1 | .\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.20) |
1 | .\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) |
2 | .\" |
2 | .\" |
3 | .\" Standard preamble: |
3 | .\" Standard preamble: |
4 | .\" ======================================================================== |
4 | .\" ======================================================================== |
5 | .de Sp \" Vertical space (when we can't use .PP) |
5 | .de Sp \" Vertical space (when we can't use .PP) |
6 | .if t .sp .5v |
6 | .if t .sp .5v |
… | |
… | |
36 | .el\{\ |
36 | .el\{\ |
37 | . ds -- \|\(em\| |
37 | . ds -- \|\(em\| |
38 | . ds PI \(*p |
38 | . ds PI \(*p |
39 | . ds L" `` |
39 | . ds L" `` |
40 | . ds R" '' |
40 | . ds R" '' |
|
|
41 | . ds C` |
|
|
42 | . ds C' |
41 | 'br\} |
43 | 'br\} |
42 | .\" |
44 | .\" |
43 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
45 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
44 | .ie \n(.g .ds Aq \(aq |
46 | .ie \n(.g .ds Aq \(aq |
45 | .el .ds Aq ' |
47 | .el .ds Aq ' |
46 | .\" |
48 | .\" |
47 | .\" If the F register is turned on, we'll generate index entries on stderr for |
49 | .\" If the F register is turned on, we'll generate index entries on stderr for |
48 | .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
50 | .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
49 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
51 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
50 | .\" output yourself in some meaningful fashion. |
52 | .\" output yourself in some meaningful fashion. |
51 | .ie \nF \{\ |
53 | .\" |
|
|
54 | .\" Avoid warning from groff about undefined register 'F'. |
52 | . de IX |
55 | .de IX |
53 | . tm Index:\\$1\t\\n%\t"\\$2" |
|
|
54 | .. |
56 | .. |
55 | . nr % 0 |
57 | .nr rF 0 |
56 | . rr F |
58 | .if \n(.g .if rF .nr rF 1 |
|
|
59 | .if (\n(rF:(\n(.g==0)) \{ |
|
|
60 | . if \nF \{ |
|
|
61 | . de IX |
|
|
62 | . tm Index:\\$1\t\\n%\t"\\$2" |
|
|
63 | .. |
|
|
64 | . if !\nF==2 \{ |
|
|
65 | . nr % 0 |
|
|
66 | . nr F 2 |
|
|
67 | . \} |
|
|
68 | . \} |
57 | .\} |
69 | .\} |
58 | .el \{\ |
70 | .rr rF |
59 | . de IX |
|
|
60 | .. |
|
|
61 | .\} |
|
|
62 | .\" |
71 | .\" |
63 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
72 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
64 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
73 | .\" Fear. Run. Save yourself. No user-serviceable parts. |
65 | . \" fudge factors for nroff and troff |
74 | . \" fudge factors for nroff and troff |
66 | .if n \{\ |
75 | .if n \{\ |
… | |
… | |
122 | .\} |
131 | .\} |
123 | .rm #[ #] #H #V #F C |
132 | .rm #[ #] #H #V #F C |
124 | .\" ======================================================================== |
133 | .\" ======================================================================== |
125 | .\" |
134 | .\" |
126 | .IX Title "GVPE.CONF 5" |
135 | .IX Title "GVPE.CONF 5" |
127 | .TH GVPE.CONF 5 "2013-07-17" "2.25" "GNU Virtual Private Ethernet" |
136 | .TH GVPE.CONF 5 "2015-10-31" "2.25" "GNU Virtual Private Ethernet" |
128 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
137 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
129 | .\" way too many mistakes in technical documents. |
138 | .\" way too many mistakes in technical documents. |
130 | .if n .ad l |
139 | .if n .ad l |
131 | .nh |
140 | .nh |
132 | .SH "NAME" |
141 | .SH "NAME" |
… | |
… | |
238 | .PP |
247 | .PP |
239 | Node-specific settings can be used at any time. If used before the first |
248 | Node-specific settings can be used at any time. If used before the first |
240 | node section they will set the default values for all following nodes. |
249 | node section they will set the default values for all following nodes. |
241 | .SH "CONFIG VARIABLES" |
250 | .SH "CONFIG VARIABLES" |
242 | .IX Header "CONFIG VARIABLES" |
251 | .IX Header "CONFIG VARIABLES" |
243 | .SS "\s-1GLOBAL\s0 \s-1SETTINGS\s0" |
252 | .SS "\s-1GLOBAL SETTINGS\s0" |
244 | .IX Subsection "GLOBAL SETTINGS" |
253 | .IX Subsection "GLOBAL SETTINGS" |
245 | Global settings will affect the behaviour of the running gvpe daemon, that |
254 | Global settings will affect the behaviour of the running gvpe daemon, that |
246 | is, they are in some sense node-specific (config files can set different |
255 | is, they are in some sense node-specific (config files can set different |
247 | values on different nodes using \f(CW\*(C`on\*(C'\fR), but will affect the behaviour of |
256 | values on different nodes using \f(CW\*(C`on\*(C'\fR), but will affect the behaviour of |
248 | the gvpe daemon and all connections it creates. |
257 | the gvpe daemon and all connections it creates. |
… | |
… | |
385 | .IP "NODENAME=branch1" 4 |
394 | .IP "NODENAME=branch1" 4 |
386 | .IX Item "NODENAME=branch1" |
