… | |
… | |
36 | . ds PI pi |
36 | . ds PI pi |
37 | . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch |
37 | . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch |
38 | . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch |
38 | . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch |
39 | . ds L" "" |
39 | . ds L" "" |
40 | . ds R" "" |
40 | . ds R" "" |
41 | . ds C` "" |
41 | . ds C` |
42 | . ds C' "" |
42 | . ds C' |
43 | 'br\} |
43 | 'br\} |
44 | .el\{\ |
44 | .el\{\ |
45 | . ds -- \|\(em\| |
45 | . ds -- \|\(em\| |
46 | . ds PI \(*p |
46 | . ds PI \(*p |
47 | . ds L" `` |
47 | . ds L" `` |
… | |
… | |
126 | . ds Ae AE |
126 | . ds Ae AE |
127 | .\} |
127 | .\} |
128 | .rm #[ #] #H #V #F C |
128 | .rm #[ #] #H #V #F C |
129 | .\" ======================================================================== |
129 | .\" ======================================================================== |
130 | .\" |
130 | .\" |
131 | .IX Title "VPED.CONF 5" |
131 | .IX Title "VPED.CONF.5 5" |
132 | .TH VPED.CONF 5 "2003-03-24" "0.1" "Virtual Private Ethernet" |
132 | .TH VPED.CONF.5 5 "2003-03-28" "0.1" "Virtual Private Ethernet" |
133 | .SH "NAME" |
133 | .SH "NAME" |
134 | vped.conf \- vpe daemon configuration file |
134 | vped.conf \- vpe daemon configuration file |
135 | .SH "SYNOPSIS" |
135 | .SH "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
136 | .IX Header "SYNOPSIS" |
137 | .Vb 3 |
137 | .Vb 3 |
… | |
… | |
214 | \&\f(CW\*(C`vpectrl\*(C'\fR puts them. |
214 | \&\f(CW\*(C`vpectrl\*(C'\fR puts them. |
215 | .Sp |
215 | .Sp |
216 | Since only the private key file of the current node is used and the |
216 | Since only the private key file of the current node is used and the |
217 | private key file should be kept secret per-host to avoid spoofings, it is |
217 | private key file should be kept secret per-host to avoid spoofings, it is |
218 | not recommended to use this feature. |
218 | not recommended to use this feature. |
219 | .IP "ifpersist = yes|no" 4 |
219 | .IP "ifpersist = yes|true|on | no|false|off" 4 |
220 | .IX Item "ifpersist = yes|no" |
220 | .IX Item "ifpersist = yes|true|on | no|false|off" |
221 | Should the tun/tap device be made persistent, that is, should the device |
221 | Should the tun/tap device be made persistent, that is, should the device |
222 | stay up even when vped exits? Some versions of the tunnel device have |
222 | stay up even when vped exits? Some versions of the tunnel device have |
223 | problems sending packets when vped is restarted in persistent mode, so |
223 | problems sending packets when vped is restarted in persistent mode, so |
224 | if the connections can be established but you cannot send packets from |
224 | if the connections can be established but you cannot send packets from |
225 | the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the |
225 | the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the |
… | |
… | |
247 | this information to the \f(CW\*(C`if\-up\*(C'\fR script. |
247 | this information to the \f(CW\*(C`if\-up\*(C'\fR script. |
248 | .Sp |
248 | .Sp |
249 | Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). |
249 | Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). |
250 | .Sp |
250 | .Sp |
251 | This value must be the minimum of the mtu values of all hosts. |
251 | This value must be the minimum of the mtu values of all hosts. |
|
|
252 | .IP "ip-proto = numerical-ip-protocol" 4 |
|
|
253 | .IX Item "ip-proto = numerical-ip-protocol" |
|
|
254 | Sets the protocol number to be used for the rawip protocol. This is a |
|
|
255 | global option because all hosts must use the same protocol, and since |
|
|
256 | there are no port numbers, you cannot easily run more than one vped |
|
|
257 | instance using the same protocol, nor can you share the protocol with |
|
|
258 | other programs. |
|
|
259 | .Sp |
|
|
260 | The default is 47 (\s-1GRE\s0), which has a good chance of tunneling through |
|
|
261 | firewalls (but note that the rawip protocol is not \s-1GRE\s0 compatible). Other |
|
|
262 | common choices are 50 (\s-1IPSEC\s0, \s-1ESP\s0), 51 (\s-1IPSEC\s0, \s-1AH\s0), 4 (\s-1IPIP\s0 tunnels) or 98 |
|
|
263 | (\s-1ENCAP\s0, rfc1241) |
|
|
264 | .IP "enable-udp = yes|true|on | no|false|off" 4 |
|
|
265 | .IX Item "enable-udp = yes|true|on | no|false|off" |
|
|
