[tripe] / peerdb / peers.in

;;; -*-conf-windows-*-
;;;
;;; Peers description file
;;;
;;; New installations will clobber this file.  Therefore you're best off not
;;; editing this file directly; instead, drop a file containing your
;;; overridden settings alongside.

;;;--------------------------------------------------------------------------
;;; Global defaults.
;;;
;;; The paramaters here affect all peer definitions.  It mainly contains
;;; information about the local site.  You will need to customize it.

[@GLOBAL]

;; domain: the domain name for your VPN; used to form default tunnel
;; addresses.
domain = vpn.example.com

;; myhost: my (internal) host name; used by the default laddr.
myhost = thishost

;; laddr: the local address for point-to-point interfaces.
laddr = $[$(myhost).$(domain)]

;; raddr: the remote address for point-to-point interfaces.
raddr = $[$(name).$(domain)]

;; ifname: the name to set on point-to-point interfaces.
ifname = vpn-$(name)

;; ifup: script to set up a tunnel interface ready for use.  The installed
;; script is good for Linux hosts.
ifup = /usr/sbin/tripe-ifup

;;;--------------------------------------------------------------------------
;;; Active-peers defaults.
;;;
;;; The parameters here affect both active and dynamic connections.  The
;;; defaults should be good for most sites, though you may wish to add extra
;;; settings.

[@ACTIVE]
@inherit = @GLOBAL

;; port: the port on which the peer's tripe(8) daemon is running.  The
;; default is the port officially allocated by IANA.
port = 4070

;; host: the external host name (or dotted-quad IP address) of the host
;; running tripe(8).  This should be overridden explicitly in each peer
;; definition.
host = override-me

;; peer: the address specification (see tripe-admin(5)) to use to connect to
;; the remote peer.
peer = INET $[$(host)] $(port)

;; ephemeral: whether to send the peer a disconnection notification, or
;; react to one from the peer.
ephemeral = nil

;;;--------------------------------------------------------------------------
;;; Temporary association defaults.
;;;
;;; These are settings common to both dynamic and passive peers.

[@WATCH]
@inherit = @GLOBAL

;; watch: whether to watch this connection and drop it if it dies.
watch = t

;; timeout: how long to wait for a ping response before giving up.
timeout = 10s

;; retries: how many ping attempts to make before declaring the connection
;; dead.
retries = 5

;;;--------------------------------------------------------------------------
;;; Dynamic-peers defaults.
;;;
;;; The parameters here affect peers to whom dynamic connections are made.
;;; The user and connect parameters probably need customizing.

[@EPHEMERAL]
@inherit = @ACTIVE, @WATCH

;; ephemeral: whether to send the peer a disconnection notification, or
;; react to one from the peer.
ephemeral = t

;; every: interval for checking that this connection is alive.
every = 30s

[@KNOCK]
@inherit = @EPHEMERAL

;; keepalive: how often to send NOP packets to keep the connection alive, at
;; least in the minds of intermediate stateful firewalls and NAT routers.
keepalive = 2m

;; knock: peer-name string to send to the peer.
knock = $(myhost)

[@DYNAMIC]
@inherit = @EPHEMERAL

;; cork: whether to wait for a key-exchange packet from the peer before
;; sending one of our own.
cork = t

;; ssh-user: user to connect as; used by the connect parameter.
ssh-user = tripe

;; connect: shell command to use to wake up the remote peer and establish the
;; connection.
connect = ssh -q $(ssh-user)@$[$(host)] hello

;; disconnect: shell command to use to shut the remote peer down.
disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye

;; keepalive: how often to send NOP packets to keep the connection alive, at
;; least in the minds of intermediate stateful firewalls and NAT routers.
keepalive = 2m

;;;--------------------------------------------------------------------------
;;; Passive-peers defaults.
;;;
;;; The parameters here affect passive peers, i.e., those to whom dynamic
;;; connections are made.  The dynamic connection protocol establishes most
;;; of the parameters and these defaults are probably pretty good.

[@PASSIVE]
@inherit = @WATCH

;; peer: mark this entry as being a passive peer.
peer = PASSIVE

;; mobile: mark this peer as likely to change its external address without
;; warning.
mobile = t

;; user: the string which the dynamic peer's connect command will present to
;; the CONNECT service.
user = $(name)

;; every: interval for checking that this connection is alive: should be at
;; least twice as long as the dynamic peer interval.
every = 5m

