| … | |
… | |
| 36 | . ds PI pi |
36 | . ds PI pi |
| 37 | . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch |
37 | . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch |
| 38 | . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch |
38 | . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch |
| 39 | . ds L" "" |
39 | . ds L" "" |
| 40 | . ds R" "" |
40 | . ds R" "" |
| 41 | . ds C` "" |
41 | . ds C` |
| 42 | . ds C' "" |
42 | . ds C' |
| 43 | 'br\} |
43 | 'br\} |
| 44 | .el\{\ |
44 | .el\{\ |
| 45 | . ds -- \|\(em\| |
45 | . ds -- \|\(em\| |
| 46 | . ds PI \(*p |
46 | . ds PI \(*p |
| 47 | . ds L" `` |
47 | . ds L" `` |
| … | |
… | |
| 126 | . ds Ae AE |
126 | . ds Ae AE |
| 127 | .\} |
127 | .\} |
| 128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
| 129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
| 130 | .\" |
130 | .\" |
| 131 | .IX Title "VPED.CONF 5" |
131 | .IX Title "VPED.CONF.5 5" |
| 132 | .TH VPED.CONF 5 "2003-03-24" "0.1" "Virtual Private Ethernet" |
132 | .TH VPED.CONF.5 5 "2003-03-28" "0.1" "Virtual Private Ethernet" |
| 133 | .SH "NAME" |
133 | .SH "NAME" |
| 134 | vped.conf \- vpe daemon configuration file |
134 | vped.conf \- vpe daemon configuration file |
| 135 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
| 136 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
| 137 | .Vb 3 |
137 | .Vb 3 |
| … | |
… | |
| 214 | \&\f(CW\*(C`vpectrl\*(C'\fR puts them. |
214 | \&\f(CW\*(C`vpectrl\*(C'\fR puts them. |
| 215 | .Sp |
215 | .Sp |
| 216 | Since only the private key file of the current node is used and the |
216 | Since only the private key file of the current node is used and the |
| 217 | private key file should be kept secret per-host to avoid spoofings, it is |
217 | private key file should be kept secret per-host to avoid spoofings, it is |
| 218 | not recommended to use this feature. |
218 | not recommended to use this feature. |
| 219 | .IP "ifpersist = yes|no" 4 |
219 | .IP "ifpersist = yes|true|on | no|false|off" 4 |
| 220 | .IX Item "ifpersist = yes|no" |
220 | .IX Item "ifpersist = yes|true|on | no|false|off" |
| 221 | Should the tun/tap device be made persistent, that is, should the device |
221 | Should the tun/tap device be made persistent, that is, should the device |
| 222 | stay up even when vped exits? Some versions of the tunnel device have |
222 | stay up even when vped exits? Some versions of the tunnel device have |
| 223 | problems sending packets when vped is restarted in persistent mode, so |
223 | problems sending packets when vped is restarted in persistent mode, so |
| 224 | if the connections can be established but you cannot send packets from |
224 | if the connections can be established but you cannot send packets from |
| 225 | the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the |
225 | the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the |
| … | |
… | |
| 247 | this information to the \f(CW\*(C`if\-up\*(C'\fR script. |
247 | this information to the \f(CW\*(C`if\-up\*(C'\fR script. |
| 248 | .Sp |
248 | .Sp |
| 249 | Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). |
249 | Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). |
| 250 | .Sp |
250 | .Sp |
| 251 | This value must be the minimum of the mtu values of all hosts. |
251 | This value must be the minimum of the mtu values of all hosts. |
|
|
252 | .IP "ip-proto = numerical-ip-protocol" 4 |
|
|
253 | .IX Item "ip-proto = numerical-ip-protocol" |
|
|
254 | Sets the protocol number to be used for the rawip protocol. This is a |
|
|
255 | global option because all hosts must use the same protocol, and since |
|
|
256 | there are no port numbers, you cannot easily run more than one vped |
|
|
257 | instance using the same protocol, nor can you share the protocol with |
|
|
258 | other programs. |
|
|
259 | .Sp |
|
|
260 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling through |
|
|
261 | firewalls (but note that the rawip protocol is not \s-1GRE\s0 compatible). Other |
|
|
262 | common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 (\s-1IPIP\s0 tunnels) or 98 |
|
|
263 | (\s-1ENCAP\s0, rfc1241) |
|
|
264 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
|
|
265 | .IX Item "enable-udp = yes|true|on | no|false|off" |
|
|
