Annotation of elwix/config/etc/default/vtund.conf.example, revision 1.1
1.1 ! misho 1: #
! 2: # VTun - Virtual Tunnel over TCP/IP network.
! 3: # Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
! 4: #
! 5: # Cleanup of English and spelling by
! 6: # Ted Rolle <ted@acacia.datacomm.com>
! 7: #
! 8: # Configuration file example
! 9: # $Id: vtund.conf.example,v 1.1.2.1 2010/05/07 21:41:02 misho Exp $
! 10: #
! 11: #
! 12: # Lines which begin with '#' are comments
! 13: #
! 14: # File format:
! 15: #
! 16: # XXXXX {
! 17: # option param; option param;
! 18: # option param;
! 19: # ......
! 20: # }
! 21: # Where XXXXX:
! 22: # options - General options.
! 23: # default - default session options.
! 24: # session - Session options.
! 25: #
! 26: # Options _must_ be grouped by curly braces '{' '}'.
! 27: # Each option _must_ end with ';'
! 28: #
! 29: # -----------
! 30: # General options:
! 31: #
! 32: # type - Server type.
! 33: # 'stand' - Stand alone server (default).
! 34: # 'inetd' - Started by inetd.
! 35: # Used only by the server.
! 36: #
! 37: # -----------
! 38: # port - Server TCP port number.
! 39: #
! 40: # -----------
! 41: # bindaddr - Server listen address. Used to force vtund to bind
! 42: # to the specific address and port in server mode.
! 43: # Format:
! 44: # bindaddr {
! 45: # option .....;
! 46: # };
! 47: #
! 48: # 'bindaddr' options:
! 49: #
! 50: # iface - Use interface address as the listen address.
! 51: # Format:
! 52: # iface if_name;
! 53: #
! 54: # addr - Listen address.
! 55: # Format:
! 56: # addr ip_address;
! 57: # addr host_name;
! 58: #
! 59: # -----------
! 60: # syslog - Syslog facility.
! 61: #
! 62: # -----------
! 63: # timeout - General VTun timeout.
! 64: #
! 65: # -----------
! 66: # ppp - Program for the ppp initialization.
! 67: #
! 68: # -----------
! 69: # ifconfig - Program for the net interface initialization.
! 70: #
! 71: # -----------
! 72: # route - Program for the routing table manipulation.
! 73: #
! 74: # -----------
! 75: # firewall - Program for the firewall setup.
! 76: #
! 77: # -----------
! 78: #
! 79: # Session options:
! 80: #
! 81: # passwd - Password for authentication.
! 82: #
! 83: # -----------
! 84: # type - Tunnel type.
! 85: # 'tun' - IP tunnel (No PPP,Ether,.. headers).
! 86: # 'ether' - Ethernet tunnel.
! 87: # 'tty' - Serial tunnel, PPP, SLIP, etc.
! 88: # 'pipe' - Pipe tunnel.
! 89: # Default type is 'tty'.
! 90: # Ignored by the client.
! 91: #
! 92: # -----------
! 93: # device - Network device.
! 94: # 'tapXX' - for 'ether'
! 95: # 'tunXX' - for 'tun'
! 96: # By default VTun will automatically select available
! 97: # device.
! 98: #
! 99: # -----------
! 100: # proto - Protocol.
! 101: # 'tcp' - TCP protocol.
! 102: # 'udp' - UDP protocol.
! 103: #
! 104: # 'tcp' is default for all tunnel types.
! 105: # 'udp' is recommended for 'ether' and 'tun' only.
! 106: #
! 107: # This option is ignored by the client.
! 108: #
! 109: # -----------
! 110: # persist - Persist mode.
! 111: # 'yes' - Reconnect to the server after connection
! 112: # termination.
! 113: # 'no' - Exit after connection termination (default).
! 114: # Used only by the client.
! 115: #
! 116: # -----------
! 117: # keepalive - Enable 'yes' or disable 'no' connection
! 118: # keep-alive. Ignored by the client.
! 119: #
! 120: # -----------
! 121: # timeout - Connect timeout.
! 122: #
! 123: # -----------
! 124: # compress - Enable 'yes' or disable 'no' compression.
! 125: # It is also possible to specify method:
! 126: # 'zlib' - ZLIB compression
! 127: # 'lzo' - LZO compression
! 128: # and level:
! 129: # from 1(best speed) to 9(best compression)
! 130: # separated by ':'. Default method is 'zlib:1'.
