# setup-retries max retransmits of a key setup packet
# setup-timeout wait between retransmits of key setup packets, in ms
# wait-time wait between unsuccessful key setup attempts, in ms
+# renegotiate-time set up a new key if we see any traffic after this time
# Use the universal TUN/TAP driver to get packets to and from the kernel
# (use tun-old if you are not on Linux-2.4)
};
# log is defined earlier - we share it with the system
-log-events "init","up","down"; # XXX not yet used
+log-events "setup-init","setup-timeout","activate-key","timeout-key","errors",
+ "security";
# A source of random bits for nonces and session keys. The 'no' specifies
# that it's non-blocking. XXX 'yes' isn't implemented yet.
# a newer version. MAKE SURE YOU GET AN AUTHENTIC COPY OF THE FILE - it
# contains public keys for all sites.
-# Do not include your own site in this list!
-
sites
site(example-vpn/some-site),
site(example-vpn/some-other-site),
site(example-vpn/a-third-site);
+
+# If you want to communicate with all the VPN sites, you can use something
+# like the following instead:
+
+# sites map(site,makelist(example-vpn));