| 1 | .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) |
1 | .\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) |
| 2 | .\" |
2 | .\" |
| 3 | .\" Standard preamble: |
3 | .\" Standard preamble: |
| 4 | .\" ======================================================================== |
4 | .\" ======================================================================== |
| 5 | .de Sh \" Subsection heading |
|
|
| 6 | .br |
|
|
| 7 | .if t .Sp |
|
|
| 8 | .ne 5 |
|
|
| 9 | .PP |
|
|
| 10 | \fB\\$1\fR |
|
|
| 11 | .PP |
|
|
| 12 | .. |
|
|
| 13 | .de Sp \" Vertical space (when we can't use .PP) |
5 | .de Sp \" Vertical space (when we can't use .PP) |
| 14 | .if t .sp .5v |
6 | .if t .sp .5v |
| 15 | .if n .sp |
7 | .if n .sp |
| 16 | .. |
8 | .. |
| 17 | .de Vb \" Begin verbatim text |
9 | .de Vb \" Begin verbatim text |
| … | |
… | |
| 51 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
43 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
| 52 | .ie \n(.g .ds Aq \(aq |
44 | .ie \n(.g .ds Aq \(aq |
| 53 | .el .ds Aq ' |
45 | .el .ds Aq ' |
| 54 | .\" |
46 | .\" |
| 55 | .\" If the F register is turned on, we'll generate index entries on stderr for |
47 | .\" If the F register is turned on, we'll generate index entries on stderr for |
| 56 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
48 | .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
| 57 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
49 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
| 58 | .\" output yourself in some meaningful fashion. |
50 | .\" output yourself in some meaningful fashion. |
| 59 | .ie \nF \{\ |
51 | .ie \nF \{\ |
| 60 | . de IX |
52 | . de IX |
| 61 | . tm Index:\\$1\t\\n%\t"\\$2" |
53 | . tm Index:\\$1\t\\n%\t"\\$2" |
| … | |
… | |
| 130 | .\} |
122 | .\} |
| 131 | .rm #[ #] #H #V #F C |
123 | .rm #[ #] #H #V #F C |
| 132 | .\" ======================================================================== |
124 | .\" ======================================================================== |
| 133 | .\" |
125 | .\" |
| 134 | .IX Title "GVPE.CONF 5" |
126 | .IX Title "GVPE.CONF 5" |
| 135 | .TH GVPE.CONF 5 "2009-03-23" "2.22" "GNU Virtual Private Ethernet" |
127 | .TH GVPE.CONF 5 "2011-02-12" "2.24" "GNU Virtual Private Ethernet" |
| 136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
128 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
| 137 | .\" way too many mistakes in technical documents. |
129 | .\" way too many mistakes in technical documents. |
| 138 | .if n .ad l |
130 | .if n .ad l |
| 139 | .nh |
131 | .nh |
| 140 | .SH "NAME" |
132 | .SH "NAME" |
| … | |
… | |
| 196 | .PP |
188 | .PP |
| 197 | Node-specific settings can be used at any time. If used before the first |
189 | Node-specific settings can be used at any time. If used before the first |
| 198 | node section they will set the default values for all following nodes. |
190 | node section they will set the default values for all following nodes. |
| 199 | .SH "CONFIG VARIABLES" |
191 | .SH "CONFIG VARIABLES" |
| 200 | .IX Header "CONFIG VARIABLES" |
192 | .IX Header "CONFIG VARIABLES" |
| 201 | .Sh "\s-1GLOBAL\s0 \s-1SETTINGS\s0" |
193 | .SS "\s-1GLOBAL\s0 \s-1SETTINGS\s0" |
| 202 | .IX Subsection "GLOBAL SETTINGS" |
194 | .IX Subsection "GLOBAL SETTINGS" |
| 203 | Global settings will affect the behaviour of the running gvpe daemon, that |
195 | Global settings will affect the behaviour of the running gvpe daemon, that |
| 204 | is, they are in some sense node-specific (config files can set different |
196 | is, they are in some sense node-specific (config files can set different |
| 205 | values on different nodes using \f(CW\*(C`on\*(C'\fR), but will affect the behaviour of |
197 | values on different nodes using \f(CW\*(C`on\*(C'\fR), but will affect the behaviour of |
| 206 | the gvpe daemon and all connections it creates. |
198 | the gvpe daemon and all connections it creates. |
| … | |
… | |
| 356 | other programs. |
348 | other programs. |
| 357 | .Sp |
349 | .Sp |
| 358 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
350 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
| 359 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
351 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
| 360 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
352 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
| 361 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241) |
353 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241). |
