X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/df1b18fc6f4d422268eff0ed1d8f04ae0b11b82f..3454dce4c6909648b711a59b57c5a527036b2a8e:/example.conf

diff --git a/example.conf b/example.conf
index cfaa847..3b4a32f 100644
--- a/example.conf
+++ b/example.conf
@@ -44,8 +44,10 @@ system {
 # setup-retries         max retransmits of a key setup packet
 # setup-timeout         wait between retransmits of key setup packets, in ms
 # wait-time             wait between unsuccessful key setup attempts, in ms
+# renegotiate-time      set up a new key if we see any traffic after this time
 
 # Use the universal TUN/TAP driver to get packets to and from the kernel
+#  (use tun-old if you are not on Linux-2.4)
 netlink tun {
 	name "netlink-tun"; # Printed in log messages from this netlink
 #	interface "tun0"; # You may set your own interface name if you wish;
@@ -102,7 +104,8 @@ resolver adns {
 };
 
 # log is defined earlier - we share it with the system
-log-events "init","up","down"; # XXX not yet used
+log-events "setup-init","setup-timeout","activate-key","timeout-key","errors",
+	"security";
 
 # A source of random bits for nonces and session keys. The 'no' specifies
 # that it's non-blocking. XXX 'yes' isn't implemented yet.
@@ -128,3 +131,8 @@ sites
 	site(example-vpn/some-site),
 	site(example-vpn/some-other-site),
 	site(example-vpn/a-third-site);
+
+# If you want to communicate with all the VPN sites, you can use something
+# like the following instead:
+
+# sites map(site,makelist(example-vpn));