# # VTun - Virtual Tunnel over TCP/IP network. # Copyright (C) 1998-2000 Maxim Krasnyansky # # Cleanup of English and spelling by # Ted Rolle # # Configuration file example # $Id: vtund.conf,v 1.1.1.2.2.1 2000/10/29 19:30:30 maxk Exp $ # # # Lines which begin with '#' are comments # # File format: # # XXXXX { # option param; option param; # option param; # ...... # } # Where XXXXX: # options - General options. # default - default session options. # session - Session options. # # Options _must_ be grouped by curly braces '{' '}'. # Each option _must_ end with ';' # # ----------- # General options: # # type - Server type. # 'stand' - Stand alone server (default). # 'inetd' - Started by inetd. # Used only by the server. # # ----------- # port - Server TCP port number. # # ----------- # timeout - General VTun timeout. # # ----------- # ppp - Program for the ppp initialization. # # ----------- # ifconfig - Program for the net interface initialization. # # ----------- # route - Program for the routing table manipulation. # # ----------- # firewall - Program for the firewall setup. # # ----------- # # Session options: # # passwd - Password for authentication. # # ----------- # type - Tunnel type. # 'tun' - IP tunnel (No PPP,Ether,.. headers). # 'ether' - Ethernet tunnel. # 'tty' - Serial tunnel, PPP, SLIP, etc. # 'pipe' - Pipe tunnel. # Default type is 'tty'. # Ignored by the client. # # ----------- # device - Network device. # 'tapXX' - for 'ether' # 'tunXX' - for 'tun' # By default VTun will automatically select available # device. # # ----------- # proto - Protocol. # 'tcp' - TCP protocol. # 'udp' - UDP protocol. # # 'tcp' is default for all tunnel types. # 'udp' is recommended for 'ether' and 'tun' only. # # This option is ignored by the client. # # ----------- # persist - Persist mode. # 'yes' - Reconnect to the server after connection # termination. # 'no' - Exit after connection termination (default). # Used only by the client. # # ----------- # keepalive - Enable 'yes' or disable 'no' connection # keep-alive. Ignored by the client. # # ----------- # timeout - Connect timeout. # # ----------- # compress - Enable 'yes' or disable 'no' compression. # It is also possible to specify method: # 'zlib' - ZLIB compression # 'lzo' - LZO compression # and level: # from 1(best speed) to 9(best compression) # separated by ':'. Default method is 'zlib:1'. # Ignored by the client. # # ----------- # encrypt - Enable 'yes' or disable 'no' encryption. # Ignored by the client. # # ----------- # stat - Enable 'yes' or disable 'no' statistics. # If enabled vtund will log statistic counters every # 5 minutes. # # ----------- # speed - Speed of the connection in kilobits/second. # 8,16,32,64,128,256,etc. # 0 means maximum possible speed without shaping. # You can specify speed in form IN:OUT. # IN - to the client, OUT - from the client. # Single number means same speed for IN and OUT. # Ignored by the client. # # ----------- # up - List of programs to run after connection has been # established. Used to initialize protocols, devices, # routing and firewall. # Format: # up { # option .....; # option .....; # }; # # down - List of programs to run after connection has been # terminated. Used to reset protocols, devices, routing # and firewall. # Format: # down { # option .....; # option .....; # }; # # 'up' and 'down' options: # # program - Run specified program. # Format: # program path arguments wait; # # path - Full path to the program. # '/bin/sh' will be used if path was omitted. # # arguments - Arguments to pass to the program. # Must be enclosed in double quotes. # Special characters and expansions: # ' (single quotes) - group arguments # \ (back slash) - escape character # %%(double percent) - same as %d # %d - TUN or TAP device or TTY port name # %A - Local IP address # %P - Local TCP or UDP port # %a - Remote IP address # %p - Remote TCP or UDP port # # wait - Wait for the program termination. # # ppp - Run program specified by 'ppp' statement in # 'options' section. # Format: # ppp arguments; # # ifconfig - Run program specified by 'ifconfig' statement in # 'options' section. # Format: # ifconfig arguments; # # route - Run program specified by 'route' statement in # 'options' section. # Format: # route arguments; # # firewall - Run program specified by 'firewall' statement in # 'options' section. # Format: # firewall arguments; # # ----------- # srcaddr - Local (source) address. Used to force vtund to bind # to the specific address and port. # Format: # srcaddr { # option .....; # option .....; # }; # # 'srcaddr' options: # # iface - Use interface address as the Source address. # Format: # iface if_name; # # addr - Source address. # Format: # addr ip_address; # addr host_name; # # port - Source port. # Format: # port port_no; # # ----------- # multi - Multiple connections. # 'yes' or 'allow' - allow multiple connections. # 'no' or 'deny' - deny multiple connections. # 'killold' - allow new connection and kill old one. # Ignored by the client. # # ----------- # Notes: # Options 'Ignored by the client' are provided by server # at the connection initialization. # # Option names can be abbreviated to a minimum of 4 characters. # # ----- CUT HERE --- Server config --- CUT HERE ----- # options { port 5000; # Listen on this port. # Path to various programs ppp /usr/sbin/pppd; ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipchains; } # Default session options default { compress no; # Compression is off by default speed 0; # By default maximum speed, NO shaping } # TUN example. Session 'cobra'. # CONFIG NAME MUST MATCH ON CLIENT MyConfig { pass MYPASSWORD; # Password type tun; # IP tunnel #proto udp; # UDP protocol #comp lzo:9; # LZO compression level 9 encr yes; # Encryption - I don't use it since I tunnel over ssh, but you should unless you do the same (or similar) keepalive yes; # Keep connection alive up { # Connection is Up # Assign IP addresses. I recommend using the same network as your LAN. # Just make sure that neither the near, nor far addresses are in use. # This configures the tun interface to be MYADDRESS CLIENTADDRESS. # Note that these MUST MATCH the REVERSE on the client side ifconfig "%% 192.168.1.254 192.168.1.244"; }; }