forked from VrayoSystems/vtrunkd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vtrunkd.conf
325 lines (318 loc) · 8.13 KB
/
vtrunkd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
#
# vtrunkd - Virtual link Trunking daemon
# (C) 2015-2016 Vrayo Systems Ltd. team (http://vrayo.com/)
# Copyright (C) 2011 Andrew Gryaznov
# based on
# VTun - Virtual Tunnel over TCP/IP network.
# Copyright (C) 1998-2001 Maxim Krasnyansky <[email protected]>
#
# Cleanup of English and spelling by
# Ted Rolle <[email protected]>
#
# Configuration file example
#
#
# Lines which begin with '#' are comments
#
# File format:
#
# XXXXX {
# option param; option param;
# option param;
# ......
# }
# Where XXXXX:
# options - General options.
# default - default session options.
# session - Session options.
#
# Options _must_ be grouped by curly braces '{' '}'.
# Each option _must_ end with ';'
#
# -----------
# General options:
#
# -----------
# port - Server TCP port number.
#
# -----------
# bindaddr - Server listen address. Used to force vtund to bind
# to the specific address and port in server mode.
# Format:
# bindaddr {
# option .....;
# };
#
# 'bindaddr' options:
#
# iface - Use interface address as the listen address.
# Format:
# iface if_name;
#
# addr - Listen address.
# Format:
# addr ip_address;
# addr host_name;
#
# -----------
# syslog - Syslog facility.
#
# -----------
# timeout - General timeout.
#
# -----------
# ifconfig - Program for the net interface initialization.
#
# -----------
# route - Program for the routing table manipulation.
#
# -----------
# firewall - Program for the firewall setup.
#
# -----------
#
# Session options:
#
# passwd - Password for authentication.
#
# -----------
# type - Tunnel type.
# 'tun' - IP tunnel (No PPP,Ether,.. headers).
# Must be set. No other types currently supported.
#
# -----------
# device - Network device.
# 'tunXX' - for 'tun'
# Must be set. Vtrunkd uses this value to distinguish
# process groups.
#
# -----------
# proto - Protocol.
# ignored
#
# 'tcp' is default for all tunnel types.
#
# -----------
# persist - Persist mode.
# 'yes' - Reconnect to the server after connection
# termination.
# 'no' - Exit after connection termination (default).
# Used only by the client.
#
# -----------
# keepalive - Enable 'yes' or disable 'no' connection
# keep-alive. Ignored by the client.
#
# -----------
# timeout - Connect timeout.
#
# ---------------------------------------
# compression and encryption is not yet supported by vtruunkd
# -----------
# compress - Enable 'yes' or disable 'no' compression.
# It is also possible to specify method:
# 'zlib' - ZLIB compression
# 'lzo' - LZO compression
# and level:
# from 1(best speed) to 9(best compression)
# separated by ':'. Default method is 'zlib:1'.
# Ignored by the client.
#
# -----------
# encrypt - Enable 'yes' or disable 'no' encryption.
# It is also possible to specify a method:
# 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
# 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
# 'aes128ecb' - AES cipher, 128 bit key, mode ECB
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB
# 'aes256ecb' - AES cipher, 256 bit key, mode ECB
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB
# Default method is 'blowfish128ecb'.
# Ignored by the client.
#
# -----------
# stats are not supported by vtrunkd yet; separate module on the way
# -----------
# stat - Enable 'yes' or disable 'no' statistics.
# If enabled vtund will log statistic counters every
# 5 minutes.
#
# -----------
# up - List of programs to run after connection has been
# established. Used to initialize protocols, devices,
# routing and firewall.
# Format:
# up {
# option .....;
# option .....;
# };
#
# down - List of programs to run after connection has been
# terminated. Used to reset protocols, devices, routing
# and firewall.
# Format:
# down {
# option .....;
# option .....;
# };
#
# 'up' and 'down' options:
#
# program - Run specified program.
# Format:
# program path arguments wait;
#
# path - Full path to the program.
# '/bin/sh' will be used if path was omitted.
#
# arguments - Arguments to pass to the program.
# Must be enclosed in double quotes.
# Special characters and expansions:
# ' (single quotes) - group arguments
# \ (back slash) - escape character
# %%(double percent) - same as %d
# %d - TUN or TAP device or TTY port name
# %A - Local IP address
# %P - Local TCP or UDP port
# %a - Remote IP address
# %p - Remote TCP or UDP port
#
# wait - Wait for the program termination.
#
# ifconfig - Run program specified by 'ifconfig' statement in
# 'options' section.
# Format:
# ifconfig arguments;
#
# route - Run program specified by 'route' statement in
# 'options' section.
# Format:
# route arguments;
#
# firewall - Run program specified by 'firewall' statement in
# 'options' section.
# Format:
# firewall arguments;
#
# -----------
# srcaddr - Local (source) address. Used to force vtund to bind
# to the specific address and port in client mode.
# Format:
# srcaddr {
# option .....;
# option .....;
# };
#
# 'srcaddr' options:
#
# iface - Use interface address as the Source address.
# Format:
# iface if_name;
#
# addr - Source address.
# Format:
# addr ip_address;
# addr host_name;
#
# port - Source port.
# Format:
# port port_no;
#
# -----------
# multi - Multiple connections.
# 'yes' or 'allow' - allow multiple connections.
# 'no' or 'deny' - deny multiple connections.
# 'killold' - allow new connection and kill old one.
# Ignored by the client.
#
# -----------
# Notes:
# Options 'Ignored by the client' are provided by server
# at the connection initialization.
#
# Option names cannot be abbreviated.
#
# ----- CUT HERE --- Server config --- CUT HERE -----
#
options {
port 5000; # Listen on this port.
timeout 5;
max_tunnels_num 10;
# Syslog facility
syslog daemon;
# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/iptables;
ip /sbin/ip;
}
# Default session options
default {
compress no; # Compression is off by default
speed 0; # By default maximum speed, NO shaping
proto tcp; # UDP|TCP protocol
encrypt no; # Encryption
keepalive yes; # Keep connection alive
multi killold; # has no effect now
stat yes;
tick_secs 3;
max_latency 2000;
max_latency_drop 50;
max_idle_timeout 20;
ping_interval 2;
tun_txqueue_len 4000;
tcp_conn_amount 1;
type tun;
}
000000_1 { # name is required to have a distinguishing last 2 characters like _1,_2,_3,_4 ... or AA,AB, etc. for a group
passwd testpasswd;
device tun10;
up {
ifconfig "%% 10.0.0.1 pointopoint 10.0.0.2 mtu 1350 up";
};
down {
ifconfig "%% down";
};
}
000000_2 {
passwd testpasswd;
device tun10;
up {
ifconfig "%% 10.0.0.1 pointopoint 10.0.0.2 mtu 1350 up";
};
down {
ifconfig "%% down";
};
}
000000_3 {
passwd testpasswd;
device tun10;
up {
ifconfig "%% 10.0.0.1 pointopoint 10.0.0.2 mtu 1350 up";
};
down {
ifconfig "%% down";
};
}
000000_4 {
passwd testpasswd;
device tun10;
up {
ifconfig "%% 10.0.0.1 pointopoint 10.0.0.2 mtu 1350 up";
};
down {
ifconfig "%% down";
};
}
# see vtrunkd_client.conf file for client config example