vtun/vtund.conf

#
# VTun - Virtual Tunnel over TCP/IP network.
# Copyright (C) 1998-2008  Maxim Krasnyansky <max_mk@yahoo.com>
#
# Cleanup of English and spelling by 
#   Ted Rolle <ted@acacia.datacomm.com>
#
# Configuration file example
# $Id: vtund.conf,v 1.4.2.6 2013/07/07 20:36:48 mtbishop Exp $
#
# 
# Lines which begin with '#' are comments
#
# File format:
#
# XXXXX {
#   option param; option param;
#   option param;
#   ......
# }  
# Where XXXXX:
#   options - General options.
#   default - default session options.
#   session - Session options.     
# 
# Options _must_ be grouped by curly braces '{' '}'.
# Each option _must_ end with ';' 
#
# -----------
# General options: 
#
#   type - Server type.
#	'stand' - Stand alone server (default).
#       'inetd' - Started by inetd.
#       Used only by the server.
#
# -----------
#   port - Server TCP port number.
#
# -----------
#   bindaddr - Server listen address. Used to force vtund to bind
# 	to the specific address and port in server mode.
#    Format:	  
#       bindaddr {
#         option .....;
#       };
#
#    'bindaddr' options:
#
#    iface - Use interface address as the listen address.
#    Format:
#       iface if_name;
#
#    addr - Listen address.
#    Format:
#       addr ip_address;
#       addr host_name;
#
# -----------
#   syslog - Syslog facility.
#
# -----------
#   timeout - General VTun timeout. 
#
# -----------
#   ppp  - Program for the ppp initialization.
#
# -----------
#   ifconfig - Program for the net interface initialization.
#
# -----------
#   route  - Program for the routing table manipulation. 
#
# -----------
#   firewall - Program for the firewall setup. 
#
# -----------
#  
# Session options: 
#
#    passwd - Password for authentication.
#
# -----------
#    type - Tunnel type.
#       'tun'   - IP tunnel (No PPP,Ether,.. headers).
#       'ether' - Ethernet tunnel.
#       'tty'   - Serial tunnel, PPP, SLIP, etc.
#       'pipe'  - Pipe tunnel.
#       Default type is 'tty'.
#       Ignored by the client.
#
# -----------
#    device - Network device.
#       'tapXX' - for 'ether'
#       'tunXX' - for 'tun'
#	By default VTun will automatically select available
#	device.
#
# -----------
#    proto - Protocol.
#       'tcp' - TCP protocol.
#       'udp' - UDP protocol.
#  
#       'tcp' is default for all tunnel types.
#	'udp' is recommended for 'ether' and 'tun' only. 
#	
#       This option is ignored by the client.
#
# -----------
#    nat_hack - Delay UDP set-up connection until Server or Client sends
#       a UDP packet, depending on setting.  Useful to work around
#       routers which use mismatched port numbers for UDP traffic.
#
#       'client' - Delay UDP set-up on the client side
#       'server' - Delay UDP set-up on the server side.
#	    'no' - Disable the NAT hack on both sides (default).
#
# 	Setting 'nat_hack client' on the server or 'nat_hack server'
# 	on the client is ignored.  Please see the vtund.conf man page 
#	for more details and security information.
#
# -----------
#    persist - Persist mode. 
#       'yes' - Reconnect to the server after connection 
#	      termination. 
#	'no' - Exit after connection termination (default).
#       Used only by the client.
#
# -----------
#    keepalive - Enable 'yes' or disable 'no' connection
#	keep-alive. Ignored by the client.
#
#	May be in the form 'interval:count', where 'interval' is the
#	period of connection checks and 'count' is the maximum number
#	of retries. 'yes' is equivalent to '30:4'.
#
# -----------
#    timeout - Connect timeout. 
#
# -----------
#    compress - Enable 'yes' or disable 'no' compression. 
#	It is also possible to specify a method:
#	   'zlib' - ZLIB compression
#	   'lzo'  - LZO compression
#	and level: 
#	   from 1(best speed) to 9(best compression)
#	separated by ':'. Default method is 'zlib:1'.  
#       Ignored by the client. 
#
# -----------
#    encrypt - Enable 'yes' or disable 'no' encryption.
#	It is also possible to specify a method:
#	   'blowfish128ecb'    - Blowfish cipher, 128 bit key, mode ECB
#	   'blowfish128cbc'    - Blowfish cipher, 128 bit key, mode CBC
#	   'blowfish128cfb'    - Blowfish cipher, 128 bit key, mode CFB
#	   'blowfish128ofb'    - Blowfish cipher, 128 bit key, mode OFB
#	   'blowfish256ecb'    - Blowfish cipher, 256 bit key, mode ECB
#	   'blowfish256cbc'    - Blowfish cipher, 256 bit key, mode CBC
#	   'blowfish256cfb'    - Blowfish cipher, 256 bit key, mode CFB
#	   'blowfish256ofb'    - Blowfish cipher, 256 bit key, mode OFB
#	   'aes128ecb'         - AES cipher, 128 bit key, mode ECB
#	   'aes128cbc'         - AES cipher, 128 bit key, mode CBC
#	   'aes128cfb'         - AES cipher, 128 bit key, mode CFB
#	   'aes128ofb'         - AES cipher, 128 bit key, mode OFB
#	   'aes256ecb'         - AES cipher, 256 bit key, mode ECB
#	   'aes256cbc'         - AES cipher, 256 bit key, mode CBC
#	   'aes256cfb'         - AES cipher, 256 bit key, mode CFB
#	   'aes256ofb'         - AES cipher, 256 bit key, mode OFB
#
#       A special encryption method is provided for use with clients
#       running pre-3.0 versions:
#          'oldblowfish128ecb' - Blowfish cipher, 128bit key, mode ECB
#
#	Default method is 'blowfish128ecb'.
#       Ignored by the client.
#
# -----------
#    stat - Enable 'yes' or disable 'no' statistics.
#       If enabled vtund will log statistic counters every
#	5 minutes.
#
# -----------
#    speed -  Speed of the connection in kilobits/second.
#       8,16,32,64,128,256,etc.
#       0 means maximum possible speed without shaping.
#       You can specify speed in form IN:OUT.
#       IN - to the client, OUT - from the client.
#       Single number means same speed for IN and OUT.
#       Ignored by the client.
#
# -----------
#    up - List of programs to run after connection has been 
#	established. Used to initialize protocols, devices, 
#	routing and firewall.
#    Format:	  
#       up {
#         option .....;
#         option .....;
#       };
#
#    down - List of programs to run after connection has been 
#	terminated. Used to reset protocols, devices, routing 
#	and firewall.
#    Format:	  
#       down {
#         option .....;
#         option .....;
#       };
#
#    'up' and 'down' options:
#
#    program - Run specified program.
#    Format:
#       program path arguments wait;
#
#       path - Full path to the program. 
#	   '/bin/sh' will be used if path was omitted.
#
#       arguments - Arguments to pass to the program. 
#	   Must be enclosed in double quotes. 
#	   Special characters and expansions: 
#	      ' (single quotes) -  group arguments
#	      \ (back slash) - escape character 
#	      %%(double percent) - same as %d
#	      %d - TUN or TAP device or TTY port name 
#	      %A - Local IP address
#	      %P - Local TCP or UDP port  
#	      %a - Remote IP address
#	      %p - Remote TCP or UDP port
#	      %h - Host Profile Name in config
#
#       wait - Wait for the program termination. 
#
#    ppp - Run program specified by 'ppp' statement in 
#	   'options' section.
#    Format:
#       ppp arguments;
#
#    ifconfig - Run program specified by 'ifconfig' statement in 
#	   'options' section.
#    Format:
#       ifconfig arguments;
#
#    route - Run program specified by 'route' statement in 
#	   'options' section.
#    Format:
#       route arguments;
#
#    firewall - Run program specified by 'firewall' statement in 
#	   'options' section.
#    Format:
#       firewall arguments;
#
# -----------
#    srcaddr - Local (source) address. Used to force vtund to bind
# 	to the specific address and port in client mode.
#    Format:	  
#       srcaddr {
#         option .....;
#         option .....;
#       };
#
#    'srcaddr' options:
#
#    iface - Use interface address as the Source address.
#    Format:
#       iface if_name;
#
#    addr - Source address.
#    Format:
#       addr ip_address;
#       addr host_name;
#
#    port - Source port.
#    Format:
#       port port_no;
#
# -----------
#    multi - Multiple connections.
#	'yes' or 'allow' - allow multiple connections.
#	'no' or 'deny' - deny multiple connections.
#	'killold' - allow new connection and kill old one.
#       Ignored by the client.
#
# -----------
# Notes:
#   Options 'Ignored by the client' are provided by server 
#   at the connection initialization. 
#
#   Option names cannot be abbreviated.
#
# ----- CUT HERE  --- Server config --- CUT HERE -----
#
options {
  port 5000;		# Listen on this port.
  bindaddr { iface lo; };   # Listen only on loopback device.

  # Syslog facility
  syslog 	daemon;

  # Path to various programs
  ppp 		/usr/sbin/pppd;            
  ifconfig 	/sbin/ifconfig;
  route 	/sbin/route;
  firewall 	/sbin/ipchains;
  ip		/sbin/ip;
}

# Default session options 
default {
  compress no;  	# Compression is off by default
  speed 0;		# By default maximum speed, NO shaping
}

# TUN example. Session 'cobra'.
cobra {
  passwd  Ma&^TU;	# Password
  type  tun;		# IP tunnel 
  proto udp;   		# UDP protocol
  compress  lzo:9;	# LZO compression level 9
  encrypt  yes;		# Encryption
  keepalive yes;	# Keep connection alive

  up {
	# Connection is Up 

	# 10.3.0.1 - local, 10.3.0.2 - remote 
	ifconfig "%% 10.3.0.1 pointopoint 10.3.0.2 mtu 1450";
  };
}

# the same as above, but with iproute2 command
cobra {
  passwd  Ma&^TU;	# Password
  type  tun;		# IP tunnel 
  proto udp;   		# UDP protocol
  compress  lzo:9;	# LZO compression level 9
  encrypt  yes;		# Encryption
  keepalive yes;	# Keep connection alive

  up {
	# Connection is Up 

	# 10.3.0.1 - local, 10.3.0.2 - remote 
	ip "link set %% up multicast off mtu 1450";
	ip "-family inet addr add 10.3.0.1 peer 10.3.0.2 dev %%";
  };
}


# Ethernet example. Session 'lion'.
lion {
  passwd  Ma&^TU;	# Password
  type  ether; 		# Ethernet tunnel
  device tap0; 		# Device tap0 
  proto udp;   		# UDP protocol
  compress  lzo:1;	# LZO compression level 1 
  encrypt  yes;		# Encryption
  stat  yes;   		# Log connection statistic 
  keepalive yes;	# Keep connection alive

  up {	
	# Connection is Up 

	# Assign IP address 
	ifconfig "%% 10.1.0.1 netmask 255.255.255.0";
		
	# Add route to net 10.2.0.0/24  
	route "add -net 10.2.0.0 netmask 255.255.255.0 gw 10.1.0.2";

	# Enable masquerading for net 10.2.0.0.0/24 
	firewall "-A forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
  };

  down {
	# Connection is Down

	# Shutdown tap device. 
	ifconfig "%% down"; 

	# Disable masquerading for net 10.2.0.0.0/24 
	firewall "-D forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
  };
}

# PPP example. Session 'viper'.
viper {	
  passwd  TTT$bio;	# Password
  compress  yes; 	# ZLIB compression level 1 
  encrypt  yes;		# Encryption
  up {
	# Connection is Up (established)

        # Assign IP addresses 10.0.0.1 - local, 10.0.0.2 - remote
	ppp "10.0.0.1:10.0.0.2 proxyarp";
  };
}

# Pipe example. Session 'backup'.
backup {
  passwd OnlyME;	# Password
  type pipe;		# Pipe tunnel
  speed 256:128;	# Shaping speed 256K IN and 128K OUT.
  encrypt yes;		# Encryption
  up {
	# Connection is Up 

	# Start shell and tar '/etc' directory to 
	# the stdout (pipe tunnel). 
	program /bin/sh "-c 'tar cf - /etc/*'";
  };
}

# TTY example. Session 'sz'.
# Silly example to show that VTun can tunnel ALMOST
# anything :-). 
sz {
  passwd  OnlyME;	# Password
  type  tty;		# TTY tunnel
  speed 64;		# Shaping speed 64K IN/OUT
  encrypt  yes;		# Encryption
  up {
	# Connection is Up 

        # Send '/etc/profile' via ZMODEM to the
	# stdout(tty tunnel).
	program /bin/sh "-c 'sz /etc/termcap'";
  };
}
#
# ----- CUT HERE  -------- End -------- CUT HERE -----
#

#
# ----- CUT HERE  --- Client config --- CUT HERE -----
#
options {
  port 5000;		# Connect to this port.
  timeout 60;		# General timeout

  # Path to various programs
  ppp		/usr/sbin/pppd;            
  ifconfig	/sbin/ifconfig;
  route		/sbin/route;
  firewall	/sbin/ipchains;
  ip		/sbin/ip;
}

# TUN example. Session 'cobra'. 
cobra {
  passwd  Ma&^TU;	# Password
  device tun1; 		# Device tun1 
  persist yes;		# Persist mode 
  up {
	# Connection is Up 

	# Assign IP addresses. 
	ifconfig "%% 10.3.0.2 pointopoint 10.3.0.1 mtu 1450";
  };
}
# same as above, but with iproute2 command
cobra {
  passwd  Ma&^TU;	# Password
  device tun1; 		# Device tun1 
  persist yes;		# Persist mode 
  up {
	# Connection is Up 

	# Assign IP addresses. 
	ip "link set %% up multicast off mtu 1450";
	ip "-family inet addr add 10.3.0.2 peer 10.3.0.1 dev %%";
  };
}

# Ethernet example. Session 'lion'. 
lion {
  passwd  Ma&^TU;	# Password
  type  ether;		# Ethernet tunnel
  device tap1; 		# Device tap1 
  up {
	# Connection is Up 

	# Assign IP address and netmask. 
	ifconfig "%% 10.1.0.2 netmask 255.255.255.0";
  };
  down {
	# Connection is Down 

	# Shutdown tap device
	ifconfig "%% down";
  };
}

# PPP example. Session 'viper'. 
viper {
  passwd  TTT$bio; 	# Password
  up {
	# Connection is Up 

	# IP address will be assigned by the server 
	ppp "noipdefault";
  };
}

# Pipe example. Session 'backup'.
backup {
  passwd OnlyME;	# Password
  up {
	# Connection is Up 

	# Start shell and untar files from
	# stdin(pipe tunnel). 
	program /bin/sh "-c 'cd /tmp; tar xf -";
  };
}

# TTY example. Session 'sz'.
# Silly example to show that VTun can tunnel ALMOST
# anything :-).
sz {
  passwd  OnlyME;	# Password
  up {
	# Receive file via ZMODEM from the
	# stdin(tty tunnel).
	program  /bin/sh "-c 'cd /tmp; rz'";
  };
}