forked from strfry/peervpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
peervpn.conf
238 lines (153 loc) · 7.04 KB
/
peervpn.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
## ******************************
## * PeerVPN configuration file *
## ******************************
## Option: networkname <name>
## Description: Specifies the virtual network name. PeerVPN will
## only accept peers that use the same network name.
## The default name is "PEERVPN".
## Example: networkname PEERVPN
#networkname PEERVPN
## Option: psk <password>
## Description: Specifies the PSK for the network. It can be a
## password that is up to 512 characters long.
## It is recommended to use a minimum of 8 characters.
## If unspecified, the PSK will be set to "default".
## Example: psk mytopsecretpassword
#psk mytopsecretpassword
## Option: initpeers <hostname> <port> [<hostname> <port>]*
## Description: Specifies a list of peers that PeerVPN should
## connect to initially. When the connection to the
## network is lost, PeerVPN will try to reconnect to
## these peers.
## Example: initpeers 10.8.6.4 1234
## initpeers 2001:DB8:1337::1 5678
## initpeers 10.8.6.4 1234 10.12.10.8 6420
## initpeers example.com 7000
## initpeers example.com 7000 example.net 7000 example.org 7000
#initpeers 2001:DB8:1337::1 5678
## Option: enabletunneling <yes|no>
## Description: Enables ethernet tunneling using a TAP device. This
## should be disabled if this node is intended solely
## for assisting peer discovery and/or relaying.
## Defaults to "yes".
## Example: enabletunneling yes
#enabletunneling yes
## Option: interface <name>
## Description: Specifies the name of the TAP device that should be
## used for ethernet tunneling.
## Note: On some operating systems (e.g. FreeBSD), TAP
## device names must start with the string "tap".
## Example: interface tap0
## interface peervpn0
#interface tap0
## Option: ifconfig4 <address>/<prefixlen>
## Description: Defines the IPv4 address and the prefix length that
## should be assigned to the TAP device.
## Example: ifconfig4 10.1.2.3/24
## ifconfig4 172.16.17.18/24
#ifconfig4 10.1.2.3/24
## Option: ifconfig6 <address>/<prefixlen>
## Description: Defines the IPv6 address and the prefix length that
## should be assigned to the TAP device.
## Example: ifconfig6 2001:db8:1:2::3/64
## ifconfig6 fc00:db8:1:2::3/64
#ifconfig6 2001:db8:1:2::3/64
## Option: upcmd <command>
## Description: Defines a shell command that will be executed after
## the TAP device has been opened.
## Example: upcmd echo virtual interface is up
#upcmd echo virtual interface is up
## Option: local <address>
## Description: Specifies which local address PeerVPN should use.
## If unspecified, PeerVPN will listen on all available
## addresses.
## Example: local 0.0.0.0
## local 192.168.12.34
## local ::
#local 0.0.0.0
## Option: port <portnumber>
## Description: Specifies which UDP port PeerVPN should use.
## If unspecified, the port number will be selected
## automatically.
## Example: port 7000
#port 7000
## Option: sockmark <0|1..N>
## Description: If set to a value that is greater than zero, packets
## generated by the PeerVPN process will be marked
## internally with the specified value. This feature is
## currently only available in Linux, and can be used
## in combination with iproute2 for policy routing
## setups (e.g. "ip rule add fwmark <1..N> [...]").
## Defaults to "0" (disabled).
## Example: sockmark 42
#sockmark 42
## Option: enableipv4 <yes|no>
## Description: Enables IPv4 sockets.
## Defaults to "yes".
## Example: enableipv4 yes
#enableipv4 yes
## Option: enableipv6 <yes|no>
## Description: Enables IPv6 sockets.
## Defaults to "yes".
## Example: enableipv6 yes
#enableipv6 yes
## Option: enablenat64clat <yes|no>
## Description: Enables NAT64 CLAT support.
## If this is enabled and there is no native IPv4
## connectivity, PeerVPN will attempt to contact IPv4
## peers using NAT64 packets via a IPv6 socket instead.
## This requires a NAT64 gateway which will translate
## packets going to the 64:ff9b::/96 prefix.
## Defaults to "no".
## Example: enablenat64clat yes
#enablenat64clat no
## Option: enablendpcache <yes|no>
## Description: Enables caching of tunneled IPv6 NDP messages. This
## can improve performance by reducing the amount of
## NDP multicast messages that need to be sent.
## Defaults to "no".
## Example: enablendpcache yes
#enablendpcache no
## Option: enablerelay <yes|no>
## Description: Allows other nodes in the network to relay their
## traffic through this node if they cannot establish a
## direct connection to each other.
## Defaults to "no".
## Example: enablerelay yes
#enablerelay no
## Option: engine <name> [<name>]*
## Description: Specifies one or more OpenSSL engines that should be
## loaded to provide hardware crypto acceleration.
## Example: engine padlock
#engine padlock
## Option: enableprivdrop <yes|no>
## Description: If enabled, the PeerVPN process will automatically
## try to drop its privileges after finishing its
## initialization. If a certain configuration is
## desired, the options "user", "group" and "chroot"
## should be set too.
## Example: enableprivdrop yes
#enableprivdrop yes
## Option: user <username>
## Description: Specifies the UNIX username that the PeerVPN process
## will switch to after initialization. This is useful
## if PeerVPN is started with root privileges (which is
## necessary for TAP device initialization). An
## username with minimal rights should be selected.
## Example: user nobody
#user nobody
## Option: group <groupname>
## Description: Specifies the UNIX group that the PeerVPN process
## will switch to after initialization.
## Example: group nogroup
#group nogroup
## Option: chroot <directory>
## Description: Specifies the directory that the PeerVPN process
## will chroot to after initialization.
## Note: Currently, DNS queries will not work anymore
## if this option is enabled. The "initpeers" option
## should only contain IP addresses in this case, not
## domain names.
## If unspecified, no chroot will be done.
## Example: chroot /var/empty
#chroot /var/empty