3 ;;; Peers description file
5 ;;; New installations will clobber this file. Therefore you're best off not
6 ;;; editing this file directly; instead, drop a file containing your
7 ;;; overridden settings alongside.
9 ;;;--------------------------------------------------------------------------
12 ;;; The paramaters here affect all peer definitions. It mainly contains
13 ;;; information about the local site. You will need to customize it.
17 ;; domain: the domain name for your VPN; used to form default tunnel
19 domain = vpn.example.com
21 ;; myhost: my (internal) host name; used by the default laddr.
24 ;; laddr: the local address for point-to-point interfaces.
25 laddr = $[$(myhost).$(domain)]
27 ;; raddr: the remote address for point-to-point interfaces.
28 raddr = $[$(name).$(domain)]
30 ;; ifname: the name to set on point-to-point interfaces.
33 ;; ifup: script to set up a tunnel interface ready for use. The installed
34 ;; script is good for Linux hosts.
35 ifup = /usr/sbin/tripe-ifup
37 ;;;--------------------------------------------------------------------------
38 ;;; Active-peers defaults.
40 ;;; The parameters here affect both active and dynamic connections. The
41 ;;; defaults should be good for most sites, though you may wish to add extra
47 ;; port: the port on which the peer's tripe(8) daemon is running. The
48 ;; default is the port officially allocated by IANA.
51 ;; host: the external host name (or dotted-quad IP address) of the host
52 ;; running tripe(8). This should be overridden explicitly in each peer
56 ;; peer: the address specification (see tripe-admin(5)) to use to connect to
58 peer = INET $[$(host)] $(port)
60 ;; ephemeral: whether to send the peer a disconnection notification, or
61 ;; react to one from the peer.
64 ;;;--------------------------------------------------------------------------
65 ;;; Temporary association defaults.
67 ;;; These are settings common to both dynamic and passive peers.
72 ;; watch: whether to watch this connection and drop it if it dies.
75 ;; timeout: how long to wait for a ping response before giving up.
78 ;; retries: how many ping attempts to make before declaring the connection
82 ;;;--------------------------------------------------------------------------
83 ;;; Dynamic-peers defaults.
85 ;;; The parameters here affect peers to whom dynamic connections are made.
86 ;;; The user and connect parameters probably need customizing.
89 @inherit = @ACTIVE, @WATCH
91 ;; ephemeral: whether to send the peer a disconnection notification, or
92 ;; react to one from the peer.
95 ;; every: interval for checking that this connection is alive.
101 ;; keepalive: how often to send NOP packets to keep the connection alive, at
102 ;; least in the minds of intermediate stateful firewalls and NAT routers.
105 ;; knock: peer-name string to send to the peer.
109 @inherit = @EPHEMERAL
111 ;; cork: whether to wait for a key-exchange packet from the peer before
112 ;; sending one of our own.
115 ;; ssh-user: user to connect as; used by the connect parameter.
118 ;; connect: shell command to use to wake up the remote peer and establish the
120 connect = ssh -q $(ssh-user)@$[$(host)] hello
122 ;; disconnect: shell command to use to shut the remote peer down.
123 disconnect = ssh -q $(ssh-user)@$[$(host)] goodbye
125 ;; keepalive: how often to send NOP packets to keep the connection alive, at
126 ;; least in the minds of intermediate stateful firewalls and NAT routers.
129 ;;;--------------------------------------------------------------------------
130 ;;; Passive-peers defaults.
132 ;;; The parameters here affect passive peers, i.e., those to whom dynamic
133 ;;; connections are made. The dynamic connection protocol establishes most
134 ;;; of the parameters and these defaults are probably pretty good.
139 ;; peer: mark this entry as being a passive peer.
142 ;; mobile: mark this peer as likely to change its external address without
146 ;; user: the string which the dynamic peer's connect command will present to
147 ;; the CONNECT service.
150 ;; every: interval for checking that this connection is alive: should be at
151 ;; least twice as long as the dynamic peer interval.
154 ;;;----- That's all, folks --------------------------------------------------