#
# VTun - Virtual Tunnel over TCP/IP network.
# Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
#
# Cleanup of English and spelling by
# Ted Rolle <ted@acacia.datacomm.com>
#
# Configuration file example
# $Id: vtund.conf,v 1.4.2.5 2012/07/07 07:14:17 mtbishop Exp $
#
#
# Lines which begin with '#' are comments
#
# File format:
#
# XXXXX {
# option param; option param;
# option param;
# ......
# }
# Where XXXXX:
# options - General options.
# default - default session options.
# session - Session options.
#
# Options _must_ be grouped by curly braces '{' '}'.
# Each option _must_ end with ';'
#
# -----------
# General options:
#
# type - Server type.
# 'stand' - Stand alone server (default).
# 'inetd' - Started by inetd.
# Used only by the server.
#
# -----------
# port - Server TCP port number.
#
# -----------
# bindaddr - Server listen address. Used to force vtund to bind
# to the specific address and port in server mode.
# Format:
# bindaddr {
# option .....;
# };
#
# 'bindaddr' options:
#
# iface - Use interface address as the listen address.
# Format:
# iface if_name;
#
# addr - Listen address.
# Format:
# addr ip_address;
# addr host_name;
#
# -----------
# syslog - Syslog facility.
#
# -----------
# timeout - General VTun timeout.
#
# -----------
# ppp - Program for the ppp initialization.
#
# -----------
# ifconfig - Program for the net interface initialization.
#
# -----------
# route - Program for the routing table manipulation.
#
# -----------
# firewall - Program for the firewall setup.
#
# -----------
#
# Session options:
#
# passwd - Password for authentication.
#
# -----------
# type - Tunnel type.
# 'tun' - IP tunnel (No PPP,Ether,.. headers).
# 'ether' - Ethernet tunnel.
# 'tty' - Serial tunnel, PPP, SLIP, etc.
# 'pipe' - Pipe tunnel.
# Default type is 'tty'.
# Ignored by the client.
#
# -----------
# device - Network device.
# 'tapXX' - for 'ether'
# 'tunXX' - for 'tun'
# By default VTun will automatically select available
# device.
#
# -----------
# proto - Protocol.
# 'tcp' - TCP protocol.
# 'udp' - UDP protocol.
#
# 'tcp' is default for all tunnel types.
# 'udp' is recommended for 'ether' and 'tun' only.
#
# This option is ignored by the client.
#
# -----------
# nat_hack - Delay UDP set-up connection until Server or Client sends
# a UDP packet, depending on setting. Useful to work around
# routers which use mismatched port numbers for UDP traffic.
#
# 'client' - Delay UDP set-up on the client side
# 'server' - Delay UDP set-up on the server side.
# 'no' - Disable the NAT hack on both sides (default).
#
# Setting 'nat_hack client' on the server or 'nat_hack server'
# on the client is ignored. Please see the vtund.conf man page
# for more details and security information.
#
# -----------
# persist - Persist mode.
# 'yes' - Reconnect to the server after connection
# termination.
# 'no' - Exit after connection termination (default).
# Used only by the client.
#
# -----------
# keepalive - Enable 'yes' or disable 'no' connection
# keep-alive. Ignored by the client.
#
# May be in the form 'interval:count', where 'interval' is the
# period of connection checks and 'count' is the maximum number
# of retries. 'yes' is equivalent to '30:4'.
#
# -----------
# timeout - Connect timeout.
#
# -----------
# compress - Enable 'yes' or disable 'no' compression.
# It is also possible to specify a method:
# 'zlib' - ZLIB compression
# 'lzo' - LZO compression
# and level:
# from 1(best speed) to 9(best compression)
# separated by ':'. Default method is 'zlib:1'.
# Ignored by the client.
#
# -----------
# encrypt - Enable 'yes' or disable 'no' encryption.
# It is also possible to specify a method:
# 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
# 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
# 'aes128ecb' - AES cipher, 128 bit key, mode ECB
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB
# 'aes256ecb' - AES cipher, 256 bit key, mode ECB
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB
#
# A special encryption method is provided for use with clients
# running pre-3.0 versions:
# 'oldblowfish128ecb' - Blowfish cipher, 128bit key, mode ECB
#
# Default method is 'blowfish128ecb'.
# Ignored by the client.
#
# -----------
# stat - Enable 'yes' or disable 'no' statistics.
# If enabled vtund will log statistic counters every
# 5 minutes.
#
# -----------
# speed - Speed of the connection in kilobits/second.
# 8,16,32,64,128,256,etc.
# 0 means maximum possible speed without shaping.
# You can specify speed in form IN:OUT.
# IN - to the client, OUT - from the client.
# Single number means same speed for IN and OUT.
# Ignored by the client.
#
# -----------
# up - List of programs to run after connection has been
# established. Used to initialize protocols, devices,
# routing and firewall.
# Format:
# up {
# option .....;
# option .....;
# };
#
# down - List of programs to run after connection has been
# terminated. Used to reset protocols, devices, routing
# and firewall.
# Format:
# down {
# option .....;
# option .....;
# };
#
# 'up' and 'down' options:
#
# program - Run specified program.
# Format:
# program path arguments wait;
#
# path - Full path to the program.
# '/bin/sh' will be used if path was omitted.
#
# arguments - Arguments to pass to the program.
# Must be enclosed in double quotes.
# Special characters and expansions:
# ' (single quotes) - group arguments
# \ (back slash) - escape character
# %%(double percent) - same as %d
# %d - TUN or TAP device or TTY port name
# %A - Local IP address
# %P - Local TCP or UDP port
# %a - Remote IP address
# %p - Remote TCP or UDP port
#
# wait - Wait for the program termination.
#
# ppp - Run program specified by 'ppp' statement in
# 'options' section.
# Format:
# ppp arguments;
#
# ifconfig - Run program specified by 'ifconfig' statement in
# 'options' section.
# Format:
# ifconfig arguments;
#
# route - Run program specified by 'route' statement in
# 'options' section.
# Format:
# route arguments;
#
# firewall - Run program specified by 'firewall' statement in
# 'options' section.
# Format:
# firewall arguments;
#
# -----------
# srcaddr - Local (source) address. Used to force vtund to bind
# to the specific address and port in client mode.
# Format:
# srcaddr {
# option .....;
# option .....;
# };
#
# 'srcaddr' options:
#
# iface - Use interface address as the Source address.
# Format:
# iface if_name;
#
# addr - Source address.
# Format:
# addr ip_address;
# addr host_name;
#
# port - Source port.
# Format:
# port port_no;
#
# -----------
# multi - Multiple connections.
# 'yes' or 'allow' - allow multiple connections.
# 'no' or 'deny' - deny multiple connections.
# 'killold' - allow new connection and kill old one.
# Ignored by the client.
#
# -----------
# Notes:
# Options 'Ignored by the client' are provided by server
# at the connection initialization.
#
# Option names cannot be abbreviated.
#
# ----- CUT HERE --- Server config --- CUT HERE -----
#
options {
port 5000; # Listen on this port.
bindaddr { iface lo; }; # Listen only on loopback device.
# Syslog facility
syslog daemon;
# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}
# Default session options
default {
compress no; # Compression is off by default
speed 0; # By default maximum speed, NO shaping
}
# TUN example. Session 'cobra'.
cobra {
passwd Ma&^TU; # Password
type tun; # IP tunnel
proto udp; # UDP protocol
compress lzo:9; # LZO compression level 9
encrypt yes; # Encryption
keepalive yes; # Keep connection alive
up {
# Connection is Up
# 10.3.0.1 - local, 10.3.0.2 - remote
ifconfig "%% 10.3.0.1 pointopoint 10.3.0.2 mtu 1450";
};
}
# the same as above, but with iproute2 command
cobra {
passwd Ma&^TU; # Password
type tun; # IP tunnel
proto udp; # UDP protocol
compress lzo:9; # LZO compression level 9
encrypt yes; # Encryption
keepalive yes; # Keep connection alive
up {
# Connection is Up
# 10.3.0.1 - local, 10.3.0.2 - remote
ip "link set %% up multicast off mtu 1450";
ip "-family inet addr add 10.3.0.1 peer 10.3.0.2 dev %%";
};
}
# Ethernet example. Session 'lion'.
lion {
passwd Ma&^TU; # Password
type ether; # Ethernet tunnel
device tap0; # Device tap0
proto udp; # UDP protocol
compress lzo:1; # LZO compression level 1
encrypt yes; # Encryption
stat yes; # Log connection statistic
keepalive yes; # Keep connection alive
up {
# Connection is Up
# Assign IP address
ifconfig "%% 10.1.0.1 netmask 255.255.255.0";
# Add route to net 10.2.0.0/24
route "add -net 10.2.0.0 netmask 255.255.255.0 gw 10.1.0.2";
# Enable masquerading for net 10.2.0.0.0/24
firewall "-A forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
};
down {
# Connection is Down
# Shutdown tap device.
ifconfig "%% down";
# Disable masquerading for net 10.2.0.0.0/24
firewall "-D forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
};
}
# PPP example. Session 'viper'.
viper {
passwd TTT$bio; # Password
compress yes; # ZLIB compression level 1
encrypt yes; # Encryption
up {
# Connection is Up (established)
# Assign IP addresses 10.0.0.1 - local, 10.0.0.2 - remote
ppp "10.0.0.1:10.0.0.2 proxyarp";
};
}
# Pipe example. Session 'backup'.
backup {
passwd OnlyME; # Password
type pipe; # Pipe tunnel
speed 256:128; # Shaping speed 256K IN and 128K OUT.
encrypt yes; # Encryption
up {
# Connection is Up
# Start shell and tar '/etc' directory to
# the stdout (pipe tunnel).
program /bin/sh "-c 'tar cf - /etc/*'";
};
}
# TTY example. Session 'sz'.
# Silly example to show that VTun can tunnel ALMOST
# anything :-).
sz {
passwd OnlyME; # Password
type tty; # TTY tunnel
speed 64; # Shaping speed 64K IN/OUT
encrypt yes; # Encryption
up {
# Connection is Up
# Send '/etc/profile' via ZMODEM to the
# stdout(tty tunnel).
program /bin/sh "-c 'sz /etc/termcap'";
};
}
#
# ----- CUT HERE -------- End -------- CUT HERE -----
#
#
# ----- CUT HERE --- Client config --- CUT HERE -----
#
options {
port 5000; # Connect to this port.
timeout 60; # General timeout
# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}
# TUN example. Session 'cobra'.
cobra {
passwd Ma&^TU; # Password
device tun1; # Device tun1
persist yes; # Persist mode
up {
# Connection is Up
# Assign IP addresses.
ifconfig "%% 10.3.0.2 pointopoint 10.3.0.1 mtu 1450";
};
}
# same as above, but with iproute2 command
cobra {
passwd Ma&^TU; # Password
device tun1; # Device tun1
persist yes; # Persist mode
up {
# Connection is Up
# Assign IP addresses.
ip "link set %% up multicast off mtu 1450";
ip "-family inet addr add 10.3.0.2 peer 10.3.0.1 dev %%";
};
}
# Ethernet example. Session 'lion'.
lion {
passwd Ma&^TU; # Password
type ether; # Ethernet tunnel
device tap1; # Device tap1
up {
# Connection is Up
# Assign IP address and netmask.
ifconfig "%% 10.1.0.2 netmask 255.255.255.0";
};
down {
# Connection is Down
# Shutdown tap device
ifconfig "%% down";
};
}
# PPP example. Session 'viper'.
viper {
passwd TTT$bio; # Password
up {
# Connection is Up
# IP address will be assigned by the server
ppp "noipdefault";
};
}
# Pipe example. Session 'backup'.
backup {
passwd OnlyME; # Password
up {
# Connection is Up
# Start shell and untar files from
# stdin(pipe tunnel).
program /bin/sh "-c 'cd /tmp; tar xf -";
};
}
# TTY example. Session 'sz'.
# Silly example to show that VTun can tunnel ALMOST
# anything :-).
sz {
passwd OnlyME; # Password
up {
# Receive file via ZMODEM from the
# stdin(tty tunnel).
program /bin/sh "-c 'cd /tmp; rz'";
};
}
