ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/doc/vped.conf.5
(Generate patch)

Comparing gvpe/doc/vped.conf.5 (file contents):
Revision 1.3 by pcg, Sun Mar 23 14:49:16 2003 UTC vs.
Revision 1.6 by pcg, Fri Mar 28 18:19:14 2003 UTC

36. ds PI pi 36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" "" 39. ds L" ""
40. ds R" "" 40. ds R" ""
41. ds C` "" 41. ds C`
42. ds C' "" 42. ds C'
43'br\} 43'br\}
44.el\{\ 44.el\{\
45. ds -- \|\(em\| 45. ds -- \|\(em\|
46. ds PI \(*p 46. ds PI \(*p
47. ds L" `` 47. ds L" ``
127.\} 127.\}
128.rm #[ #] #H #V #F C 128.rm #[ #] #H #V #F C
129.\" ======================================================================== 129.\" ========================================================================
130.\" 130.\"
131.IX Title "VPED.CONF 5" 131.IX Title "VPED.CONF 5"
132.TH VPED.CONF 5 "2003-03-23" "0.1" "Virtual Private Ethernet" 132.TH VPED.CONF 5 "2003-03-28" "0.1" "Virtual Private Ethernet"
133.SH "NAME" 133.SH "NAME"
134vped.conf \- vpe daemon configuration file 134vped.conf \- vpe daemon configuration file
135.SH "SYNOPSIS" 135.SH "SYNOPSIS"
136.IX Header "SYNOPSIS" 136.IX Header "SYNOPSIS"
137.Vb 3 137.Vb 3
166The only exception to the above is the \*(L"on\*(R" directive that can prefix any 166The only exception to the above is the \*(L"on\*(R" directive that can prefix any
167\&\f(CW\*(C`name = value\*(C'\fR setting and will only \*(L"execute\*(R" it on the named node, or 167\&\f(CW\*(C`name = value\*(C'\fR setting and will only \*(L"execute\*(R" it on the named node, or
168(if the nodename starts with \*(L"!\*(R") on all nodes except the named one. 168(if the nodename starts with \*(L"!\*(R") on all nodes except the named one.
169.PP 169.PP
170.Vb 3 170.Vb 3
171\& name = value 171\& name = value
172\& on branch1 loglevel = noise 172\& on branch1 loglevel = noise
173\& on !branch2 connect = ondemand 173\& on !branch2 connect = ondemand
174.Ve 174.Ve
175.PP 175.PP
176All settings are executed \*(L"in order\*(R", that is, later settings of the same 176All settings are executed \*(L"in order\*(R", that is, later settings of the same
177variable overwrite earlier ones. 177variable overwrite earlier ones.
178.SH "ANATOMY OF A CONFIG FILE" 178.SH "ANATOMY OF A CONFIG FILE"
214\&\f(CW\*(C`vpectrl\*(C'\fR puts them. 214\&\f(CW\*(C`vpectrl\*(C'\fR puts them.
215.Sp 215.Sp
216Since only the private key file of the current node is used and the 216Since only the private key file of the current node is used and the
217private key file should be kept secret per-host to avoid spoofings, it is 217private key file should be kept secret per-host to avoid spoofings, it is
218not recommended to use this feature. 218not recommended to use this feature.
219.IP "ifpersist = yes|no" 4 219.IP "ifpersist = yes|true|on | no|false|off" 4
220.IX Item "ifpersist = yes|no" 220.IX Item "ifpersist = yes|true|on | no|false|off"
221Should the tun/tap device be made persistent, that is, should the device 221Should the tun/tap device be made persistent, that is, should the device
222stay up even when vped exits? Some versions of the tunnel device have 222stay up even when vped exits? Some versions of the tunnel device have
223problems sending packets when vped is restarted in persistent mode, so 223problems sending packets when vped is restarted in persistent mode, so
224if the connections can be established but you cannot send packets from 224if the connections can be established but you cannot send packets from
225the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the 225the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the
247this information to the \f(CW\*(C`if\-up\*(C'\fR script. 247this information to the \f(CW\*(C`if\-up\*(C'\fR script.
