| … | |
… | |
| 130 | .\} |
130 | .\} |
| 131 | .rm #[ #] #H #V #F C |
131 | .rm #[ #] #H #V #F C |
| 132 | .\" ======================================================================== |
132 | .\" ======================================================================== |
| 133 | .\" |
133 | .\" |
| 134 | .IX Title "GVPE.CONF 5" |
134 | .IX Title "GVPE.CONF 5" |
| 135 | .TH GVPE.CONF 5 "2008-09-01" "2.2" "GNU Virtual Private Ethernet" |
135 | .TH GVPE.CONF 5 "2009-06-01" "2.22" "GNU Virtual Private Ethernet" |
| 136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
| 137 | .\" way too many mistakes in technical documents. |
137 | .\" way too many mistakes in technical documents. |
| 138 | .if n .ad l |
138 | .if n .ad l |
| 139 | .nh |
139 | .nh |
| 140 | .SH "NAME" |
140 | .SH "NAME" |
| … | |
… | |
| 427 | is established (even on rekeying operations). Note that node\-up/down |
427 | is established (even on rekeying operations). Note that node\-up/down |
| 428 | scripts will be run asynchronously, but execution is serialised, so there |
428 | scripts will be run asynchronously, but execution is serialised, so there |
| 429 | will only ever be one such script running. |
429 | will only ever be one such script running. |
| 430 | .Sp |
430 | .Sp |
| 431 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
431 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
| 432 | environment variables will be set: |
432 | environment variables will be set (values are just examples): |
| 433 | .RS 4 |
433 | .RS 4 |
| 434 | .IP "DESTNODE=branch2" 4 |
434 | .IP "DESTNODE=branch2" 4 |
| 435 | .IX Item "DESTNODE=branch2" |
435 | .IX Item "DESTNODE=branch2" |
| 436 | The name of the remote node. |
436 | The name of the remote node. |
| 437 | .IP "DESTID=2" 4 |
437 | .IP "DESTID=2" 4 |
| 438 | .IX Item "DESTID=2" |
438 | .IX Item "DESTID=2" |
| 439 | The node id of the remote node. |
439 | The node id of the remote node. |
|
|
440 | .IP "DESTSI=rawip/88.99.77.55:0" 4 |
|
|
441 | .IX Item "DESTSI=rawip/88.99.77.55:0" |
|
|
442 | The \*(L"socket info\*(R" of the target node, protocol dependent but usually in |
|
|
443 | the format protocol/ip:port. |
| 440 | .IP "DESTIP=188.13.66.8" 4 |
444 | .IP "DESTIP=188.13.66.8" 4 |
| 441 | .IX Item "DESTIP=188.13.66.8" |
445 | .IX Item "DESTIP=188.13.66.8" |
| 442 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
446 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
| 443 | everywhere, as long as the other node can authenticate itself). |
447 | everywhere, as long as the other node can authenticate itself). |
| 444 | .IP "DESTPORT=655 # deprecated" 4 |
448 | .IP "DESTPORT=655 # deprecated" 4 |
| 445 | .IX Item "DESTPORT=655 # deprecated" |
449 | .IX Item "DESTPORT=655 # deprecated" |
| 446 | The \s-1UDP\s0 port used by the other side. |
450 | The protocol port used by the other side, if applicable. |
| 447 | .IP "STATE=UP" 4 |
451 | .IP "STATE=up" 4 |
| 448 | .IX Item "STATE=UP" |
452 | .IX Item "STATE=up" |
| 449 | Node-up scripts get called with STATE=UP, node-down scripts get called |
453 | Node-up scripts get called with STATE=up, node-change scripts get called |
| 450 | with STATE=DOWN. |
454 | with STATE=change and node-down scripts get called with STATE=down. |
| 451 | .RE |
455 | .RE |
| 452 | .RS 4 |
456 | .RS 4 |
| 453 | .Sp |
457 | .Sp |
| 454 | Here is a nontrivial example that uses nsupdate to update the name => ip |
458 | Here is a nontrivial example that uses nsupdate to update the name => ip |
| 455 | mapping in some \s-1DNS\s0 zone: |
459 | mapping in some \s-1DNS\s0 zone: |
| … | |
… | |
| 461 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
465 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
| 462 | \& echo |
466 | \& echo |
| 463 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
467 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
| 464 | .Ve |
468 | .Ve |
| 465 | .RE |
469 | .RE |
|
|
470 | .IP "node-change = relative-or-absolute-path" 4 |
|
|
471 | .IX Item "node-change = relative-or-absolute-path" |
|
|
472 | Same as \f(CW\*(C`node\-change\*(C'\fR, but gets called whenever something about a |
|
|
473 | connection changes (such as the source \s-1IP\s0 address). |
| 466 | .IP "node-down = relative-or-absolute-path" 4 |
474 | .IP "node-down = relative-or-absolute-path" 4 |
| 467 | .IX Item "node-down = relative-or-absolute-path" |
475 | .IX Item "node-down = relative-or-absolute-path" |
| 468 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
476 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
| 469 | .IP "pid-file = path" 4 |
477 | .IP "pid-file = path" 4 |
| 470 | .IX Item "pid-file = path" |
478 | .IX Item "pid-file = path" |
| … | |
… | |
| 484 | .IP "rekey = seconds" 4 |
492 | .IP "rekey = seconds" 4 |
| 485 | .IX Item "rekey = seconds" |
493 | .IX Item "rekey = seconds" |
| 486 | Sets the rekeying interval in seconds (default: \f(CW3600\fR). Connections are |
494 | Sets the rekeying interval in seconds (default: \f(CW3600\fR). Connections are |
| 487 | reestablished every \f(CW\*(C`rekey\*(C'\fR seconds, making them use a new encryption |
495 | reestablished every \f(CW\*(C`rekey\*(C'\fR seconds, making them use a new encryption |
| 488 | key. |
496 | key. |
|
|
497 | .IP "nfmark = integer" 4 |
|
|
498 | .IX Item "nfmark = integer" |
|
|
499 | This advanced option, when set to a nonzero value (default: \f(CW0\fR), tries |
|
|
500 | to set the netfilter mark (or fwmark) value on all sockets gvpe uses to |
|
|
501 | send packets. |
|
|
502 | .Sp |
|
|
503 | This can be used to make gvpe use a different set of routing rules. For |
|
|
504 | example, on GNU/Linux, the \f(CW\*(C`if\-up\*(C'\fR could set \f(CW\*(C`nfmark\*(C'\fR to 1000 and then |
|
|
505 | put all routing rules into table \f(CW99\fR and then use an ip rule to make |
|
|
506 | gvpe traffic avoid that routing table, in effect routing normal traffic |
|
|
507 | via gvpe and gvpe traffic via the normal system routing tables: |
|
|
508 | .Sp |
|
|
509 | .Vb 1 |
|
|
510 | \& ip rule add not fwmark 1000 lookup 99 |
|
|
511 | .Ve |
| 489 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
512 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
| 490 | .IX Subsection "NODE SPECIFIC SETTINGS" |
513 | .IX Subsection "NODE SPECIFIC SETTINGS" |
| 491 | The following settings are node-specific, that is, every node can have |
514 | The following settings are node-specific, that is, every node can have |
| 492 | different settings, even within the same gvpe instance. Settings that are |
515 | different settings, even within the same gvpe instance. Settings that are |
| 493 | set before the first node section set the defaults, settings that are |
516 | set before the first node section set the defaults, settings that are |
