| 68 | .. |
64 | .\" way too many mistakes in technical documents. |
| 69 | .\} |
65 | .hy 0 |
|
|
66 | .if n .na |
| 70 | .\" |
67 | .\" |
| 71 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
68 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
| 72 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
69 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
| 73 | . \" fudge factors for nroff and troff |
70 | . \" fudge factors for nroff and troff |
| 74 | .if n \{\ |
71 | .if n \{\ |
| … | |
… | |
| 130 | .\} |
127 | .\} |
| 131 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
| 132 | .\" ======================================================================== |
129 | .\" ======================================================================== |
| 133 | .\" |
130 | .\" |
| 134 | .IX Title "GVPE.CONF 5" |
131 | .IX Title "GVPE.CONF 5" |
| 135 | .TH GVPE.CONF 5 "2009-03-23" "2.22" "GNU Virtual Private Ethernet" |
132 | .TH GVPE.CONF 5 "2011-02-15" "2.24" "GNU Virtual Private Ethernet" |
| 136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
|
|
| 137 | .\" way too many mistakes in technical documents. |
|
|
| 138 | .if n .ad l |
|
|
| 139 | .nh |
|
|
| 140 | .SH "NAME" |
133 | .SH "NAME" |
| 141 | gvpe.conf \- configuration file for the GNU VPE daemon |
134 | gvpe.conf \- configuration file for the GNU VPE daemon |
| 142 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
| 143 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
| 144 | .Vb 4 |
137 | .Vb 4 |
| 145 | \& # global options for all nodes |
138 | \& # global options for all nodes |
| 146 | \& udp\-port = 407 |
139 | \& udp\-port = 407 |
| 147 | \& mtu = 1492 |
140 | \& mtu = 1492 |
| 148 | \& ifname = vpn0 |
141 | \& ifname = vpn0 |
| 149 | \& |
142 | .Ve |
|
|
143 | .PP |
|
|
144 | .Vb 3 |
| 150 | \& # first node is named branch1 and is at 1.2.3.4 |
145 | \& # first node is named branch1 and is at 1.2.3.4 |
| 151 | \& node = branch1 |
146 | \& node = branch1 |
| 152 | \& hostname = 1.2.3.4 |
147 | \& hostname = 1.2.3.4 |
| 153 | \& |
148 | .Ve |
|
|
149 | .PP |
|
|
150 | .Vb 4 |
| 154 | \& # second node uses dns to resolve the address |
151 | \& # second node uses dns to resolve the address |
| 155 | \& node = branch2 |
152 | \& node = branch2 |
| 156 | \& hostname = www.example.net |
153 | \& hostname = www.example.net |
| 157 | \& udp\-port = 500 # this host uses a different udp\-port |
154 | \& udp\-port = 500 # this host uses a different udp\-port |
| 158 | \& |
155 | .Ve |
|
|
156 | .PP |
|
|
157 | .Vb 3 |
| 159 | \& # third node has no fixed ip address |
158 | \& # third node has no fixed ip address |
| 160 | \& node = branch3 |
159 | \& node = branch3 |
| 161 | \& connect = ondemand |
160 | \& connect = ondemand |
| 162 | .Ve |
161 | .Ve |
| 163 | .SH "DESCRIPTION" |
162 | .SH "DESCRIPTION" |
| … | |
… | |
| 356 | other programs. |
355 | other programs. |
| 357 | .Sp |
356 | .Sp |
| 358 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
357 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
| 359 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
358 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
| 360 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
359 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
| 361 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241) |
360 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241). |
|
|
361 | .Sp |
|
|
362 | Many versions of Linux seem to have a bug that causes them to reorder |
|
|
363 | packets for some ip protocols (\s-1GRE\s0, \s-1ESP\s0) but not for others (\s-1AH\s0), so |
|
|
364 | choose wisely (that is, use 51, \s-1AH\s0). |
| 362 | .IP "http-proxy-host = hostname/ip" 4 |
365 | .IP "http-proxy-host = hostname/ip" 4 |
| 363 | .IX Item "http-proxy-host = hostname/ip" |
366 | .IX Item "http-proxy-host = hostname/ip" |
| 364 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
367 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
| 365 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
368 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
| 366 | tcp connections through a http proxy server. |
369 | tcp connections through a http proxy server. |
| … | |
… | |
| 427 | is established (even on rekeying operations). Note that node\-up/down |
430 | is established (even on rekeying operations). Note that node\-up/down |
| 428 | scripts will be run asynchronously, but execution is serialised, so there |
431 | scripts will be run asynchronously, but execution is serialised, so there |
| 429 | will only ever be one such script running. |
432 | will only ever be one such script running. |
| 430 | .Sp |
433 | .Sp |
| 431 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
434 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
| 432 | environment variables will be set: |
435 | environment variables will be set (values are just examples): |
| 433 | .RS 4 |
436 | .RS 4 |
| 434 | .IP "DESTNODE=branch2" 4 |
437 | .IP "DESTNODE=branch2" 4 |
| 435 | .IX Item "DESTNODE=branch2" |
438 | .IX Item "DESTNODE=branch2" |
| 436 | The name of the remote node. |
439 | The name of the remote node. |