248.Sp 248.Sp
249Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). 249Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp).
250.Sp 250.Sp
251This value must be the minimum of the mtu values of all hosts. 251This value must be the minimum of the mtu values of all hosts.
252.IP "ip-proto = numerical-ip-protocol" 4
253.IX Item "ip-proto = numerical-ip-protocol"
254Sets the protocol number to be used for the rawip protocol. This is a
255global option because all hosts must use the same protocol, and since
256there are no port numbers, you cannot easily run more than one vped
257instance using the same protocol, nor can you share the protocol with
258other programs.
259.Sp
260The default is 47 (\s-1GRE\s0), which has a good chance of tunneling through
261firewalls (but note that the rawip protocol is not \s-1GRE\s0 compatible). Other
262common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 (\s-1IPIP\s0 tunnels) or 98
263(\s-1ENCAP\s0, rfc1241)
264.IP "enable-udp = yes|true|on | no|false|off" 4
265.IX Item "enable-udp = yes|true|on | no|false|off"
266Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port
267(default: \f(CW\*(C`yes\*(C'\fR). This is a good general choice since \s-1UDP\s0 tunnels well
268through many firewalls.
269.IP "enable-rawip = yes|true|on | no|false|off" 4
270.IX Item "enable-rawip = yes|true|on | no|false|off"
271Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol
272(default: \f(CW\*(C`no\*(C'\fR). This is the best choice, since the overhead per packet
273is only 38 bytes, as opposed to \s-1UDP\s0's 58 (or \s-1TCP\s0's 60+).
252.IP "if-up = relative-or-absolute-path" 4 274.IP "if-up = relative-or-absolute-path" 4
253.IX Item "if-up = relative-or-absolute-path" 275.IX Item "if-up = relative-or-absolute-path"
254Sets the path of a script that should be called immediately after the 276Sets the path of a script that should be called immediately after the
255network interface is initialized (but not neccessarily up). The following 277network interface is initialized (but not neccessarily up). The following
256environment variables are passed to it (the values are just examples): 278environment variables are passed to it (the values are just examples):
269.IX Item "MAC=fe:fd:80:00:00:01" 291.IX Item "MAC=fe:fd:80:00:00:01"
270The \s-1MAC\s0 address to set the interface to. The script *must* set the 292The \s-1MAC\s0 address to set the interface to. The script *must* set the
271interface \s-1MAC\s0 to this value. On GNU/Linux you will most likely use this: 293interface \s-1MAC\s0 to this value. On GNU/Linux you will most likely use this:
272.Sp 294.Sp
273.Vb 1 295.Vb 1
274\& ip link set $IFNAME address $MAC mtu $MTU up 296\& ip link set $IFNAME address $MAC mtu $MTU up
275.Ve 297.Ve
276.IP "NODENAME=branch1" 4 298.IP "NODENAME=branch1" 4
277.IX Item "NODENAME=branch1" 299.IX Item "NODENAME=branch1"
278The nickname of the current node, as passed to the vped daemon. 300The nickname of the current node, as passed to the vped daemon.
279.IP "NODEID=1" 4 301.IP "NODEID=1" 4
284.RS 4 306.RS 4
285.Sp 307.Sp
286Here is a simple if-up script: 308Here is a simple if-up script:
287.Sp 309.Sp
288.Vb 5 310.Vb 5
289\& #!/bin/sh 311\& #!/bin/sh
290\& ip link set $IFNAME address $MAC mtu $MTU up 312\& ip link set $IFNAME address $MAC mtu $MTU up
291\& [ $NODENAME = branch1 ] && ip addr add 10.0.0.1 dev $IFNAME 313\& [ $NODENAME = branch1 ] && ip addr add 10.0.0.1 dev $IFNAME
292\& [ $NODENAME = branch2 ] && ip addr add 10.1.0.1 dev $IFNAME 314\& [ $NODENAME = branch2 ] && ip addr add 10.1.0.1 dev $IFNAME
293\& ip route add 10.0.0.0/8 dev $IFNAME 315\& ip route add 10.0.0.0/8 dev $IFNAME
294.Ve 316.Ve
295.Sp 317.Sp
296More complicated examples (using routing to reduce arp traffic) can be 318More complicated examples (using routing to reduce arp traffic) can be
297found in the etc/ subdirectory of the distribution. 319found in the etc/ subdirectory of the distribution.
298.RE 320.RE
325.Sp 347.Sp
326Here is a nontrivial example that uses nsupdate to update the name => ip 348Here is a nontrivial example that uses nsupdate to update the name => ip
327mapping in some dns zone: 349mapping in some dns zone:
328.Sp 350.Sp
329.Vb 6 351.Vb 6
330\& #!/bin/sh 352\& #!/bin/sh
331\& { 353\& {
332\& echo update delete $DESTNODE.lowttl.example.net. a 354\& echo update delete $DESTNODE.lowttl.example.net. a
333\& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP 355\& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP
334\& echo 356\& echo
335\& } | nsupdate -d -k $CONFBASE:key.example.net. 357\& } | nsupdate -d -k $CONFBASE:key.example.net.
336.Ve 358.Ve
337.RE 359.RE
338.IP "node-down = relative-or-absolute-path" 4 360.IP "node-down = relative-or-absolute-path" 4
339.IX Item "node-down = relative-or-absolute-path" 361.IX Item "node-down = relative-or-absolute-path"
340Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. 362Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost.
361try to establish and keep a conenction to the given host), \f(CW\*(C`never\*(C'\fR 383try to establish and keep a conenction to the given host), \f(CW\*(C`never\*(C'\fR
362(nevr initiate a connection to the given host, but accept connections), 384(nevr initiate a connection to the given host, but accept connections),
363\&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and 385\&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and
364take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, 386take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad,
365don't talk to it). 387don't talk to it).
366.IP "inherit-tos = yes|no" 4 388.IP "inherit-tos = yes|true|on | no|false|off" 4
367.IX Item "inherit-tos = yes|no" 389.IX Item "inherit-tos = yes|true|on | no|false|off"
368Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when 390Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when
369sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then 391sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then
370outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent 392outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent
371to the tunnel device, which is usually what you want. 393to the tunnel device, which is usually what you want.
372.IP "compress = yes|no" 4 394.IP "compress = yes|true|on | no|false|off" 4
373.IX Item "compress = yes|no" 395.IX Item "compress = yes|true|on | no|false|off"
374Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR, 396Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR).
375compression is really cheap even on slow computers and has no size 397Compression is really cheap even on slow computers and has no size
376overhead at all). 398overhead at all, so enabling this is a good idea.
377.SH "CONFIG DIRECTORY LAYOUT" 399.SH "CONFIG DIRECTORY LAYOUT"
378.IX Header "CONFIG DIRECTORY LAYOUT" 400.IX Header "CONFIG DIRECTORY LAYOUT"
379The default (or recommended) directory layout for the config directory is: 401The default (or recommended) directory layout for the config directory is:
380.IP "vped.conf" 4 402.IP "vped.conf" 4
381.IX Item "vped.conf" 403.IX Item "vped.conf"
392.IP "pubkey/nodename" 4 414.IP "pubkey/nodename" 4
393.IX Item "pubkey/nodename" 415.IX Item "pubkey/nodename"
394The public keys of the other nodes, one file per node. 416The public keys of the other nodes, one file per node.
395.SH "SEE ALSO" 417.SH "SEE ALSO"
396.IX Header "SEE ALSO" 418.IX Header "SEE ALSO"
397\&\fIvpe\fR\|(8), \fIvped\fR\|(8), \fIvpectrl\fR\|(8). 419\&\fIvpe\fR\|(5), \fIvped\fR\|(8), \fIvpectrl\fR\|(8).
398.SH "AUTHOR" 420.SH "AUTHOR"
399.IX Header "AUTHOR" 421.IX Header "AUTHOR"
400Marc Lehmann <vpe@plan9.de> 422Marc Lehmann <vpe@plan9.de>

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines