X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=example.conf;h=634467c9e6c12a3279daa40617c52dc50367bca5;hb=4f5e39ecfaa49376b0a5c3a4c384e91a828c1105;hp=b6d5dc2818845caafd01df1032f490f4a67ef7fc;hpb=d3fe100dfc120244d316e083ce87b1eb130fe4fd;p=secnet.git diff --git a/example.conf b/example.conf index b6d5dc2..634467c 100644 --- a/example.conf +++ b/example.conf @@ -65,22 +65,18 @@ setup-retries 10; setup-timeout 2000; # Use the universal TUN/TAP driver to get packets to and from the kernel -# (use tun-old if you are not on Linux-2.4) netlink tun { name "netlink-tun"; # Printed in log messages from this netlink # interface "tun0"; # You may set your own interface name if you wish; # if you don't one will be chosen for you. # device "/dev/net/tun"; - # local networks served by this netlink device - # incoming tunneled packets for other networks will be discarded - networks "192.168.x.x/24", "192.168.x.x/24", "172.x.x.x/24"; local-address "192.168.x.x"; # IP address of host's tunnel interface secnet-address "192.168.x.x"; # IP address of this secnet # Tunnels are only allowed to use these networks; attempts to # claim IP addresses in any other ranges is a configuration error - remote-networks "192.168.0.0/24", "172.16.0.0/12", "10.0.0.0/8"; + remote-networks "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"; # MTU of the tunnel interface. Should be kept under the path-MTU # (by at least 60 bytes) between this secnet and its peers for @@ -152,10 +148,10 @@ include /etc/secnet/sites.conf # a newer version. MAKE SURE YOU GET AN AUTHENTIC COPY OF THE FILE - it # contains public keys for all sites. -sites - site(vpn-data/example/location1/site1), - site(vpn-data/example/location2/site1), - site(vpn-data/example/location2/site2); +sites map(site, + vpn-data/example/location1/site1, + vpn-data/example/location2/site1, + vpn-data/example/location2/site2); # If you want to communicate with all the VPN sites, you can use something # like the following instead: