--- /dev/null
+;;; -*-conf-windows-*-
+;;;
+;;; Peers description file
+;;;
+;;; You're best off not editing this file at all; instead, drop a file
+;;; containing your overriden settings alongside.
+
+;;;--------------------------------------------------------------------------
+;;; Global defaults.
+;;;
+;;; The paramaters here affect all peer definitions. It mainly contains
+;;; information about the local site. You will need to customize it.
+
+[@GLOBAL]
+
+;; domain: the domain name for your VPN; used to form default tunnel
+;; addresses.
+domain = vpn.example.com
+
+;; myhost: my (internal) host name; used by the default laddr.
+myhost = thishost
+
+;; laddr: the local address for point-to-point interfaces.
+laddr = $[$(myhost).$(domain)]
+
+;; raddr: the remote address for point-to-point interfaces.
+raddr = $[$(name).$(domain)]
+
+;; ifname: the name to set on point-to-point interfaces.
+ifname = vpn-$(name)
+
+;; ifup: script to set up a tunnel interface ready for use. The installed
+;; script is good for Linux hosts.
+ifup = /usr/sbin/tripe-ifup
+
+;; every: interval for checking that this connection is alive.
+every = 2m
+
+;; timeout: how long to wait for a ping response before giving up.
+timeout = 10s
+
+;; retries: how many ping attempts to make before declaring the connection
+;; dead.
+retries = 5
+
+;;;--------------------------------------------------------------------------
+;;; Active-peers defaults.
+;;;
+;;; The parameters here affect both active and dynamic connections. The
+;;; defaults should be good for most sites, though you may wish to add extra
+;;; settings.
+
+[@ACTIVE]
+@inherit = @GLOBAL
+
+;; port: the port on which the peer's tripe(8) daemon is running. The
+;; default is the port officially allocated by IANA.
+port = 4070
+
+;; host: the external host name (or dotted-quad IP address) of the host
+;; running tripe(8). This should be overridden explicitly in each peer
+;; definition.
+host = override-me
+
+;; peer: the address specification (see tripe-admin(5)) to use to connect to
+;; the remote peer.
+peer = INET $[$(host)] $(port)
+
+;;;--------------------------------------------------------------------------
+;;; Dynamic-peers defaults.
+;;;
+;;; The parameters here affect peers to whom dynamic connections are made.
+;;; The user and connect parameters probably need customizing.
+
+[@DYNAMIC]
+@inherit = @ACTIVE
+
+;; cork: whether to wait for a key-exchange packet from the peer before
+;; sending one of our own.
+cork = t
+
+;; ssh-user: user to connect as; used by the connect parameter.
+ssh-user = tripe
+
+;; connect: shell command to use to wake up the remote peer and establish the
+;; connection.
+connect = ssh -q $(ssh-user)@$[$(host)]
+
+;; keepalive: how often to send NOP packets to keep the connection alive, at
+;; least in the minds of intermediate stateful firewalls and NAT routers.
+keepalive = 2m
+
+;; watch: whether to watch this connection and retry it if it drops.
+watch = t
+
+;;;--------------------------------------------------------------------------
+;;; Passive-peers defaults.
+;;;
+;;; The parameters here affect passive peers, i.e., those to whom dynamic
+;;; connections are made. The dynamic connection protocol establishes most
+;;; of the parameters and these defaults are probably pretty good.
+
+[@PASSIVE]
+@inherit = @GLOBAL
+
+;; peer: mark this entry as being a passive peer.
+peer = PASSIVE
+
+;; user: the string which the dynamic peer's connect command will present to
+;; the CONNECT service.
+user = $(name)
+
+;; watch: whether to watch this connection and drop it if it dies.
+watch = t
+
+;;;----- That's all, folks --------------------------------------------------
~mdw / tripe / blobdiff