# renegotiate-time set up a new key if we see any traffic after this time
# Defaults that may be overridden on a per-site basis:
-setup-retries 10;
-setup-timeout 2000;
+#setup-retries 10;
+#setup-timeout 2000;
# Use the universal TUN/TAP driver to get packets to and from the kernel,
# through a single interface. secnet will act as a router; it requires
local-name "your-site-name";
local-key rsa-private("/etc/secnet/key");
+# Are we a mobile site?
+#local-mobile true;
+
# On dodgy links you may want to specify a higher maximum sequence number skew
-transform eax-serpent, serpent256-cbc;
+transform eax-serpent { }, serpent256-cbc { };
include /etc/secnet/sites.conf
# If you want to communicate with all the VPN sites, you can use something
# like the following:
-sites map(site,vpn/example/all-sites);
+sites map(site,all-sites);
+
+# Or with a particular VPN
+#sites map(site,vpn/Vexample/all-sites);
# If you only want to communicate with a subset of the VPN sites, list
# them explicitly:
# sites map(site,vpn/example/location1,vpn/example/location2);
+# This file is placed in the public domain (insofar as possible.)
+# Authors: Stephen Early, Ian Jackson