+site: dict argument
+ local-name (string): this site's name for itself
+ name (string): the name of the site's peer
+ netlink (netlink closure)
+ comm (comm closure)
+ resolver (resolver closure)
+ random (randomsrc closure)
+ local-key (rsaprivkey closure)
+ address (string): optional, DNS name used to find our peer
+ port (integer): mandatory if 'address' is specified: the port used
+ to contact our peer
+ networks (string list): networks that our peer may claim traffic for
+ key (rsapubkey closure): our peer's public key
+ transform (transform closure): how to mangle packets sent between sites
+ dh (dh closure)
+ hash (hash closure)
+ key-lifetime (integer): max lifetime of a session key, in ms [one hour]
+ setup-retries (integer): max number of times to transmit a key negotiation
+ packet [5]
+ setup-timeout (integer): time between retransmissions of key negotiation
+ packets, in ms [1000]
+ wait-time (integer): after failed key setup, wait this long (in ms) before
+ allowing another attempt [20000]
+ renegotiate-time (integer): if we see traffic on the link after this time
+ then renegotiate another session key immediately [depends on key-lifetime]
+ keepalive (bool): if True then attempt always to keep a valid session key
+ log-events (string list): types of events to log for this site
+ unexpected: unexpected key setup packets (may be late retransmissions)
+ setup-init: start of attempt to setup a session key
+ setup-timeout: failure of attempt to setup a session key, through timeout
+ activate-key: activation of a new session key
+ timeout-key: deletion of current session key through age
+ security: anything potentially suspicious
+ state-change: steps in the key setup protocol
+ packet-drop: whenever we throw away an outgoing packet
+ dump-packets: every key setup packet we see
+ errors: failure of name resolution, internal errors
+ all: everything (too much!)
+ netlink-options (string list): options to pass to netlink device when
+ registering remote networks
+ soft: create 'soft' routes that go away when there's no key established
+ with the peer
+ allow-route: allow packets from our peer to be sent down other tunnels,
+ as well as to the host
+