bionic (5) vtund.conf.5.gz

Provided by: vtun_3.0.3-4build1_amd64 bug

NAME

       vtund.conf - VTun(Virtual Tunnel) daemon configuration file.

DESCRIPTION

       Configuration file for vtund(8) virtual tunnel daemon.

       File consists of sections in the form:

              name {
                keyword value;
                keyword value;
                ..
              }

       Semicolon  at the end of each keyword-value pair is required, as well as grouping curly braces {}.  Lines
       which begin with '#' characters are comments.

       Name of section (name) can be one of:

       options
              this section specifies general options for vtund

       default
              specifies default options for all sessions

       session
              (any other word except "options" and "default") introduces new session and specifies  options  for
              it.

       All keyword names can be abbreviated to a minimum of 4 characters.

GENERAL OPTIONS

       This section, named options, specifies general options to use by vtund(8).  Possible keywords are:

       type stand|inetd
              server  type.  vtund(8) can operate in standalone mode (stand), that is the default, or be invoked
              from inetd(8).

       ipv4   use IPv4 as transport medium. This is the default. Inside the tunnel other  types  are  of  course
              usable.

       ipv6   use IPv6 as transport medium.

       port portnumber
              server port number to listen on or connect to.  By default, vtund(8) uses port 5000.

       bindaddr list
              server  listen  address.  Used  to  force vtund to bind to the specific address and port in server
              mode.  Format:
                bindaddr {
                 option value;
                };

              bindaddr options:

              iface if_name
                     use interface address if_name as the bind address.

              addr addr
                     bind address.  Can be either IP address or host name.

       timeout seconds
              General timeout.

       persist yes|keep|no
              persist mode.  If  yes,  the  client  will  try  to  reconnect  to  the  server  after  connection
              termination.   If  keep,  the  client  will  not  remove and re-add the tunXX or tapXX device when
              reconnecting.  If no, the client will exit (default).  This option is ignored by the server.

       syslog number|name
              syslog facility specification, either numeric or name (from syslog (3)).

       ppp path
              path to pppd(8) program.  Can be used in session sections.

       ifconfig path
              path to ifconfig(8) program.  Can be used in session sections.

       route path
              path to route(8) program.  Can be used in session sections.

       ip path
              path to iproute(8) program.  Can be used in session sections.

       firewall path
              program for the firewall setup.

       All the ppp, ifconfig, route and firewall parameters can specify a filename for corresponding program  or
       equivalent (or shell script).  This parameters are used in session sections to setup network interfaces.

SESSION OPTIONS

       Session  options  can  be specified inside session section or inside default section.  Default parameters
       apply to any session section but can be overwritten there.  Parameters are:

       passwd secret
              password for authentication.  This should be the same in client and server.

       type type
              type of tunnel.  Possible tunnel types are:

              tun    IP tunnel (no PPP, Ether etc headers)

              ether  Ethernet tunnel

              tty    serial tunnel (PPP, SLIP etc)

              pipe   pipe tunnel

              Default tunnel type is tty.  This option is ignored by client.

       device dev
              network device to use.  You can choose tapXX for ether tunnel or tunXX for tun tunnel.  By default
              vtund(8) will automatically select available device.

       proto tcp|udp
              protocol  to  use.   By default, vtund(8) will use TCP protocol.  UDP is recommended for ether and
              tun tunnels only.  This option is ignored by the client.

       nat_hack client|server|no
              side to use nat_hack on.  By default, vtund(8) uses a 'no' setting.  The side that the NAT hack is
              enabled  on will perform a delayed UDP socket connect. Should only be enabled for the side outside
              of the NAT (typically the server)! Setting 'client' on the server or 'server'  on  the  client  is
              ignored, as to make a single configuration file reusable on both sides.

              This  is  only relevant if you use proto udp. The NAT hack delays the UDP socket connect until the
              first UDP packet is received from the other side of the tunnel. The socket is  then  connected  to
              the  actual  source  port  of  the  packet  (on  the  NAT box) and not to the one indicated in the
              handshake (which is behind NAT and probably unreachable).  The first echo request is also disabled
              on the side with the NAT hack enabled.

              Currently the mechanism works only for one side, for a single NAT traversal.  If you enable it for
              both sides, both will wait for a first packet and the tunnel will never transport any data.

              Security warning! Due to the nature of the delayed connection,  the  tunnel  can  be  hijacked  in
              theory  by  an  attacker behind the same NAT, sending the first UDP packet to the server UDP port,
              before the real client does. If you do not understand the risks, or want to remain  as  secure  as
              possible behind this kind of NAT router, use proto tcp as a NAT traversal solution.

              Because  of  the  security issue mentioned above, this option might be disabled during compilation
              (configure --disable-nathack).

       timeout secounds
              Connect timeout.

       compress method[:level]
              specifies compression method to use.  Compression methods include:

              no     no compression

              yes    default compression method

              zlib   ZLIB compression

              lzo    LZO compression (if compiled in)

              You can also specify level of compression using one digit (1 is best speed, 9 is best  compression
              ratio).  This option is ignored by the client.

       encrypt method[:level]
              specifies encryption method to use.  Encryption methods include:

              no     no encryption

              yes    default encryption method (blowfish128ecb)

              blowfish128ecb
                     Blowfish cipher, 128 bit key, mode ECB

              blowfish128cbc
                     Blowfish cipher, 128 bit key, mode CBC

              blowfish128cfb
                     Blowfish cipher, 128 bit key, mode CFB

              blowfish128ofb
                     Blowfish cipher, 128 bit key, mode OFB

              blowfish256ecb
                     Blowfish cipher, 256 bit key, mode ECB

              blowfish256cbc
                     Blowfish cipher, 256 bit key, mode CBC

              blowfish256cfb
                     Blowfish cipher, 256 bit key, mode CFB

              blowfish256ofb
                     Blowfish cipher, 256 bit key, mode OFB

              aes128ecb

              oldblowfish128ecb
                     Blowfish cipher, 128bit key, mode ECB
                      (for use with 2.6 clients only) AES cipher, 128 bit key, mode ECB

              aes128cbc
                     AES cipher, 128 bit key, mode CBC

              aes128cfb
                     AES cipher, 128 bit key, mode CFB

              aes128ofb
                     AES cipher, 128 bit key, mode OFB

              aes256ecb
                     AES cipher, 256 bit key, mode ECB

              aes256cbc
                     AES cipher, 256 bit key, mode CBC

              aes256cfb
                     AES cipher, 256 bit key, mode CFB

              aes256ofb
                     AES cipher, 256 bit key, mode OFB

              This option is ignored by the client.

       keepalive yes|no|interval:count
              enable  or  disable connection keep-alive. Time interval is a period between connection checks, in
              seconds, and count is the maximum number of retries (yes = 30:4).  This option is ignored  by  the
              server.

       stat yes|no
              enable   or   disable   statistics.    If   enabled   vtund(8)  will  log  statistic  counters  to
              /var/log/vtund/session_X every 5 minutes.

       speed kbps
              specifies  speed  of  the  connection   in   kilobits/second.    Valid   values   for   kbps   are
              8,16,32,64,128,256,etc.   0  (the  default) means maximum possible speed without shaping.  You can
              specify speed in form in:out, where in is speed to client, out - from the client.   Single  number
              means the same speed for in and out.  This option ignored by the client.

       srcaddr list
              local (source) address. Used to force vtund to bind to the specific address and port.  Format:
                srcaddr {
                 option value;
                 option value;
                 ..
                };

              srcaddr options:

              iface if_name
                     use interface address if_name as the source address.

              addr addr
                     source address.  Can be either IP address or host name.

              port portnumber
                     source port.

       multi value
              control multiple connections.  value can be yes or allow to allow multiple connections, no or deny
              to deny them or killold to allow new connection and kill old one.  Ignored by the client.

       up list
              list of programs to run after connection has been  established.   Used  to  initialize  protocols,
              devices,  routing  and  firewall.  This option looks like whole section inside of session section.
              Format:
               up {
                 option value;
                 option value;
                 ..
               };

              Options inside up (and down) blocks:

              program path arguments [wait]
                     run specified program.  path is the full path to the program, arguments is all arguments to
                     pass  to  it  (enclosed  in  double  quotes).   If  wait specified, vtund will wait program
                     termination.  Special characters that can be used inside arguments parameter:

                     ´ (single quotes) - group arguments
                     \ (back slash) - escape character
                     %d - TUN or TAP device or TTY port name
                     %% (double percent) - same as %d
                     %A - Local IP address
                     %P - Local TCP or UDP port
                     %a - Remote IP address
                     %p - Remote TCP or UDP port

              ppp arguments
                     run program specified by ppp statement in options section.  All special character described
                     above are valid in arguments here.

              ifconfig arguments
                     run program specified by ifconfig statement in options section.

              route arguments
                     run program specified by route statement in options section.

              ip arguments
                     run program specified by ip statement in options section.

              firewall arguments
                     run program specified by firewall statement in options section.

       down list
              list  of  programs  to  run  after  connection has been terminated.  It is similar to up parameter
              above.  Format:
               down {
                 option value;
                 option value;
                 ..
               };

NOTES

       Options ignored by the client are supplied by the server at the run time or are used only on  the  server
       side.

SEE ALSO

       vtund(8), inetd(8), ifconfig(8), route(8), pppd(8), syslog(3), zlib(3).

AUTHOR

       Vtund  written  by  Maxim  Krasnyansky <max_mk@yahoo.com>.  This manual page was derived from comments in
       config file by Michael Tokarev <mjt@tls.msk.ru>

                                                                                                   VTUND.CONF(5)