## ****************************** ## * PeerVPN configuration file * ## ****************************** ## Option: networkname <name> ## Description: Specifies the virtual network name. PeerVPN will ## only accept peers that use the same network name. ## The default name is "PEERVPN". ## Example: networkname PEERVPN #networkname PEERVPN ## Option: psk <password> ## Description: Specifies the PSK for the network. It can be a ## password that is up to 512 characters long. ## It is recommended to use a minimum of 8 characters. ## If unspecified, the PSK will be set to "default". ## Example: psk mytopsecretpassword #psk mytopsecretpassword ## Option: initpeers <hostname> <port> [<hostname> <port>]* ## Description: Specifies a list of peers that PeerVPN should ## connect to initially. When the connection to the ## network is lost, PeerVPN will try to reconnect to ## these peers. ## Example: initpeers 10.8.6.4 1234 ## initpeers 2001:DB8:1337::1 5678 ## initpeers 10.8.6.4 1234 10.12.10.8 6420 ## initpeers example.com 7000 ## initpeers example.com 7000 example.net 7000 example.org 7000 #initpeers 2001:DB8:1337::1 5678 ## Option: enabletunneling <yes|no> ## Description: Enables ethernet tunneling using a TAP device. This ## should be disabled if this node is intended solely ## for assisting peer discovery and/or relaying. ## Defaults to "yes". ## Example: enabletunneling yes #enabletunneling yes ## Option: interface <name> ## Description: Specifies the name of the TAP device that should be ## used for ethernet tunneling. ## Example: interface peervpn0 ## interface tap42 #interface peervpn0 ## Option: ifconfig4 <address>/<prefixlen> ## Description: Defines the IPv4 address and the prefix length that ## should be assigned to the TAP device. ## Example: ifconfig4 10.1.2.3/24 ## ifconfig4 172.16.17.18/24 #ifconfig4 10.1.2.3/24 ## Option: ifconfig6 <address>/<prefixlen> ## Description: Defines the IPv6 address and the prefix length that ## should be assigned to the TAP device. ## Example: ifconfig6 2001:db8:1:2::3/64 ## ifconfig6 fc00:db8:1:2::3/64 #ifconfig6 2001:db8:1:2::3/64 ## Option: upcmd <command> ## Description: Defines a shell command that will be executed after ## the TAP device has been opened. ## Example: upcmd echo virtual interface is up #upcmd echo virtual interface is up ## Option: local <address> ## Description: Specifies which local address PeerVPN should use. ## If unspecified, PeerVPN will listen on all available ## addresses. ## Example: local 0.0.0.0 ## local 192.168.12.34 ## local :: #local 0.0.0.0 ## Option: port <portnumber> ## Description: Specifies which UDP port PeerVPN should use. ## If unspecified, the port number will be selected ## automatically. ## Example: port 7000 #port 7000 ## Option: sockmark <0|1..N> ## Description: If set to a value that is greater than zero, packets ## generated by the PeerVPN process will be marked ## internally with the specified value. This feature is ## currently only available in Linux, and can be used ## in combination with iproute2 for policy routing ## setups (e.g. "ip rule add fwmark <1..N> [...]"). ## Defaults to "0" (disabled). ## Example: sockmark 42 #sockmark 0 ## Option: enableipv4 <yes|no> ## Description: Enables IPv4 sockets. ## Defaults to "yes". ## Example: enableipv4 yes #enableipv4 yes ## Option: enableipv6 <yes|no> ## Description: Enables IPv6 sockets. ## Defaults to "yes". ## Example: enableipv6 yes #enableipv6 yes ## Option: enablendpcache <yes|no> ## Description: Enables caching of tunneled IPv6 NDP messages. This ## can improve performance by reducing the amount of ## NDP multicast messages that need to be sent. ## Defaults to "no". ## Example: enablendpcache yes #enablendpcache yes ## Option: enablerelay <yes|no> ## Description: Allows other nodes in the network to relay their ## traffic through this node if they cannot establish a ## direct connection to each other. ## Defaults to "no". ## Example: enablerelay yes #enablerelay no ## Option: engine <name> [<name>]* ## Description: Specifies one or more OpenSSL engines that should be ## loaded to provide hardware crypto acceleration. ## Example: engine padlock #engine padlock ## Option: enableprivdrop <yes|no> ## Description: If enabled, the PeerVPN process will automatically ## try to drop its privileges after finishing its ## initialization. If a certain configuration is ## desired, the options "user", "group" and "chroot" ## should be set too. ## Example: enableprivdrop yes #enableprivdrop yes ## Option: user <username> ## Description: Specifies the UNIX username that the PeerVPN process ## will switch to after initialization. This is useful ## if PeerVPN is started with root privileges (which is ## necessary for TAP device initialization). An ## username with minimal rights should be selected. ## Example: user nobody #user nobody ## Option: group <groupname> ## Description: Specifies the UNIX group that the PeerVPN process ## will switch to after initialization. ## Example: group nogroup #group nogroup ## Option: chroot <directory> ## Description: Specifies the directory that the PeerVPN process ## will chroot to after initialization. ## Note: Currently, DNS queries will not work anymore ## if this option is enabled. The "initpeers" option ## should only contain IP addresses in this case, not ## domain names. ## If unspecified, no chroot will be done. ## Example: chroot /var/empty #chroot /var/empty