;;; -*-conf-windows-*- ;;; ;;; Peers description file ;;; ;;; You're best off not editing this file at all; instead, drop a file ;;; containing your overriden settings alongside. ;;;-------------------------------------------------------------------------- ;;; Global defaults. ;;; ;;; The paramaters here affect all peer definitions. It mainly contains ;;; information about the local site. You will need to customize it. [@GLOBAL] ;; domain: the domain name for your VPN; used to form default tunnel ;; addresses. domain = vpn.example.com ;; myhost: my (internal) host name; used by the default laddr. myhost = thishost ;; laddr: the local address for point-to-point interfaces. laddr = $[$(myhost).$(domain)] ;; raddr: the remote address for point-to-point interfaces. raddr = $[$(name).$(domain)] ;; ifname: the name to set on point-to-point interfaces. ifname = vpn-$(name) ;; ifup: script to set up a tunnel interface ready for use. The installed ;; script is good for Linux hosts. ifup = /usr/sbin/tripe-ifup ;; every: interval for checking that this connection is alive. every = 2m ;; timeout: how long to wait for a ping response before giving up. timeout = 10s ;; retries: how many ping attempts to make before declaring the connection ;; dead. retries = 5 ;;;-------------------------------------------------------------------------- ;;; Active-peers defaults. ;;; ;;; The parameters here affect both active and dynamic connections. The ;;; defaults should be good for most sites, though you may wish to add extra ;;; settings. [@ACTIVE] @inherit = @GLOBAL ;; port: the port on which the peer's tripe(8) daemon is running. The ;; default is the port officially allocated by IANA. port = 4070 ;; host: the external host name (or dotted-quad IP address) of the host ;; running tripe(8). This should be overridden explicitly in each peer ;; definition. host = override-me ;; peer: the address specification (see tripe-admin(5)) to use to connect to ;; the remote peer. peer = INET $[$(host)] $(port) ;;;-------------------------------------------------------------------------- ;;; Dynamic-peers defaults. ;;; ;;; The parameters here affect peers to whom dynamic connections are made. ;;; The user and connect parameters probably need customizing. [@DYNAMIC] @inherit = @ACTIVE ;; cork: whether to wait for a key-exchange packet from the peer before ;; sending one of our own. cork = t ;; ssh-user: user to connect as; used by the connect parameter. ssh-user = tripe ;; connect: shell command to use to wake up the remote peer and establish the ;; connection. connect = ssh -q $(ssh-user)@$[$(host)] ;; keepalive: how often to send NOP packets to keep the connection alive, at ;; least in the minds of intermediate stateful firewalls and NAT routers. keepalive = 2m ;; watch: whether to watch this connection and retry it if it drops. watch = t ;;;-------------------------------------------------------------------------- ;;; Passive-peers defaults. ;;; ;;; The parameters here affect passive peers, i.e., those to whom dynamic ;;; connections are made. The dynamic connection protocol establishes most ;;; of the parameters and these defaults are probably pretty good. [@PASSIVE] @inherit = @GLOBAL ;; peer: mark this entry as being a passive peer. peer = PASSIVE ;; user: the string which the dynamic peer's connect command will present to ;; the CONNECT service. user = $(name) ;; watch: whether to watch this connection and drop it if it dies. watch = t ;;;----- That's all, folks --------------------------------------------------