example.conf: Add a commented-out mobile site setting

[secnet.git] / example.conf

diff --git a/example.conf b/example.conf
index d6908ff7c820c0b13b0c9e798d0e1c72b7b13f93..719f7e78f1ef15815d92165c92da7539bf762269 100644 (file)
--- a/example.conf
+++ b/example.conf
@@ -67,8 +67,8 @@ system {
 # renegotiate-time      set up a new key if we see any traffic after this time
 
 # Defaults that may be overridden on a per-site basis:
-setup-retries 10;
-setup-timeout 2000;
+#setup-retries 10;
+#setup-timeout 2000;
 
 # Use the universal TUN/TAP driver to get packets to and from the kernel,
 # through a single interface.  secnet will act as a router; it requires
@@ -147,10 +147,11 @@ random randomfile("/dev/urandom",no);
 local-name "your-site-name";
 local-key rsa-private("/etc/secnet/key");
 
+# Are we a mobile site?
+#local-mobile true;
+
 # On dodgy links you may want to specify a higher maximum sequence number skew
-transform serpent256-cbc {
-       max-sequence-skew 10;
-};
+transform eax-serpent { }, serpent256-cbc { };
 
 include /etc/secnet/sites.conf
 
@@ -162,7 +163,10 @@ include /etc/secnet/sites.conf
 # If you want to communicate with all the VPN sites, you can use something
 # like the following:
 
-sites map(site,vpn/example/all-sites);
+sites map(site,all-sites);
+
+# Or with a particular VPN
+#sites map(site,vpn/Vexample/all-sites);
 
 # If you only want to communicate with a subset of the VPN sites, list
 # them explicitly:
@@ -176,3 +180,5 @@ sites map(site,vpn/example/all-sites);
 
 # sites map(site,vpn/example/location1,vpn/example/location2);
 
+# This file is placed in the public domain (insofar as possible.)
+# Authors:  Stephen Early, Ian Jackson