! 131: # Ignored by the client.
! 132: #
! 133: # -----------
! 134: # encrypt - Enable 'yes' or disable 'no' encryption.
! 135: # It is also possible to specify a method:
! 136: # 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
! 137: # 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
! 138: # 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
! 139: # 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
! 140: # 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
! 141: # 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
! 142: # 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
! 143: # 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
! 144: # 'aes128ecb' - AES cipher, 128 bit key, mode ECB
! 145: # 'aes128cbc' - AES cipher, 128 bit key, mode CBC
! 146: # 'aes128cfb' - AES cipher, 128 bit key, mode CFB
! 147: # 'aes128ofb' - AES cipher, 128 bit key, mode OFB
! 148: # 'aes256ecb' - AES cipher, 256 bit key, mode ECB
! 149: # 'aes256cbc' - AES cipher, 256 bit key, mode CBC
! 150: # 'aes256cfb' - AES cipher, 256 bit key, mode CFB
! 151: # 'aes256ofb' - AES cipher, 256 bit key, mode OFB
! 152: # Default method is 'blowfish128ecb'.
! 153: # Ignored by the client.
! 154: #
! 155: # -----------
! 156: # stat - Enable 'yes' or disable 'no' statistics.
! 157: # If enabled vtund will log statistic counters every
! 158: # 5 minutes.
! 159: #
! 160: # -----------
! 161: # speed - Speed of the connection in kilobits/second.
! 162: # 8,16,32,64,128,256,etc.
! 163: # 0 means maximum possible speed without shaping.
! 164: # You can specify speed in form IN:OUT.
! 165: # IN - to the client, OUT - from the client.
! 166: # Single number means same speed for IN and OUT.
! 167: # Ignored by the client.
! 168: #
! 169: # -----------
! 170: # up - List of programs to run after connection has been
! 171: # established. Used to initialize protocols, devices,
! 172: # routing and firewall.
! 173: # Format:
! 174: # up {
! 175: # option .....;
! 176: # option .....;
! 177: # };
! 178: #
! 179: # down - List of programs to run after connection has been
! 180: # terminated. Used to reset protocols, devices, routing
! 181: # and firewall.
! 182: # Format:
! 183: # down {
! 184: # option .....;
! 185: # option .....;
! 186: # };
! 187: #
! 188: # 'up' and 'down' options:
! 189: #
! 190: # program - Run specified program.
! 191: # Format:
! 192: # program path arguments wait;
! 193: #
! 194: # path - Full path to the program.
! 195: # '/bin/sh' will be used if path was omitted.
! 196: #
! 197: # arguments - Arguments to pass to the program.
! 198: # Must be enclosed in double quotes.
! 199: # Special characters and expansions:
! 200: # ' (single quotes) - group arguments
! 201: # \ (back slash) - escape character
! 202: # %%(double percent) - same as %d
! 203: # %d - TUN or TAP device or TTY port name
! 204: # %A - Local IP address
! 205: # %P - Local TCP or UDP port
! 206: # %a - Remote IP address
! 207: # %p - Remote TCP or UDP port
! 208: #
! 209: # wait - Wait for the program termination.
! 210: #
! 211: # ppp - Run program specified by 'ppp' statement in
! 212: # 'options' section.
! 213: # Format:
! 214: # ppp arguments;
! 215: #
! 216: # ifconfig - Run program specified by 'ifconfig' statement in
! 217: # 'options' section.
! 218: # Format:
! 219: # ifconfig arguments;
! 220: #
! 221: # route - Run program specified by 'route' statement in
! 222: # 'options' section.
! 223: # Format:
! 224: # route arguments;
! 225: #
! 226: # firewall - Run program specified by 'firewall' statement in
! 227: # 'options' section.
! 228: # Format:
! 229: # firewall arguments;
! 230: #
! 231: # -----------
! 232: # srcaddr - Local (source) address. Used to force vtund to bind
! 233: # to the specific address and port in client mode.
! 234: # Format:
! 235: # srcaddr {
! 236: # option .....;
! 237: # option .....;
! 238: # };
! 239: #
! 240: # 'srcaddr' options:
! 241: #
! 242: # iface - Use interface address as the Source address.
! 243: # Format:
! 244: # iface if_name;
! 245: #
! 246: # addr - Source address.
! 247: # Format:
! 248: # addr ip_address;
! 249: # addr host_name;
! 250: #
! 251: # port - Source port.
! 252: # Format:
! 253: # port port_no;
! 254: #
! 255: # -----------
! 256: # multi - Multiple connections.
! 257: # 'yes' or 'allow' - allow multiple connections.
! 258: # 'no' or 'deny' - deny multiple connections.
! 259: # 'killold' - allow new connection and kill old one.
! 260: # Ignored by the client.
! 261: #
! 262: # -----------
! 263: # Notes:
! 264: # Options 'Ignored by the client' are provided by server
! 265: # at the connection initialization.
! 266: #
! 267: # Option names cannot be abbreviated.
! 268: #
! 269: # ----- CUT HERE --- Server config --- CUT HERE -----
! 270: #
! 271: options {
! 272: port 5000; # Listen on this port.
! 273: bindaddr { iface lo; }; # Listen only on loopback device.
! 274:
! 275: # Syslog facility
! 276: syslog daemon;
! 277:
! 278: # Path to various programs
! 279: ppp /usr/sbin/pppd;
! 280: ifconfig /sbin/ifconfig;
! 281: route /sbin/route;
! 282: firewall /sbin/ipchains;
! 283: ip /sbin/ip;
! 284: }
! 285:
! 286: # Default session options
! 287: default {
! 288: compress no; # Compression is off by default
! 289: speed 0; # By default maximum speed, NO shaping
! 290: }
! 291:
! 292: # TUN example. Session 'cobra'.
! 293: cobra {
! 294: passwd Ma&^TU; # Password
! 295: type tun; # IP tunnel
! 296: proto udp; # UDP protocol
! 297: compress lzo:9; # LZO compression level 9
! 298: encrypt yes; # Encryption
! 299: keepalive yes; # Keep connection alive
! 300:
! 301: up {
! 302: # Connection is Up
! 303:
! 304: # 10.3.0.1 - local, 10.3.0.2 - remote
! 305: ifconfig "%% 10.3.0.1 pointopoint 10.3.0.2 mtu 1450";
! 306: };
! 307: }
! 308:
! 309: # the same as above, but with iproute2 command
! 310: cobra {
! 311: passwd Ma&^TU; # Password
! 312: type tun; # IP tunnel
! 313: proto udp; # UDP protocol
! 314: compress lzo:9; # LZO compression level 9
! 315: encrypt yes; # Encryption
! 316: keepalive yes; # Keep connection alive
! 317:
! 318: up {
! 319: # Connection is Up
! 320:
! 321: # 10.3.0.1 - local, 10.3.0.2 - remote
! 322: ip "link set %% up multicast off mtu 1450";
! 323: ip "-family inet addr add 10.3.0.1 peer 10.3.0.2 dev %%";
! 324: };
! 325: }
! 326:
! 327:
! 328: # Ethernet example. Session 'lion'.
! 329: lion {
! 330: passwd Ma&^TU; # Password
! 331: type ether; # Ethernet tunnel
! 332: device tap0; # Device tap0
! 333: proto udp; # UDP protocol
! 334: compress lzo:1; # LZO compression level 1
! 335: encrypt yes; # Encryption
! 336: stat yes; # Log connection statistic
! 337: keepalive yes; # Keep connection alive
! 338:
! 339: up {
! 340: # Connection is Up
! 341:
! 342: # Assign IP address
! 343: ifconfig "%% 10.1.0.1 netmask 255.255.255.0";
! 344:
! 345: # Add route to net 10.2.0.0/24
! 346: route "add -net 10.2.0.0 netmask 255.255.255.0 gw 10.1.0.2";
! 347:
! 348: # Enable masquerading for net 10.2.0.0.0/24
! 349: firewall "-A forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
! 350: };
! 351:
! 352: down {
! 353: # Connection is Down
! 354:
! 355: # Shutdown tap device.
! 356: ifconfig "%% down";
! 357:
! 358: # Disable masquerading for net 10.2.0.0.0/24
! 359: firewall "-D forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
! 360: };
! 361: }
! 362:
! 363: # PPP example. Session 'viper'.
! 364: viper {
! 365: passwd TTT$bio; # Password
! 366: compress yes; # ZLIB compression level 1
! 367: encrypt yes; # Encryption
! 368: up {
! 369: # Connection is Up (established)
! 370:
! 371: # Assign IP addresses 10.0.0.1 - local, 10.0.0.2 - remote
! 372: ppp "10.0.0.1:10.0.0.2 proxyarp";
! 373: };
! 374: }
! 375:
! 376: # Pipe example. Session 'backup'.
