# secnet example configuration file
# Log facility
-log logfile("secnet","local2"); # Not yet implemented, goes to stderr
+log syslog {
+ ident "secnet";
+ facility "local0";
+};
+
+# Alternatively you could log to a file:
+# log logfile {
+# filename "/var/log/secnet";
+# class "info","notice","warning","error","security","fatal";
+# # There are some useful message classes that could replace
+# # this list:
+# # 'default' -> warning,error,security,fatal
+# # 'verbose' -> info,notice,default
+# # 'quiet' -> fatal
+# };
# Systemwide configuration (all other configuration is per-site):
# log a log facility for program messages
# wait-time wait between unsuccessful key setup attempts, in ms
# renegotiate-time set up a new key if we see any traffic after this time
+setup-retries 10;
+setup-timeout 2000;
+
# Use the universal TUN/TAP driver to get packets to and from the kernel
# (use tun-old if you are not on Linux-2.4)
netlink tun {
name "netlink-tun"; # Printed in log messages from this netlink
# interface "tun0"; # You may set your own interface name if you wish;
# if you don't one will be chosen for you.
+# device "/dev/net/tun";
# local networks served by this netlink device
# incoming tunneled packets for other networks will be discarded
# host and port for your site end up on this machine at the port you
# specify here.
comm udp {
- port xxxx;
+ port 410;
buffer sysbuffer(4096);
};
# that it's non-blocking. XXX 'yes' isn't implemented yet.
random randomfile("/dev/urandom",no);
+# If you're using the make-secnet-sites.py script then your local-name
+# will be of the form "vpnname/location/site" eg. "sgo/greenend/sinister"
local-name "your-site-name";
local-key rsa-private("/etc/secnet/key");
~ianmdlvl / secnet.git / blobdiff