options.in

cipe 编程

#	CIPE - encrypted IP over UDP tunneling
#
# options.in - list of all options for ciped
# Copyright 2000 Olaf Titz <olaf@bigred.inka.de>
# $Id: options.in,v 1.8 2004/08/04 13:51:14 olaf81825 Exp $

# Each option is defined with an option line and followed by description.
# Option line is "<name> <type> <required>".
# Description is lines starting with space in texinfo syntax.

device	str	no
 Name of the CIPE device. If not given, the system picks a free one.
debug	bool
 Don't go background, use stderr instead of syslog.
 (Independent of the kernel driver debug option.)
cipher  str     no
 Name of encryption algorithm to use. Defaults to "blowfish" (built-in).
ipaddr	addr	yes
 IP address of the CIPE device.
ptpaddr	addr	(yes)
 IP address of the peer device (i.e. the CIPE device on the other
 end). For protocol 3.
mask    addr    no
 Netmask of the CIPE device. For protocol 4.
bcast   addr    no
 Broadcast address of the CIPE device. For protocol 4.
mtu	int	no
 Device MTU (default: ethernet standard MTU minus all necessary headers)
metric	int	no
 Device metric (not sure if this is used anywhere...)
cttl	int	no
 Carrier TTL value. If not specified or 0, use the payload packet's
 TTL. Default recommendation is 64.
me	uaddr	no
 Our carrier UDP address. If either IP or port are not given, the
 system picks one and reports it via @file{ip-up}.
peer	uaddr	yes
 The other end's carrier UDP address.
key	secret	(yes)
 The link key. For security reasons, the key has to be set via an
 options file, subject to the restrictions described above. The key
 should be 128 bits in hexadecimal encoding. (To generate such a beast
 from random, try @code{ps -auxw | md5sum}.)
nokey	bool
 Don't encrypt at all, just encapsulate in UDP. Only with this option,
 @code{key} is not needed.
socks	taddr	no
 Address (port required!) of the SOCKS5 server. @xref{SOCKS}.
tokxc	int	no
 Timeout (seconds) for key exchange. Default: 10.
tokey	int	no
 Dynamic key lifetime. Default: 600 (10 minutes).
ipup	str	no
 Script to run instead of @file{/etc/cipe/ip-up}.
ipdown	str	no
 Script to run instead of @file{/etc/cipe/ip-down}.
arg	str	no
 Argument to supply to @file{ip-up}, @file{ip-down}.
maxerr	int	no
 Maximum number of errors before ciped exits. @xref{Error handling}.
stayalive	bool
 Do not exit on errors; just invoke ip-down and wait until the
 connection comes up again, then invoke ip-up. NOTE: the piddir option
 should be used in this case instead of writing PID files from ip-up.
piddir	str	no
 Directory to write pid-files to. PID files are named like the
 device, with .pid appended. If not specified, pid files are not
 written.
tokxts	int	no
 Key exchange timestamp timeout. Default: 0 (no timestamps).
 Set this to 10 to prevent key exchange replay attacks, but only if the
 peer runs CIPE 1.4.6 or later and both system clocks are reasonably
 synchronized.
ping	int	no
 Frequency (in seconds) for keep-alive pings. Default is don't send any pings.
 The "ping" used here is internal to CIPE, not ICMP ping.
toping	int	no
 Timeout for pings. If no answer is received on a keep-alive ping in
 this time, it counts as an error, @xref{Error handling}.
 Default is no check for answers.
dynip	bool
 Assume the carrier is on a dynamic IP address. @xref{Dynamic carrier}.
hwaddr  str     no
 Set the dummy MAC address used in Ethernet mode (protocol 4).
ifconfig bool
 Require an external @command{ifconfig} call to configure the interface.
checksum bool
 Use checksummed UDP carrier packets. Only necessary if the network
 does not like unchecksummed packets.
ignoredf bool
 Ignore the DF bit on IP packets and allow the encapsulated packet to be
 fragmented.
forcemtu bool
 Disable PMTU and use device MTU.