[tripe] / peerdb / peers.in

;;; -*-conf-windows-*-
;;;
;;; Peers description file
;;;
;;; New installations will clobber this file.  Therefore you're best off not
;;; editing this file directly; instead, drop a file containing your
;;; overridden settings alongside.

;;;--------------------------------------------------------------------------
;;; Global defaults.
;;;
;;; The paramaters here affect all peer definitions.  It mainly contains
;;; information about the local site.  You will need to customize it.

[@GLOBAL]

;; domain: the domain name for your VPN; used to form default tunnel
;; addresses.
domain = vpn.example.com

;; myhost: my (internal) host name; used by the default laddr.
myhost = thishost

;; laddr: the local address for point-to-point interfaces.
laddr = $[$(myhost).$(domain)]

;; raddr: the remote address for point-to-point interfaces.
raddr = $[$(name).$(domain)]

;; ifname: the name to set on point-to-point interfaces.
ifname = vpn-$(name)

;; ifup: script to set up a tunnel interface ready for use.  The installed
;; script is good for Linux hosts.
ifup = /usr/sbin/tripe-ifup

;; every: interval for checking that this connection is alive.
every = 2m

;; timeout: how long to wait for a ping response before giving up.
timeout = 10s

;; retries: how many ping attempts to make before declaring the connection
;; dead.
retries = 5

;;;--------------------------------------------------------------------------
;;; Active-peers defaults.
;;;
;;; The parameters here affect both active and dynamic connections.  The
;;; defaults should be good for most sites, though you may wish to add extra
;;; settings.

[@ACTIVE]
@inherit = @GLOBAL

;; port: the port on which the peer's tripe(8) daemon is running.  The
;; default is the port officially allocated by IANA.
port = 4070

;; host: the external host name (or dotted-quad IP address) of the host
;; running tripe(8).  This should be overridden explicitly in each peer
;; definition.
host = override-me

;; peer: the address specification (see tripe-admin(5)) to use to connect to
;; the remote peer.
peer = INET $[$(host)] $(port)

;;;--------------------------------------------------------------------------
;;; Dynamic-peers defaults.
;;;
;;; The parameters here affect peers to whom dynamic connections are made.
;;; The user and connect parameters probably need customizing.

[@DYNAMIC]
@inherit = @ACTIVE

;; cork: whether to wait for a key-exchange packet from the peer before
;; sending one of our own.
cork = t

;; ssh-user: user to connect as; used by the connect parameter.
ssh-user = tripe

;; connect: shell command to use to wake up the remote peer and establish the
;; connection.
connect = ssh -q $(ssh-user)@$[$(host)] hello

;; disconnect: shell command to use to shut the remote peer down.
disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye

;; keepalive: how often to send NOP packets to keep the connection alive, at
;; least in the minds of intermediate stateful firewalls and NAT routers.
keepalive = 2m

;; watch: whether to watch this connection and retry it if it drops.
watch = t

;;;--------------------------------------------------------------------------
;;; Passive-peers defaults.
;;;
;;; The parameters here affect passive peers, i.e., those to whom dynamic
;;; connections are made.  The dynamic connection protocol establishes most
;;; of the parameters and these defaults are probably pretty good.

[@PASSIVE]
@inherit = @GLOBAL

;; peer: mark this entry as being a passive peer.
peer = PASSIVE

;; mobile: mark this peer as likely to change its external address without
;; warning.
mobile = t

;; user: the string which the dynamic peer's connect command will present to
;; the CONNECT service.
user = $(name)

