1 | .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) |
1 | .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 |
2 | .\" |
2 | .\" |
3 | .\" Standard preamble: |
3 | .\" Standard preamble: |
4 | .\" ======================================================================== |
4 | .\" ======================================================================== |
5 | .de Sh \" Subsection heading |
5 | .de Sh \" Subsection heading |
6 | .br |
6 | .br |
… | |
… | |
46 | . ds PI \(*p |
46 | . ds PI \(*p |
47 | . ds L" `` |
47 | . ds L" `` |
48 | . ds R" '' |
48 | . ds R" '' |
49 | 'br\} |
49 | 'br\} |
50 | .\" |
50 | .\" |
51 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
|
|
52 | .ie \n(.g .ds Aq \(aq |
|
|
53 | .el .ds Aq ' |
|
|
54 | .\" |
|
|
55 | .\" If the F register is turned on, we'll generate index entries on stderr for |
51 | .\" If the F register is turned on, we'll generate index entries on stderr for |
56 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
52 | .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index |
57 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
53 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
58 | .\" output yourself in some meaningful fashion. |
54 | .\" output yourself in some meaningful fashion. |
59 | .ie \nF \{\ |
55 | .if \nF \{\ |
60 | . de IX |
56 | . de IX |
61 | . tm Index:\\$1\t\\n%\t"\\$2" |
57 | . tm Index:\\$1\t\\n%\t"\\$2" |
62 | .. |
58 | .. |
63 | . nr % 0 |
59 | . nr % 0 |
64 | . rr F |
60 | . rr F |
65 | .\} |
61 | .\} |
66 | .el \{\ |
62 | .\" |
67 | . de IX |
63 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
68 | .. |
64 | .\" way too many mistakes in technical documents. |
69 | .\} |
65 | .hy 0 |
|
|
66 | .if n .na |
70 | .\" |
67 | .\" |
71 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
68 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
72 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
69 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
73 | . \" fudge factors for nroff and troff |
70 | . \" fudge factors for nroff and troff |
74 | .if n \{\ |
71 | .if n \{\ |
… | |
… | |
130 | .\} |
127 | .\} |
131 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
132 | .\" ======================================================================== |
129 | .\" ======================================================================== |
133 | .\" |
130 | .\" |
134 | .IX Title "GVPE.CONF 5" |
131 | .IX Title "GVPE.CONF 5" |
135 | .TH GVPE.CONF 5 "2009-06-01" "2.22" "GNU Virtual Private Ethernet" |
132 | .TH GVPE.CONF 5 "2011-02-15" "2.24" "GNU Virtual Private Ethernet" |
136 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
|
|
137 | .\" way too many mistakes in technical documents. |
|
|
138 | .if n .ad l |
|
|
139 | .nh |
|
|
140 | .SH "NAME" |
133 | .SH "NAME" |
141 | gvpe.conf \- configuration file for the GNU VPE daemon |
134 | gvpe.conf \- configuration file for the GNU VPE daemon |
142 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
143 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
144 | .Vb 4 |
137 | .Vb 4 |
145 | \& # global options for all nodes |
138 | \& # global options for all nodes |
146 | \& udp\-port = 407 |
139 | \& udp\-port = 407 |
147 | \& mtu = 1492 |
140 | \& mtu = 1492 |
148 | \& ifname = vpn0 |
141 | \& ifname = vpn0 |
149 | \& |
142 | .Ve |
|
|
143 | .PP |
|
|
144 | .Vb 3 |
150 | \& # first node is named branch1 and is at 1.2.3.4 |
145 | \& # first node is named branch1 and is at 1.2.3.4 |
151 | \& node = branch1 |
146 | \& node = branch1 |
152 | \& hostname = 1.2.3.4 |
147 | \& hostname = 1.2.3.4 |
153 | \& |
148 | .Ve |
|
|
149 | .PP |
|
|
150 | .Vb 4 |
154 | \& # second node uses dns to resolve the address |
151 | \& # second node uses dns to resolve the address |
155 | \& node = branch2 |
152 | \& node = branch2 |
156 | \& hostname = www.example.net |
153 | \& hostname = www.example.net |
157 | \& udp\-port = 500 # this host uses a different udp\-port |
154 | \& udp\-port = 500 # this host uses a different udp\-port |
158 | \& |
155 | .Ve |
|
|
156 | .PP |
|
|
157 | .Vb 3 |
159 | \& # third node has no fixed ip address |
158 | \& # third node has no fixed ip address |
160 | \& node = branch3 |
159 | \& node = branch3 |
161 | \& connect = ondemand |
160 | \& connect = ondemand |
162 | .Ve |
161 | .Ve |
163 | .SH "DESCRIPTION" |
162 | .SH "DESCRIPTION" |
… | |
… | |
356 | other programs. |
355 | other programs. |
357 | .Sp |
356 | .Sp |
358 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
357 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
359 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
358 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
360 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
359 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
361 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241) |
360 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241). |
|
|
361 | .Sp |
|
|
362 | Many versions of Linux seem to have a bug that causes them to reorder |
|
|
363 | packets for some ip protocols (\s-1GRE\s0, \s-1ESP\s0) but not for others (\s-1AH\s0), so |
|
|
364 | choose wisely (that is, use 51, \s-1AH\s0). |
362 | .IP "http-proxy-host = hostname/ip" 4 |
365 | .IP "http-proxy-host = hostname/ip" 4 |
363 | .IX Item "http-proxy-host = hostname/ip" |
366 | .IX Item "http-proxy-host = hostname/ip" |
364 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
367 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
365 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
368 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
366 | tcp connections through a http proxy server. |
369 | tcp connections through a http proxy server. |
… | |
… | |
509 | .Vb 1 |
512 | .Vb 1 |
510 | \& ip rule add not fwmark 1000 lookup 99 |
513 | \& ip rule add not fwmark 1000 lookup 99 |
511 | .Ve |
514 | .Ve |
512 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
515 | .Sh "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
513 | .IX Subsection "NODE SPECIFIC SETTINGS" |
516 | .IX Subsection "NODE SPECIFIC SETTINGS" |
514 | The following settings are node-specific, that is, every node can have |
517 | The following settings are node\-specific, that is, every node can have |
515 | different settings, even within the same gvpe instance. Settings that are |
518 | different settings, even within the same gvpe instance. Settings that are |
516 | set before the first node section set the defaults, settings that are |
