[tripe] / peerdb / peers.in

;;; -*-conf-windows-*-
;;;
;;; Peers description file
;;;
;;; You're best off not editing this file at all; instead, drop a file
;;; containing your overriden settings alongside.

;;;--------------------------------------------------------------------------
;;; Global defaults.
;;;
;;; The paramaters here affect all peer definitions.  It mainly contains
;;; information about the local site.  You will need to customize it.

[@GLOBAL]

;; domain: the domain name for your VPN; used to form default tunnel
;; addresses.
domain = vpn.example.com

;; myhost: my (internal) host name; used by the default laddr.
myhost = thishost

;; laddr: the local address for point-to-point interfaces.
laddr = $[$(myhost).$(domain)]

;; raddr: the remote address for point-to-point interfaces.
raddr = $[$(name).$(domain)]

;; ifname: the name to set on point-to-point interfaces.
ifname = vpn-$(name)

;; ifup: script to set up a tunnel interface ready for use.  The installed
;; script is good for Linux hosts.
ifup = /usr/sbin/tripe-ifup

;; every: interval for checking that this connection is alive.
every = 2m

;; timeout: how long to wait for a ping response before giving up.
timeout = 10s

;; retries: how many ping attempts to make before declaring the connection
;; dead.
retries = 5

;;;--------------------------------------------------------------------------
;;; Active-peers defaults.
;;;
;;; The parameters here affect both active and dynamic connections.  The
;;; defaults should be good for most sites, though you may wish to add extra
;;; settings.

[@ACTIVE]
@inherit = @GLOBAL

;; port: the port on which the peer's tripe(8) daemon is running.  The
;; default is the port officially allocated by IANA.
port = 4070

;; host: the external host name (or dotted-quad IP address) of the host
;; running tripe(8).  This should be overridden explicitly in each peer
;; definition.
host = override-me

;; peer: the address specification (see tripe-admin(5)) to use to connect to
;; the remote peer.
peer = INET $[$(host)] $(port)

;;;--------------------------------------------------------------------------
;;; Dynamic-peers defaults.
;;;
;;; The parameters here affect peers to whom dynamic connections are made.
;;; The user and connect parameters probably need customizing.

[@DYNAMIC]
@inherit = @ACTIVE

;; cork: whether to wait for a key-exchange packet from the peer before
;; sending one of our own.
cork = t

;; ssh-user: user to connect as; used by the connect parameter.
ssh-user = tripe

;; connect: shell command to use to wake up the remote peer and establish the
;; connection.
connect = ssh -q $(ssh-user)@$[$(host)]

;; keepalive: how often to send NOP packets to keep the connection alive, at
;; least in the minds of intermediate stateful firewalls and NAT routers.
keepalive = 2m

;; watch: whether to watch this connection and retry it if it drops.
watch = t

;;;--------------------------------------------------------------------------
;;; Passive-peers defaults.
;;;
;;; The parameters here affect passive peers, i.e., those to whom dynamic
;;; connections are made.  The dynamic connection protocol establishes most
;;; of the parameters and these defaults are probably pretty good.

[@PASSIVE]
@inherit = @GLOBAL

;; peer: mark this entry as being a passive peer.
peer = PASSIVE

;; user: the string which the dynamic peer's connect command will present to
;; the CONNECT service.
user = $(name)

;; watch: whether to watch this connection and drop it if it dies.
watch = t

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	;;; --conf-windows--
	2	;;;
	3	;;; Peers description file
	4	;;;
	5	;;; You're best off not editing this file at all; instead, drop a file
	6	;;; containing your overriden settings alongside.
	7
	8	;;;--------------------------------------------------------------------------
	9	;;; Global defaults.
	10	;;;
	11	;;; The paramaters here affect all peer definitions. It mainly contains
	12	;;; information about the local site. You will need to customize it.
	13
	14	[@GLOBAL]
	15
	16	;; domain: the domain name for your VPN; used to form default tunnel
	17	;; addresses.
	18	domain = vpn.example.com
	19
	20	;; myhost: my (internal) host name; used by the default laddr.
	21	myhost = thishost
	22
	23	;; laddr: the local address for point-to-point interfaces.
	24	laddr = $[$(myhost).$(domain)]
	25
	26	;; raddr: the remote address for point-to-point interfaces.
	27	raddr = $[$(name).$(domain)]
	28
	29	;; ifname: the name to set on point-to-point interfaces.
	30	ifname = vpn-$(name)
	31
	32	;; ifup: script to set up a tunnel interface ready for use. The installed
	33	;; script is good for Linux hosts.
	34	ifup = /usr/sbin/tripe-ifup
	35
	36	;; every: interval for checking that this connection is alive.
	37	every = 2m
	38
	39	;; timeout: how long to wait for a ping response before giving up.
	40	timeout = 10s
	41
	42	;; retries: how many ping attempts to make before declaring the connection
	43	;; dead.
	44	retries = 5
	45
	46	;;;--------------------------------------------------------------------------
	47	;;; Active-peers defaults.
	48	;;;
	49	;;; The parameters here affect both active and dynamic connections. The
	50	;;; defaults should be good for most sites, though you may wish to add extra
	51	;;; settings.
	52
	53	[@ACTIVE]
	54	@inherit = @GLOBAL
	55
	56	;; port: the port on which the peer's tripe(8) daemon is running. The
	57	;; default is the port officially allocated by IANA.
	58	port = 4070
	59
	60	;; host: the external host name (or dotted-quad IP address) of the host
	61	;; running tripe(8). This should be overridden explicitly in each peer
	62	;; definition.
	63	host = override-me
	64
65	;; peer: the address specification (see tripe-admin(5)) to use to connect to
66	;; the remote peer.
67	peer = INET $[$(host)] $(port)
68
69	;;;--------------------------------------------------------------------------
70	;;; Dynamic-peers defaults.
71	;;;
72	;;; The parameters here affect peers to whom dynamic connections are made.
73	;;; The user and connect parameters probably need customizing.
74
75	[@DYNAMIC]
76	@inherit = @ACTIVE
77
78	;; cork: whether to wait for a key-exchange packet from the peer before
79	;; sending one of our own.
80	cork = t
81
82	;; ssh-user: user to connect as; used by the connect parameter.
83	ssh-user = tripe
84
85	;; connect: shell command to use to wake up the remote peer and establish the
86	;; connection.
87	connect = ssh -q $(ssh-user)@$[$(host)]
88
89	;; keepalive: how often to send NOP packets to keep the connection alive, at
90	;; least in the minds of intermediate stateful firewalls and NAT routers.
91	keepalive = 2m
92
93	;; watch: whether to watch this connection and retry it if it drops.
94	watch = t
95
96	;;;--------------------------------------------------------------------------
97	;;; Passive-peers defaults.
98	;;;
99	;;; The parameters here affect passive peers, i.e., those to whom dynamic
100	;;; connections are made. The dynamic connection protocol establishes most
101	;;; of the parameters and these defaults are probably pretty good.
102
103	[@PASSIVE]
104	@inherit = @GLOBAL
105
106	;; peer: mark this entry as being a passive peer.
107	peer = PASSIVE
108
109	;; user: the string which the dynamic peer's connect command will present to
110	;; the CONNECT service.
111	user = $(name)
112
113	;; watch: whether to watch this connection and drop it if it dies.
114	watch = t
115
116	;;;----- That's all, folks --------------------------------------------------