|
|
354 | .Sp |
|
|
355 | Many versions of Linux seem to have a bug that causes them to reorder |
|
|
356 | packets for some ip protocols (\s-1GRE\s0, \s-1ESP\s0) but not for others (\s-1AH\s0), so |
|
|
357 | choose wisely (that is, use 51, \s-1AH\s0). |
| 362 | .IP "http-proxy-host = hostname/ip" 4 |
358 | .IP "http-proxy-host = hostname/ip" 4 |
| 363 | .IX Item "http-proxy-host = hostname/ip" |
359 | .IX Item "http-proxy-host = hostname/ip" |
| 364 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
360 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
| 365 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
361 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
| 366 | tcp connections through a http proxy server. |
362 | tcp connections through a http proxy server. |
| … | |
… | |
| 427 | is established (even on rekeying operations). Note that node\-up/down |
423 | is established (even on rekeying operations). Note that node\-up/down |
| 428 | scripts will be run asynchronously, but execution is serialised, so there |
424 | scripts will be run asynchronously, but execution is serialised, so there |
| 429 | will only ever be one such script running. |
425 | will only ever be one such script running. |
| 430 | .Sp |
426 | .Sp |
| 431 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
427 | In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following |
| 432 | environment variables will be set: |
428 | environment variables will be set (values are just examples): |
| 433 | .RS 4 |
429 | .RS 4 |
| 434 | .IP "DESTNODE=branch2" 4 |
430 | .IP "DESTNODE=branch2" 4 |
| 435 | .IX Item "DESTNODE=branch2" |
431 | .IX Item "DESTNODE=branch2" |
| 436 | The name of the remote node. |
432 | The name of the remote node. |
| 437 | .IP "DESTID=2" 4 |
433 | .IP "DESTID=2" 4 |
| 438 | .IX Item "DESTID=2" |
434 | .IX Item "DESTID=2" |
| 439 | The node id of the remote node. |
435 | The node id of the remote node. |
|
|
436 | .IP "DESTSI=rawip/88.99.77.55:0" 4 |
|
|
437 | .IX Item "DESTSI=rawip/88.99.77.55:0" |
|
|
438 | The \*(L"socket info\*(R" of the target node, protocol dependent but usually in |
|
|
439 | the format protocol/ip:port. |
| 440 | .IP "DESTIP=188.13.66.8" 4 |
440 | .IP "DESTIP=188.13.66.8" 4 |
| 441 | .IX Item "DESTIP=188.13.66.8" |
441 | .IX Item "DESTIP=188.13.66.8" |
| 442 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
442 | The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from |
| 443 | everywhere, as long as the other node can authenticate itself). |
443 | everywhere, as long as the other node can authenticate itself). |
| 444 | .IP "DESTPORT=655 # deprecated" 4 |
444 | .IP "DESTPORT=655 # deprecated" 4 |
| 445 | .IX Item "DESTPORT=655 # deprecated" |
445 | .IX Item "DESTPORT=655 # deprecated" |
| 446 | The \s-1UDP\s0 port used by the other side. |
446 | The protocol port used by the other side, if applicable. |
| 447 | .IP "STATE=UP" 4 |
447 | .IP "STATE=up" 4 |
| 448 | .IX Item "STATE=UP" |
448 | .IX Item "STATE=up" |
| 449 | Node-up scripts get called with STATE=UP, node-down scripts get called |
449 | Node-up scripts get called with STATE=up, node-change scripts get called |
| 450 | with STATE=DOWN. |
450 | with STATE=change and node-down scripts get called with STATE=down. |
| 451 | .RE |
451 | .RE |
| 452 | .RS 4 |
452 | .RS 4 |
| 453 | .Sp |
453 | .Sp |
| 454 | Here is a nontrivial example that uses nsupdate to update the name => ip |
454 | Here is a nontrivial example that uses nsupdate to update the name => ip |
| 455 | mapping in some \s-1DNS\s0 zone: |
455 | mapping in some \s-1DNS\s0 zone: |
| … | |
… | |
| 461 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
461 | \& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP |
| 462 | \& echo |
462 | \& echo |
| 463 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
463 | \& } | nsupdate \-d \-k $CONFBASE:key.example.net. |
| 464 | .Ve |
464 | .Ve |
| 465 | .RE |
465 | .RE |
|
|
466 | .IP "node-change = relative-or-absolute-path" 4 |
|
|
467 | .IX Item "node-change = relative-or-absolute-path" |
|
|
468 | Same as \f(CW\*(C`node\-change\*(C'\fR, but gets called whenever something about a |
|
|
469 | connection changes (such as the source \s-1IP\s0 address). |
| 466 | .IP "node-down = relative-or-absolute-path" 4 |
470 | .IP "node-down = relative-or-absolute-path" 4 |
| 467 | .IX Item "node-down = relative-or-absolute-path" |
471 | .IX Item "node-down = relative-or-absolute-path" |
