Annotation of elwix/config/etc/default/vtund.conf.example, revision 1.1.1.1
1.1 misho 1: #
2: # VTun - Virtual Tunnel over TCP/IP network.
3: # Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
4: #
5: # Cleanup of English and spelling by
6: # Ted Rolle <ted@acacia.datacomm.com>
7: #
8: # Configuration file example
9: # $Id: vtund.conf.example,v 1.1.2.1 2010/05/07 21:41:02 misho Exp $
10: #
11: #
12: # Lines which begin with '#' are comments
13: #
14: # File format:
15: #
16: # XXXXX {
17: # option param; option param;
18: # option param;
19: # ......
20: # }
21: # Where XXXXX:
22: # options - General options.
23: # default - default session options.
24: # session - Session options.
25: #
26: # Options _must_ be grouped by curly braces '{' '}'.
27: # Each option _must_ end with ';'
28: #
29: # -----------
30: # General options:
31: #
32: # type - Server type.
33: # 'stand' - Stand alone server (default).
34: # 'inetd' - Started by inetd.
35: # Used only by the server.
36: #
37: # -----------
38: # port - Server TCP port number.
39: #
40: # -----------
41: # bindaddr - Server listen address. Used to force vtund to bind
42: # to the specific address and port in server mode.
43: # Format:
44: # bindaddr {
45: # option .....;
46: # };
47: #
48: # 'bindaddr' options:
49: #
50: # iface - Use interface address as the listen address.
51: # Format:
52: # iface if_name;
53: #
54: # addr - Listen address.
55: # Format:
56: # addr ip_address;
57: # addr host_name;
58: #
59: # -----------
60: # syslog - Syslog facility.
61: #
62: # -----------
63: # timeout - General VTun timeout.
64: #
65: # -----------
66: # ppp - Program for the ppp initialization.
67: #
68: # -----------
69: # ifconfig - Program for the net interface initialization.
70: #
71: # -----------
72: # route - Program for the routing table manipulation.
73: #
74: # -----------
75: # firewall - Program for the firewall setup.
76: #
77: # -----------
78: #
79: # Session options:
80: #
81: # passwd - Password for authentication.
82: #
83: # -----------
84: # type - Tunnel type.
85: # 'tun' - IP tunnel (No PPP,Ether,.. headers).
86: # 'ether' - Ethernet tunnel.
87: # 'tty' - Serial tunnel, PPP, SLIP, etc.
88: # 'pipe' - Pipe tunnel.
89: # Default type is 'tty'.
90: # Ignored by the client.
91: #
92: # -----------
93: # device - Network device.
94: # 'tapXX' - for 'ether'
95: # 'tunXX' - for 'tun'
96: # By default VTun will automatically select available
97: # device.
98: #
99: # -----------
100: # proto - Protocol.
101: # 'tcp' - TCP protocol.
102: # 'udp' - UDP protocol.
103: #
104: # 'tcp' is default for all tunnel types.
105: # 'udp' is recommended for 'ether' and 'tun' only.
106: #
107: # This option is ignored by the client.
108: #
109: # -----------
110: # persist - Persist mode.
111: # 'yes' - Reconnect to the server after connection
112: # termination.
113: # 'no' - Exit after connection termination (default).
114: # Used only by the client.
115: #
116: # -----------
117: # keepalive - Enable 'yes' or disable 'no' connection
118: # keep-alive. Ignored by the client.
119: #
120: # -----------
121: # timeout - Connect timeout.
122: #
123: # -----------
124: # compress - Enable 'yes' or disable 'no' compression.
125: # It is also possible to specify method:
126: # 'zlib' - ZLIB compression
127: # 'lzo' - LZO compression
128: # and level:
129: # from 1(best speed) to 9(best compression)
130: # separated by ':'. Default method is 'zlib:1'.
131: # Ignored by the client.
132: #
133: # -----------
134: # encrypt - Enable 'yes' or disable 'no' encryption.
135: # It is also possible to specify a method:
136: # 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
137: # 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
138: # 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
139: # 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
140: # 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
141: # 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
142: # 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
143: # 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
144: # 'aes128ecb' - AES cipher, 128 bit key, mode ECB
145: # 'aes128cbc' - AES cipher, 128 bit key, mode CBC
146: # 'aes128cfb' - AES cipher, 128 bit key, mode CFB
147: # 'aes128ofb' - AES cipher, 128 bit key, mode OFB
148: # 'aes256ecb' - AES cipher, 256 bit key, mode ECB
149: # 'aes256cbc' - AES cipher, 256 bit key, mode CBC
150: # 'aes256cfb' - AES cipher, 256 bit key, mode CFB
151: # 'aes256ofb' - AES cipher, 256 bit key, mode OFB
152: # Default method is 'blowfish128ecb'.
153: # Ignored by the client.
154: #
155: # -----------
156: # stat - Enable 'yes' or disable 'no' statistics.
157: # If enabled vtund will log statistic counters every
158: # 5 minutes.
159: #
160: # -----------
161: # speed - Speed of the connection in kilobits/second.
162: # 8,16,32,64,128,256,etc.
163: # 0 means maximum possible speed without shaping.
164: # You can specify speed in form IN:OUT.
165: # IN - to the client, OUT - from the client.
166: # Single number means same speed for IN and OUT.
167: # Ignored by the client.
168: #
169: # -----------
170: # up - List of programs to run after connection has been
171: # established. Used to initialize protocols, devices,
172: # routing and firewall.
173: # Format:
174: # up {
175: # option .....;
176: # option .....;
177: # };
178: #
179: # down - List of programs to run after connection has been
180: # terminated. Used to reset protocols, devices, routing
181: # and firewall.
182: # Format:
183: # down {
184: # option .....;
185: # option .....;
186: # };
187: #
188: # 'up' and 'down' options:
189: #
190: # program - Run specified program.
191: # Format:
192: # program path arguments wait;
193: #
194: # path - Full path to the program.
195: # '/bin/sh' will be used if path was omitted.
196: #
197: # arguments - Arguments to pass to the program.
198: # Must be enclosed in double quotes.
199: # Special characters and expansions:
200: # ' (single quotes) - group arguments
201: # \ (back slash) - escape character
202: # %%(double percent) - same as %d
203: # %d - TUN or TAP device or TTY port name
204: # %A - Local IP address
205: # %P - Local TCP or UDP port
206: # %a - Remote IP address
207: # %p - Remote TCP or UDP port
208: #
209: # wait - Wait for the program termination.
210: #
211: # ppp - Run program specified by 'ppp' statement in
212: # 'options' section.
213: # Format:
214: # ppp arguments;
215: #
216: # ifconfig - Run program specified by 'ifconfig' statement in
217: # 'options' section.
218: # Format:
219: # ifconfig arguments;
220: #
221: # route - Run program specified by 'route' statement in
222: # 'options' section.
223: # Format:
224: # route arguments;
225: #
226: # firewall - Run program specified by 'firewall' statement in
227: # 'options' section.
228: # Format:
229: # firewall arguments;
230: #
231: # -----------
232: # srcaddr - Local (source) address. Used to force vtund to bind
233: # to the specific address and port in client mode.
234: # Format:
235: # srcaddr {
236: # option .....;
237: # option .....;
238: # };
239: #
240: # 'srcaddr' options:
241: #
242: # iface - Use interface address as the Source address.
243: # Format:
244: # iface if_name;
245: #
246: # addr - Source address.
247: # Format:
248: # addr ip_address;
249: # addr host_name;
250: #
251: # port - Source port.
252: # Format:
253: # port port_no;
254: #
255: # -----------
256: # multi - Multiple connections.
257: # 'yes' or 'allow' - allow multiple connections.
258: # 'no' or 'deny' - deny multiple connections.
259: # 'killold' - allow new connection and kill old one.
260: # Ignored by the client.
261: #
262: # -----------
263: # Notes:
264: # Options 'Ignored by the client' are provided by server
265: # at the connection initialization.
266: #
267: # Option names cannot be abbreviated.
268: #
269: # ----- CUT HERE --- Server config --- CUT HERE -----
270: #
271: options {
272: port 5000; # Listen on this port.
273: bindaddr { iface lo; }; # Listen only on loopback device.
274:
275: # Syslog facility
276: syslog daemon;
277:
278: # Path to various programs
279: ppp /usr/sbin/pppd;
280: ifconfig /sbin/ifconfig;
281: route /sbin/route;
282: firewall /sbin/ipchains;
283: ip /sbin/ip;
284: }
285:
286: # Default session options
287: default {
288: compress no; # Compression is off by default
289: speed 0; # By default maximum speed, NO shaping
290: }
291:
292: # TUN example. Session 'cobra'.
293: cobra {
294: passwd Ma&^TU; # Password
295: type tun; # IP tunnel
296: proto udp; # UDP protocol
297: compress lzo:9; # LZO compression level 9
298: encrypt yes; # Encryption
299: keepalive yes; # Keep connection alive
300:
301: up {
302: # Connection is Up
303:
304: # 10.3.0.1 - local, 10.3.0.2 - remote
305: ifconfig "%% 10.3.0.1 pointopoint 10.3.0.2 mtu 1450";
306: };
307: }
308:
309: # the same as above, but with iproute2 command
310: cobra {
311: passwd Ma&^TU; # Password
312: type tun; # IP tunnel
313: proto udp; # UDP protocol
314: compress lzo:9; # LZO compression level 9
315: encrypt yes; # Encryption
316: keepalive yes; # Keep connection alive
317:
318: up {
319: # Connection is Up
320:
321: # 10.3.0.1 - local, 10.3.0.2 - remote
322: ip "link set %% up multicast off mtu 1450";
323: ip "-family inet addr add 10.3.0.1 peer 10.3.0.2 dev %%";
324: };
325: }
326:
327:
328: # Ethernet example. Session 'lion'.
329: lion {
330: passwd Ma&^TU; # Password
331: type ether; # Ethernet tunnel
332: device tap0; # Device tap0
333: proto udp; # UDP protocol
334: compress lzo:1; # LZO compression level 1
335: encrypt yes; # Encryption
336: stat yes; # Log connection statistic
337: keepalive yes; # Keep connection alive
338:
339: up {
340: # Connection is Up
341:
342: # Assign IP address
343: ifconfig "%% 10.1.0.1 netmask 255.255.255.0";
344:
345: # Add route to net 10.2.0.0/24
346: route "add -net 10.2.0.0 netmask 255.255.255.0 gw 10.1.0.2";
347:
348: # Enable masquerading for net 10.2.0.0.0/24
349: firewall "-A forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
350: };
351:
352: down {
353: # Connection is Down
354:
355: # Shutdown tap device.
356: ifconfig "%% down";
357:
358: # Disable masquerading for net 10.2.0.0.0/24
359: firewall "-D forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
360: };
361: }
362:
363: # PPP example. Session 'viper'.
364: viper {
365: passwd TTT$bio; # Password
366: compress yes; # ZLIB compression level 1
367: encrypt yes; # Encryption
368: up {
369: # Connection is Up (established)
370:
371: # Assign IP addresses 10.0.0.1 - local, 10.0.0.2 - remote
372: ppp "10.0.0.1:10.0.0.2 proxyarp";
373: };
374: }
375:
376: # Pipe example. Session 'backup'.
377: backup {
378: passwd OnlyME; # Password
379: type pipe; # Pipe tunnel
380: speed 256:128; # Shaping speed 256K IN and 128K OUT.
381: encrypt yes; # Encryption
382: up {
383: # Connection is Up
384:
385: # Start shell and tar '/etc' directory to
386: # the stdout (pipe tunnel).
387: program /bin/sh "-c 'tar cf - /etc/*'";
388: };
389: }
390:
391: # TTY example. Session 'sz'.
392: # Silly example to show that VTun can tunnel ALMOST
393: # anything :-).
394: sz {
395: passwd OnlyME; # Password
396: type tty; # TTY tunnel
397: speed 64; # Shaping speed 64K IN/OUT
398: encrypt yes; # Encryption
399: up {
400: # Connection is Up
401:
402: # Send '/etc/profile' via ZMODEM to the
403: # stdout(tty tunnel).
404: program /bin/sh "-c 'sz /etc/termcap'";
405: };
406: }
407: #
408: # ----- CUT HERE -------- End -------- CUT HERE -----
409: #
410:
411: #
412: # ----- CUT HERE --- Client config --- CUT HERE -----
413: #
414: options {
415: port 5000; # Connect to this port.
416: timeout 60; # General timeout
417:
418: # Path to various programs
419: ppp /usr/sbin/pppd;
420: ifconfig /sbin/ifconfig;
421: route /sbin/route;
422: firewall /sbin/ipchains;
423: ip /sbin/ip;
424: }
425:
426: # TUN example. Session 'cobra'.
427: cobra {
428: passwd Ma&^TU; # Password
429: device tun1; # Device tun1
430: persist yes; # Persist mode
431: up {
432: # Connection is Up
433:
434: # Assign IP addresses.
435: ifconfig "%% 10.3.0.2 pointopoint 10.3.0.1 mtu 1450";
436: };
437: }
438: # same as above, but with iproute2 command
439: cobra {
440: passwd Ma&^TU; # Password
441: device tun1; # Device tun1
442: persist yes; # Persist mode
443: up {
444: # Connection is Up
445:
446: # Assign IP addresses.
447: ip "link set %% up multicast off mtu 1450";
448: ip "-family inet addr add 10.3.0.2 peer 10.3.0.1 dev %%";
449: };
450: }
451:
452: # Ethernet example. Session 'lion'.
453: lion {
454: passwd Ma&^TU; # Password
455: type ether; # Ethernet tunnel
456: device tap1; # Device tap1
457: up {
458: # Connection is Up
459:
460: # Assign IP address and netmask.
461: ifconfig "%% 10.1.0.2 netmask 255.255.255.0";
462: };
463: down {
464: # Connection is Down
465:
466: # Shutdown tap device
467: ifconfig "%% down";
468: };
469: }
470:
471: # PPP example. Session 'viper'.
472: viper {
473: passwd TTT$bio; # Password
474: up {
475: # Connection is Up
476:
477: # IP address will be assigned by the server
478: ppp "noipdefault";
479: };
480: }
481:
482: # Pipe example. Session 'backup'.
483: backup {
484: passwd OnlyME; # Password
485: up {
486: # Connection is Up
487:
488: # Start shell and untar files from
489: # stdin(pipe tunnel).
490: program /bin/sh "-c 'cd /tmp; tar xf -";
491: };
492: }
493:
494: # TTY example. Session 'sz'.
495: # Silly example to show that VTun can tunnel ALMOST
496: # anything :-).
497: sz {
498: passwd OnlyME; # Password
499: up {
500: # Receive file via ZMODEM from the
501: # stdin(tty tunnel).
502: program /bin/sh "-c 'cd /tmp; rz'";
503: };
504: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>