1 | =head1 NAME |
1 | =head1 NAME |
2 | |
2 | |
3 | vped.conf - vpe daemon configuration file |
3 | vped.conf - configuration file for the GNU VPE daemon |
4 | |
4 | |
5 | =head1 SYNOPSIS |
5 | =head1 SYNOPSIS |
6 | |
6 | |
|
|
7 | enable-udp = yes |
7 | udp-port = 407 |
8 | udp-port = 407 |
8 | mtu = 1492 |
9 | mtu = 1492 |
9 | ifname = vpn0 |
10 | ifname = vpn0 |
10 | |
11 | |
11 | node = branch1 |
12 | node = branch1 |
… | |
… | |
134 | The default is 47 (GRE), which has a good chance of tunneling through |
135 | The default is 47 (GRE), which has a good chance of tunneling through |
135 | firewalls (but note that the rawip protocol is not GRE compatible). Other |
136 | firewalls (but note that the rawip protocol is not GRE compatible). Other |
136 | common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 (IPIP tunnels) or 98 |
137 | common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 (IPIP tunnels) or 98 |
137 | (ENCAP, rfc1241) |
138 | (ENCAP, rfc1241) |
138 | |
139 | |
139 | =item enable-udp = yes|true|on | no|false|off |
|
|
140 | |
|
|
141 | Enable the UDPv4 transport using the C<udp-port> port |
|
|
142 | (default: C<yes>). This is a good general choice since UDP tunnels well |
|
|
143 | through many firewalls. |
|
|
144 | |
|
|
145 | =item enable-rawip = yes|true|on | no|false|off |
|
|
146 | |
|
|
147 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
|
|
148 | (default: C<no>). This is the best choice, since the overhead per packet |
|
|
149 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
150 | |
|
|
151 | =item if-up = relative-or-absolute-path |
140 | =item if-up = relative-or-absolute-path |
152 | |
141 | |
153 | Sets the path of a script that should be called immediately after the |
142 | Sets the path of a script that should be called immediately after the |
154 | network interface is initialized (but not neccessarily up). The following |
143 | network interface is initialized (but not neccessarily up). The following |
155 | environment variables are passed to it (the values are just examples): |
144 | environment variables are passed to it (the values are just examples): |
… | |
… | |
170 | consistently on all hosts), but this is usually ineffective. |
159 | consistently on all hosts), but this is usually ineffective. |
171 | |
160 | |
172 | =item MAC=fe:fd:80:00:00:01 |
161 | =item MAC=fe:fd:80:00:00:01 |
173 | |
162 | |
174 | The MAC address to set the interface to. The script *must* set the |
163 | The MAC address to set the interface to. The script *must* set the |
175 | interface MAC to this value. On GNU/Linux you will most likely use this: |
164 | interface MAC to this value. You will most likely use one of these: |
176 | |
165 | |
177 | ip link set $IFNAME address $MAC mtu $MTU up |
166 | ip link set $IFNAME address $MAC mtu $MTU up # GNU/Linux |
|
|
167 | ifconfig $IFNAME ether $MAC mtu $MTU up # FreeBSD |
|
|
168 | |
|
|
169 | Please see the C<vpe.osdep(5)> manpage for platform-specific information. |
|
|
170 | |
|
|
171 | =item IFTYPE=native # or tincd |
|
|
172 | |
|
|
173 | =item IFSUBTYPE=linux # or freebsd, darwin etc.. |
|
|
174 | |
|
|
175 | The interface type (C<native> or C<tincd>) and the subtype (usually the os |
|
|
176 | name in lowercase) that this vpe was configured for. Can be used to select |
|
|
177 | the correct syntax to use for network-related commands. |
178 | |
178 | |
179 | =item NODENAME=branch1 |
179 | =item NODENAME=branch1 |
180 | |
180 | |
181 | The nickname of the current node, as passed to the vped daemon. |
181 | The nickname of the current node, as passed to the vped daemon. |
182 | |
182 | |
… | |
… | |
218 | =item DESTIP=188.13.66.8 |
218 | =item DESTIP=188.13.66.8 |
219 | |
219 | |
220 | The numerical IP address of the remote host (vped accepts connections from |
220 | The numerical IP address of the remote host (vped accepts connections from |
221 | everywhere, as long as the other host can authenticate itself). |
221 | everywhere, as long as the other host can authenticate itself). |
222 | |
222 | |
223 | =item DESTPORT=407 # deprecated |
223 | =item DESTPORT=655 # deprecated |
224 | |
224 | |
225 | The UDP port used by the other side. |
225 | The UDP port used by the other side. |
226 | |
226 | |
227 | =item STATE=UP |
227 | =item STATE=UP |
228 | |
228 | |
… | |
… | |
243 | |
243 | |
244 | =item node-down = relative-or-absolute-path |
244 | =item node-down = relative-or-absolute-path |
245 | |
245 | |
