| Dynamics | ||
| Configuration file specifications | $Revision: 1.6 $ | State approved |
| Date 07-Dec-1998 | Author Tom Weckström | |
| Review date 09-Dec-1998 | Reviewed by Jouni Malinen | |
| Approval date 09-Dec-1998 | Approved by Jouni Malinen | |
$Id: config_spec.html,v 1.6 1998/12/09 19:33:43 jkmaline Exp $
The configurable elements of the tunneling system are:
The configuration files consist of:
Keywords are words describing the configurable parameter. Keyword identification is case sensitive. Keyword always begins the line. Mismatching keywords are ignored. The system informs about configuration file errors with and error message which is output to stderr:
<date, time>, <element name>: Configuration file error, <error type>: <keyword>Example:
Thu Nov 26 11:26:16 EET 1998, MNdaemon: Configuration file error, missing value for: MNHomeIPAddress
The values for configurable parameters are defined words written
without white spaces. The parameter values are case sensitive.
Comments are lines that begin with the mark "#".
Comment lines are ignored when processing the configuration information.
Blank lines MAY exist between the configuration information.
Blank lines are ignored. Also lines with only white spaces on them are
ignored.
If the parameter keyword is not present in the configuration file, a default value will be used. Default values are marked with bold in the config file definition.
The following notation is used throughout the examples and configuration file definitions:
[ text ] = Optional text
< text > = Compulsory text
[ text1 | text2 ] = Either of the
texts may be written
< text1 | text2 > = Either of the
texts MUST be written
[ text1 text2 ] = There may be 0,
1 or 2 texts
< text1 text2 > = There MUST be
2 texts
text = Cursive text means that
"text" is a parameter value keyword that is recognized by the software
Mobile Node configuration file mn.conf definition:
# This is a Mobile Node configuration file. # Last modified by: tom@c3po.cs.hut.fi on Thu Nov 26 1998 # [Additional comments] # The IP address in the Home Network. MNHomeIPAddress < IPaddress > HAIPAddress < IPaddress > # The SharedSecret is provided as a HEX number string. # The string can not begin with "/" to enable # the use of a separate key file. SharedSecret < string > # the SPI must be defined for every MN. # See the SPI definition from the terminology definition document. SPI < integer > EnableFADecapsulation < TRUE | FALSE > EnableTriangleMode < TRUE | FALSE > EnableNoTunnelMode < TRUE | FALSE > # DefaultTunnelLifetime is the lifetime suggested in registration # The lifetime is defined in seconds, default value is 300. # The request timer will be set according to this value. MNDefaultTunnelLifetime [ seconds ] # The log messages are written through syslog service. The facility to be # used defaults to LOG_LOCAL0, but it can be set with this parameter # to any of the possible facilities (LOG_AUTHPRIV, LOG_DAEMON, and so on). # The processing of log messages is defined in /etc/syslog.conf file. SyslogFacility < string >
Home Agent configuration file ha.conf definition:
# This is a Home Agent configuration file. # Last modified by: tom@c3po.cs.hut.fi on Thu Nov 26 1998 # [Additional comments] # It might be good to restrict the number of MNs attached to the HA. # The default is 20. MaxBindings [ integer ] # The default tunnel lifetime is suggested also by the HA. # The default lifetime is 500. HADefaultTunnelLifetime < integer > # The Registration error reply interval should be restricted to # avoid system overloading situations when receiving too much # incorrect Registration Reply messages. # The default value for RegErrorReplyInterval is 10 seconds. RegErrorReplyInterval [ seconds ] # For each authorized mobile node, the Home Agent needs: # SPI, Authentication algorithm identifier, # replay method identifier and the SharedSecret. # The SharedSecret is shown as a HEX code string. # This information is shown on one row for each Mobile Node. # The list of Mobile Node information is separated between two # keywords: SPILIST_BEGIN and SPILIST_END. SPILIST_BEGIN < SPI auth.alg. replay method SharedSecret > # Example: 1000 1 1 16A352B2F235E 1001 1 1 EF42BD234ECCAA2 SPILIST_END AUTHORIZEDLIST_BEGIN # List of authorized mobile node home IP addresses separated by line # breaks. There may be additional comments after the IP address, # but they are not used by the home agent software. [ MNHomeIPAddress ] [ Additional comments ] # The list of Mobile Node information is separated between two # keywords: AUTHORIZEDLIST_BEGIN and AUTHORIZEDLIST_END. # Example: 192.100.100.100 192.100.100.101 Jussi's machine, SPI=1001 AUTHORIZEDLIST_END # The log messages are written through syslog service. The facility to be # used defaults to LOG_LOCAL0, but it can be set with this parameter # to any of the possible facilities (LOG_AUTHPRIV, LOG_DAEMON, and so on). # The processing of log messages is defined in /etc/syslog.conf file. SyslogFacility < string >
Foreign Agent configuration file fa.conf definition:
# This is a Foreign Agent configuration file. # Last modified by: tom@c3po.cs.hut.fi on Thu Nov 26 1998 # [Additional comments] HighestFAIPAddress < IPaddress > UpperFAIPAddress < IPaddress > FAPubKey < /the/absolute/path/to/the/pubkey/file > FASecretKey < /the/absolute/path/to/the/secretkey/file > # the SPI must be defined for every FA. # See the SPI definition from the terminology definition document. # A special SPI is defined for the used public key cryptosystem. SPI < integer > # The maximum number of tunnels going through # one FA should be configurable. # The default value for MaxBindings is 100. # The MaxBindings can set just for effectiveness reasons. EnableFADecapsulation < TRUE | FALSE > EnableTriangleMode < TRUE | FALSE > EnableNoTunnelMode < TRUE | FALSE > # Bi-directional tunneling is ON by default and can not be # switched OFF # The AdvertisementInterval in seconds may be forced. # The Foreign Agent uses the interval in sending # Agent Advertisements. Default value 30. # Probability theory can be applied to find an optimal interval. ;-) AdvertisementInterval [ seconds ] # DefaultTunnelLifetime is the lifetime suggested in registration # process. This can be calculated from the # AdvertisementInterval to enable at least 3 advertisements during # the tunnel lifetime. # The lifetime is defined in seconds, default value is 400. # This should not be the same as the MNDefaultTunnelLifetime. # Setting the values same might cause unnecessary tunnel time-outs... # The request timer will be set according to this value. FADefaultTunnelLifetime [ seconds ] # The log messages are written through syslog service. The facility to be # used defaults to LOG_LOCAL0, but it can be set with this parameter # to any of the possible facilities (LOG_AUTHPRIV, LOG_DAEMON, and so on). # The processing of log messages is defined in /etc/syslog.conf file. SyslogFacility < string >