ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/doc/gvpe.conf.5
(Generate patch)

Comparing gvpe/doc/gvpe.conf.5 (file contents):
Revision 1.19 by pcg, Thu Mar 29 17:35:20 2007 UTC vs.
Revision 1.20 by pcg, Sun Aug 10 10:35:26 2008 UTC

1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
2.\" 2.\"
3.\" Standard preamble: 3.\" Standard preamble:
4.\" ======================================================================== 4.\" ========================================================================
5.de Sh \" Subsection heading 5.de Sh \" Subsection heading
6.br 6.br
23.ft R 23.ft R
24.fi 24.fi
25.. 25..
26.\" Set up some character translations and predefined strings. \*(-- will 26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left 27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
28.\" double quote, and \*(R" will give a right double quote. | will give a 28.\" double quote, and \*(R" will give a right double quote. \*(C+ will
29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to 29.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' 30.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31.\" expand to `' in nroff, nothing in troff, for use with C<>. 31.\" nothing in troff, for use with C<>.
32.tr \(*W-|\(bv\*(Tr 32.tr \(*W-
33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
34.ie n \{\ 34.ie n \{\
35. ds -- \(*W- 35. ds -- \(*W-
36. ds PI pi 36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
46. ds PI \(*p 46. ds PI \(*p
47. ds L" `` 47. ds L" ``
48. ds R" '' 48. ds R" ''
49'br\} 49'br\}
50.\" 50.\"
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
51.\" If the F register is turned on, we'll generate index entries on stderr for 55.\" If the F register is turned on, we'll generate index entries on stderr for
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index 56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53.\" entries marked with X<> in POD. Of course, you'll have to process the 57.\" entries marked with X<> in POD. Of course, you'll have to process the
54.\" output yourself in some meaningful fashion. 58.\" output yourself in some meaningful fashion.
55.if \nF \{\ 59.ie \nF \{\
56. de IX 60. de IX
57. tm Index:\\$1\t\\n%\t"\\$2" 61. tm Index:\\$1\t\\n%\t"\\$2"
58.. 62..
59. nr % 0 63. nr % 0
60. rr F 64. rr F
61.\} 65.\}
62.\" 66.el \{\
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes 67. de IX
64.\" way too many mistakes in technical documents. 68..
65.hy 0 69.\}
66.if n .na
67.\" 70.\"
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69.\" Fear. Run. Save yourself. No user-serviceable parts. 72.\" Fear. Run. Save yourself. No user-serviceable parts.
70. \" fudge factors for nroff and troff 73. \" fudge factors for nroff and troff
71.if n \{\ 74.if n \{\
127.\} 130.\}
128.rm #[ #] #H #V #F C 131.rm #[ #] #H #V #F C
129.\" ======================================================================== 132.\" ========================================================================
130.\" 133.\"
131.IX Title "GVPE.CONF 5" 134.IX Title "GVPE.CONF 5"
132.TH GVPE.CONF 5 "2007-01-31" "2.01" "GNU Virtual Private Ethernet" 135.TH GVPE.CONF 5 "2008-08-07" "2.2" "GNU Virtual Private Ethernet"
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
133.SH "NAME" 140.SH "NAME"
134gvpe.conf \- configuration file for the GNU VPE daemon 141gvpe.conf \- configuration file for the GNU VPE daemon
135.SH "SYNOPSIS" 142.SH "SYNOPSIS"
136.IX Header "SYNOPSIS" 143.IX Header "SYNOPSIS"
137.Vb 3 144.Vb 3
138\& udp-port = 407 145\& udp\-port = 407
139\& mtu = 1492 146\& mtu = 1492
140\& ifname = vpn0 147\& ifname = vpn0
141.Ve 148\&
142.PP
143.Vb 2
144\& node = branch1 149\& node = branch1
145\& hostname = 1.2.3.4 150\& hostname = 1.2.3.4
146.Ve 151\&
147.PP
148.Vb 3
149\& node = branch2 152\& node = branch2
150\& hostname = www.example.net 153\& hostname = www.example.net
151\& udp-port = 500 # this host uses a different udp-port 154\& udp\-port = 500 # this host uses a different udp\-port
152.Ve 155\&
153.PP
154.Vb 2
155\& node = branch3 156\& node = branch3
156\& connect = ondemand 157\& connect = ondemand
157.Ve 158.Ve
158.SH "DESCRIPTION" 159.SH "DESCRIPTION"
159.IX Header "DESCRIPTION" 160.IX Header "DESCRIPTION"
372enabled on all hosts. 373enabled on all hosts.
373.Sp 374.Sp
374Example: 375Example:
375.Sp 376.Sp
376.Vb 3 377.Vb 3
377\& http-proxy-host = proxy.example.com 378\& http\-proxy\-host = proxy.example.com
378\& http-proxy-port = 3128 # 8080 is another common choice 379\& http\-proxy\-port = 3128 # 8080 is another common choice
379\& http-proxy-auth = schmorp:grumbeere 380\& http\-proxy\-auth = schmorp:grumbeere
380.Ve 381.Ve
381.IP "http-proxy-port = proxy-tcp-port" 4 382.IP "http-proxy-port = proxy-tcp-port" 4
382.IX Item "http-proxy-port = proxy-tcp-port" 383.IX Item "http-proxy-port = proxy-tcp-port"
383The port where your proxy server listens. 384The port where your proxy server listens.
384.IP "http-proxy-auth = login:password" 4 385.IP "http-proxy-auth = login:password" 4
412Not really a config setting but introduces a node section. The nickname is 413Not really a config setting but introduces a node section. The nickname is
413used to select the right configuration section and must be passed as an 414used to select the right configuration section and must be passed as an
414argument to the gvpe daemon. 415argument to the gvpe daemon.
415.IP "node-up = relative-or-absolute-path" 4 416.IP "node-up = relative-or-absolute-path" 4
416.IX Item "node-up = relative-or-absolute-path" 417.IX Item "node-up = relative-or-absolute-path"
417Sets a command (default: no script) that should be called whenever a 418Sets a command (default: none) that should be called whenever a connection
418connection is established (even on rekeying operations). In addition to 419is established (even on rekeying operations). Note that node\-up/down
420scripts will be run asynchronously, but execution is serialised, so there
421will only ever be one such script running.
422.Sp
419all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following environment 423In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following
420variables will be set: 424environment variables will be set:
421.RS 4 425.RS 4
422.IP "DESTNODE=branch2" 4 426.IP "DESTNODE=branch2" 4
423.IX Item "DESTNODE=branch2" 427.IX Item "DESTNODE=branch2"
424The name of the remote node. 428The name of the remote node.
425.IP "DESTID=2" 4 429.IP "DESTID=2" 4
446\& #!/bin/sh 450\& #!/bin/sh
447\& { 451\& {
448\& echo update delete $DESTNODE.lowttl.example.net. a 452\& echo update delete $DESTNODE.lowttl.example.net. a
449\& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP 453\& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP
450\& echo 454\& echo
451\& } | nsupdate -d -k $CONFBASE:key.example.net. 455\& } | nsupdate \-d \-k $CONFBASE:key.example.net.
452.Ve 456.Ve
453.RE 457.RE
454.IP "node-down = relative-or-absolute-path" 4 458.IP "node-down = relative-or-absolute-path" 4
455.IX Item "node-down = relative-or-absolute-path" 459.IX Item "node-down = relative-or-absolute-path"
456Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. 460Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost.
473.IX Item "rekey = seconds" 477.IX Item "rekey = seconds"
474Sets the rekeying interval in seconds (default: \f(CW3600\fR). Connections are 478Sets the rekeying interval in seconds (default: \f(CW3600\fR). Connections are
475reestablished every \f(CW\*(C`rekey\*(C'\fR seconds. 479reestablished every \f(CW\*(C`rekey\*(C'\fR seconds.
476.Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" 480.Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0"
477.IX Subsection "NODE SPECIFIC SETTINGS" 481.IX Subsection "NODE SPECIFIC SETTINGS"
478The following settings are node\-specific, that is, every node can have 482The following settings are node-specific, that is, every node can have
479different settings, even within the same gvpe instance. Settings that are 483different settings, even within the same gvpe instance. Settings that are
480set before the first node section set the defaults, settings that are 484set before the first node section set the defaults, settings that are
481set within a node section only apply to the given node. 485set within a node section only apply to the given node.