266 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port |
|
|
267 | (default: \f(CW\*(C`yes\*(C'\fR). This is a good general choice since \s-1UDP\s0 tunnels well |
|
|
268 | through many firewalls. |
|
|
269 | .IP "enable-rawip = yes|true|on | no|false|off" 4 |
|
|
270 | .IX Item "enable-rawip = yes|true|on | no|false|off" |
|
|
271 | Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol |
|
|
272 | (default: \f(CW\*(C`no\*(C'\fR). This is the best choice, since the overhead per packet |
|
|
273 | is only 38 bytes, as opposed to \s-1UDP\s0's 58 (or \s-1TCP\s0's 60+). |
| 252 | .IP "if-up = relative-or-absolute-path" 4 |
274 | .IP "if-up = relative-or-absolute-path" 4 |
| 253 | .IX Item "if-up = relative-or-absolute-path" |
275 | .IX Item "if-up = relative-or-absolute-path" |
| 254 | Sets the path of a script that should be called immediately after the |
276 | Sets the path of a script that should be called immediately after the |
| 255 | network interface is initialized (but not neccessarily up). The following |
277 | network interface is initialized (but not neccessarily up). The following |
| 256 | environment variables are passed to it (the values are just examples): |
278 | environment variables are passed to it (the values are just examples): |
| … | |
… | |
| 361 | try to establish and keep a conenction to the given host), \f(CW\*(C`never\*(C'\fR |
383 | try to establish and keep a conenction to the given host), \f(CW\*(C`never\*(C'\fR |
| 362 | (nevr initiate a connection to the given host, but accept connections), |
384 | (nevr initiate a connection to the given host, but accept connections), |
| 363 | \&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and |
385 | \&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and |
| 364 | take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, |
386 | take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, |
| 365 | don't talk to it). |
387 | don't talk to it). |
| 366 | .IP "inherit-tos = yes|no" 4 |
388 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
| 367 | .IX Item "inherit-tos = yes|no" |
389 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
| 368 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
390 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
| 369 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
391 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
| 370 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
392 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
| 371 | to the tunnel device, which is usually what you want. |
393 | to the tunnel device, which is usually what you want. |
| 372 | .IP "compress = yes|no" 4 |
394 | .IP "compress = yes|true|on | no|false|off" 4 |
| 373 | .IX Item "compress = yes|no" |
395 | .IX Item "compress = yes|true|on | no|false|off" |
| 374 | Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR, |
396 | Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR). |
| 375 | compression is really cheap even on slow computers and has no size |
397 | Compression is really cheap even on slow computers and has no size |
| 376 | overhead at all). |
398 | overhead at all, so enabling this is a good idea. |
| 377 | .SH "CONFIG DIRECTORY LAYOUT" |
399 | .SH "CONFIG DIRECTORY LAYOUT" |
| 378 | .IX Header "CONFIG DIRECTORY LAYOUT" |
400 | .IX Header "CONFIG DIRECTORY LAYOUT" |
| 379 | The default (or recommended) directory layout for the config directory is: |
401 | The default (or recommended) directory layout for the config directory is: |
| 380 | .IP "vped.conf" 4 |
402 | .IP "vped.conf" 4 |
| 381 | .IX Item "vped.conf" |
403 | .IX Item "vped.conf" |
| … | |
… | |
| 392 | .IP "pubkey/nodename" 4 |
414 | .IP "pubkey/nodename" 4 |
| 393 | .IX Item "pubkey/nodename" |
415 | .IX Item "pubkey/nodename" |
| 394 | The public keys of the other nodes, one file per node. |
416 | The public keys of the other nodes, one file per node. |
| 395 | .SH "SEE ALSO" |
417 | .SH "SEE ALSO" |
| 396 | .IX Header "SEE ALSO" |
418 | .IX Header "SEE ALSO" |
| 397 | \&\fIvpe\fR\|(8), \fIvped\fR\|(8), \fIvpectrl\fR\|(8). |
419 | \&\fIvpe\fR\|(5), \fIvped\fR\|(8), \fIvpectrl\fR\|(8). |
| 398 | .SH "AUTHOR" |
420 | .SH "AUTHOR" |
| 399 | .IX Header "AUTHOR" |
421 | .IX Header "AUTHOR" |
| 400 | Marc Lehmann <vpe@plan9.de> |
422 | Marc Lehmann <vpe@plan9.de> |