519 | set before the first node section set the defaults, settings that are |
517 | set within a node section only apply to the given node. |
520 | set within a node section only apply to the given node. |
518 | .IP "allow-direct = nodename" 4 |
521 | .IP "allow-direct = nodename" 4 |
519 | .IX Item "allow-direct = nodename" |
522 | .IX Item "allow-direct = nodename" |
520 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
523 | Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. |
521 | .IP "compress = yes|true|on | no|false|off" 4 |
524 | .IP "compress = yes|true|on | no|false|off" 4 |
522 | .IX Item "compress = yes|true|on | no|false|off" |
525 | .IX Item "compress = yes|true|on | no|false|off" |
|
|
526 | For the current node, this specified whether it will accept compressed |
|
|
527 | packets, and for all other nodes, this specifies whether to try to |
523 | Wether to compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). |
528 | compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). Compression is |
524 | Compression is really cheap even on slow computers and has no size |
529 | really cheap even on slow computers, has no size overhead at all and will |
525 | overhead at all, so enabling this is often a good idea. |
530 | only be used when the other side supports compression, so enabling this is |
|
|
531 | often a good idea. |
526 | .IP "connect = ondemand | never | always | disabled" 4 |
532 | .IP "connect = ondemand | never | always | disabled" 4 |
527 | .IX Item "connect = ondemand | never | always | disabled" |
533 | .IX Item "connect = ondemand | never | always | disabled" |
528 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
534 | Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always |
529 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
535 | try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR |
530 | (never initiate a connection to the given host, but accept connections), |
536 | (never initiate a connection to the given host, but accept connections), |
… | |
… | |
615 | when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. |
621 | when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. |
616 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
622 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
617 | .IX Item "enable-udp = yes|true|on | no|false|off" |
623 | .IX Item "enable-udp = yes|true|on | no|false|off" |
618 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
624 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
619 | .Sp |
625 | .Sp |
620 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR, |
626 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR). |
621 | unless no other protocol is enabled for a node, in which case this |
|
|
622 | protocol is enabled automatically). |
|
|
623 | .Sp |
|
|
624 | \&\s-1NOTE:\s0 Please specify \f(CW\*(C`enable\-udp = yes\*(C'\fR if you want to use it even though |
|
|
625 | it might get switched on automatically, as some future version might |
|
|
626 | default to another default protocol. |
|
|
627 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
627 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
628 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
628 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
629 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
629 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
630 | address. It will be resolved before each connect request, so dyndns should |
630 | address. It will be resolved before each connect request, so dyndns should |
631 | work fine. If this setting is not specified and a router is available, |
631 | work fine. If this setting is not specified and a router is available, |
… | |
… | |
638 | .IX Item "icmp-type = integer" |
638 | .IX Item "icmp-type = integer" |
639 | Sets the type value to be used for outgoing (and incoming) packets sent |
639 | Sets the type value to be used for outgoing (and incoming) packets sent |
640 | via the \s-1ICMP\s0 transport. |
640 | via the \s-1ICMP\s0 transport. |
641 | .Sp |
641 | .Sp |
642 | The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as |
642 | The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as |
643 | \&\*(L"ping-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. |
643 | \&\*(L"ping\-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. |
644 | \&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. |
644 | \&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. |
645 | .IP "if-up-data = value" 4 |
645 | .IP "if-up-data = value" 4 |
646 | .IX Item "if-up-data = value" |
646 | .IX Item "if-up-data = value" |
647 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
647 | The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR |
648 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
648 | script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. |
649 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
649 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
650 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
650 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
651 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
651 | Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
652 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
652 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
653 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
653 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
654 | to the tunnel device, which is usually what you want. |
654 | to the tunnel device, which is usually what you want. |
655 | .IP "max-retry = positive-number" 4 |
655 | .IP "max-retry = positive-number" 4 |
656 | .IX Item "max-retry = positive-number" |
656 | .IX Item "max-retry = positive-number" |
… | |
… | |
713 | .IX Item "gvpe.conf" |
713 | .IX Item "gvpe.conf" |
714 | The config file. |
714 | The config file. |
715 | .IP "if-up" 4 |
715 | .IP "if-up" 4 |
716 | .IX Item "if-up" |
716 | .IX Item "if-up" |
717 | The if-up script |
717 | The if-up script |
718 | .IP "node-up, node-down" 4 |
718 | .IP "node\-up, node-down" 4 |
719 | .IX Item "node-up, node-down" |
719 | .IX Item "node-up, node-down" |
720 | If used the node up or node-down scripts. |
720 | If used the node up or node-down scripts. |
721 | .IP "hostkey" 4 |
721 | .IP "hostkey" 4 |
722 | .IX Item "hostkey" |
722 | .IX Item "hostkey" |
723 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |
723 | The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. |