482.IP "allow-direct = nodename" 4 486.IP "allow-direct = nodename" 4
483.IX Item "allow-direct = nodename" 487.IX Item "allow-direct = nodename"
490.IP "connect = ondemand | never | always | disabled" 4 494.IP "connect = ondemand | never | always | disabled" 4
491.IX Item "connect = ondemand | never | always | disabled" 495.IX Item "connect = ondemand | never | always | disabled"
492Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always 496Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always
493try to establish and keep a connection to the given host), \f(CW\*(C`never\*(C'\fR 497try to establish and keep a connection to the given host), \f(CW\*(C`never\*(C'\fR
494(never initiate a connection to the given host, but accept connections), 498(never initiate a connection to the given host, but accept connections),
495\&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and 499\&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection when there are outstanding
496take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, 500packets in the queue and take it down after the keepalive interval) or
497don't talk to it). 501\&\f(CW\*(C`disabled\*(C'\fR (node is bad, don't talk to it).
498.IP "deny-direct = nodename | *" 4 502.IP "deny-direct = nodename | *" 4
499.IX Item "deny-direct = nodename | *" 503.IX Item "deny-direct = nodename | *"
500Deny direct connections to the specified node (or all nodes when \f(CW\*(C`*\*(C'\fR 504Deny direct connections to the specified node (or all nodes when \f(CW\*(C`*\*(C'\fR
501is given). Only one node can be specified, but you can use multiple 505is given). Only one node can be specified, but you can use multiple
502\&\f(CW\*(C`allow\-direct\*(C'\fR and \f(CW\*(C`deny\-direct\*(C'\fR statements. This only makes sense in 506\&\f(CW\*(C`allow\-direct\*(C'\fR and \f(CW\*(C`deny\-direct\*(C'\fR statements. This only makes sense in
527.Sp 531.Sp
528The domain must point to a \s-1NS\s0 record that points to the \fIdns-hostname\fR, 532The domain must point to a \s-1NS\s0 record that points to the \fIdns-hostname\fR,
529i.e. 533i.e.
530.Sp 534.Sp
531.Vb 2 535.Vb 2
532\& dns-domainname = tunnel.example.net 536\& dns\-domainname = tunnel.example.net
533\& dns-hostname = tunnel-server.example.net 537\& dns\-hostname = tunnel\-server.example.net
534.Ve 538.Ve
535.Sp 539.Sp
536Corresponds to the following \s-1DNS\s0 entries in the \f(CW\*(C`example.net\*(C'\fR domain: 540Corresponds to the following \s-1DNS\s0 entries in the \f(CW\*(C`example.net\*(C'\fR domain:
537.Sp 541.Sp
538.Vb 2 542.Vb 2
539\& tunnel.example.net. NS tunnel-server.example.net. 543\& tunnel.example.net. NS tunnel\-server.example.net.
540\& tunnel-server.example.net. A 13.13.13.13 544\& tunnel\-server.example.net. A 13.13.13.13
541.Ve 545.Ve
542.IP "dns-hostname = hostname/ip" 4 546.IP "dns-hostname = hostname/ip" 4
543.IX Item "dns-hostname = hostname/ip" 547.IX Item "dns-hostname = hostname/ip"
544The address to bind the \s-1DNS\s0 tunnel socket to, similar to the \f(CW\*(C`hostname\*(C'\fR, 548The address to bind the \s-1DNS\s0 tunnel socket to, similar to the \f(CW\*(C`hostname\*(C'\fR,
545but for the \s-1DNS\s0 tunnel protocol only. Default: \f(CW0.0.0.0\fR, but that might 549but for the \s-1DNS\s0 tunnel protocol only. Default: \f(CW0.0.0.0\fR, but that might
596.IX Item "icmp-type = integer" 600.IX Item "icmp-type = integer"
597Sets the type value to be used for outgoing (and incoming) packets sent 601Sets the type value to be used for outgoing (and incoming) packets sent
598via the \s-1ICMP\s0 transport. 602via the \s-1ICMP\s0 transport.
599.Sp 603.Sp
600The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as 604The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as
601\&\*(L"ping\-replies\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. 605\&\*(L"ping-replies\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a.
