-
Notifications
You must be signed in to change notification settings - Fork 130
/
Copy pathmlvpn.conf.5
201 lines (200 loc) · 6.31 KB
/
mlvpn.conf.5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "MLVPN\.CONF" "5" "February 2016" "" ""
.
.SH "NAME"
\fBmlvpn\.conf\fR \- MLVPN configuration
.
.SH "DESCRIPTION"
mlvpn(1) configuration file
.
.SH "SYNTAX"
mlvpn\.conf(5) is a "ini style" config file\. settings are stores within sections, surrounded by []\. Comments can be inserted anyware, starting with \fB#\fR\. Key / values are plain ascii separated by "="\. Strings should be escaped using double quotes \'"\'
.
.SS "GENERAL"
The \fB\fIgeneral\fR\fR section is reserved for global configuration\.
.
.IP "\(bu" 4
\fIstatuscommand\fR = "/path/to/secure\.script\.sh"
.
.IP
\fBMANDATORY\fR
.
.IP
statuscommand path is called with two parameters when a status changed within \fBmlvpn\fR\. First argument is the interface name\. Second argument is the status name that changed\.
.
.IP "\(bu" 4
tuntap_up: at least one tunnel is up and running
.
.IP "\(bu" 4
tuntap_down: all tunnels are down
.
.IP "\(bu" 4
rtun_up: one tunnel changed status to up ($3 is the tunnel name)
.
.IP "\(bu" 4
rtun_down: one tunnel changed status to down ($3 is the tunnel name)
.
.IP "" 0
.
.IP
See the example file \fImlvpn_updown\.sh\fR for more informations
.
.IP "\(bu" 4
\fImode\fR = "server"
.
.IP
\fBMANDATORY\fR
.
.IP "\(bu" 4
"server": listen on \fIbind_address\fR, \fIbind_port\fR for every tunnel
.
.IP "\(bu" 4
"client": connects to \fIremote_address\fR, \fIremote_port\fR for every tunnel
.
.IP "" 0
.
.IP "\(bu" 4
\fItimeout\fR = 30 Timeout, expressed in seconds\.
.
.IP
Triggered when the other side does not responds to keepalive packets\. Keepalive are send every timeout/2 seconds\.
.
.IP "\(bu" 4
\fIinterface_name\fR = "mlvpn0" Set interface name to the specified value\. (\fBLINUX ONLY\fR)
.
.IP "\(bu" 4
\fItuntap\fR = "tun" Tells mlvpn whether to create a tun (layer 3) or tap (layer 2) interface\.
.
.IP "\(bu" 4
\fIpassword\fR
.
.IP
\fBMANDATORY\fR
.
.IP
The password string is used to generate a key used by libsodium\. Password is mandatory and must be the same on the client and on the server\.
.
.IP "\(bu" 4
\fIcleartext_data\fR If set to 1, data packets will \fBNOT\fR be encrypted\.
.
.IP
Use with cautions\.
.
.IP "\(bu" 4
\fIcontrol_unix_path\fR = "" Path to the unix socket for remote control\.
.
.IP "\(bu" 4
\fIcontrol_bind_host\fR = "" Bind address of the remote control\. (HTTP) (url: http://[control_bind_host]:[control_bind_port]/status)
.
.IP "\(bu" 4
\fIcontrol_bind_port\fR = "" Bind port of the remote control\. (HTTP)
.
.IP "\(bu" 4
\fIreorder_buffer_size\fR = 0 mlvpn includes a reordering algorithm for it\'s aggregation\. This variable defines how many packets can be held in case one end of the tunnel does receive data ouf ot order\.
.
.IP
Experiment to know what value is best for you\. Good starting point can be as small as 64 packets\.
.
.IP
\fB0\fR disables the reordering\.
.
.IP "\(bu" 4
\fIloss_tolerence\fR = 0 mlvpn monitors packet loss on every link\. If the packet loss ratio on a link exceed the specified value in percent, the link changes state to MLVPN_LOSSY and is removed from aggregation\.
