Provided by: vtun_3.0.4-2build1_amd64 bug

NAME

       vtund.conf - VTun(Virtual Tunnel) daemon configuration file.

DESCRIPTION

       Configuration file for vtund(8) virtual tunnel daemon.

       File consists of sections in the form:

              name {
                keyword value;
                keyword value;
                ..
              }

       Semicolon  at  the  end  of each keyword-value pair is required, as well as grouping curly
       braces {}.  Lines which begin with '#' characters are comments.

       Name of section (name) can be one of:

       options
              this section specifies general options for vtund

       default
              specifies default options for all sessions

       session
              (any other  word  except  "options"  and  "default")  introduces  new  session  and
              specifies options for it.

       All keyword names can be abbreviated to a minimum of 4 characters.

GENERAL OPTIONS

       This  section,  named  options,  specifies  general  options to use by vtund(8).  Possible
       keywords are:

       type stand|inetd
              server type. vtund(8) can operate in standalone mode (stand), that is  the  default
              (but not available on no-MMU systems), or be invoked from inetd(8).

       ipv4   use  IPv4  as  transport medium. This is the default. Inside the tunnel other types
              are of course usable.

       ipv6   use IPv6 as transport medium.

       port portnumber
              server port number to listen on or connect to.   By  default,  vtund(8)  uses  port
              5000.

       bindaddr list
              server listen address. Used to force vtund to bind to the specific address and port
              in server mode.  Format:
                bindaddr {
                 option value;
                };

              bindaddr options:

              iface if_name
                     use interface address if_name as the bind address.

              addr addr
                     bind address.  Can be either IP address or host name.

       timeout seconds
              General timeout.

       persist yes|keep|no
              persist mode.  If yes, the client  will  try  to  reconnect  to  the  server  after
              connection  termination.   If keep, the client will not remove and re-add the tunXX
              or tapXX device when reconnecting.  If no, the client will  exit  (default).   This
              option is ignored by the server.

       syslog number|name
              syslog facility specification, either numeric or name (from syslog (3)).

       ppp path
              path to pppd(8) program.  Can be used in session sections.

       ifconfig path
              path to ifconfig(8) program.  Can be used in session sections.

       route path
              path to route(8) program.  Can be used in session sections.

       ip path
              path to iproute(8) program.  Can be used in session sections.

       firewall path
              program for the firewall setup.

       All  the  ppp,  ifconfig,  route  and  firewall  parameters  can  specify  a  filename for
       corresponding program or equivalent (or  shell  script).   This  parameters  are  used  in
       session sections to setup network interfaces.

SESSION OPTIONS

       Session  options  can  be  specified  inside  session  section  or inside default section.
       Default parameters apply to any session section but can be overwritten there.   Parameters
       are:

       passwd secret
              password for authentication.  This should be the same in client and server.

       type type
              type of tunnel.  Possible tunnel types are:

              tun    IP tunnel (no PPP, Ether etc headers)

              ether  Ethernet tunnel

              tty    serial tunnel (PPP, SLIP etc)

              pipe   pipe tunnel

              Default tunnel type is tty.  This option is ignored by client.

       device dev
              network  device  to  use.   You  can choose tapXX for ether tunnel or tunXX for tun
              tunnel.  By default vtund(8) will automatically select available device.

       proto tcp|udp
              protocol to use.  By default, vtund(8) will use TCP protocol.  UDP  is  recommended
              for ether and tun tunnels only.  This option is ignored by the client.

       nat_hack client|server|no
              side  to use nat_hack on.  By default, vtund(8) uses a 'no' setting.  The side that
              the NAT hack is enabled on will perform a delayed UDP socket connect.  Should  only
              be enabled for the side outside of the NAT (typically the server)! Setting 'client'
              on the server  or  'server'  on  the  client  is  ignored,  as  to  make  a  single
              configuration file reusable on both sides.

              This  is  only  relevant  if  you use proto udp. The NAT hack delays the UDP socket
              connect until the first UDP packet is received from the other side of  the  tunnel.
              The  socket  is  then connected to the actual source port of the packet (on the NAT
              box) and not to the one indicated  in  the  handshake  (which  is  behind  NAT  and
              probably  unreachable).   The  first echo request is also disabled on the side with
              the NAT hack enabled.

              Currently the mechanism works only for one side, for a single  NAT  traversal.   If
              you enable it for both sides, both will wait for a first packet and the tunnel will
              never transport any data.

              Security warning! Due to the nature of the delayed connection, the  tunnel  can  be
              hijacked in theory by an attacker behind the same NAT, sending the first UDP packet
              to the server UDP port, before the real client does. If you do not  understand  the
              risks,  or want to remain as secure as possible behind this kind of NAT router, use
              proto tcp as a NAT traversal solution.

              Because of the security issue mentioned above, this option might be disabled during
              compilation (configure --disable-nathack).

       timeout secounds
              Connect timeout.

       compress method[:level]
              specifies compression method to use.  Compression methods include:

              no     no compression

              yes    default compression method

              zlib   ZLIB compression

              lzo    LZO compression (if compiled in)

              You  can  also  specify level of compression using one digit (1 is best speed, 9 is
              best compression ratio).  This option is ignored by the client.

       encrypt method[:level]
              specifies encryption method to use.  Encryption methods include:

              no     no encryption

              yes    default encryption method (blowfish128ecb)

              blowfish128ecb
                     Blowfish cipher, 128 bit key, mode ECB

              blowfish128cbc
                     Blowfish cipher, 128 bit key, mode CBC

              blowfish128cfb
                     Blowfish cipher, 128 bit key, mode CFB

              blowfish128ofb
                     Blowfish cipher, 128 bit key, mode OFB

              blowfish256ecb
                     Blowfish cipher, 256 bit key, mode ECB

              blowfish256cbc
                     Blowfish cipher, 256 bit key, mode CBC

              blowfish256cfb
                     Blowfish cipher, 256 bit key, mode CFB

              blowfish256ofb
                     Blowfish cipher, 256 bit key, mode OFB

              aes128ecb

              oldblowfish128ecb
                     Blowfish cipher, 128bit key, mode ECB
                      (for use with 2.6 clients only) AES cipher, 128 bit key, mode ECB

              aes128cbc
                     AES cipher, 128 bit key, mode CBC

              aes128cfb
                     AES cipher, 128 bit key, mode CFB

              aes128ofb
                     AES cipher, 128 bit key, mode OFB

              aes256ecb
                     AES cipher, 256 bit key, mode ECB

              aes256cbc
                     AES cipher, 256 bit key, mode CBC

              aes256cfb
                     AES cipher, 256 bit key, mode CFB

              aes256ofb
                     AES cipher, 256 bit key, mode OFB

              This option is ignored by the client.

       keepalive yes|no|interval:count
              enable or  disable  connection  keep-alive.  Time  interval  is  a  period  between
              connection  checks,  in  seconds, and count is the maximum number of retries (yes =
              30:4).  This option is ignored by the server.

       stat yes|no
              enable or disable statistics.  If enabled vtund(8) will log statistic  counters  to
              /var/log/vtund/session_X every 5 minutes.

       speed kbps
              specifies  speed  of  the connection in kilobits/second.  Valid values for kbps are
              8,16,32,64,128,256,etc.  0 (the  default)  means  maximum  possible  speed  without
              shaping.   You can specify speed in form in:out, where in is speed to client, out -
              from the client.  Single number means the same speed for in and out.   This  option
              ignored by the client.

       srcaddr list
              local  (source)  address.  Used  to force vtund to bind to the specific address and
              port.  Format:
                srcaddr {
                 option value;
                 option value;
                 ..
                };

              srcaddr options:

              iface if_name
                     use interface address if_name as the source address.

              addr addr
                     source address.  Can be either IP address or host name.

              port portnumber
                     source port.

       multi value
              control multiple connections.   value  can  be  yes  or  allow  to  allow  multiple
              connections,  no  or  deny to deny them or killold to allow new connection and kill
              old one.  Ignored by the client.

       up list
              list of programs to run after connection has been established.  Used to  initialize
              protocols,  devices,  routing  and  firewall.  This option looks like whole section
              inside of session section.  For now, it's impossible to run up commands  on  no-MMU
              systems, so the section is ignored there.  Format:
               up {
                 option value;
                 option value;
                 ..
               };

              Options inside up (and down) blocks:

              program path arguments [wait]
                     run  specified  program.  path is the full path to the program, arguments is
                     all arguments to pass to it (enclosed in double quotes).  If wait specified,
                     vtund  will  wait  program termination.  Special characters that can be used
                     inside arguments parameter:

                     ยด (single quotes) - group arguments
                     \ (back slash) - escape character
                     %d - TUN or TAP device or TTY port name
                     %% (double percent) - same as %d
                     %A - Local IP address
                     %P - Local TCP or UDP port
                     %a - Remote IP address
                     %p - Remote TCP or UDP port
                     %h - Host profile name

              ppp arguments
                     run program specified by ppp statement  in  options  section.   All  special
                     character described above are valid in arguments here.

              ifconfig arguments
                     run program specified by ifconfig statement in options section.

              route arguments
                     run program specified by route statement in options section.

              ip arguments
                     run program specified by ip statement in options section.

              firewall arguments
                     run program specified by firewall statement in options section.

       down list
              list  of programs to run after connection has been terminated.  It is similar to up
              parameter above.  Not available on no-MMU systems too.  Format:
               down {
                 option value;
                 option value;
                 ..
               };

NOTES

       Options ignored by the client are supplied by the server at the run time or are used  only
       on the server side.

SEE ALSO

       vtund(8), inetd(8), ifconfig(8), route(8), pppd(8), syslog(3), zlib(3).

AUTHOR

       Vtund  written by Maxim Krasnyansky <max_mk@yahoo.com>.  This manual page was derived from
       comments in config file by Michael Tokarev <mjt@tls.msk.ru>

                                                                                    VTUND.CONF(5)