[tripe] / peerdb / peers.in

;;; -*-conf-windows-*-
;;;
;;; Peers description file
;;;
;;; New installations will clobber this file.  Therefore you're best off not
;;; editing this file directly; instead, drop a file containing your
;;; overridden settings alongside.

;;;--------------------------------------------------------------------------
;;; Global defaults.
;;;
;;; The paramaters here affect all peer definitions.  It mainly contains
;;; information about the local site.  You will need to customize it.

[@GLOBAL]

;; domain: the domain name for your VPN; used to form default tunnel
;; addresses.
domain = vpn.example.com

;; myhost: my (internal) host name; used by the default laddr.
myhost = thishost

;; laddr: the local address for point-to-point interfaces.
laddr = $[$(myhost).$(domain)]

;; raddr: the remote address for point-to-point interfaces.
raddr = $[$(name).$(domain)]

;; ifname: the name to set on point-to-point interfaces.
ifname = vpn-$(name)

;; ifup: script to set up a tunnel interface ready for use.  The installed
;; script is good for Linux hosts.
ifup = /usr/sbin/tripe-ifup

;;;--------------------------------------------------------------------------
;;; Active-peers defaults.
;;;
;;; The parameters here affect both active and dynamic connections.  The
;;; defaults should be good for most sites, though you may wish to add extra
;;; settings.

[@ACTIVE]
@inherit = @GLOBAL

;; port: the port on which the peer's tripe(8) daemon is running.  The
;; default is the port officially allocated by IANA.
port = 4070

;; host: the external host name (or dotted-quad IP address) of the host
;; running tripe(8).  This should be overridden explicitly in each peer
;; definition.
host = override-me

;; peer: the address specification (see tripe-admin(5)) to use to connect to
;; the remote peer.
peer = INET $[$(host)] $(port)

;;;--------------------------------------------------------------------------
;;; Temporary association defaults.
;;;
;;; These are settings common to both dynamic and passive peers.

[@WATCH]
@inherit = @GLOBAL

;; watch: whether to watch this connection and drop it if it dies.
watch = t

;; timeout: how long to wait for a ping response before giving up.
timeout = 10s

;; retries: how many ping attempts to make before declaring the connection
;; dead.
retries = 5

;;;--------------------------------------------------------------------------
;;; Dynamic-peers defaults.
;;;
;;; The parameters here affect peers to whom dynamic connections are made.
;;; The user and connect parameters probably need customizing.

[@KNOCK]
@inherit = @ACTIVE, @WATCH

;; keepalive: how often to send NOP packets to keep the connection alive, at
;; least in the minds of intermediate stateful firewalls and NAT routers.
keepalive = 2m

;; every: interval for checking that this connection is alive.
every = 30s

;; knock: peer-name string to send to the peer.
knock = $(myhost)

[@DYNAMIC]
@inherit = @ACTIVE, @WATCH

;; cork: whether to wait for a key-exchange packet from the peer before
;; sending one of our own.
cork = t

;; ssh-user: user to connect as; used by the connect parameter.
ssh-user = tripe

;; connect: shell command to use to wake up the remote peer and establish the
;; connection.
connect = ssh -q $(ssh-user)@$[$(host)] hello

;; disconnect: shell command to use to shut the remote peer down.
disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye

;; keepalive: how often to send NOP packets to keep the connection alive, at
;; least in the minds of intermediate stateful firewalls and NAT routers.
keepalive = 2m

;; every: interval for checking that this connection is alive.
every = 30s

;;;--------------------------------------------------------------------------
;;; Passive-peers defaults.
;;;
;;; The parameters here affect passive peers, i.e., those to whom dynamic
;;; connections are made.  The dynamic connection protocol establishes most
;;; of the parameters and these defaults are probably pretty good.

[@PASSIVE]
@inherit = @WATCH

;; peer: mark this entry as being a passive peer.
peer = PASSIVE

;; mobile: mark this peer as likely to change its external address without
;; warning.
mobile = t

;; user: the string which the dynamic peer's connect command will present to
;; the CONNECT service.
user = $(name)

;; every: interval for checking that this connection is alive: should be at
;; least twice as long as the dynamic peer interval.
every = 5m