;; watch: whether to watch this connection and drop it if it dies.
watch = t

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	;;; --conf-windows--
	2	;;;
	3	;;; Peers description file
	4	;;;
288fc12b MW	5	;;; New installations will clobber this file. Therefore you're best off not
	6	;;; editing this file directly; instead, drop a file containing your
	7	;;; overridden settings alongside.
6005ef9b MW	8
	9	;;;--------------------------------------------------------------------------
	10	;;; Global defaults.
	11	;;;
	12	;;; The paramaters here affect all peer definitions. It mainly contains
	13	;;; information about the local site. You will need to customize it.
	14
	15	[@GLOBAL]
	16
	17	;; domain: the domain name for your VPN; used to form default tunnel
	18	;; addresses.
	19	domain = vpn.example.com
	20
	21	;; myhost: my (internal) host name; used by the default laddr.
	22	myhost = thishost
	23
	24	;; laddr: the local address for point-to-point interfaces.
	25	laddr = $[$(myhost).$(domain)]
	26
	27	;; raddr: the remote address for point-to-point interfaces.
	28	raddr = $[$(name).$(domain)]
	29
	30	;; ifname: the name to set on point-to-point interfaces.
	31	ifname = vpn-$(name)
	32
	33	;; ifup: script to set up a tunnel interface ready for use. The installed
	34	;; script is good for Linux hosts.
	35	ifup = /usr/sbin/tripe-ifup
	36
	37	;; every: interval for checking that this connection is alive.
	38	every = 2m
	39
	40	;; timeout: how long to wait for a ping response before giving up.
	41	timeout = 10s
	42
	43	;; retries: how many ping attempts to make before declaring the connection
	44	;; dead.
	45	retries = 5
	46
	47	;;;--------------------------------------------------------------------------
	48	;;; Active-peers defaults.
	49	;;;
	50	;;; The parameters here affect both active and dynamic connections. The
	51	;;; defaults should be good for most sites, though you may wish to add extra
	52	;;; settings.
	53
	54	[@ACTIVE]
	55	@inherit = @GLOBAL
	56
	57	;; port: the port on which the peer's tripe(8) daemon is running. The
	58	;; default is the port officially allocated by IANA.
	59	port = 4070
	60
	61	;; host: the external host name (or dotted-quad IP address) of the host
	62	;; running tripe(8). This should be overridden explicitly in each peer
	63	;; definition.
	64	host = override-me
	65
	66	;; peer: the address specification (see tripe-admin(5)) to use to connect to
	67	;; the remote peer.
	68	peer = INET $[$(host)] $(port)
	69
	70	;;;--------------------------------------------------------------------------
	71	;;; Dynamic-peers defaults.
72	;;;
73	;;; The parameters here affect peers to whom dynamic connections are made.
74	;;; The user and connect parameters probably need customizing.
75
76	[@DYNAMIC]
77	@inherit = @ACTIVE
78
79	;; cork: whether to wait for a key-exchange packet from the peer before
80	;; sending one of our own.
81	cork = t
82
83	;; ssh-user: user to connect as; used by the connect parameter.
84	ssh-user = tripe
85
86	;; connect: shell command to use to wake up the remote peer and establish the
87	;; connection.
d3731285 MW	88	connect = ssh -q $(ssh-user)@$[$(host)] hello
	89
	90	;; disconnect: shell command to use to shut the remote peer down.
	91	disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye
6005ef9b MW	92
	93	;; keepalive: how often to send NOP packets to keep the connection alive, at
	94	;; least in the minds of intermediate stateful firewalls and NAT routers.
	95	keepalive = 2m
	96
	97	;; watch: whether to watch this connection and retry it if it drops.
	98	watch = t
	99
	100	;;;--------------------------------------------------------------------------
	101	;;; Passive-peers defaults.
	102	;;;
	103	;;; The parameters here affect passive peers, i.e., those to whom dynamic
	104	;;; connections are made. The dynamic connection protocol establishes most
	105	;;; of the parameters and these defaults are probably pretty good.
	106
	107	[@PASSIVE]
	108	@inherit = @GLOBAL
	109
	110	;; peer: mark this entry as being a passive peer.
	111	peer = PASSIVE
	112
ff5c5e63 MW	113	;; mobile: mark this peer as likely to change its external address without
	114	;; warning.
	115	mobile = t
	116
6005ef9b MW	117	;; user: the string which the dynamic peer's connect command will present to
	118	;; the CONNECT service.
	119	user = $(name)
	120
	121	;; watch: whether to watch this connection and drop it if it dies.
	122	watch = t
	123
	124	;;;----- That's all, folks --------------------------------------------------