| 468 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
472 | Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. |
| 469 | .IP "pid-file = path" 4 |
473 | .IP "pid-file = path" 4 |
| 470 | .IX Item "pid-file = path" |
474 | .IX Item "pid-file = path" |
| … | |
… | |
| 499 | via gvpe and gvpe traffic via the normal system routing tables: |
503 | via gvpe and gvpe traffic via the normal system routing tables: |
| 500 | .Sp |
504 | .Sp |
| 501 | .Vb 1 |
505 | .Vb 1 |
| 502 | \& ip rule add not fwmark 1000 lookup 99 |
506 | \& ip rule add not fwmark 1000 lookup 99 |
| 503 | .Ve |
507 | .Ve |
| 504 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
508 | .SS "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
| 505 | .IX Subsection "NODE SPECIFIC SETTINGS" |
509 | .IX Subsection "NODE SPECIFIC SETTINGS" |
| 506 | The following settings are node-specific, that is, every node can have |
510 | The following settings are node-specific, that is, every node can have |
| 507 | different settings, even within the same gvpe instance. Settings that are |
511 | different settings, even within the same gvpe instance. Settings that are |
| 508 | set before the first node section set the defaults, settings that are |
512 | set before the first node section set the defaults, settings that are |
| 509 | set within a node section only apply to the given node. |
513 | set within a node section only apply to the given node. |
| 510 | .IP "allow-direct = nodename" 4 |
514 | .IP "allow-direct = nodename" 4 |
| 511 | .IX Item "allow-direct = nodename" |
515 | .IX Item "allow-direct = nodename" |
| 512 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
516 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
| 513 | .IP "compress = yes|true|on | no|false|off" 4 |
517 | .IP "compress = yes|true|on | no|false|off" 4 |
| 514 | .IX Item "compress = yes|true|on | no|false|off" |
518 | .IX Item "compress = yes|true|on | no|false|off" |
|
|
519 | For the current node, this specified whether it will accept compressed |
|
|
520 | packets, and for all other nodes, this specifies whether to try to |
| 515 | Wether to compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). |
521 | compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). Compression is |
| 516 | Compression is really cheap even on slow computers and has no size |
522 | really cheap even on slow computers, has no size overhead at all and will |
| 517 | overhead at all, so enabling this is often a good idea. |
523 | only be used when the other side supports compression, so enabling this is |
|
|
524 | often a good idea. |
| 518 | .IP "connect = ondemand | never | always | disabled" 4 |
525 | .IP "connect = ondemand | never | always | disabled" 4 |
| 519 | .IX Item "connect = ondemand | never | always | disabled" |
526 | .IX Item "connect = ondemand | never | always | disabled" |
| 520 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
527 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
| 521 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
528 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
| 522 | (never initiate a connection to the given host, but accept connections), |
529 | (never initiate a connection to the given host, but accept connections), |
| … | |
… | |
| 638 | .IX Item "if-up-data = value" |
645 | .IX Item "if-up-data = value" |
| 639 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
646 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
| 640 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
647 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
| 641 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
648 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
| 642 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
649 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
| 643 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
650 | Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
| 644 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
651 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
| 645 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
652 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
| 646 | to the tunnel device, which is usually what you want. |
653 | to the tunnel device, which is usually what you want. |
| 647 | .IP "max-retry = positive-number" 4 |
654 | .IP "max-retry = positive-number" 4 |
| 648 | .IX Item "max-retry = positive-number" |
655 | .IX Item "max-retry = positive-number" |
