ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/doc/gvpe.conf.5
(Generate patch)

Comparing gvpe/doc/gvpe.conf.5 (file contents):
Revision 1.25 by pcg, Sat Jul 18 05:59:16 2009 UTC vs.
Revision 1.28 by root, Sun Mar 6 13:49:49 2011 UTC

1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
2.\" 2.\"
3.\" Standard preamble: 3.\" Standard preamble:
4.\" ======================================================================== 4.\" ========================================================================
5.de Sh \" Subsection heading 5.de Sh \" Subsection heading
6.br 6.br
46. ds PI \(*p 46. ds PI \(*p
47. ds L" `` 47. ds L" ``
48. ds R" '' 48. ds R" ''
49'br\} 49'br\}
50.\" 50.\"
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
55.\" If the F register is turned on, we'll generate index entries on stderr for 51.\" If the F register is turned on, we'll generate index entries on stderr for
56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index 52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57.\" entries marked with X<> in POD. Of course, you'll have to process the 53.\" entries marked with X<> in POD. Of course, you'll have to process the
58.\" output yourself in some meaningful fashion. 54.\" output yourself in some meaningful fashion.
59.ie \nF \{\ 55.if \nF \{\
60. de IX 56. de IX
61. tm Index:\\$1\t\\n%\t"\\$2" 57. tm Index:\\$1\t\\n%\t"\\$2"
62.. 58..
63. nr % 0 59. nr % 0
64. rr F 60. rr F
65.\} 61.\}
66.el \{\ 62.\"
67. de IX 63.\" For nroff, turn off justification. Always turn off hyphenation; it makes
68.. 64.\" way too many mistakes in technical documents.
69.\} 65.hy 0
66.if n .na
70.\" 67.\"
71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72.\" Fear. Run. Save yourself. No user-serviceable parts. 69.\" Fear. Run. Save yourself. No user-serviceable parts.
73. \" fudge factors for nroff and troff 70. \" fudge factors for nroff and troff
74.if n \{\ 71.if n \{\
130.\} 127.\}
131.rm #[ #] #H #V #F C 128.rm #[ #] #H #V #F C
132.\" ======================================================================== 129.\" ========================================================================
133.\" 130.\"
134.IX Title "GVPE.CONF 5" 131.IX Title "GVPE.CONF 5"
135.TH GVPE.CONF 5 "2009-06-01" "2.22" "GNU Virtual Private Ethernet" 132.TH GVPE.CONF 5 "2011-02-15" "2.24" "GNU Virtual Private Ethernet"
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
140.SH "NAME" 133.SH "NAME"
141gvpe.conf \- configuration file for the GNU VPE daemon 134gvpe.conf \- configuration file for the GNU VPE daemon
142.SH "SYNOPSIS" 135.SH "SYNOPSIS"
143.IX Header "SYNOPSIS" 136.IX Header "SYNOPSIS"
144.Vb 4 137.Vb 4
145\& # global options for all nodes 138\& # global options for all nodes
146\& udp\-port = 407 139\& udp\-port = 407
147\& mtu = 1492 140\& mtu = 1492
148\& ifname = vpn0 141\& ifname = vpn0
149\& 142.Ve
143.PP
144.Vb 3
150\& # first node is named branch1 and is at 1.2.3.4 145\& # first node is named branch1 and is at 1.2.3.4
151\& node = branch1 146\& node = branch1
152\& hostname = 1.2.3.4 147\& hostname = 1.2.3.4
153\& 148.Ve
149.PP
150.Vb 4
154\& # second node uses dns to resolve the address 151\& # second node uses dns to resolve the address
155\& node = branch2 152\& node = branch2
156\& hostname = www.example.net 153\& hostname = www.example.net
157\& udp\-port = 500 # this host uses a different udp\-port 154\& udp\-port = 500 # this host uses a different udp\-port
158\& 155.Ve
156.PP
157.Vb 3
159\& # third node has no fixed ip address 158\& # third node has no fixed ip address
160\& node = branch3 159\& node = branch3
161\& connect = ondemand 160\& connect = ondemand
162.Ve 161.Ve
163.SH "DESCRIPTION" 162.SH "DESCRIPTION"
356other programs. 355other programs.
357.Sp 356.Sp
358The default is 47 (\s-1GRE\s0), which has a good chance of tunneling 357The default is 47 (\s-1GRE\s0), which has a good chance of tunneling
359through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 358through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0
360compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 359compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4
361(\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241) 360(\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241).
361.Sp
362Many versions of Linux seem to have a bug that causes them to reorder
363packets for some ip protocols (\s-1GRE\s0, \s-1ESP\s0) but not for others (\s-1AH\s0), so
364choose wisely (that is, use 51, \s-1AH\s0).
362.IP "http-proxy-host = hostname/ip" 4 365.IP "http-proxy-host = hostname/ip" 4
363.IX Item "http-proxy-host = hostname/ip" 366.IX Item "http-proxy-host = hostname/ip"
364The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was 367The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was
365compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of 368compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of
366tcp connections through a http proxy server. 369tcp connections through a http proxy server.
509.Vb 1 512.Vb 1
510\& ip rule add not fwmark 1000 lookup 99 513\& ip rule add not fwmark 1000 lookup 99
511.Ve 514.Ve
512.Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" 515.Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0"
513.IX Subsection "NODE SPECIFIC SETTINGS" 516.IX Subsection "NODE SPECIFIC SETTINGS"
514The following settings are node-specific, that is, every node can have 517The following settings are node\-specific, that is, every node can have
515different settings, even within the same gvpe instance. Settings that are 518different settings, even within the same gvpe instance. Settings that are
516set before the first node section set the defaults, settings that are 519set before the first node section set the defaults, settings that are
517set within a node section only apply to the given node. 520set within a node section only apply to the given node.