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	;;; --conf-windows--
	2	;;;
	3	;;; Peers description file
	4	;;;
288fc12b MW	5	;;; New installations will clobber this file. Therefore you're best off not
	6	;;; editing this file directly; instead, drop a file containing your
	7	;;; overridden settings alongside.
6005ef9b MW	8
	9	;;;--------------------------------------------------------------------------
	10	;;; Global defaults.
	11	;;;
	12	;;; The paramaters here affect all peer definitions. It mainly contains
	13	;;; information about the local site. You will need to customize it.
	14
	15	[@GLOBAL]
	16
	17	;; domain: the domain name for your VPN; used to form default tunnel
	18	;; addresses.
	19	domain = vpn.example.com
	20
	21	;; myhost: my (internal) host name; used by the default laddr.
	22	myhost = thishost
	23
	24	;; laddr: the local address for point-to-point interfaces.
	25	laddr = $[$(myhost).$(domain)]
	26
	27	;; raddr: the remote address for point-to-point interfaces.
	28	raddr = $[$(name).$(domain)]
	29
	30	;; ifname: the name to set on point-to-point interfaces.
	31	ifname = vpn-$(name)
	32
	33	;; ifup: script to set up a tunnel interface ready for use. The installed
	34	;; script is good for Linux hosts.
	35	ifup = /usr/sbin/tripe-ifup
	36
6005ef9b MW	37	;;;--------------------------------------------------------------------------
	38	;;; Active-peers defaults.
	39	;;;
	40	;;; The parameters here affect both active and dynamic connections. The
	41	;;; defaults should be good for most sites, though you may wish to add extra
	42	;;; settings.
	43
	44	[@ACTIVE]
	45	@inherit = @GLOBAL
	46
	47	;; port: the port on which the peer's tripe(8) daemon is running. The
	48	;; default is the port officially allocated by IANA.
	49	port = 4070
	50
	51	;; host: the external host name (or dotted-quad IP address) of the host
	52	;; running tripe(8). This should be overridden explicitly in each peer
	53	;; definition.
	54	host = override-me
	55
	56	;; peer: the address specification (see tripe-admin(5)) to use to connect to
	57	;; the remote peer.
	58	peer = INET $[$(host)] $(port)
	59
067aa5f0 MW	60	;; ephemeral: whether to send the peer a disconnection notification, or
	61	;; react to one from the peer.
	62	ephemeral = nil
	63
6005ef9b	64	;;;--------------------------------------------------------------------------
02c99524 MW	65	;;; Temporary association defaults.
	66	;;;
	67	;;; These are settings common to both dynamic and passive peers.
	68
	69	[@WATCH]
	70	@inherit = @GLOBAL
	71
	72	;; watch: whether to watch this connection and drop it if it dies.
	73	watch = t
	74
	75	;; timeout: how long to wait for a ping response before giving up.
	76	timeout = 10s
	77
	78	;; retries: how many ping attempts to make before declaring the connection
	79	;; dead.
	80	retries = 5
	81
	82	;;;--------------------------------------------------------------------------
6005ef9b MW	83	;;; Dynamic-peers defaults.
	84	;;;
	85	;;; The parameters here affect peers to whom dynamic connections are made.
	86	;;; The user and connect parameters probably need customizing.
	87
067aa5f0	88	[@EPHEMERAL]
8362ac1c MW	89	@inherit = @ACTIVE, @WATCH
8362ac1c MW	90
067aa5f0 MW	91	;; ephemeral: whether to send the peer a disconnection notification, or
	92	;; react to one from the peer.
	93	ephemeral = t
8362ac1c MW	94
	95	;; every: interval for checking that this connection is alive.
	96	every = 30s
	97
067aa5f0 MW	98	[@KNOCK]
	99	@inherit = @EPHEMERAL
	100
	101	;; keepalive: how often to send NOP packets to keep the connection alive, at
	102	;; least in the minds of intermediate stateful firewalls and NAT routers.
	103	keepalive = 2m
	104
8362ac1c MW	105	;; knock: peer-name string to send to the peer.
	106	knock = $(myhost)
	107
6005ef9b	108	[@DYNAMIC]
067aa5f0	109	@inherit = @EPHEMERAL
6005ef9b MW	110
	111	;; cork: whether to wait for a key-exchange packet from the peer before
	112	;; sending one of our own.
	113	cork = t
	114
	115	;; ssh-user: user to connect as; used by the connect parameter.
	116	ssh-user = tripe
	117
	118	;; connect: shell command to use to wake up the remote peer and establish the
	119	;; connection.
d3731285 MW	120	connect = ssh -q $(ssh-user)@$[$(host)] hello
	121
	122	;; disconnect: shell command to use to shut the remote peer down.
	123	disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye
6005ef9b MW	124
	125	;; keepalive: how often to send NOP packets to keep the connection alive, at
	126	;; least in the minds of intermediate stateful firewalls and NAT routers.
	127	keepalive = 2m
	128
6005ef9b MW	129	;;;--------------------------------------------------------------------------
	130	;;; Passive-peers defaults.
	131	;;;
	132	;;; The parameters here affect passive peers, i.e., those to whom dynamic
	133	;;; connections are made. The dynamic connection protocol establishes most
	134	;;; of the parameters and these defaults are probably pretty good.
	135
	136	[@PASSIVE]
77ec571c	137	@inherit = @WATCH
6005ef9b MW	138
	139	;; peer: mark this entry as being a passive peer.
	140	peer = PASSIVE
	141
ff5c5e63 MW	142	;; mobile: mark this peer as likely to change its external address without
	143	;; warning.
	144	mobile = t
	145
6005ef9b MW	146	;; user: the string which the dynamic peer's connect command will present to
	147	;; the CONNECT service.
	148	user = $(name)
	149
02c99524 MW	150	;; every: interval for checking that this connection is alive: should be at
	151	;; least twice as long as the dynamic peer interval.
	152	every = 5m
6005ef9b MW	153
6005ef9b MW	154	;;;----- That's all, folks --------------------------------------------------