602\&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. 606\&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used.
603.IP "if-up-data = value" 4 607.IP "if-up-data = value" 4
604.IX Item "if-up-data = value" 608.IX Item "if-up-data = value"
605The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR 609The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR
606script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. 610script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR.
616retries to establish a connection to this node. When a connection cannot 620retries to establish a connection to this node. When a connection cannot
617be established, gvpe uses exponential backoff capped at this value. It's 621be established, gvpe uses exponential backoff capped at this value. It's
618sometimes useful to set this to a much lower value (e.g. \f(CW120\fR) on 622sometimes useful to set this to a much lower value (e.g. \f(CW120\fR) on
619connections to routers that usually are stable but sometimes are down, to 623connections to routers that usually are stable but sometimes are down, to
620assure quick reconnections even after longer downtimes. 624assure quick reconnections even after longer downtimes.
625.IP "max-ttl = seconds" 4
626.IX Item "max-ttl = seconds"
627Expire packets that couldn't be sent after this many seconds
628(default: \f(CW60\fR). Gvpe will normally queue packets for a node without an
629active connection, in the hope of establishing a connection soon. This
630value specifies the maximum lifetime a packet will stay in the queue, if a
631packet gets older, it will be thrown away.
632.IP "max-queue = positive-number" 4
633.IX Item "max-queue = positive-number"
634The maximum number of packets that will be queued (default: \f(CW512\fR)
635for this node. If more packets are sent then earlier packets will be
636expired. See \f(CW\*(C`max\-ttl\*(C'\fR, above.
621.IP "router-priority = 0 | 1 | positive\-number>=2" 4 637.IP "router-priority = 0 | 1 | positive\-number>=2" 4
622.IX Item "router-priority = 0 | 1 | positive-number>=2" 638.IX Item "router-priority = 0 | 1 | positive-number>=2"
623Sets the router priority of the given host (default: \f(CW0\fR, disabled). If 639Sets the router priority of the given host (default: \f(CW0\fR, disabled). If
624some host tries to connect to another host without a hostname, it asks 640some host tries to connect to another host without a hostname, it asks
625the router host for it's \s-1IP\s0 address. The router host is the one with the 641the router host for it's \s-1IP\s0 address. The router host is the one with the
643Sets the port number used by the \s-1UDP\s0 protocol (default: \f(CW655\fR, not 659Sets the port number used by the \s-1UDP\s0 protocol (default: \f(CW655\fR, not
644officially assigned by \s-1IANA\s0!). 660officially assigned by \s-1IANA\s0!).
645.SH "CONFIG DIRECTORY LAYOUT" 661.SH "CONFIG DIRECTORY LAYOUT"
646.IX Header "CONFIG DIRECTORY LAYOUT" 662.IX Header "CONFIG DIRECTORY LAYOUT"
647The default (or recommended) directory layout for the config directory is: 663The default (or recommended) directory layout for the config directory is:
648.IP "\(bu" 4 664.IP "" 4
649.IX Xref "gvpe.conf" 665.IX Xref "gvpe.conf"
650The config file. 666The config file.
651.IP "\(bu" 4 667.IP "" 4
652.IX Xref "if-up" 668.IX Xref "if-up"
653The if-up script 669The if-up script
654.IP "," 4 670.IP "," 4
655.IX Xref "node-up node-down" 671.IX Xref "node-up node-down"
656If used the node up or node-down scripts. 672If used the node up or node-down scripts.
657.IP "\(bu" 4 673.IP "" 4
658.IX Xref "hostkey" 674.IX Xref "hostkey"
659The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. 675The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host.
660.IP "\(bu" 4 676.IP "" 4
661.IX Xref "pubkey nodename" 677.IX Xref "pubkey nodename"
662The public keys of the other nodes, one file per node. 678The public keys of the other nodes, one file per node.
663.SH "SEE ALSO" 679.SH "SEE ALSO"
664.IX Header "SEE ALSO" 680.IX Header "SEE ALSO"
665\&\fIgvpe\fR\|(5), \fIgvpe\fR\|(8), \fIgvpectrl\fR\|(8). 681\&\fIgvpe\fR\|(5), \fIgvpe\fR\|(8), \fIgvpectrl\fR\|(8).

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines