[tripe] / peerdb / peers.in

;;; -*-conf-windows-*-
;;;
;;; Peers description file
;;;
;;; You're best off not editing this file at all; instead, drop a file
;;; containing your overriden settings alongside.

;;;--------------------------------------------------------------------------
;;; Global defaults.
;;;
;;; The paramaters here affect all peer definitions.  It mainly contains
;;; information about the local site.  You will need to customize it.

[@GLOBAL]

;; domain: the domain name for your VPN; used to form default tunnel
;; addresses.
domain = vpn.example.com

;; myhost: my (internal) host name; used by the default laddr.
myhost = thishost

;; laddr: the local address for point-to-point interfaces.
laddr = $[$(myhost).$(domain)]

;; raddr: the remote address for point-to-point interfaces.
raddr = $[$(name).$(domain)]

;; ifname: the name to set on point-to-point interfaces.
ifname = vpn-$(name)

;; ifup: script to set up a tunnel interface ready for use.  The installed
;; script is good for Linux hosts.
ifup = /usr/sbin/tripe-ifup

;; every: interval for checking that this connection is alive.
every = 2m

;; timeout: how long to wait for a ping response before giving up.
timeout = 10s

;; retries: how many ping attempts to make before declaring the connection
;; dead.
retries = 5

;;;--------------------------------------------------------------------------
;;; Active-peers defaults.
;;;
;;; The parameters here affect both active and dynamic connections.  The
;;; defaults should be good for most sites, though you may wish to add extra
;;; settings.

[@ACTIVE]
@inherit = @GLOBAL

;; port: the port on which the peer's tripe(8) daemon is running.  The
;; default is the port officially allocated by IANA.
port = 4070

;; host: the external host name (or dotted-quad IP address) of the host
;; running tripe(8).  This should be overridden explicitly in each peer
;; definition.
host = override-me

;; peer: the address specification (see tripe-admin(5)) to use to connect to
;; the remote peer.
peer = INET $[$(host)] $(port)

;;;--------------------------------------------------------------------------
;;; Dynamic-peers defaults.
;;;
;;; The parameters here affect peers to whom dynamic connections are made.
;;; The user and connect parameters probably need customizing.

[@DYNAMIC]
@inherit = @ACTIVE

;; cork: whether to wait for a key-exchange packet from the peer before
;; sending one of our own.
cork = t

;; ssh-user: user to connect as; used by the connect parameter.
ssh-user = tripe

;; connect: shell command to use to wake up the remote peer and establish the
;; connection.
connect = ssh -q $(ssh-user)@$[$(host)]

;; keepalive: how often to send NOP packets to keep the connection alive, at
;; least in the minds of intermediate stateful firewalls and NAT routers.
keepalive = 2m

;; watch: whether to watch this connection and retry it if it drops.
watch = t

;;;--------------------------------------------------------------------------
;;; Passive-peers defaults.
;;;
;;; The parameters here affect passive peers, i.e., those to whom dynamic
;;; connections are made.  The dynamic connection protocol establishes most
;;; of the parameters and these defaults are probably pretty good.

[@PASSIVE]
@inherit = @GLOBAL

;; peer: mark this entry as being a passive peer.
peer = PASSIVE

;; user: the string which the dynamic peer's connect command will present to
;; the CONNECT service.
user = $(name)

;; watch: whether to watch this connection and drop it if it dies.
watch = t

;;;----- That's all, folks --------------------------------------------------