3 ;;; Peers description file
5 ;;; New installations will clobber this file. Therefore you're best off not
6 ;;; editing this file directly; instead, drop a file containing your
7 ;;; overridden settings alongside.
9 ;;;--------------------------------------------------------------------------
12 ;;; The paramaters here affect all peer definitions. It mainly contains
13 ;;; information about the local site. You will need to customize it.
17 ;; domain: the domain name for your VPN; used to form default tunnel
19 domain = vpn.example.com
21 ;; myhost: my (internal) host name; used by the default laddr.
24 ;; laddr: the local address for point-to-point interfaces.
25 laddr = $[$(myhost).$(domain)]
27 ;; raddr: the remote address for point-to-point interfaces.
28 raddr = $[$(name).$(domain)]
30 ;; ifname: the name to set on point-to-point interfaces.
33 ;; ifup: script to set up a tunnel interface ready for use. The installed
34 ;; script is good for Linux hosts.
35 ifup = /usr/sbin/tripe-ifup
37 ;;;--------------------------------------------------------------------------
38 ;;; Active-peers defaults.
40 ;;; The parameters here affect both active and dynamic connections. The
41 ;;; defaults should be good for most sites, though you may wish to add extra
47 ;; port: the port on which the peer's tripe(8) daemon is running. The
48 ;; default is the port officially allocated by IANA.
51 ;; host: the external host name (or dotted-quad IP address) of the host
52 ;; running tripe(8). This should be overridden explicitly in each peer
56 ;; peer: the address specification (see tripe-admin(5)) to use to connect to
58 peer = INET $[$(host)] $(port)
60 ;;;--------------------------------------------------------------------------
61 ;;; Temporary association defaults.
63 ;;; These are settings common to both dynamic and passive peers.
68 ;; watch: whether to watch this connection and drop it if it dies.
71 ;; timeout: how long to wait for a ping response before giving up.
74 ;; retries: how many ping attempts to make before declaring the connection
78 ;;;--------------------------------------------------------------------------
79 ;;; Dynamic-peers defaults.
81 ;;; The parameters here affect peers to whom dynamic connections are made.
82 ;;; The user and connect parameters probably need customizing.
85 @inherit = @ACTIVE, @WATCH
87 ;; cork: whether to wait for a key-exchange packet from the peer before
88 ;; sending one of our own.
91 ;; ssh-user: user to connect as; used by the connect parameter.
94 ;; connect: shell command to use to wake up the remote peer and establish the
96 connect = ssh -q $(ssh-user)@$[$(host)] hello
98 ;; disconnect: shell command to use to shut the remote peer down.
99 disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye
101 ;; keepalive: how often to send NOP packets to keep the connection alive, at
102 ;; least in the minds of intermediate stateful firewalls and NAT routers.
105 ;; every: interval for checking that this connection is alive.
108 ;;;--------------------------------------------------------------------------
109 ;;; Passive-peers defaults.
111 ;;; The parameters here affect passive peers, i.e., those to whom dynamic
112 ;;; connections are made. The dynamic connection protocol establishes most
113 ;;; of the parameters and these defaults are probably pretty good.
118 ;; peer: mark this entry as being a passive peer.
121 ;; mobile: mark this peer as likely to change its external address without
125 ;; user: the string which the dynamic peer's connect command will present to
126 ;; the CONNECT service.
129 ;; every: interval for checking that this connection is alive: should be at
130 ;; least twice as long as the dynamic peer interval.
133 ;;;----- That's all, folks --------------------------------------------------