266 | Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port |
|
|
267 | (default: \f(CW\*(C`yes\*(C'\fR). This is a good general choice since \s-1UDP\s0 tunnels well |
|
|
268 | through many firewalls. |
|
|
269 | .IP "enable-rawip = yes|true|on | no|false|off" 4 |
|
|
270 | .IX Item "enable-rawip = yes|true|on | no|false|off" |
|
|
271 | Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol |
|
|
272 | (default: \f(CW\*(C`no\*(C'\fR). This is the best choice, since the overhead per packet |
|
|
273 | is only 38 bytes, as opposed to \s-1UDP\s0's 58 (or \s-1TCP\s0's 60+). |
252 | .IP "if-up = relative-or-absolute-path" 4 |
274 | .IP "if-up = relative-or-absolute-path" 4 |
253 | .IX Item "if-up = relative-or-absolute-path" |
275 | .IX Item "if-up = relative-or-absolute-path" |
254 | Sets the path of a script that should be called immediately after the |
276 | Sets the path of a script that should be called immediately after the |
255 | network interface is initialized (but not neccessarily up). The following |
277 | network interface is initialized (but not neccessarily up). The following |
256 | environment variables are passed to it (the values are just examples): |
278 | environment variables are passed to it (the values are just examples): |
… | |
… | |
361 | try to establish and keep a conenction to the given host), \f(CW\*(C`never\*(C'\fR |
383 | try to establish and keep a conenction to the given host), \f(CW\*(C`never\*(C'\fR |
362 | (nevr initiate a connection to the given host, but accept connections), |
384 | (nevr initiate a connection to the given host, but accept connections), |
363 | \&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and |
385 | \&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection on the first packet sent, and |
364 | take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, |
386 | take it down after the keepalive interval) or \f(CW\*(C`disabled\*(C'\fR (node is bad, |
365 | don't talk to it). |
387 | don't talk to it). |
366 | .IP "inherit-tos = yes|no" 4 |
388 | .IP "inherit-tos = yes|true|on | no|false|off" 4 |
367 | .IX Item "inherit-tos = yes|no" |
389 | .IX Item "inherit-tos = yes|true|on | no|false|off" |
368 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
390 | Wether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when |
369 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
391 | sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then |
370 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
392 | outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent |
371 | to the tunnel device, which is usually what you want. |
393 | to the tunnel device, which is usually what you want. |
372 | .IP "compress = yes|no" 4 |
394 | .IP "compress = yes|true|on | no|false|off" 4 |
373 | .IX Item "compress = yes|no" |
395 | .IX Item "compress = yes|true|on | no|false|off" |
374 | Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR, |
396 | Wether to compress data packets sent to this host (default: \f(CW\*(C`yes\*(C'\fR). |
375 | compression is really cheap even on slow computers and has no size |
397 | Compression is really cheap even on slow computers and has no size |
376 | overhead at all). |
398 | overhead at all, so enabling this is a good idea. |
377 | .SH "CONFIG DIRECTORY LAYOUT" |
399 | .SH "CONFIG DIRECTORY LAYOUT" |
378 | .IX Header "CONFIG DIRECTORY LAYOUT" |
400 | .IX Header "CONFIG DIRECTORY LAYOUT" |
379 | The default (or recommended) directory layout for the config directory is: |
401 | The default (or recommended) directory layout for the config directory is: |
380 | .IP "vped.conf" 4 |
402 | .IP "vped.conf" 4 |
381 | .IX Item "vped.conf" |
403 | .IX Item "vped.conf" |
… | |
… | |
392 | .IP "pubkey/nodename" 4 |
414 | .IP "pubkey/nodename" 4 |
393 | .IX Item "pubkey/nodename" |
415 | .IX Item "pubkey/nodename" |
394 | The public keys of the other nodes, one file per node. |
416 | The public keys of the other nodes, one file per node. |
395 | .SH "SEE ALSO" |
417 | .SH "SEE ALSO" |
396 | .IX Header "SEE ALSO" |
418 | .IX Header "SEE ALSO" |
397 | \&\fIvpe\fR\|(8), \fIvped\fR\|(8), \fIvpectrl\fR\|(8). |
419 | \&\fIvpe\fR\|(5), \fIvped\fR\|(8), \fIvpectrl\fR\|(8). |
398 | .SH "AUTHOR" |
420 | .SH "AUTHOR" |
399 | .IX Header "AUTHOR" |
421 | .IX Header "AUTHOR" |
400 | Marc Lehmann <vpe@plan9.de> |
422 | Marc Lehmann <vpe@plan9.de> |