! 377: backup {
! 378: passwd OnlyME; # Password
! 379: type pipe; # Pipe tunnel
! 380: speed 256:128; # Shaping speed 256K IN and 128K OUT.
! 381: encrypt yes; # Encryption
! 382: up {
! 383: # Connection is Up
! 384:
! 385: # Start shell and tar '/etc' directory to
! 386: # the stdout (pipe tunnel).
! 387: program /bin/sh "-c 'tar cf - /etc/*'";
! 388: };
! 389: }
! 390:
! 391: # TTY example. Session 'sz'.
! 392: # Silly example to show that VTun can tunnel ALMOST
! 393: # anything :-).
! 394: sz {
! 395: passwd OnlyME; # Password
! 396: type tty; # TTY tunnel
! 397: speed 64; # Shaping speed 64K IN/OUT
! 398: encrypt yes; # Encryption
! 399: up {
! 400: # Connection is Up
! 401:
! 402: # Send '/etc/profile' via ZMODEM to the
! 403: # stdout(tty tunnel).
! 404: program /bin/sh "-c 'sz /etc/termcap'";
! 405: };
! 406: }
! 407: #
! 408: # ----- CUT HERE -------- End -------- CUT HERE -----
! 409: #
! 410:
! 411: #
! 412: # ----- CUT HERE --- Client config --- CUT HERE -----
! 413: #
! 414: options {
! 415: port 5000; # Connect to this port.
! 416: timeout 60; # General timeout
! 417:
! 418: # Path to various programs
! 419: ppp /usr/sbin/pppd;
! 420: ifconfig /sbin/ifconfig;
! 421: route /sbin/route;
! 422: firewall /sbin/ipchains;
! 423: ip /sbin/ip;
! 424: }
! 425:
! 426: # TUN example. Session 'cobra'.
! 427: cobra {
! 428: passwd Ma&^TU; # Password
! 429: device tun1; # Device tun1
! 430: persist yes; # Persist mode
! 431: up {
! 432: # Connection is Up
! 433:
! 434: # Assign IP addresses.
! 435: ifconfig "%% 10.3.0.2 pointopoint 10.3.0.1 mtu 1450";
! 436: };
! 437: }
! 438: # same as above, but with iproute2 command
! 439: cobra {
! 440: passwd Ma&^TU; # Password
! 441: device tun1; # Device tun1
! 442: persist yes; # Persist mode
! 443: up {
! 444: # Connection is Up
! 445:
! 446: # Assign IP addresses.
! 447: ip "link set %% up multicast off mtu 1450";
! 448: ip "-family inet addr add 10.3.0.2 peer 10.3.0.1 dev %%";
! 449: };
! 450: }
! 451:
! 452: # Ethernet example. Session 'lion'.
! 453: lion {
! 454: passwd Ma&^TU; # Password
! 455: type ether; # Ethernet tunnel
! 456: device tap1; # Device tap1
! 457: up {
! 458: # Connection is Up
! 459:
! 460: # Assign IP address and netmask.
! 461: ifconfig "%% 10.1.0.2 netmask 255.255.255.0";
! 462: };
! 463: down {
! 464: # Connection is Down
! 465:
! 466: # Shutdown tap device
! 467: ifconfig "%% down";
! 468: };
! 469: }
! 470:
! 471: # PPP example. Session 'viper'.
! 472: viper {
! 473: passwd TTT$bio; # Password
! 474: up {
! 475: # Connection is Up
! 476:
! 477: # IP address will be assigned by the server
! 478: ppp "noipdefault";
! 479: };
! 480: }
! 481:
! 482: # Pipe example. Session 'backup'.
! 483: backup {
! 484: passwd OnlyME; # Password
! 485: up {
! 486: # Connection is Up
! 487:
! 488: # Start shell and untar files from
! 489: # stdin(pipe tunnel).
! 490: program /bin/sh "-c 'cd /tmp; tar xf -";
! 491: };
! 492: }
! 493:
! 494: # TTY example. Session 'sz'.
! 495: # Silly example to show that VTun can tunnel ALMOST
! 496: # anything :-).
! 497: sz {
! 498: passwd OnlyME; # Password
! 499: up {
! 500: # Receive file via ZMODEM from the
! 501: # stdin(tty tunnel).
! 502: program /bin/sh "-c 'cd /tmp; rz'";
! 503: };
! 504: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>