… | |
… | |
130 | .\} |
130 | .\} |
131 | .rm #[ #] #H #V #F C |
131 | .rm #[ #] #H #V #F C |
132 | .\" ======================================================================== |
132 | .\" ======================================================================== |
133 | .\" |
133 | .\" |
134 | .IX Title "GVPE.CONF 5" |
134 | .IX Title "GVPE.CONF 5" |
135 | .TH GVPE.CONF 5 "2008-09-01" "2.2" "GNU Virtual Private Ethernet" |
135 | .TH GVPE.CONF 5 "2009-06-01" "2.22" "GNU Virtual Private Ethernet" |
136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
137 | .\" way too many mistakes in technical documents. |
137 | .\" way too many mistakes in technical documents. |
138 | .if n .ad l |
138 | .if n .ad l |
139 | .nh |
139 | .nh |
140 | .SH "NAME" |
140 | .SH "NAME" |
… | |
… | |
427 | is established (even on rekeying operations). Note that node\-up/down |
427 | is established (even on rekeying operations). Note that node\-up/down |
428 | scripts will be run asynchronously, but execution is serialised, so there |
428 | scripts will be run asynchronously, but execution is serialised, so there |
429 | will only ever be one such script running. |
429 | will only ever be one such script running. |
430 | .Sp |
430 | .Sp |
431 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
431 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
432 | environment variables will be set: |
432 | environment variables will be set (values are just examples): |
433 | .RS 4 |
433 | .RS 4 |
434 | .IP "DESTNODE=branch2" 4 |
434 | .IP "DESTNODE=branch2" 4 |
435 | .IX Item "DESTNODE=branch2" |
435 | .IX Item "DESTNODE=branch2" |
436 | The name of the remote node. |
436 | The name of the remote node. |
437 | .IP "DESTID=2" 4 |
437 | .IP "DESTID=2" 4 |
438 | .IX Item "DESTID=2" |
438 | .IX Item "DESTID=2" |
439 | The node id of the remote node. |
439 | The node id of the remote node. |
|
|
440 | .IP "DESTSI=rawip/88.99.77.55:0" 4 |
|
|
441 | .IX Item "DESTSI=rawip/88.99.77.55:0" |
|
|
442 | The \*(L"socket info\*(R" of the target node, protocol dependent but usually in |
|
|
443 | the format protocol/ip:port. |
440 | .IP "DESTIP=188.13.66.8" 4 |
444 | .IP "DESTIP=188.13.66.8" 4 |
441 | .IX Item "DESTIP=188.13.66.8" |
445 | .IX Item "DESTIP=188.13.66.8" |
442 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
446 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
443 | everywhere, as long as the other node can authenticate itself). |
447 | everywhere, as long as the other node can authenticate itself). |
444 | .IP "DESTPORT=655 # deprecated" 4 |
448 | .IP "DESTPORT=655 # deprecated" 4 |
445 | .IX Item "DESTPORT=655 # deprecated" |
449 | .IX Item "DESTPORT=655 # deprecated" |
446 | The \s-1UDP\s0 port used by the other side. |
450 | The protocol port used by the other side, if applicable. |
447 | .IP "STATE=UP" 4 |
451 | .IP "STATE=up" 4 |
448 | .IX Item "STATE=UP" |
452 | .IX Item "STATE=up" |
449 | Node-up scripts get called with STATE=UP, node-down scripts get called |
453 | Node-up scripts get called with STATE=up, node-change scripts get called |
450 | with STATE=DOWN. |
454 | with STATE=change and node-down scripts get called with STATE=down. |
451 | .RE |
455 | .RE |
452 | .RS 4 |
456 | .RS 4 |
453 | .Sp |
457 | .Sp |
454 | Here is a nontrivial example that uses nsupdate to update the name => ip |
458 | Here is a nontrivial example that uses nsupdate to update the name => ip |
455 | mapping in some \s-1DNS\s0 zone: |
459 | mapping in some \s-1DNS\s0 zone: |
… | |
… | |
461 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
465 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
462 | \& echo |
466 | \& echo |
463 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
467 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
464 | .Ve |
468 | .Ve |
465 | .RE |
469 | .RE |
|
|
470 | .IP "node-change = relative-or-absolute-path" 4 |
|
|
471 | .IX Item "node-change = relative-or-absolute-path" |
|
|
472 | Same as \f(CW\*(C`node\-change\*(C'\fR, but gets called whenever something about a |
|
|
473 | connection changes (such as the source \s-1IP\s0 address). |
466 | .IP "node-down = relative-or-absolute-path" 4 |
474 | .IP "node-down = relative-or-absolute-path" 4 |
467 | .IX Item "node-down = relative-or-absolute-path" |