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	;;; --conf-windows--
	2	;;;
	3	;;; Peers description file
	4	;;;
288fc12b MW	5	;;; New installations will clobber this file. Therefore you're best off not
	6	;;; editing this file directly; instead, drop a file containing your
	7	;;; overridden settings alongside.
6005ef9b MW	8
	9	;;;--------------------------------------------------------------------------
	10	;;; Global defaults.
	11	;;;
	12	;;; The paramaters here affect all peer definitions. It mainly contains
	13	;;; information about the local site. You will need to customize it.
	14
	15	[@GLOBAL]
	16
	17	;; domain: the domain name for your VPN; used to form default tunnel
	18	;; addresses.
	19	domain = vpn.example.com
	20
	21	;; myhost: my (internal) host name; used by the default laddr.
	22	myhost = thishost
	23
	24	;; laddr: the local address for point-to-point interfaces.
	25	laddr = $[$(myhost).$(domain)]
	26
	27	;; raddr: the remote address for point-to-point interfaces.
	28	raddr = $[$(name).$(domain)]
	29
	30	;; ifname: the name to set on point-to-point interfaces.
	31	ifname = vpn-$(name)
	32
	33	;; ifup: script to set up a tunnel interface ready for use. The installed
	34	;; script is good for Linux hosts.
	35	ifup = /usr/sbin/tripe-ifup
	36
6005ef9b MW	37	;;;--------------------------------------------------------------------------
	38	;;; Active-peers defaults.
	39	;;;
	40	;;; The parameters here affect both active and dynamic connections. The
	41	;;; defaults should be good for most sites, though you may wish to add extra
	42	;;; settings.
	43
	44	[@ACTIVE]
	45	@inherit = @GLOBAL
	46
	47	;; port: the port on which the peer's tripe(8) daemon is running. The
	48	;; default is the port officially allocated by IANA.
	49	port = 4070
	50
	51	;; host: the external host name (or dotted-quad IP address) of the host
	52	;; running tripe(8). This should be overridden explicitly in each peer
	53	;; definition.
	54	host = override-me
	55
	56	;; peer: the address specification (see tripe-admin(5)) to use to connect to
	57	;; the remote peer.
	58	peer = INET $[$(host)] $(port)
	59
02c99524 MW	60	;;;--------------------------------------------------------------------------
	61	;;; Temporary association defaults.
	62	;;;
	63	;;; These are settings common to both dynamic and passive peers.
	64
	65	[@WATCH]
	66	@inherit = @GLOBAL
	67
	68	;; watch: whether to watch this connection and drop it if it dies.
	69	watch = t
	70
	71	;; timeout: how long to wait for a ping response before giving up.
	72	timeout = 10s
	73
	74	;; retries: how many ping attempts to make before declaring the connection
	75	;; dead.
	76	retries = 5
	77
6005ef9b MW	78	;;;--------------------------------------------------------------------------
	79	;;; Dynamic-peers defaults.
	80	;;;
	81	;;; The parameters here affect peers to whom dynamic connections are made.
	82	;;; The user and connect parameters probably need customizing.
	83
8362ac1c MW	84	[@KNOCK]
	85	@inherit = @ACTIVE, @WATCH
	86
	87	;; keepalive: how often to send NOP packets to keep the connection alive, at
	88	;; least in the minds of intermediate stateful firewalls and NAT routers.
	89	keepalive = 2m
	90
	91	;; every: interval for checking that this connection is alive.
	92	every = 30s
	93
	94	;; knock: peer-name string to send to the peer.
	95	knock = $(myhost)
	96
6005ef9b	97	[@DYNAMIC]
02c99524	98	@inherit = @ACTIVE, @WATCH
6005ef9b MW	99
	100	;; cork: whether to wait for a key-exchange packet from the peer before
	101	;; sending one of our own.
	102	cork = t
	103
	104	;; ssh-user: user to connect as; used by the connect parameter.
	105	ssh-user = tripe
	106
	107	;; connect: shell command to use to wake up the remote peer and establish the
	108	;; connection.
d3731285 MW	109	connect = ssh -q $(ssh-user)@$[$(host)] hello
	110
	111	;; disconnect: shell command to use to shut the remote peer down.
	112	disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye
6005ef9b MW	113
	114	;; keepalive: how often to send NOP packets to keep the connection alive, at
	115	;; least in the minds of intermediate stateful firewalls and NAT routers.
	116	keepalive = 2m
	117
02c99524 MW	118	;; every: interval for checking that this connection is alive.
02c99524 MW	119	every = 30s
6005ef9b MW	120
	121	;;;--------------------------------------------------------------------------
	122	;;; Passive-peers defaults.
	123	;;;
	124	;;; The parameters here affect passive peers, i.e., those to whom dynamic
	125	;;; connections are made. The dynamic connection protocol establishes most
	126	;;; of the parameters and these defaults are probably pretty good.
	127
	128	[@PASSIVE]
77ec571c	129	@inherit = @WATCH
6005ef9b MW	130
	131	;; peer: mark this entry as being a passive peer.
	132	peer = PASSIVE
	133
ff5c5e63 MW	134	;; mobile: mark this peer as likely to change its external address without
	135	;; warning.
	136	mobile = t
	137
6005ef9b MW	138	;; user: the string which the dynamic peer's connect command will present to
	139	;; the CONNECT service.
	140	user = $(name)
	141
02c99524 MW	142	;; every: interval for checking that this connection is alive: should be at
	143	;; least twice as long as the dynamic peer interval.
	144	every = 5m
6005ef9b MW	145
6005ef9b MW	146	;;;----- That's all, folks --------------------------------------------------