Commit | Line | Data |
---|---|---|
6005ef9b MW |
1 | ;;; -*-conf-windows-*- |
2 | ;;; | |
3 | ;;; Peers description file | |
4 | ;;; | |
288fc12b MW |
5 | ;;; New installations will clobber this file. Therefore you're best off not |
6 | ;;; editing this file directly; instead, drop a file containing your | |
7 | ;;; overridden settings alongside. | |
6005ef9b MW |
8 | |
9 | ;;;-------------------------------------------------------------------------- | |
10 | ;;; Global defaults. | |
11 | ;;; | |
12 | ;;; The paramaters here affect all peer definitions. It mainly contains | |
13 | ;;; information about the local site. You will need to customize it. | |
14 | ||
15 | [@GLOBAL] | |
16 | ||
17 | ;; domain: the domain name for your VPN; used to form default tunnel | |
18 | ;; addresses. | |
19 | domain = vpn.example.com | |
20 | ||
21 | ;; myhost: my (internal) host name; used by the default laddr. | |
22 | myhost = thishost | |
23 | ||
24 | ;; laddr: the local address for point-to-point interfaces. | |
25 | laddr = $[$(myhost).$(domain)] | |
26 | ||
27 | ;; raddr: the remote address for point-to-point interfaces. | |
28 | raddr = $[$(name).$(domain)] | |
29 | ||
30 | ;; ifname: the name to set on point-to-point interfaces. | |
31 | ifname = vpn-$(name) | |
32 | ||
33 | ;; ifup: script to set up a tunnel interface ready for use. The installed | |
34 | ;; script is good for Linux hosts. | |
35 | ifup = /usr/sbin/tripe-ifup | |
36 | ||
37 | ;; every: interval for checking that this connection is alive. | |
38 | every = 2m | |
39 | ||
40 | ;; timeout: how long to wait for a ping response before giving up. | |
41 | timeout = 10s | |
42 | ||
43 | ;; retries: how many ping attempts to make before declaring the connection | |
44 | ;; dead. | |
45 | retries = 5 | |
46 | ||
47 | ;;;-------------------------------------------------------------------------- | |
48 | ;;; Active-peers defaults. | |
49 | ;;; | |
50 | ;;; The parameters here affect both active and dynamic connections. The | |
51 | ;;; defaults should be good for most sites, though you may wish to add extra | |
52 | ;;; settings. | |
53 | ||
54 | [@ACTIVE] | |
55 | @inherit = @GLOBAL | |
56 | ||
57 | ;; port: the port on which the peer's tripe(8) daemon is running. The | |
58 | ;; default is the port officially allocated by IANA. | |
59 | port = 4070 | |
60 | ||
61 | ;; host: the external host name (or dotted-quad IP address) of the host | |
62 | ;; running tripe(8). This should be overridden explicitly in each peer | |
63 | ;; definition. | |
64 | host = override-me | |
65 | ||
66 | ;; peer: the address specification (see tripe-admin(5)) to use to connect to | |
67 | ;; the remote peer. | |
68 | peer = INET $[$(host)] $(port) | |
69 | ||
70 | ;;;-------------------------------------------------------------------------- | |
71 | ;;; Dynamic-peers defaults. | |
72 | ;;; | |
73 | ;;; The parameters here affect peers to whom dynamic connections are made. | |
74 | ;;; The user and connect parameters probably need customizing. | |
75 | ||
76 | [@DYNAMIC] | |
77 | @inherit = @ACTIVE | |
78 | ||
79 | ;; cork: whether to wait for a key-exchange packet from the peer before | |
80 | ;; sending one of our own. | |
81 | cork = t | |
82 | ||
83 | ;; ssh-user: user to connect as; used by the connect parameter. | |
84 | ssh-user = tripe | |
85 | ||
86 | ;; connect: shell command to use to wake up the remote peer and establish the | |
87 | ;; connection. | |
88 | connect = ssh -q $(ssh-user)@$[$(host)] | |
89 | ||
90 | ;; keepalive: how often to send NOP packets to keep the connection alive, at | |
91 | ;; least in the minds of intermediate stateful firewalls and NAT routers. | |
92 | keepalive = 2m | |
93 | ||
94 | ;; watch: whether to watch this connection and retry it if it drops. | |
95 | watch = t | |
96 | ||
97 | ;;;-------------------------------------------------------------------------- | |
98 | ;;; Passive-peers defaults. | |
99 | ;;; | |
100 | ;;; The parameters here affect passive peers, i.e., those to whom dynamic | |
101 | ;;; connections are made. The dynamic connection protocol establishes most | |
102 | ;;; of the parameters and these defaults are probably pretty good. | |
103 | ||
104 | [@PASSIVE] | |
105 | @inherit = @GLOBAL | |
106 | ||
107 | ;; peer: mark this entry as being a passive peer. | |
108 | peer = PASSIVE | |
109 | ||
110 | ;; user: the string which the dynamic peer's connect command will present to | |
111 | ;; the CONNECT service. | |
112 | user = $(name) | |
113 | ||
114 | ;; watch: whether to watch this connection and drop it if it dies. | |
115 | watch = t | |
116 | ||
117 | ;;;----- That's all, folks -------------------------------------------------- |