3 ;;; Peers description file
5 ;;; You're best off not editing this file at all; instead, drop a file
6 ;;; containing your overriden settings alongside.
8 ;;;--------------------------------------------------------------------------
11 ;;; The paramaters here affect all peer definitions. It mainly contains
12 ;;; information about the local site. You will need to customize it.
16 ;; domain: the domain name for your VPN; used to form default tunnel
18 domain = vpn.example.com
20 ;; myhost: my (internal) host name; used by the default laddr.
23 ;; laddr: the local address for point-to-point interfaces.
24 laddr = $[$(myhost).$(domain)]
26 ;; raddr: the remote address for point-to-point interfaces.
27 raddr = $[$(name).$(domain)]
29 ;; ifname: the name to set on point-to-point interfaces.
32 ;; ifup: script to set up a tunnel interface ready for use. The installed
33 ;; script is good for Linux hosts.
34 ifup = /usr/sbin/tripe-ifup
36 ;; every: interval for checking that this connection is alive.
39 ;; timeout: how long to wait for a ping response before giving up.
42 ;; retries: how many ping attempts to make before declaring the connection
46 ;;;--------------------------------------------------------------------------
47 ;;; Active-peers defaults.
49 ;;; The parameters here affect both active and dynamic connections. The
50 ;;; defaults should be good for most sites, though you may wish to add extra
56 ;; port: the port on which the peer's tripe(8) daemon is running. The
57 ;; default is the port officially allocated by IANA.
60 ;; host: the external host name (or dotted-quad IP address) of the host
61 ;; running tripe(8). This should be overridden explicitly in each peer
65 ;; peer: the address specification (see tripe-admin(5)) to use to connect to
67 peer = INET $[$(host)] $(port)
69 ;;;--------------------------------------------------------------------------
70 ;;; Dynamic-peers defaults.
72 ;;; The parameters here affect peers to whom dynamic connections are made.
73 ;;; The user and connect parameters probably need customizing.
78 ;; cork: whether to wait for a key-exchange packet from the peer before
79 ;; sending one of our own.
82 ;; ssh-user: user to connect as; used by the connect parameter.
85 ;; connect: shell command to use to wake up the remote peer and establish the
87 connect = ssh -q $(ssh-user)@$[$(host)]
89 ;; keepalive: how often to send NOP packets to keep the connection alive, at
90 ;; least in the minds of intermediate stateful firewalls and NAT routers.
93 ;; watch: whether to watch this connection and retry it if it drops.
96 ;;;--------------------------------------------------------------------------
97 ;;; Passive-peers defaults.
99 ;;; The parameters here affect passive peers, i.e., those to whom dynamic
100 ;;; connections are made. The dynamic connection protocol establishes most
101 ;;; of the parameters and these defaults are probably pretty good.
106 ;; peer: mark this entry as being a passive peer.
109 ;; user: the string which the dynamic peer's connect command will present to
110 ;; the CONNECT service.
113 ;; watch: whether to watch this connection and drop it if it dies.
116 ;;;----- That's all, folks --------------------------------------------------