… | |
… | |
83 | |
83 | |
84 | Since only the private key file of the current node is used and the |
84 | Since only the private key file of the current node is used and the |
85 | private key file should be kept secret per-host to avoid spoofings, it is |
85 | private key file should be kept secret per-host to avoid spoofings, it is |
86 | not recommended to use this feature. |
86 | not recommended to use this feature. |
87 | |
87 | |
88 | =item ifpersist = yes|no |
88 | =item ifpersist = yes|true|on | no|false|off |
89 | |
89 | |
90 | Should the tun/tap device be made persistent, that is, should the device |
90 | Should the tun/tap device be made persistent, that is, should the device |
91 | stay up even when vped exits? Some versions of the tunnel device have |
91 | stay up even when vped exits? Some versions of the tunnel device have |
92 | problems sending packets when vped is restarted in persistent mode, so |
92 | problems sending packets when vped is restarted in persistent mode, so |
93 | if the connections can be established but you cannot send packets from |
93 | if the connections can be established but you cannot send packets from |
… | |
… | |
121 | |
121 | |
122 | Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). |
122 | Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). |
123 | |
123 | |
124 | This value must be the minimum of the mtu values of all hosts. |
124 | This value must be the minimum of the mtu values of all hosts. |
125 | |
125 | |
|
|
126 | =item ip-proto = numerical-ip-protocol |
|
|
127 | |
|
|
128 | Sets the protocol number to be used for the rawip protocol. This is a |
|
|
129 | global option because all hosts must use the same protocol, and since |
|
|
130 | there are no port numbers, you cannot easily run more than one vped |
|
|
131 | instance using the same protocol, nor can you share the protocol with |
|
|
132 | other programs. |
|
|
133 | |
|
|
134 | The default is 47 (GRE), which has a good chance of tunneling through |
|
|
135 | firewalls (but note that the rawip protocol is not GRE compatible). Other |
|
|
136 | common choices are 50 (IPSEC, ESP), 51 (IPSEC, AH), 4 (IPIP tunnels) or 98 |
|
|
137 | (ENCAP, rfc1241) |
|
|
138 | |
|
|
139 | =item enable-udp = yes|true|on | no|false|off |
|
|
140 | |
|
|
141 | Enable the UDPv4 transport using the C<udp-port> port |
|
|
142 | (default: C<yes>). This is a good general choice since UDP tunnels well |
|
|
143 | through many firewalls. |
|
|
144 | |
|
|
145 | =item enable-rawip = yes|true|on | no|false|off |
|
|
146 | |
|
|
147 | Enable the RAW IPv4 transport using the C<ip-proto> protocol |
|
|
148 | (default: C<no>). This is the best choice, since the overhead per packet |
|
|
149 | is only 38 bytes, as opposed to UDP's 58 (or TCP's 60+). |
|
|
150 | |
126 | =item if-up = relative-or-absolute-path |
151 | =item if-up = relative-or-absolute-path |
127 | |
152 | |
128 | Sets the path of a script that should be called immediately after the |
153 | Sets the path of a script that should be called immediately after the |
129 | network interface is initialized (but not neccessarily up). The following |
154 | network interface is initialized (but not neccessarily up). The following |
130 | environment variables are passed to it (the values are just examples): |
155 | environment variables are passed to it (the values are just examples): |
… | |
… | |
251 | (nevr initiate a connection to the given host, but accept connections), |
276 | (nevr initiate a connection to the given host, but accept connections), |
252 | C<ondemand> (try to establish a connection on the first packet sent, and |
277 | C<ondemand> (try to establish a connection on the first packet sent, and |
253 | take it down after the keepalive interval) or C<disabled> (node is bad, |
278 | take it down after the keepalive interval) or C<disabled> (node is bad, |
254 | don't talk to it). |
279 | don't talk to it). |
255 | |
280 | |
256 | =item inherit-tos = yes|no |
281 | =item inherit-tos = yes|true|on | no|false|off |
257 | |
282 | |
258 | Wether to inherit the TOS settings of packets sent to the tunnel when |
283 | Wether to inherit the TOS settings of packets sent to the tunnel when |
259 | sending packets to this node (default: C<yes>). If set to C<yes> then |
284 | sending packets to this node (default: C<yes>). If set to C<yes> then |
260 | outgoing tunnel packets will have the same TOS setting as the packets sent |
285 | outgoing tunnel packets will have the same TOS setting as the packets sent |
261 | to the tunnel device, which is usually what you want. |
286 | to the tunnel device, which is usually what you want. |
262 | |
287 | |
263 | =item compress = yes|no |
288 | =item compress = yes|true|on | no|false|off |
264 | |
289 | |
265 | Wether to compress data packets sent to this host (default: C<yes>, |
290 | Wether to compress data packets sent to this host (default: C<yes>). |
266 | compression is really cheap even on slow computers and has no size |
291 | Compression is really cheap even on slow computers and has no size |
267 | overhead at all). |
292 | overhead at all, so enabling this is a good idea. |
268 | |
293 | |
269 | =back |
294 | =back |
270 | |
295 | |
271 | =head1 CONFIG DIRECTORY LAYOUT |
296 | =head1 CONFIG DIRECTORY LAYOUT |
272 | |
297 | |