395 | .IX Item "NODENAME=branch1" |
387 | The nickname of the node. |
396 | The nickname of the node. |
388 | .IP "NODEID=1" 4 |
397 | .IP "NODEID=1" 4 |
389 | .IX Item "NODEID=1" |
398 | .IX Item "NODEID=1" |
390 | The numerical node \s-1ID\s0 of the node running this instance of \s-1GVPE\s0. The first |
399 | The numerical node \s-1ID\s0 of the node running this instance of \s-1GVPE.\s0 The first |
391 | node mentioned in the config file gets \s-1ID\s0 1, the second \s-1ID\s0 2 and so on. |
400 | node mentioned in the config file gets \s-1ID 1,\s0 the second \s-1ID 2\s0 and so on. |
392 | .RE |
401 | .RE |
393 | .RS 4 |
402 | .RS 4 |
394 | .Sp |
403 | .Sp |
395 | In addition, all node-specific variables (except \f(CW\*(C`NODEID\*(C'\fR) will be |
404 | In addition, all node-specific variables (except \f(CW\*(C`NODEID\*(C'\fR) will be |
396 | available with a postfix of \f(CW\*(C`_nodeid\*(C'\fR, which contains the value for that |
405 | available with a postfix of \f(CW\*(C`_nodeid\*(C'\fR, which contains the value for that |
… | |
… | |
430 | instance using the same protocol, nor can you share the protocol with |
439 | instance using the same protocol, nor can you share the protocol with |
431 | other programs. |
440 | other programs. |
432 | .Sp |
441 | .Sp |
433 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
442 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling |
434 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
443 | through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 |
435 | compatible). Other common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 |
444 | compatible). Other common choices are 50 (\s-1IPSEC, ESP\s0), 51 (\s-1IPSEC, AH\s0), 4 |
436 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP\s0, rfc1241). |
445 | (\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP,\s0 rfc1241). |
437 | .Sp |
446 | .Sp |
438 | Many versions of Linux seem to have a bug that causes them to reorder |
447 | Many versions of Linux seem to have a bug that causes them to reorder |
439 | packets for some ip protocols (\s-1GRE\s0, \s-1ESP\s0) but not for others (\s-1AH\s0), so |
448 | packets for some ip protocols (\s-1GRE, ESP\s0) but not for others (\s-1AH\s0), so |
440 | choose wisely (that is, use 51, \s-1AH\s0). |
449 | choose wisely (that is, use 51, \s-1AH\s0). |
441 | .IP "http-proxy-host = hostname/ip" 4 |
450 | .IP "http-proxy-host = hostname/ip" 4 |
442 | .IX Item "http-proxy-host = hostname/ip" |
451 | .IX Item "http-proxy-host = hostname/ip" |
443 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
452 | The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was |
444 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
453 | compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of |
… | |
… | |
597 | sources on it's own though, so not all is lost). |
606 | sources on it's own though, so not all is lost). |
598 | .IP "seed-interval = seconds" 4 |
607 | .IP "seed-interval = seconds" 4 |
599 | .IX Item "seed-interval = seconds" |
608 | .IX Item "seed-interval = seconds" |
600 | The number of seconds between reseeds of the random number generator |
609 | The number of seconds between reseeds of the random number generator |
601 | (default: \f(CW3613\fR). A value of \f(CW0\fR disables this regular reseeding. |
610 | (default: \f(CW3613\fR). A value of \f(CW0\fR disables this regular reseeding. |
|
|
611 | .IP "serial = string" 4 |
|
|
612 | .IX Item "serial = string" |
|
|
613 | The configuration serial number. This can be any string up to 16 bytes |
|
|
614 | length. Only when the serial matches on both sides of a conenction will |
|
|
615 | the connection succeed. This is \fInot\fR a security mechanism and eay to |
|
|
616 | spoof, this mechanism exists to alert users that their config is outdated. |
|
|
617 | .Sp |
|
|
618 | It's recommended to specify this is a date string such as \f(CW\*(C`2013\-05\-05\*(C'\fR or |
|
|
619 | \&\f(CW20121205084417\fR. |
|
|
620 | .Sp |
|
|
621 | The exact algorithm is as this: if a connection request is received form a |
|
|
622 | node with an identical serial, then it succeeds normally. |
|
|
623 | .Sp |
|
|
624 | If the remote serial is lower than the local serial, it is ignored. |
|
|
625 | .Sp |
|
|
626 | If the remote serial is higher than the local serial, a warning message is |
|
|
627 | logged. |
602 | .SS "\s-1NODE\s0 \s-1SPECIFIC\s0 \s-1SETTINGS\s0" |
628 | .SS "\s-1NODE SPECIFIC SETTINGS\s0" |
603 | .IX Subsection "NODE SPECIFIC SETTINGS" |
629 | .IX Subsection "NODE SPECIFIC SETTINGS" |
604 | The following settings are node-specific, that is, every node can have |
630 | The following settings are node-specific, that is, every node can have |
605 | different settings, even within the same gvpe instance. Settings that are |