518.IP "allow-direct = nodename" 4 521.IP "allow-direct = nodename" 4
519.IX Item "allow-direct = nodename" 522.IX Item "allow-direct = nodename"
520Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. 523Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info.
521.IP "compress = yes|true|on | no|false|off" 4 524.IP "compress = yes|true|on | no|false|off" 4
522.IX Item "compress = yes|true|on | no|false|off" 525.IX Item "compress = yes|true|on | no|false|off"
526For the current node, this specified whether it will accept compressed
527packets, and for all other nodes, this specifies whether to try to
523Wether to compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). 528compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). Compression is
524Compression is really cheap even on slow computers and has no size 529really cheap even on slow computers, has no size overhead at all and will
525overhead at all, so enabling this is often a good idea. 530only be used when the other side supports compression, so enabling this is
531often a good idea.
526.IP "connect = ondemand | never | always | disabled" 4 532.IP "connect = ondemand | never | always | disabled" 4
527.IX Item "connect = ondemand | never | always | disabled" 533.IX Item "connect = ondemand | never | always | disabled"
528Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always 534Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always
529try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR 535try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR
530(never initiate a connection to the given host, but accept connections), 536(never initiate a connection to the given host, but accept connections),
615when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. 621when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option.
616.IP "enable-udp = yes|true|on | no|false|off" 4 622.IP "enable-udp = yes|true|on | no|false|off" 4
617.IX Item "enable-udp = yes|true|on | no|false|off" 623.IX Item "enable-udp = yes|true|on | no|false|off"
618See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. 624See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol.
619.Sp 625.Sp
620Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR, 626Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR).
621unless no other protocol is enabled for a node, in which case this
622protocol is enabled automatically).
623.Sp
624\&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want to use it even though
625it might get switched on automatically, as some future version might
626default to another default protocol.
627.IP "hostname = hostname | ip [can not be defaulted]" 4 627.IP "hostname = hostname | ip [can not be defaulted]" 4
628.IX Item "hostname = hostname | ip [can not be defaulted]" 628.IX Item "hostname = hostname | ip [can not be defaulted]"
629Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 629Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0
630address. It will be resolved before each connect request, so dyndns should 630address. It will be resolved before each connect request, so dyndns should
631work fine. If this setting is not specified and a router is available, 631work fine. If this setting is not specified and a router is available,
638.IX Item "icmp-type = integer" 638.IX Item "icmp-type = integer"
639Sets the type value to be used for outgoing (and incoming) packets sent 639Sets the type value to be used for outgoing (and incoming) packets sent
640via the \s-1ICMP\s0 transport. 640via the \s-1ICMP\s0 transport.
641.Sp 641.Sp
642The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as 642The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as
643\&\*(L"ping-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. 643\&\*(L"ping\-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a.
644\&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. 644\&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used.
645.IP "if-up-data = value" 4 645.IP "if-up-data = value" 4
646.IX Item "if-up-data = value" 646.IX Item "if-up-data = value"
647The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR 647The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR
648script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. 648script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR.
649.IP "inherit-tos = yes|true|on | no|false|off" 4 649.IP "inherit-tos = yes|true|on | no|false|off" 4
650.IX Item "inherit-tos = yes|true|on | no|false|off" 650.IX Item "inherit-tos = yes|true|on | no|false|off"
651Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when 651Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when
652sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then 652sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then
653outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent 653outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent
654to the tunnel device, which is usually what you want. 654to the tunnel device, which is usually what you want.
655.IP "max-retry = positive-number" 4 655.IP "max-retry = positive-number" 4
656.IX Item "max-retry = positive-number" 656.IX Item "max-retry = positive-number"
713.IX Item "gvpe.conf" 713.IX Item "gvpe.conf"
714The config file. 714The config file.
715.IP "if-up" 4 715.IP "if-up" 4
716.IX Item "if-up" 716.IX Item "if-up"
717The if-up script 717The if-up script
718.IP "node-up, node-down" 4 718.IP "node\-up, node-down" 4
719.IX Item "node-up, node-down" 719.IX Item "node-up, node-down"
720If used the node up or node-down scripts. 720If used the node up or node-down scripts.
721.IP "hostkey" 4 721.IP "hostkey" 4
722.IX Item "hostkey" 722.IX Item "hostkey"
723The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. 723The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host.

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines