vpzone.conf - vpzone configuration file.

Tomasz Bursztyka

02/04/2010

Version 0.1

Table of Contents

• Synopsis
• Description
• Core commands
• Plugin commands
  • Babeld
  • Gnutls
  • Manage
• Examples
• Reporting bugs
• Author
• See also
• Version

Synopsis

vpzone.conf

Description

vpzone.conf is the default configuration file for vpzone. Its default location is /etc/vpzone/vpzone.conf. vpzone accepts alternate locations for such configuration file which must follow the same format described here.

Core commands

This section describes the default commands which exists in vpzone. Keep in mind that plugins can bring many others.

authenticator authenticator type

Set the current authenticator to use. All next connect/server commands will use it, until another call of this command changes the current authenticator.

buffer-size size

Set internal buffers size, use a kilo bytes factor (e.g.: 16 will be 16 * 1024 = 16kb etc...). Default is 16.

connect connector:cypher:host [:port]

Try to connect to ip and port (port is optional) with connector/cypher types. Connection will use current authenticator set (see authenticator)

device [name]

Set TUN device, and optionnaly its name. (by default it will take the one given by the driver, something like tun<nb>).

dev-ip IPv6 IP

Set TUN device IP address (link local or global).

dns-limit limit

Set concurrent DNS request limit, should be between 1-16 (default is 16).

dns-priority ipv4/ipv6

Set DNS request network family priority (default is ipv4).

group group name

Set the group's rights vpzone will run with.

help [command name]

Displays command help, or command list if no argument is given.

limit number

Limit the number of possible mnodes (i.e. connections). Internally it sets the size of addresses hash table so it consumes memory at initialization.

load plugin name

Load a plugin identified by its name.

log-file filename

Set the log file location.

log-level log level

Set logger verbosity (0-3 or even 4 for debug output which provide a huge load of output. Debug mode is enabled at compilation time).

persist 0|1

Set TUN device persistence, 0 and 1 mean respectively yes and no.

plugin-dir path

Set an alternate path where vpzone should look for plugins. (rarely used but by developpers)

server connector:cypher:host [:port]

Set a server for connector/cypher at ip and port (default one if not given). Server will use current authenticator set (see authenticator)

timeout seconds

Set the timeout in all connections i/o, should be between 10-600 (default is 30 seconds).

user username

Set the user's rights vpzone will run with.

Plugin commands

This section describes some of common plugin's commands. Please note that not all plugin might be documented here as well as the fact such command's documentation might not be up to date.

Babeld

This sub-section deals with babeld plugin. This plugin aims to provide the mesh feature to vpzone through babeld routing daemon. babeld is an implementation of Babel routing protocol. See babeld(8) for more informations.

babeld-command command line

Set the command line, path and arguments, to start babeld daemon.

babeld-hashsize size

Set the internal babeld plugin hash map size. This value depends wether vpzone will be on a large VPN or not. Default value it 20 which should be sufficient for a small VPN. Consider setting the size on the average of nodes in the VPN (e.g.: 100 for  100 nodes).

Gnutls

This sub-section deals with gnutls plugin. This plugin aims to provide TLS support in vpzone through the GnuTLS library. Note that files should be in PEM format.

cafile CA_filepath

Set the CA cert file to use.

dhfile DH_filepath

Set the DH parameter file to use.

crlfile CRL_filepath

Set the CRL file to use. (optional)

certnkey-files cert_filepath key_filepath

Set the current vpzone instance certificate and key.

Manage

This sub-section deals with manage plugin. This plugin brings a dummy telnet-accessible management interface for vpzone.

manage password [port number]

Start the management interface and set the mandatory password, and port if given (default port is: 11111).

Examples

# a comment starts with a '#'
# Vpzone configuration example
 
log-level 3 # 0-3, 4 is for debug mode (set at compilation time)
 
device vpz0
 
load tcp # mandatory
 
load gnutls
 
load babeld
load simple_vp
load manage
 
dev-ip fe80::8c7:3280:8ae3:6882/64 # mandatory link-local ip address
dev-ip 2001:218:420::45/64 # mandatory VPN ip address
 
group users
user foo
 
server tcp:ssl:0.0.0.0 # vpzone will be a server as well so other vpzone can connect with.
# you can start as many servers as you want to serve this VPN
 
manage mysecret 2121
 
###
# Babeld plugin configuration
###
 
babeld-command "/usr/bin/babeld -s vpz0" # We specifically start babeld on our device
 
###
# Vpzone SSL plugin configuration
###
 
cafile /path/ca.crt
 
crlfile /path/crl.pem
 
dhfile /path/dh.pem
 
certnkey-files /path/cert.crt /path/keyfile
 

Reporting bugs

Please contact the author (see below) or go to http://www.vpzone.org/

Author

Tomasz Bursztyka (t.bursztyka@lyua.org)

See also

vpzone(8), babeld(8)

Version

Version: 0.1 of 02/04/2010.