| … | |
… | |
| 5 | =head1 SYNOPSIS |
5 | =head1 SYNOPSIS |
| 6 | |
6 | |
| 7 | udp-port = 407 |
7 | udp-port = 407 |
| 8 | mtu = 1492 |
8 | mtu = 1492 |
| 9 | ifname = vpn0 |
9 | ifname = vpn0 |
| 10 | |
10 | |
| 11 | node = branch1 |
11 | node = branch1 |
| 12 | hostname = 1.2.3.4 |
12 | hostname = 1.2.3.4 |
| 13 | |
13 | |
| 14 | node = branch2 |
14 | node = branch2 |
| 15 | hostname = www.example.net |
15 | hostname = www.example.net |
| … | |
… | |
| 134 | The default is 47 (GRE), which has a good chance of tunneling through |
134 | The default is 47 (GRE), which has a good chance of tunneling through |
| 135 | firewalls (but note that the rawip protocol is not GRE compatible). Other |
135 | firewalls (but note that the rawip protocol is not GRE compatible). Other |
| 136 | common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 (IPIP tunnels) or 98 |
136 | common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 (IPIP tunnels) or 98 |
| 137 | (ENCAP, rfc1241) |
137 | (ENCAP, rfc1241) |
| 138 | |
138 | |
| 139 | =item enable-udp = yes|true|on | no|false|off |
|
|
| 140 | |
|
|
| 141 | Enable the UDPv4 transport using the C<udp-port> port |
|
|
| 142 | (default: C<yes>). This is a good general choice since UDP tunnels well |
|
|
| 143 | through many firewalls. |
|
|
| 144 | |
|
|
| 145 | =item enable-rawip = yes|true|on | no|false|off |
|
|
| 146 | |
|
|
| 147 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
|
|
| 148 | (default: C<no>). This is the best choice, since the overhead per packet |
|
|
| 149 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
| 150 | |
|
|
| 151 | =item if-up = relative-or-absolute-path |
139 | =item if-up = relative-or-absolute-path |
| 152 | |
140 | |
| 153 | Sets the path of a script that should be called immediately after the |
141 | Sets the path of a script that should be called immediately after the |
| 154 | network interface is initialized (but not neccessarily up). The following |
142 | network interface is initialized (but not neccessarily up). The following |
| 155 | environment variables are passed to it (the values are just examples): |
143 | environment variables are passed to it (the values are just examples): |
| … | |
… | |
| 170 | consistently on all hosts), but this is usually ineffective. |
158 | consistently on all hosts), but this is usually ineffective. |
| 171 | |
159 | |
| 172 | =item MAC=fe:fd:80:00:00:01 |
160 | =item MAC=fe:fd:80:00:00:01 |
| 173 | |
161 | |
| 174 | The MAC address to set the interface to. The script *must* set the |
162 | The MAC address to set the interface to. The script *must* set the |
| 175 | interface MAC to this value. On GNU/Linux you will most likely use this: |
163 | interface MAC to this value. You will most likely use one of these: |
| 176 | |
164 | |
| 177 | ip link set $IFNAME address $MAC mtu $MTU up |
165 | ip link set $IFNAME address $MAC mtu $MTU up # GNU/Linux |
|
|
166 | ifconfig $IFNAME ether $MAC mtu $MTU up # FreeBSD |
|
|
167 | |
|
|
168 | =item IFTYPE=native |
|
|
169 | |
|
|
170 | =item IFSUBTYPE=linux # or freebsd, darwin etc.. |
|
|
171 | |
|
|
172 | The interface type (C<native> or C<tincd>) and the subtype (usually the os |
|
|
173 | name in lowercase) that this vpe was configured for. Can be used to select |
|
|
174 | the correct syntax to use for network-related commands. |
| 178 | |
175 | |
| 179 | =item NODENAME=branch1 |
176 | =item NODENAME=branch1 |
| 180 | |
177 | |
| 181 | The nickname of the current node, as passed to the vped daemon. |
178 | The nickname of the current node, as passed to the vped daemon. |
| 182 | |
179 | |
| … | |
… | |
| 243 | |
240 | |
| 244 | =item node-down = relative-or-absolute-path |
241 | =item node-down = relative-or-absolute-path |
| 245 | |
242 | |
| 246 | Same as C<node-up>, but gets called whenever a connection is lost. |
243 | Same as C<node-up>, but gets called whenever a connection is lost. |
| 247 | |
244 | |
|
|
245 | =item http-proxy-host = hostname/ip |
|
|
246 | |
|
|
247 | The C<http-proxy-*> family of options are only available if vpe was |
|
|
248 | compiled with the C<--enable-http-proxy> option and enable tunneling of |
|
|
249 | tcp connections through a http proxy server. |
|
|
250 | |
|
|
251 | C<http-proxy-host> and C<http-proxy-port> should specify the hostname and |
|
|
252 | port number of the proxy server. See C<http-proxy-loginpw> if your proxy |
|
|
253 | requires authentication. |
|
|
254 | |
|
|
255 | Please note that vpe will still try to resolve all hostnames in the |
|
|
256 | configuration file, so if you are behind a proxy without access to a dns |
|
|
257 | server better use numerical IP addresses. |
|
|
258 | |
|
|
259 | To make best use of this option disable all protocols except tcp in your |
|
|
260 | config file and make sure your routers (or all other hosts) are listening |
|
|
261 | on a port that the proxy allows (443, https, is a common choice). |
|
|
262 | |
|
|
263 | If you have a router, connecting to it will suffice. Otherwise tcp must be |
|
|
264 | enabled on all hosts. |
|
|
265 | |
|
|
266 | Example: |
|
|
267 | |
|
|
268 | http-proxy-host = proxy.example.com |
|
|
269 | http-proxy-port = 3128 # 8080 is another common choice |
|
|
270 | http-proxy-auth = schmorp:grumbeere |
|
|
271 | |
|
|
272 | =item http-proxy-port = proxy-tcp-port |
|
|
273 | |
|
|
274 | The port where your proxy server listens. |
|
|
275 | |
|
|
276 | =item http-proxy-auth = login:password |
|
|
277 | |
|
|
278 | The optional login and password used to authenticate to the proxy server, |
|
|
279 | seperated by a literal colon (C<:>). Only basic authentication is |
|
|
280 | currently supported. |
|
|
281 | |
| 248 | =back |
282 | =back |
| 249 | |
283 | |
| 250 | =head2 NODE SPECIFIC SETTINGS |
284 | =head2 NODE SPECIFIC SETTINGS |
| 251 | |
285 | |
| 252 | The following settings are node-specific, that is, every node can have |
286 | The following settings are node-specific, that is, every node can have |
| … | |
… | |
| 258 | |
292 | |
| 259 | =item udp-port = port-number |
293 | =item udp-port = port-number |
| 260 | |
294 | |
| 261 | Sets the port number used by the UDP protocol (default: C<407>, not |
295 | Sets the port number used by the UDP protocol (default: C<407>, not |
| 262 | officially assigned by IANA!). |
296 | officially assigned by IANA!). |
|
|
297 | |
|
|
298 | =item tcp-port = port-number |
|
|
299 | |
|
|
300 | Similar to C<udp-port> (default: C<407>), but sets the TCP port number. |
|
|
301 | |
|
|
302 | =item enable-rawip = yes|true|on | no|false|off |
|
|
303 | |
|
|
304 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
|
|
305 | (default: C<no>). This is the best choice, since the overhead per packet |
|
|
306 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
307 | |
|
|
308 | =item enable-udp = yes|true|on | no|false|off |
|
|
309 | |
|
|
310 | Enable the UDPv4 transport using the C<udp-port> port |
|
|
311 | (default: C<yes>). This is a good general choice since UDP tunnels well |
|
|
312 | through many firewalls. |
|
|
313 | |
|
|
314 | =item enable-tcp = yes|true|on | no|false|off |
|
|
315 | |
|
|
316 | Enable the TCPv4 transport using the C<tcp-port> port |
|
|
317 | (default: C<no>). Support for this horribly unsuitable protocol is only |
|
|
318 | available when vpe was compiled using the C<--enable-tcp> option. Never |
|
|
319 | use this transport unless you really must, it is horribly ineffiecent and |
|
|
320 | resource-intensive compared to the other transports. |
| 263 | |
321 | |
| 264 | =item router-priority = positive-number |
322 | =item router-priority = positive-number |
| 265 | |
323 | |
| 266 | Sets the router priority of the given host (default: C<0>, disabled). If |
324 | Sets the router priority of the given host (default: C<0>, disabled). If |
| 267 | some host tries to connect to another host without a hostname, it asks |
325 | some host tries to connect to another host without a hostname, it asks |
