--- gvpe/doc/gvpe.conf.5 2005/03/26 03:16:23 1.14 +++ gvpe/doc/gvpe.conf.5 2005/12/05 12:58:06 1.16 @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "GVPE.CONF 5" -.TH GVPE.CONF 5 "2005-03-26" "1.9" "GNU Virtual Private Ethernet" +.TH GVPE.CONF 5 "2005-12-05" "1.9" "GNU Virtual Private Ethernet" .SH "NAME" gvpe.conf \- configuration file for the GNU VPE daemon .SH "SYNOPSIS" @@ -476,8 +476,11 @@ .IX Subsection "NODE SPECIFIC SETTINGS" The following settings are node\-specific, that is, every node can have different settings, even within the same gvpe instance. Settings that are -executed before the first node section set the defaults, settings that are -executed within a node section only apply to the given node. +set before the first node section set the defaults, settings that are +set within a node section only apply to the given node. +.IP "allow-direct = nodename" 4 +.IX Item "allow-direct = nodename" +Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. .IP "compress = yes|true|on | no|false|off" 4 .IX Item "compress = yes|true|on | no|false|off" Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR). @@ -491,6 +494,32 @@ \&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, don't talk to it). +.IP "deny-direct = nodename | *" 4 +.IX Item "deny-direct = nodename | *" +Deny direct connections to the specified node (or all nodes when \f(CW\*(C`*\*(C'\fR +is given). Only one node can be specified, but you can use multiple +\&\f(CW\*(C`allow\-direct\*(C'\fR and \f(CW\*(C`deny\-direct\*(C'\fR statements. This only makes sense in +networks with routers, as routers are required for indirect connections. +.Sp +Sometimes, a node cannot reach some other nodes for reasons of network +connectivity. For example, a node behind a firewall that only allows +conenctions to/from a single other node in the network. In this case one +should specify \f(CW\*(C`deny\-direct = *\*(C'\fR and \f(CW\*(C`allow\-direct = othernodename\*(C'\fR (the other +node \fImust\fR be a router for this to work). +.Sp +The algorithm to check wether a connection may be direct is as follows: +.Sp +1. Other node mentioned in a \f(CW\*(C`allow\-direct\*(C'\fR? If yes, allow the connection. +.Sp +2. Other node mentioned in a \f(CW\*(C`deny\-direct\*(C'\fR? If yes, deny direct connections. +.Sp +3. Allow the connection. +.Sp +That is, \f(CW\*(C`allow\-direct\*(C'\fR takes precende over \f(CW\*(C`deny\-direct\*(C'\fR. +.Sp +The check is done in both directions, i.e. both nodes must allow a direct +connection before one is attempted, so you only need to specify connect +limitations on one node. .IP "dns-domain = domain-suffix" 4 .IX Item "dns-domain = domain-suffix" The \s-1DNS\s0 domain suffix that points to the \s-1DNS\s0 tunnel server for this node. @@ -555,6 +584,13 @@ \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want t use it even though it might get switched on automatically, as some future version might default to another default protocol. +.IP "hostname = hostname | ip [can not be defaulted]" 4 +.IX Item "hostname = hostname | ip [can not be defaulted]" +Forces the address of this node to be set to the given dns hostname or ip +address. It will be resolved before each connect request, so dyndns should +work fine. If this setting is not specified and a router is available, +then the router will be queried for the address of this node. Otherwise, +the connection attempt will fail. .IP "icmp-type = integer" 4 .IX Item "icmp-type = integer" Sets the type value to be used for outgoing (and incoming) packets sent @@ -628,4 +664,4 @@ \&\fIgvpe\fR\|(5), \fIgvpe\fR\|(8), \fIgvpectrl\fR\|(8). .SH "AUTHOR" .IX Header "AUTHOR" -Marc Lehmann +Marc Lehmann