… | |
… | |
5 | =head1 SYNOPSIS |
5 | =head1 SYNOPSIS |
6 | |
6 | |
7 | udp-port = 407 |
7 | udp-port = 407 |
8 | mtu = 1492 |
8 | mtu = 1492 |
9 | ifname = vpn0 |
9 | ifname = vpn0 |
10 | |
10 | |
11 | node = branch1 |
11 | node = branch1 |
12 | hostname = 1.2.3.4 |
12 | hostname = 1.2.3.4 |
13 | |
13 | |
14 | node = branch2 |
14 | node = branch2 |
15 | hostname = www.example.net |
15 | hostname = www.example.net |
… | |
… | |
134 | The default is 47 (GRE), which has a good chance of tunneling through |
134 | The default is 47 (GRE), which has a good chance of tunneling through |
135 | firewalls (but note that the rawip protocol is not GRE compatible). Other |
135 | firewalls (but note that the rawip protocol is not GRE compatible). Other |
136 | common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 (IPIP tunnels) or 98 |
136 | common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 (IPIP tunnels) or 98 |
137 | (ENCAP, rfc1241) |
137 | (ENCAP, rfc1241) |
138 | |
138 | |
139 | =item enable-udp = yes|true|on | no|false|off |
|
|
140 | |
|
|
141 | Enable the UDPv4 transport using the C<udp-port> port |
|
|
142 | (default: C<yes>). This is a good general choice since UDP tunnels well |
|
|
143 | through many firewalls. |
|
|
144 | |
|
|
145 | =item enable-rawip = yes|true|on | no|false|off |
|
|
146 | |
|
|
147 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
|
|
148 | (default: C<no>). This is the best choice, since the overhead per packet |
|
|
149 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
150 | |
|
|
151 | =item if-up = relative-or-absolute-path |
139 | =item if-up = relative-or-absolute-path |
152 | |
140 | |
153 | Sets the path of a script that should be called immediately after the |
141 | Sets the path of a script that should be called immediately after the |
154 | network interface is initialized (but not neccessarily up). The following |
142 | network interface is initialized (but not neccessarily up). The following |
155 | environment variables are passed to it (the values are just examples): |
143 | environment variables are passed to it (the values are just examples): |
… | |
… | |
243 | |
231 | |
244 | =item node-down = relative-or-absolute-path |
232 | =item node-down = relative-or-absolute-path |
245 | |
233 | |
246 | Same as C<node-up>, but gets called whenever a connection is lost. |
234 | Same as C<node-up>, but gets called whenever a connection is lost. |
247 | |
235 | |
|
|
236 | =item http-proxy-host = hostname/ip |
|
|
237 | |
|
|
238 | The C<http-proxy>-family of options are only available if vpe was |
|
|
239 | compiled with the C<--enable-http-proxy> option and enable tunneling of |
|
|
240 | tcp connections through a http proxy server. |
|
|
241 | |
|
|
242 | C<http-proxy-host> and C<http-proxy-port> should specify the hostname and |
|
|
243 | port number of the proxy server. See C<http-proxy-loginpw> if your proxy |
|
|
244 | requires authentication. |
|
|
245 | |
|
|
246 | Please note that vpe will still try to resolve all hostnames in the |
|
|
247 | configuration file, so if you are behind a proxy without access to a dns |
|
|
248 | server better use numerical IP addresses. |
|
|
249 | |
|
|
250 | To make best use of this option disable all protocols except tcp in your |
|
|
251 | config file and make sure your routers (or all other hosts) are listening |
|
|
252 | on a port that the proxy allows (443, https, is a common choice). |
|
|
253 | |
|
|
254 | If you have a router, connecting to it will suffice. Otherwise tcp must be |
|
|
255 | enabled on all hosts. |
|
|
256 | |
|
|
257 | Example: |
|
|
258 | |
|
|
259 | http-proxy-host = proxy.example.com |
|
|
260 | http-proxy-port = 3128 # 8080 is another common choice |
|
|
261 | http-proxy-auth = schmorp:grumbeere |
|
|
262 | |
|
|
263 | =item http-proxy-port = proxy-tcp-port |
|
|
264 | |
|
|
265 | The port where your proxy server listens. |
|
|
266 | |
|
|
267 | =item http-proxy-auth = login:password |
|
|
268 | |
|
|
269 | The optional login and password used to authenticate to the proxy server, |
|
|
270 | seperated by a literal colon (C<:>). Only basic authentication is |
|
|
271 | currently supported. |
|
|
272 | |
248 | =back |
273 | =back |
249 | |
274 | |
250 | =head2 NODE SPECIFIC SETTINGS |
275 | =head2 NODE SPECIFIC SETTINGS |
251 | |
276 | |
252 | The following settings are node-specific, that is, every node can have |
277 | The following settings are node-specific, that is, every node can have |
… | |
… | |
258 | |
283 | |
259 | =item udp-port = port-number |
284 | =item udp-port = port-number |
260 | |
285 | |
261 | Sets the port number used by the UDP protocol (default: C<407>, not |
286 | Sets the port number used by the UDP protocol (default: C<407>, not |
262 | officially assigned by IANA!). |
287 | officially assigned by IANA!). |
|
|
288 | |
|
|
289 | =item tcp-port = port-number |
|
|
290 | |
|
|
291 | Similar to C<udp-port> (default: C<407>), but sets the TCP port number. |
|
|
292 | |
|
|
293 | =item enable-rawip = yes|true|on | no|false|off |
|
|
294 | |
|
|
295 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
|
|
296 | (default: C<no>). This is the best choice, since the overhead per packet |
|
|
297 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
298 | |
|
|
299 | =item enable-udp = yes|true|on | no|false|off |
|
|
300 | |
|
|
301 | Enable the UDPv4 transport using the C<udp-port> port |
|
|
302 | (default: C<yes>). This is a good general choice since UDP tunnels well |
|
|
303 | through many firewalls. |
|
|
304 | |
|
|
305 | =item enable-tcp = yes|true|on | no|false|off |
|
|
306 | |
|
|
307 | Enable the TCPv4 transport using the C<tcp-port> port |
|
|
308 | (default: C<no>). Support for this horribly unsuitable protocol is only |
|
|
309 | available when vpe was compiled using the C<--enable-tcp> option. Never |
|
|
310 | use this transport unless you really must, it is horribly ineffiecent and |
|
|
311 | resource-intensive compared to the other transports. |
263 | |
312 | |
264 | =item router-priority = positive-number |
313 | =item router-priority = positive-number |
265 | |
314 | |
266 | Sets the router priority of the given host (default: C<0>, disabled). If |
315 | Sets the router priority of the given host (default: C<0>, disabled). If |
267 | some host tries to connect to another host without a hostname, it asks |
316 | some host tries to connect to another host without a hostname, it asks |