246 | Same as C<node-up>, but gets called whenever a connection is lost. |
246 | Same as C<node-up>, but gets called whenever a connection is lost. |
247 | |
247 | |
|
|
248 | =item http-proxy-host = hostname/ip |
|
|
249 | |
|
|
250 | The C<http-proxy-*> family of options are only available if vpe was |
|
|
251 | compiled with the C<--enable-http-proxy> option and enable tunneling of |
|
|
252 | tcp connections through a http proxy server. |
|
|
253 | |
|
|
254 | C<http-proxy-host> and C<http-proxy-port> should specify the hostname and |
|
|
255 | port number of the proxy server. See C<http-proxy-loginpw> if your proxy |
|
|
256 | requires authentication. |
|
|
257 | |
|
|
258 | Please note that vpe will still try to resolve all hostnames in the |
|
|
259 | configuration file, so if you are behind a proxy without access to a dns |
|
|
260 | server better use numerical IP addresses. |
|
|
261 | |
|
|
262 | To make best use of this option disable all protocols except tcp in your |
|
|
263 | config file and make sure your routers (or all other hosts) are listening |
|
|
264 | on a port that the proxy allows (443, https, is a common choice). |
|
|
265 | |
|
|
266 | If you have a router, connecting to it will suffice. Otherwise tcp must be |
|
|
267 | enabled on all hosts. |
|
|
268 | |
|
|
269 | Example: |
|
|
270 | |
|
|
271 | http-proxy-host = proxy.example.com |
|
|
272 | http-proxy-port = 3128 # 8080 is another common choice |
|
|
273 | http-proxy-auth = schmorp:grumbeere |
|
|
274 | |
|
|
275 | =item http-proxy-port = proxy-tcp-port |
|
|
276 | |
|
|
277 | The port where your proxy server listens. |
|
|
278 | |
|
|
279 | =item http-proxy-auth = login:password |
|
|
280 | |
|
|
281 | The optional login and password used to authenticate to the proxy server, |
|
|
282 | seperated by a literal colon (C<:>). Only basic authentication is |
|
|
283 | currently supported. |
|
|
284 | |
|
|
285 | =item pid-file = path |
|
|
286 | |
|
|
287 | The path to the pid file to check and create (Default: |
|
|
288 | |
248 | =back |
289 | =back |
249 | |
290 | |
250 | =head2 NODE SPECIFIC SETTINGS |
291 | =head2 NODE SPECIFIC SETTINGS |
251 | |
292 | |
252 | The following settings are node-specific, that is, every node can have |
293 | The following settings are node-specific, that is, every node can have |
… | |
… | |
256 | |
297 | |
257 | =over 4 |
298 | =over 4 |
258 | |
299 | |
259 | =item udp-port = port-number |
300 | =item udp-port = port-number |
260 | |
301 | |
261 | Sets the port number used by the UDP protocol (default: C<407>, not |
302 | Sets the port number used by the UDP protocol (default: C<655>, not |
262 | officially assigned by IANA!). |
303 | officially assigned by IANA!). |
|
|
304 | |
|
|
305 | =item tcp-port = port-number |
|
|
306 | |
|
|
307 | Similar to C<udp-port> (default: C<655>), but sets the TCP port number. |
|
|
308 | |
|
|
309 | =item enable-rawip = yes|true|on | no|false|off |
|
|
310 | |
|
|
311 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
|
|
312 | (default: C<no>). This is the best choice, since the overhead per packet |
|
|
313 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
314 | |
|
|
315 | =item enable-udp = yes|true|on | no|false|off |
|
|
316 | |
|
|
317 | Enable the UDPv4 transport using the C<udp-port> port (default: C<yes>, |
|
|
318 | but this will change!). This is a good general choice since UDP tunnels |
|
|
319 | well through many firewalls. |
|
|
320 | |
|
|
321 | NOTE: Please specify C<enable-udp = yes> even though it is the default, as |
|
|
322 | some future version will have all protocols disabled by default. |
|
|
323 | |
|
|
324 | =item enable-tcp = yes|true|on | no|false|off |
|
|
325 | |
|
|
326 | Enable the TCPv4 transport using the C<tcp-port> port |
|
|
327 | (default: C<no>). Support for this horribly unsuitable protocol is only |
|
|
328 | available when vpe was compiled using the C<--enable-tcp> option. Never |
|
|
329 | use this transport unless you really must, it is horribly ineffiecent and |
|
|
330 | resource-intensive compared to the other transports. |
263 | |
331 | |
264 | =item router-priority = positive-number |
332 | =item router-priority = positive-number |
265 | |
333 | |
266 | Sets the router priority of the given host (default: C<0>, disabled). If |
334 | Sets the router priority of the given host (default: C<0>, disabled). If |
267 | some host tries to connect to another host without a hostname, it asks |
335 | some host tries to connect to another host without a hostname, it asks |