.
.IP
Lossy links ARE used anyway if no other choices are available (if all links are slow or lossy)
.IP
Values must be the same in the configuration on both sides of the link, this affects outbound traffic scheduling only. If only the client has this setting, lossy links will lead to upload data being disabled. In a video call for example, you will still receive traffic on the lossy link.
.
.
.IP
\fB100 or more\fR disables the loss tolerence system\.
.
.IP "\(bu" 4
\fIlatency_tolerence\fR = 0 mlvpn monitors smoothed round trip time on every link\. If the SRTT on a link exceeds the specified value in milliseconds, the link changes state to MLVPN_HIGH_LATENCY and is removed from aggregation\.
.
.IP
Slow links ARE used anyway if no other choices are available (if all links are slow or lossy)
.IP
Values must be the same in the configuration on both sides of the link, this affects outbound traffic scheduling only. If only the client has this setting, high latency situations will lead to upload data being disabled. In a video call for example, you will still receive traffic on the high latency link.
.
.IP
\fB1000 or more\fR disables the loss tolerence system\.
.
.IP "" 0
.
.SS " TUNNELS"
Each tunnel must be declared in it\'s own section\.
.
.P
The section name is mapped to the tunnel name\. Example: "[adsl1]", "[adsl2]"\.
.
.IP "\(bu" 4
\fIbindhost\fR = "0\.0\.0\.0" Bind on a specific address\. (IPv4 only) (client/server)
.
.IP "\(bu" 4
\fIbindport\fR = 5080 Bind on a specific port\. (client/server)
.
.IP "\(bu" 4
\fIremotehost\fR = "1\.2\.3\.4" Address of the remote host\. (client)
.
.IP "\(bu" 4
\fIremoteport\fR = 5080 Port of the remote host\. (client)
.
.IP "\(bu" 4
\fIbandwidth_upload\fR = 61440 Maximum upload bandwidth, in bytes for this link\.
.
.IP
Bandwidth is specified in Bytes (1 KiB is 1024 Bytes)\.
.
.IP
This is used to setup the weight round\-robin balancing algorithm\. Set 0 if both links are similar\. (client/server)
.
.IP "\(bu" 4
\fItimeout\fR = 25 Override \fB\fIgeneral\fR\fR timeout for this link\. (client/server)
.
.IP "\(bu" 4
\fIfallback_only\fR = 0 Links defined with fallback_only will be connected at all times, but will only be used if all other tunnels are down\. (client)
.
.IP "" 0
.
.SS " FILTERS"
\fB[filters]\fR section associate a bpf(4) filter to a specific interface\. Filters are used when aggregation is used but you want to pass some traffic specifically through only one interface, without re\-ordering\. (Like for using VoIP)
.
.P
Example filters:
.
.P
\fB[filters]\fR
.
.P
\fBsdsl = udp port 5060\fR
.
.P
\fBadsl = udp port 5060\fR
.
.SH "RELOADING"
The configuration can be reloaded at any moment by sending SIGHUP to the child mlvpn process\.
.
.SH "REORDERING"
The reorder buffer will be sent "as is" on the network if the buffer can\'t be reconstructed in time, ie: packet loss\. (SRTT * 2)
.
.SH "STATUS"
MLVPN status can be monitored by using ps\. mlvpn prints it\'s \-\-name, then the status of each tunnel prefixed by the status\.
.
.P
Status availables: \fB!\fR: down, \fB@\fR: up, \fB~\fR: lossy or slow
.
.P
Example: \fBmlvpn: adsl3g !3g @adsl ~wifi\fR
.
.P
3g is \fBdown\fR, adsl is \fBup\fR and wifi is \fBlossy or slow\fR (up, but above loss_tolerence or latency_tolerance threshold)\.
.
.SH "EXAMPLE"
See examples/mlvpn\.conf
.
.SH "SEE ALSO"
mlvpn(1)