631 | different settings, even within the same gvpe instance. Settings that are |
606 | set before the first node section set the defaults, settings that are |
632 | set before the first node section set the defaults, settings that are |
607 | set within a node section only apply to the given node. |
633 | set within a node section only apply to the given node. |
… | |
… | |
693 | .Sp |
719 | .Sp |
694 | Enable the \s-1ICMP\s0 transport using \s-1ICMP\s0 packets of type \f(CW\*(C`icmp\-type\*(C'\fR on this |
720 | Enable the \s-1ICMP\s0 transport using \s-1ICMP\s0 packets of type \f(CW\*(C`icmp\-type\*(C'\fR on this |
695 | node. |
721 | node. |
696 | .IP "enable-rawip = yes|true|on | no|false|off" 4 |
722 | .IP "enable-rawip = yes|true|on | no|false|off" 4 |
697 | .IX Item "enable-rawip = yes|true|on | no|false|off" |
723 | .IX Item "enable-rawip = yes|true|on | no|false|off" |
698 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1RAW\s0 \s-1IP\s0 transport protocol. |
724 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1RAW IP\s0 transport protocol. |
699 | .Sp |
725 | .Sp |
700 | Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol |
726 | Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol |
701 | (default: \f(CW\*(C`no\*(C'\fR). |
727 | (default: \f(CW\*(C`no\*(C'\fR). |
702 | .IP "enable-tcp = yes|true|on | no|false|off" 4 |
728 | .IP "enable-tcp = yes|true|on | no|false|off" 4 |
703 | .IX Item "enable-tcp = yes|true|on | no|false|off" |
729 | .IX Item "enable-tcp = yes|true|on | no|false|off" |
… | |
… | |
710 | .IX Item "enable-udp = yes|true|on | no|false|off" |
736 | .IX Item "enable-udp = yes|true|on | no|false|off" |
711 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
737 | See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. |
712 | .Sp |
738 | .Sp |
713 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR). |
739 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR). |
714 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
740 | .IP "hostname = hostname | ip [can not be defaulted]" 4 |
715 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
741 | .IX Item "hostname = hostname | ip [can not be defaulted]" |
716 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
742 | Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 |
717 | address. It will be resolved before each connect request, so dyndns should |
743 | address. It will be resolved before each connect request, so dyndns should |
718 | work fine. If this setting is not specified and a router is available, |
744 | work fine. If this setting is not specified and a router is available, |
719 | then the router will be queried for the address of this node. Otherwise, |
745 | then the router will be queried for the address of this node. Otherwise, |
720 | the connection attempt will fail. |
746 | the connection attempt will fail. |
… | |
… | |
737 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
763 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
738 | Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
764 | Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
739 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
765 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
740 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
766 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
741 | to the tunnel device, which is usually what you want. |
767 | to the tunnel device, which is usually what you want. |
|
|
768 | .IP "low-power = yes|true|on | no|false|off" 4 |
|
|
769 | .IX Item "low-power = yes|true|on | no|false|off" |
|
|
770 | If true, designates a node as a low-power node. Low-power nodes use |
|
|
771 | larger timeouts and try to reduce cpu time. Other nodes talking to a |
|
|
772 | low-power node will also use larger timeouts, and will use less aggressive |
|
|
773 | optimisations, in the hope of reducing load. Security is not compromised. |
|
|
774 | .Sp |
|
|
775 | The typical low-power node would be a mobile phone, where wakeups and |
|
|
776 | encryption can significantly increase power drain. |
742 | .IP "max-retry = positive-number" 4 |
777 | .IP "max-retry = positive-number" 4 |
743 | .IX Item "max-retry = positive-number" |
778 | .IX Item "max-retry = positive-number" |
744 | The maximum interval in seconds (default: \f(CW3600\fR, one hour) between |
779 | The maximum interval in seconds (default: \f(CW3600\fR, one hour) between |
745 | retries to establish a connection to this node. When a connection cannot |
780 | retries to establish a connection to this node. When a connection cannot |
746 | be established, gvpe uses exponential back-off capped at this value. It's |
781 | be established, gvpe uses exponential back-off capped at this value. It's |