# This configuration file uses the YAML format.

# This configuration can be enabled/disabled and controlled by adding the
# network to `/etc/default/vpncloud` and starting/stopping it via
# `/etc/init.d/vpncloud start/stop` on non-systemd systems and via
# `systemctl enable/disable vpncloud@NAME` and
# `service vpncloud@NAME start/stop` on systemd systems.


# The port number or ip:port on which to listen for data.
# Note: Every VPN needs a different port number.
listen: 3210

# Address of a peer to connect to. The address should be in the form
# `addr:port`. If the node is not started, the connection will be retried
# periodically. This parameter can be repeated to connect to multiple peers.
# Note: Several entries can be separated by spaces.
peers:
#  - node2.example.com:3210
#  - node3.example.com:3210

# Peer timeout in seconds. The peers will exchange information periodically
# and drop peers that are silent for this period of time.
peer-timeout: 300

# Switch table entry timeout in seconds. This parameter is only used in switch
# mode. Addresses that have not been seen for the given period of time  will
# be forgot.
switch-timeout: 300


# Crypto settings
#crypto:

  # An optional password to encrypt the VPN data.
  #password: ""

  # Private key
  #private-key: ""

  # Public key
  #public-key: ""

  # Trusted keys
  #trusted-keys:

  # Supported algorithms. Subset of "aes128", "aes256", "chacha20", and 
  # "plain" where "plain" means unencrypted.
  #algorithms:


# Device settings
device:

  # Name of the virtual device. Any `%d` will be filled with a free number.
  name: "vpncloud%d"

  # Set the type of network. There are two options: **tap** devices process
  # Ethernet frames **tun** devices process IP packets. [default: `tun`]
  type: tun

  # The path of the /dev/net/tun device. Only change if you need to.
  #path: /dev/net/tun

  # Whether to fix detected rp-filter problems
  fix-rp-filter: false


# The mode of the VPN. The VPN can like a router, a switch or a hub. A **hub**
# will send all data always to all peers. A **switch** will learn addresses
# from incoming data and only send data to all peers when the address is
# unknown. A **router** will send data according to known subnets of the
# peers and ignore them otherwise. The **normal** mode is switch for tap
# devices and router for tun devices. [default: `normal`]
mode: normal


# The local subnets to use. This parameter should be in the form
# `address/prefixlen` where address is an IPv4 address, an IPv6 address, or a
# MAC address. The prefix length is the number of significant front bits that
# distinguish the subnet from other subnets. Example: `10.1.1.0/24`.
# Note: Several entries can be separated by spaces.
#claims:
#  - 10.1.1.0/24

# Whether to automatically claim the configured IP on tun devices
auto-claim: true


# An IP address to set on the device
#ip: "" 

# A command to setup the network interface. The command will be run (as
# parameter to `sh -c`) when the device has been created to configure it.
# The name of the allocated device will be available via the environment
# variable `IFNAME`.
#ifup: ""

# A command to bring down the network interface. The command will be run (as
# parameter to `sh -c`) to remove any configuration from the device.
# The name of the allocated device will be available via the environment
# variable `IFNAME`.
#ifdown: ""

# Store the process id in this file when running in the background. If set,
# the given file will be created containing the process id of the new
# background process. This option is only used when running in background.
#pid_file: ""

# Change the user and/or group of the process once all the setup has been
# done and before spawning the background process. This option is only used
# when running in background.
#user: ""
#group: ""


# Beacon settings
beacon:

  # File or command (prefix: "|") to use for storing beacons
  #store: ""

  # File or command (prefix: "|") to use for loading beacons
  #load: ""

  # How often to load and store beacons (in seconds)
  interval: 3600

  # Password to encrypt beacon data with
  #password: ""


# Statsd settings
#statsd:

  # Statsd server name:port
  #server: ""

  # Prefix to use for stats keys
  #prefix: ""