475 | .IX Item "node-down = relative-or-absolute-path" |
468 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
476 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
469 | .IP "pid-file = path" 4 |
477 | .IP "pid-file = path" 4 |
470 | .IX Item "pid-file = path" |
478 | .IX Item "pid-file = path" |
… | |
… | |
484 | .IP "rekey = seconds" 4 |
492 | .IP "rekey = seconds" 4 |
485 | .IX Item "rekey = seconds" |
493 | .IX Item "rekey = seconds" |
486 | Sets the rekeying interval in seconds (default: \f(CW3600\fR). Connections are |
494 | Sets the rekeying interval in seconds (default: \f(CW3600\fR). Connections are |
487 | reestablished every \f(CW\*(C`rekey\*(C'\fR seconds, making them use a new encryption |
495 | reestablished every \f(CW\*(C`rekey\*(C'\fR seconds, making them use a new encryption |
488 | key. |
496 | key. |
|
|
497 | .IP "nfmark = integer" 4 |
|
|
498 | .IX Item "nfmark = integer" |
|
|
499 | This advanced option, when set to a nonzero value (default: \f(CW0\fR), tries |
|
|
500 | to set the netfilter mark (or fwmark) value on all sockets gvpe uses to |
|
|
501 | send packets. |
|
|
502 | .Sp |
|
|
503 | This can be used to make gvpe use a different set of routing rules. For |
|
|
504 | example, on GNU/Linux, the \f(CW\*(C`if\-up\*(C'\fR could set \f(CW\*(C`nfmark\*(C'\fR to 1000 and then |
|
|
505 | put all routing rules into table \f(CW99\fR and then use an ip rule to make |
|
|
506 | gvpe traffic avoid that routing table, in effect routing normal traffic |
|
|
507 | via gvpe and gvpe traffic via the normal system routing tables: |
|
|
508 | .Sp |
|
|
509 | .Vb 1 |
|
|
510 | \& ip rule add not fwmark 1000 lookup 99 |
|
|
511 | .Ve |
489 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
512 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
490 | .IX Subsection "NODE SPECIFIC SETTINGS" |
513 | .IX Subsection "NODE SPECIFIC SETTINGS" |
491 | The following settings are node-specific, that is, every node can have |
514 | The following settings are node-specific, that is, every node can have |
492 | different settings, even within the same gvpe instance. Settings that are |
515 | different settings, even within the same gvpe instance. Settings that are |
493 | set before the first node section set the defaults, settings that are |
516 | set before the first node section set the defaults, settings that are |
… | |
… | |
684 | Sets the port number used by the \s-1UDP\s0 protocol (default: \f(CW655\fR, not |
707 | Sets the port number used by the \s-1UDP\s0 protocol (default: \f(CW655\fR, not |
685 | officially assigned by \s-1IANA\s0!). |
708 | officially assigned by \s-1IANA\s0!). |
686 | .SH "CONFIG DIRECTORY LAYOUT" |
709 | .SH "CONFIG DIRECTORY LAYOUT" |
687 | .IX Header "CONFIG DIRECTORY LAYOUT" |
710 | .IX Header "CONFIG DIRECTORY LAYOUT" |
688 | The default (or recommended) directory layout for the config directory is: |
711 | The default (or recommended) directory layout for the config directory is: |
689 | .IP "" 4 |
712 | .IP "gvpe.conf" 4 |
690 | .IX Xref "gvpe.conf" |
713 | .IX Item "gvpe.conf" |
691 | The config file. |
714 | The config file. |
692 | .IP "" 4 |
715 | .IP "if-up" 4 |
693 | .IX Xref "if-up" |
716 | .IX Item "if-up" |
694 | The if-up script |
717 | The if-up script |
695 | .IP "," 4 |
718 | .IP "node-up, node-down" 4 |
696 | .IX Xref "node-up node-down" |
719 | .IX Item "node-up, node-down" |
697 | If used the node up or node-down scripts. |
720 | If used the node up or node-down scripts. |
698 | .IP "" 4 |
721 | .IP "hostkey" 4 |
699 | .IX Xref "hostkey" |
722 | .IX Item "hostkey" |
700 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |
723 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |
701 | .IP "" 4 |
724 | .IP "pubkey/nodename" 4 |
702 | .IX Xref "pubkey nodename" |
725 | .IX Item "pubkey/nodename" |
703 | The public keys of the other nodes, one file per node. |
726 | The public keys of the other nodes, one file per node. |
704 | .SH "SEE ALSO" |
727 | .SH "SEE ALSO" |
705 | .IX Header "SEE ALSO" |
728 | .IX Header "SEE ALSO" |
706 | \&\fIgvpe\fR\|(5), \fIgvpe\fR\|(8), \fIgvpectrl\fR\|(8). |
729 | \&\fIgvpe\fR\|(5), \fIgvpe\fR\|(8), \fIgvpectrl\fR\|(8). |
707 | .SH "AUTHOR" |
730 | .SH "AUTHOR" |