| 437 | .IP "DESTID=2" 4 |
440 | .IP "DESTID=2" 4 |
| 438 | .IX Item "DESTID=2" |
441 | .IX Item "DESTID=2" |
| 439 | The node id of the remote node. |
442 | The node id of the remote node. |
|
|
443 | .IP "DESTSI=rawip/88.99.77.55:0" 4 |
|
|
444 | .IX Item "DESTSI=rawip/88.99.77.55:0" |
|
|
445 | The \*(L"socket info\*(R" of the target node, protocol dependent but usually in |
|
|
446 | the format protocol/ip:port. |
| 440 | .IP "DESTIP=188.13.66.8" 4 |
447 | .IP "DESTIP=188.13.66.8" 4 |
| 441 | .IX Item "DESTIP=188.13.66.8" |
448 | .IX Item "DESTIP=188.13.66.8" |
| 442 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
449 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
| 443 | everywhere, as long as the other node can authenticate itself). |
450 | everywhere, as long as the other node can authenticate itself). |
| 444 | .IP "DESTPORT=655 # deprecated" 4 |
451 | .IP "DESTPORT=655 # deprecated" 4 |
| 445 | .IX Item "DESTPORT=655 # deprecated" |
452 | .IX Item "DESTPORT=655 # deprecated" |
| 446 | The \s-1UDP\s0 port used by the other side. |
453 | The protocol port used by the other side, if applicable. |
| 447 | .IP "STATE=UP" 4 |
454 | .IP "STATE=up" 4 |
| 448 | .IX Item "STATE=UP" |
455 | .IX Item "STATE=up" |
| 449 | Node-up scripts get called with STATE=UP, node-down scripts get called |
456 | Node-up scripts get called with STATE=up, node-change scripts get called |
| 450 | with STATE=DOWN. |
457 | with STATE=change and node-down scripts get called with STATE=down. |
| 451 | .RE |
458 | .RE |
| 452 | .RS 4 |
459 | .RS 4 |
| 453 | .Sp |
460 | .Sp |
| 454 | Here is a nontrivial example that uses nsupdate to update the name => ip |
461 | Here is a nontrivial example that uses nsupdate to update the name => ip |
| 455 | mapping in some \s-1DNS\s0 zone: |
462 | mapping in some \s-1DNS\s0 zone: |
| … | |
… | |
| 461 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
468 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
| 462 | \& echo |
469 | \& echo |
| 463 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
470 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
| 464 | .Ve |
471 | .Ve |
| 465 | .RE |
472 | .RE |
|
|
473 | .IP "node-change = relative-or-absolute-path" 4 |
|
|
474 | .IX Item "node-change = relative-or-absolute-path" |
|
|
475 | Same as \f(CW\*(C`node\-change\*(C'\fR, but gets called whenever something about a |
|
|
476 | connection changes (such as the source \s-1IP\s0 address). |
| 466 | .IP "node-down = relative-or-absolute-path" 4 |
477 | .IP "node-down = relative-or-absolute-path" 4 |
| 467 | .IX Item "node-down = relative-or-absolute-path" |
478 | .IX Item "node-down = relative-or-absolute-path" |
| 468 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
479 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
| 469 | .IP "pid-file = path" 4 |
480 | .IP "pid-file = path" 4 |
| 470 | .IX Item "pid-file = path" |
481 | .IX Item "pid-file = path" |
| … | |
… | |
| 501 | .Vb 1 |
512 | .Vb 1 |
| 502 | \& ip rule add not fwmark 1000 lookup 99 |
513 | \& ip rule add not fwmark 1000 lookup 99 |
| 503 | .Ve |
514 | .Ve |
| 504 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
515 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
| 505 | .IX Subsection "NODE SPECIFIC SETTINGS" |
516 | .IX Subsection "NODE SPECIFIC SETTINGS" |
| 506 | The following settings are node-specific, that is, every node can have |
517 | The following settings are node\-specific, that is, every node can have |
| 507 | different settings, even within the same gvpe instance. Settings that are |
518 | different settings, even within the same gvpe instance. Settings that are |
| 508 | set before the first node section set the defaults, settings that are |
519 | set before the first node section set the defaults, settings that are |
| 509 | set within a node section only apply to the given node. |
520 | set within a node section only apply to the given node. |
| 510 | .IP "allow-direct = nodename" 4 |
521 | .IP "allow-direct = nodename" 4 |
| 511 | .IX Item "allow-direct = nodename" |
522 | .IX Item "allow-direct = nodename" |
| 512 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
523 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
| 513 | .IP "compress = yes|true|on | no|false|off" 4 |
524 | .IP "compress = yes|true|on | no|false|off" 4 |
| 514 | .IX Item "compress = yes|true|on | no|false|off" |
525 | .IX Item "compress = yes|true|on | no|false|off" |
|
|
526 | For the current node, this specified whether it will accept compressed |
|
|
527 | packets, and for all other nodes, this specifies whether to try to |
| 515 | Wether to compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). |
528 | compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). Compression is |
| 516 | Compression is really cheap even on slow computers and has no size |
529 | really cheap even on slow computers, has no size overhead at all and will |
| 517 | overhead at all, so enabling this is often a good idea. |
530 | only be used when the other side supports compression, so enabling this is |
|
|
531 | often a good idea. |
| 518 | .IP "connect = ondemand | never | always | disabled" 4 |
532 | .IP "connect = ondemand | never | always | disabled" 4 |
| 519 | .IX Item "connect = ondemand | never | always | disabled" |
533 | .IX Item "connect = ondemand | never | always | disabled" |
| 520 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
534 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
| 521 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
535 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
| 522 | (never initiate a connection to the given host, but accept connections), |
536 | (never initiate a connection to the given host, but accept connections), |
| … | |
… | |
| 607 | when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. |
621 | when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. |
| 608 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
622 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
| 609 | .IX Item "enable-udp = yes|true|on | no|false|off" |
623 | .IX Item "enable-udp = yes|true|on | no|false|off" |
| 610 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
624 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
| 611 | .Sp |
625 | .Sp |
| 612 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR, |
626 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR). |
| 613 | unless no other protocol is enabled for a node, in which case this |
|
|
| 614 | protocol is enabled automatically). |
|
|
| 615 | .Sp |
|
|
| 616 | \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want to use it even though |
|
|
| 617 | it might get switched on automatically, as some future version might |
|
|
| 618 | default to another default protocol. |
|
|
| 619 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
627 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
| 620 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
628 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
| 621 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
629 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
| 622 | address. It will be resolved before each connect request, so dyndns should |
630 | address. It will be resolved before each connect request, so dyndns should |
| 623 | work fine. If this setting is not specified and a router is available, |
631 | work fine. If this setting is not specified and a router is available, |
| … | |
… | |
| 630 | .IX Item "icmp-type = integer" |
638 | .IX Item "icmp-type = integer" |
| 631 | Sets the type value to be used for outgoing (and incoming) packets sent |
639 | Sets the type value to be used for outgoing (and incoming) packets sent |
| 632 | via the \s-1ICMP\s0 transport. |
640 | via the \s-1ICMP\s0 transport. |
| 633 | .Sp |
641 | .Sp |
| 634 | The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as |
642 | The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as |
| 635 | \&\*(L"ping-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. |
643 | \&\*(L"ping\-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. |
| 636 | \&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. |
644 | \&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. |
| 637 | .IP "if-up-data = value" 4 |
645 | .IP "if-up-data = value" 4 |
| 638 | .IX Item "if-up-data = value" |
646 | .IX Item "if-up-data = value" |
| 639 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
647 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
| 640 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
648 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
| 641 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
649 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
| 642 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
650 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
| 643 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
651 | Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
| 644 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
652 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
| 645 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
653 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
| 646 | to the tunnel device, which is usually what you want. |
654 | to the tunnel device, which is usually what you want. |
| 647 | .IP "max-retry = positive-number" 4 |
655 | .IP "max-retry = positive-number" 4 |
| 648 | .IX Item "max-retry = positive-number" |
656 | .IX Item "max-retry = positive-number" |
| … | |
… | |
| 705 | .IX Item "gvpe.conf" |
713 | .IX Item "gvpe.conf" |
| 706 | The config file. |
714 | The config file. |
| 707 | .IP "if-up" 4 |
715 | .IP "if-up" 4 |
| 708 | .IX Item "if-up" |
716 | .IX Item "if-up" |
| 709 | The if-up script |
717 | The if-up script |
| 710 | .IP "node-up, node-down" 4 |
718 | .IP "node\-up, node-down" 4 |
| 711 | .IX Item "node-up, node-down" |
719 | .IX Item "node-up, node-down" |
| 712 | If used the node up or node-down scripts. |
720 | If used the node up or node-down scripts. |
| 713 | .IP "hostkey" 4 |
721 | .IP "hostkey" 4 |
| 714 | .IX Item "hostkey" |
722 | .IX Item "hostkey" |
| 715 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |
723 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |
