508 lines
12 KiB
Plaintext
508 lines
12 KiB
Plaintext
#
|
|
# VTun - Virtual Tunnel over TCP/IP network.
|
|
# Copyright (C) 1998-2008 Maxim Krasnyansky <max_mk@yahoo.com>
|
|
#
|
|
# Cleanup of English and spelling by
|
|
# Ted Rolle <ted@acacia.datacomm.com>
|
|
#
|
|
# Configuration file example
|
|
# $Id: vtund.conf,v 1.4.2.6 2013/07/07 20:36:48 mtbishop Exp $
|
|
#
|
|
#
|
|
# Lines which begin with '#' are comments
|
|
#
|
|
# File format:
|
|
#
|
|
# XXXXX {
|
|
# option param; option param;
|
|
# option param;
|
|
# ......
|
|
# }
|
|
# Where XXXXX:
|
|
# options - General options.
|
|
# default - default session options.
|
|
# session - Session options.
|
|
#
|
|
# Options _must_ be grouped by curly braces '{' '}'.
|
|
# Each option _must_ end with ';'
|
|
#
|
|
# -----------
|
|
# General options:
|
|
#
|
|
# type - Server type.
|
|
# 'stand' - Stand alone server (default).
|
|
# 'inetd' - Started by inetd.
|
|
# Used only by the server.
|
|
#
|
|
# -----------
|
|
# port - Server TCP port number.
|
|
#
|
|
# -----------
|
|
# bindaddr - Server listen address. Used to force vtund to bind
|
|
# to the specific address and port in server mode.
|
|
# Format:
|
|
# bindaddr {
|
|
# option .....;
|
|
# };
|
|
#
|
|
# 'bindaddr' options:
|
|
#
|
|
# iface - Use interface address as the listen address.
|
|
# Format:
|
|
# iface if_name;
|
|
#
|
|
# addr - Listen address.
|
|
# Format:
|
|
# addr ip_address;
|
|
# addr host_name;
|
|
#
|
|
# -----------
|
|
# syslog - Syslog facility.
|
|
#
|
|
# -----------
|
|
# timeout - General VTun timeout.
|
|
#
|
|
# -----------
|
|
# ppp - Program for the ppp initialization.
|
|
#
|
|
# -----------
|
|
# ifconfig - Program for the net interface initialization.
|
|
#
|
|
# -----------
|
|
# route - Program for the routing table manipulation.
|
|
#
|
|
# -----------
|
|
# firewall - Program for the firewall setup.
|
|
#
|
|
# -----------
|
|
#
|
|
# Session options:
|
|
#
|
|
# passwd - Password for authentication.
|
|
#
|
|
# -----------
|
|
# type - Tunnel type.
|
|
# 'tun' - IP tunnel (No PPP,Ether,.. headers).
|
|
# 'ether' - Ethernet tunnel.
|
|
# 'tty' - Serial tunnel, PPP, SLIP, etc.
|
|
# 'pipe' - Pipe tunnel.
|
|
# Default type is 'tty'.
|
|
# Ignored by the client.
|
|
#
|
|
# -----------
|
|
# device - Network device.
|
|
# 'tapXX' - for 'ether'
|
|
# 'tunXX' - for 'tun'
|
|
# By default VTun will automatically select available
|
|
# device.
|
|
#
|
|
# -----------
|
|
# proto - Protocol.
|
|
# 'tcp' - TCP protocol.
|
|
# 'udp' - UDP protocol.
|
|
#
|
|
# 'tcp' is default for all tunnel types.
|
|
# 'udp' is recommended for 'ether' and 'tun' only.
|
|
#
|
|
# This option is ignored by the client.
|
|
#
|
|
# -----------
|
|
# nat_hack - Delay UDP set-up connection until Server or Client sends
|
|
# a UDP packet, depending on setting. Useful to work around
|
|
# routers which use mismatched port numbers for UDP traffic.
|
|
#
|
|
# 'client' - Delay UDP set-up on the client side
|
|
# 'server' - Delay UDP set-up on the server side.
|
|
# 'no' - Disable the NAT hack on both sides (default).
|
|
#
|
|
# Setting 'nat_hack client' on the server or 'nat_hack server'
|
|
# on the client is ignored. Please see the vtund.conf man page
|
|
# for more details and security information.
|
|
#
|
|
# -----------
|
|
# persist - Persist mode.
|
|
# 'yes' - Reconnect to the server after connection
|
|
# termination.
|
|
# 'no' - Exit after connection termination (default).
|
|
# Used only by the client.
|
|
#
|
|
# -----------
|
|
# keepalive - Enable 'yes' or disable 'no' connection
|
|
# keep-alive. Ignored by the client.
|
|
#
|
|
# May be in the form 'interval:count', where 'interval' is the
|
|
# period of connection checks and 'count' is the maximum number
|
|
# of retries. 'yes' is equivalent to '30:4'.
|
|
#
|
|
# -----------
|
|
# timeout - Connect timeout.
|
|
#
|
|
# -----------
|
|
# compress - Enable 'yes' or disable 'no' compression.
|
|
# It is also possible to specify a method:
|
|
# 'zlib' - ZLIB compression
|
|
# 'lzo' - LZO compression
|
|
# and level:
|
|
# from 1(best speed) to 9(best compression)
|
|
# separated by ':'. Default method is 'zlib:1'.
|
|
# Ignored by the client.
|
|
#
|
|
# -----------
|
|
# encrypt - Enable 'yes' or disable 'no' encryption.
|
|
# It is also possible to specify a method:
|
|
# 'aes256gcm' - AES cipher, 256 bit key, mode GCM
|
|
#
|
|
# Ignored by the client.
|
|
#
|
|
# -----------
|
|
# stat - Enable 'yes' or disable 'no' statistics.
|
|
# If enabled vtund will log statistic counters every
|
|
# 5 minutes.
|
|
#
|
|
# -----------
|
|
# speed - Speed of the connection in kilobits/second.
|
|
# 8,16,32,64,128,256,etc.
|
|
# 0 means maximum possible speed without shaping.
|
|
# You can specify speed in form IN:OUT.
|
|
# IN - to the client, OUT - from the client.
|
|
# Single number means same speed for IN and OUT.
|
|
# Ignored by the client.
|
|
#
|
|
# -----------
|
|
# up - List of programs to run after connection has been
|
|
# established. Used to initialize protocols, devices,
|
|
# routing and firewall.
|
|
# Format:
|
|
# up {
|
|
# option .....;
|
|
# option .....;
|
|
# };
|
|
#
|
|
# down - List of programs to run after connection has been
|
|
# terminated. Used to reset protocols, devices, routing
|
|
# and firewall.
|
|
# Format:
|
|
# down {
|
|
# option .....;
|
|
# option .....;
|
|
# };
|
|
#
|
|
# 'up' and 'down' options:
|
|
#
|
|
# program - Run specified program.
|
|
# Format:
|
|
# program path arguments wait;
|
|
#
|
|
# path - Full path to the program.
|
|
# '/bin/sh' will be used if path was omitted.
|
|
#
|
|
# arguments - Arguments to pass to the program.
|
|
# Must be enclosed in double quotes.
|
|
# Special characters and expansions:
|
|
# ' (single quotes) - group arguments
|
|
# \ (back slash) - escape character
|
|
# %%(double percent) - same as %d
|
|
# %d - TUN or TAP device or TTY port name
|
|
# %A - Local IP address
|
|
# %P - Local TCP or UDP port
|
|
# %a - Remote IP address
|
|
# %p - Remote TCP or UDP port
|
|
# %h - Host Profile Name in config
|
|
#
|
|
# wait - Wait for the program termination.
|
|
#
|
|
# ppp - Run program specified by 'ppp' statement in
|
|
# 'options' section.
|
|
# Format:
|
|
# ppp arguments;
|
|
#
|
|
# ifconfig - Run program specified by 'ifconfig' statement in
|
|
# 'options' section.
|
|
# Format:
|
|
# ifconfig arguments;
|
|
#
|
|
# route - Run program specified by 'route' statement in
|
|
# 'options' section.
|
|
# Format:
|
|
# route arguments;
|
|
#
|
|
# firewall - Run program specified by 'firewall' statement in
|
|
# 'options' section.
|
|
# Format:
|
|
# firewall arguments;
|
|
#
|
|
# -----------
|
|
# srcaddr - Local (source) address. Used to force vtund to bind
|
|
# to the specific address and port in client mode.
|
|
# Format:
|
|
# srcaddr {
|
|
# option .....;
|
|
# option .....;
|
|
# };
|
|
#
|
|
# 'srcaddr' options:
|
|
#
|
|
# iface - Use interface address as the Source address.
|
|
# Format:
|
|
# iface if_name;
|
|
#
|
|
# addr - Source address.
|
|
# Format:
|
|
# addr ip_address;
|
|
# addr host_name;
|
|
#
|
|
# port - Source port.
|
|
# Format:
|
|
# port port_no;
|
|
#
|
|
# -----------
|
|
# multi - Multiple connections.
|
|
# 'yes' or 'allow' - allow multiple connections.
|
|
# 'no' or 'deny' - deny multiple connections.
|
|
# 'killold' - allow new connection and kill old one.
|
|
# Ignored by the client.
|
|
#
|
|
# -----------
|
|
# Notes:
|
|
# Options 'Ignored by the client' are provided by server
|
|
# at the connection initialization.
|
|
#
|
|
# Option names cannot be abbreviated.
|
|
#
|
|
# ----- CUT HERE --- Server config --- CUT HERE -----
|
|
#
|
|
options {
|
|
port 5000; # Listen on this port.
|
|
bindaddr { iface lo; }; # Listen only on loopback device.
|
|
|
|
# Syslog facility
|
|
syslog daemon;
|
|
|
|
# Path to various programs
|
|
ppp /usr/sbin/pppd;
|
|
ifconfig /sbin/ifconfig;
|
|
route /sbin/route;
|
|
firewall /sbin/ipchains;
|
|
ip /sbin/ip;
|
|
}
|
|
|
|
# Default session options
|
|
default {
|
|
compress no; # Compression is off by default
|
|
speed 0; # By default maximum speed, NO shaping
|
|
}
|
|
|
|
# TUN example. Session 'cobra'.
|
|
cobra {
|
|
passwd Ma&^TU; # Password
|
|
type tun; # IP tunnel
|
|
proto udp; # UDP protocol
|
|
compress lzo:9; # LZO compression level 9
|
|
encrypt yes; # Encryption
|
|
keepalive yes; # Keep connection alive
|
|
|
|
up {
|
|
# Connection is Up
|
|
|
|
# 10.3.0.1 - local, 10.3.0.2 - remote
|
|
ifconfig "%% 10.3.0.1 pointopoint 10.3.0.2 mtu 1450";
|
|
};
|
|
}
|
|
|
|
# the same as above, but with iproute2 command
|
|
cobra {
|
|
passwd Ma&^TU; # Password
|
|
type tun; # IP tunnel
|
|
proto udp; # UDP protocol
|
|
compress lzo:9; # LZO compression level 9
|
|
encrypt yes; # Encryption
|
|
keepalive yes; # Keep connection alive
|
|
|
|
up {
|
|
# Connection is Up
|
|
|
|
# 10.3.0.1 - local, 10.3.0.2 - remote
|
|
ip "link set %% up multicast off mtu 1450";
|
|
ip "-family inet addr add 10.3.0.1 peer 10.3.0.2 dev %%";
|
|
};
|
|
}
|
|
|
|
|
|
# Ethernet example. Session 'lion'.
|
|
lion {
|
|
passwd Ma&^TU; # Password
|
|
type ether; # Ethernet tunnel
|
|
device tap0; # Device tap0
|
|
proto udp; # UDP protocol
|
|
compress lzo:1; # LZO compression level 1
|
|
encrypt yes; # Encryption
|
|
stat yes; # Log connection statistic
|
|
keepalive yes; # Keep connection alive
|
|
|
|
up {
|
|
# Connection is Up
|
|
|
|
# Assign IP address
|
|
ifconfig "%% 10.1.0.1 netmask 255.255.255.0";
|
|
|
|
# Add route to net 10.2.0.0/24
|
|
route "add -net 10.2.0.0 netmask 255.255.255.0 gw 10.1.0.2";
|
|
|
|
# Enable masquerading for net 10.2.0.0.0/24
|
|
firewall "-A forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
|
|
};
|
|
|
|
down {
|
|
# Connection is Down
|
|
|
|
# Shutdown tap device.
|
|
ifconfig "%% down";
|
|
|
|
# Disable masquerading for net 10.2.0.0.0/24
|
|
firewall "-D forward -s 10.2.0.0/24 -d 0.0.0.0/0 -j MASQ";
|
|
};
|
|
}
|
|
|
|
# PPP example. Session 'viper'.
|
|
viper {
|
|
passwd TTT$bio; # Password
|
|
compress yes; # ZLIB compression level 1
|
|
encrypt yes; # Encryption
|
|
up {
|
|
# Connection is Up (established)
|
|
|
|
# Assign IP addresses 10.0.0.1 - local, 10.0.0.2 - remote
|
|
ppp "10.0.0.1:10.0.0.2 proxyarp";
|
|
};
|
|
}
|
|
|
|
# Pipe example. Session 'backup'.
|
|
backup {
|
|
passwd OnlyME; # Password
|
|
type pipe; # Pipe tunnel
|
|
speed 256:128; # Shaping speed 256K IN and 128K OUT.
|
|
encrypt yes; # Encryption
|
|
up {
|
|
# Connection is Up
|
|
|
|
# Start shell and tar '/etc' directory to
|
|
# the stdout (pipe tunnel).
|
|
program /bin/sh "-c 'tar cf - /etc/*'";
|
|
};
|
|
}
|
|
|
|
# TTY example. Session 'sz'.
|
|
# Silly example to show that VTun can tunnel ALMOST
|
|
# anything :-).
|
|
sz {
|
|
passwd OnlyME; # Password
|
|
type tty; # TTY tunnel
|
|
speed 64; # Shaping speed 64K IN/OUT
|
|
encrypt yes; # Encryption
|
|
up {
|
|
# Connection is Up
|
|
|
|
# Send '/etc/profile' via ZMODEM to the
|
|
# stdout(tty tunnel).
|
|
program /bin/sh "-c 'sz /etc/termcap'";
|
|
};
|
|
}
|
|
#
|
|
# ----- CUT HERE -------- End -------- CUT HERE -----
|
|
#
|
|
|
|
#
|
|
# ----- CUT HERE --- Client config --- CUT HERE -----
|
|
#
|
|
options {
|
|
port 5000; # Connect to this port.
|
|
timeout 60; # General timeout
|
|
|
|
# Path to various programs
|
|
ppp /usr/sbin/pppd;
|
|
ifconfig /sbin/ifconfig;
|
|
route /sbin/route;
|
|
firewall /sbin/ipchains;
|
|
ip /sbin/ip;
|
|
}
|
|
|
|
# TUN example. Session 'cobra'.
|
|
cobra {
|
|
passwd Ma&^TU; # Password
|
|
device tun1; # Device tun1
|
|
persist yes; # Persist mode
|
|
up {
|
|
# Connection is Up
|
|
|
|
# Assign IP addresses.
|
|
ifconfig "%% 10.3.0.2 pointopoint 10.3.0.1 mtu 1450";
|
|
};
|
|
}
|
|
# same as above, but with iproute2 command
|
|
cobra {
|
|
passwd Ma&^TU; # Password
|
|
device tun1; # Device tun1
|
|
persist yes; # Persist mode
|
|
up {
|
|
# Connection is Up
|
|
|
|
# Assign IP addresses.
|
|
ip "link set %% up multicast off mtu 1450";
|
|
ip "-family inet addr add 10.3.0.2 peer 10.3.0.1 dev %%";
|
|
};
|
|
}
|
|
|
|
# Ethernet example. Session 'lion'.
|
|
lion {
|
|
passwd Ma&^TU; # Password
|
|
type ether; # Ethernet tunnel
|
|
device tap1; # Device tap1
|
|
up {
|
|
# Connection is Up
|
|
|
|
# Assign IP address and netmask.
|
|
ifconfig "%% 10.1.0.2 netmask 255.255.255.0";
|
|
};
|
|
down {
|
|
# Connection is Down
|
|
|
|
# Shutdown tap device
|
|
ifconfig "%% down";
|
|
};
|
|
}
|
|
|
|
# PPP example. Session 'viper'.
|
|
viper {
|
|
passwd TTT$bio; # Password
|
|
up {
|
|
# Connection is Up
|
|
|
|
# IP address will be assigned by the server
|
|
ppp "noipdefault";
|
|
};
|
|
}
|
|
|
|
# Pipe example. Session 'backup'.
|
|
backup {
|
|
passwd OnlyME; # Password
|
|
up {
|
|
# Connection is Up
|
|
|
|
# Start shell and untar files from
|
|
# stdin(pipe tunnel).
|
|
program /bin/sh "-c 'cd /tmp; tar xf -";
|
|
};
|
|
}
|
|
|
|
# TTY example. Session 'sz'.
|
|
# Silly example to show that VTun can tunnel ALMOST
|
|
# anything :-).
|
|
sz {
|
|
passwd OnlyME; # Password
|
|
up {
|
|
# Receive file via ZMODEM from the
|
|
# stdin(tty tunnel).
|
|
program /bin/sh "-c 'cd /tmp; rz'";
|
|
};
|
|
}
|