then no peers in the group are connected. Strange and unhelpful things
will happen if you put the same peer in several different groups.
.PP
+The tags
+.B down
+and
+.BI down/ anything
+are special and mean that no peer from the group should be active. This
+is useful for detecting a `home' network, where a VPN is unnecessary
+(or, worse, break routing completely).
+.PP
The notion of `current IP address' is somewhat vague. The
.B conntrack
service calculates it as the source address that the host would put on
.TP
.BI state= label
The service's internal state machine is confused.
+.RE
.SP
-.BI "USER conntrack " up \fR| down " " reason\fR...
+.BI "USER conntrack " up \fR| down " " group = peer\fR... " " reason\fR...
The network connection has apparently gone up or down, and
.B conntrack
-is about to kill and/or connect peers accordingly. The
+is about to kill and/or connect peers accordingly: for each group, the
+selected peer is listed; if a group is not listed, then either the group
+is to be brought down, or no matching peer was found. The
.I reason
is one of the following.
.RS
token names a Python exception; the
.I error-text
describes the problem encountered, though it may not be very useful.
+.SP
+.BI "USER conntrack connect-failed " peer " " tokens\fR...
+An attempt to connect the named
+.I peer
+failed; the error message is given by the
+.IR tokens .
.
.\"--------------------------------------------------------------------------
.SH "SUMMARY"
~mdw / tripe / blobdiff