Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This is the FreeLAN configuration file
- #
- # All file and directory paths are relative to this file.
- [server]
- # Whether to use the embedded HTTP(S) server.
- #
- # The embedded HTTP(S) server allows one host to sign certificates for other
- # hosts and to provide them with a centralized configuration.
- #
- # Possible values: yes, no
- #
- # Default: no
- #enabled=no
- # The endpoint to listen on.
- #
- # The endpoint can be in both numeric and hostname format, and must always
- # contain a port specification.
- #
- # Hostnames are resolved using the method specified by
- # network.hostname_resolution_protocol.
- #
- # Using a numeric value is recommended.
- #
- # Example values: 0.0.0.0:80, [::]:80, localhost:80, 10.0.0.1:80
- # Default: 0.0.0.0:443
- #listen_on=0.0.0.0:443
- # The protocol.
- #
- # The protocol to use to contact the server.
- #
- # The only reason to specify something else than "https" here is if the
- # server is hosted behind a proxying web server.
- #
- # Note: while freelan's embedded web server is perfectly capable of
- # serving over https, its configuration options are really limited by
- # design. If you are serious about serving thousands of users over HTTPS
- # and/or need a complex certificate setup, switch to HTTP and host freelan's
- # web server behind a proxying web server that can handle the load (nginx,
- # apache, IIS).
- #
- # Default: https
- #protocol=https
- # The web server certificate file to use when in "https" mode.
- #
- # If no server certificate is specifed, one is generated using the hostname
- # guessed from the operating system which may or may not be the correct one.
- #
- # Default: <none>
- #server_certificate_file=
- # The web server private key file associated to the certificate file.
- #
- # Default: <none>
- #server_private_key_file=
- # The certificate authority certificate file used for signing.
- #
- # This file will be used to sign certificate requests issued by other hosts.
- #
- # If no certificate is provided, one will be generated on each run. This means
- # that the network won't be as robust as is NOT recommended.
- #
- # Default: <none>
- #certification_authority_certificate_file=
- # The private key associated to the certification authority certificate file.
- #
- # This private key must match the specified certification authority certificate
- # file.
- #
- # Default: <none>
- #certification_authority_private_key_file=
- # The authentication script to call.
- #
- # Every time an user tries to authenticate, this script will be called.
- #
- # The script environment will contain the following variables:
- # - FREELAN_USERNAME: The specified username.
- # - FREELAN_PASSWORD: The specified password.
- # - FREELAN_REMOTE_HOST: The hostname/address of the connecting user.
- # - FREELAN_REMOTE_PORT: The port number of the connecting user.
- # initiating the authentication request.
- #
- # If the script exit status is zero, the authentication is accepted.
- # If the script exit status is non-zero, the authentication is rejected.
- #
- # Warning: failing to specify an authentication_script will cause ALL
- # authentication requests to be rejected !
- #
- # Default: <empty>
- #authentication_script=
- [client]
- # Whether to connect to a freelan server to get client information.
- #
- # Possible values: yes, no
- #
- # Default: no
- #enabled=no
- # The server endpoint to connect to.
- #
- # The endpoint can be in both numeric and hostname format, and must always
- # contain a port specification.
- #
- # Hostnames are resolved using the method specified by
- # network.hostname_resolution_protocol.
- #
- # Example values: 127.0.0.1:443, [fe80::1]:443, somehost:443
- # Default: 127.0.0.1:443
- #server_endpoint=127.0.0.1:443
- # The protocol.
- #
- # The protocol to use to contact the server.
- #
- # Using another value than https completely nullifies security and must NEVER
- # be used in a production environment !
- #
- # Default: https
- #protocol=https
- # Whether to disable peer verification.
- #
- # Turn off checks for peer certificate verification. Useful for accepting
- # self-signed certificates but be aware that this allows an attacker to pretend
- # he is the server and get your username and password. Should NEVER be used in
- # a production environment.
- #
- # Default: no
- #disable_peer_verification=no
- # Whether to disable host verification.
- #
- # Turn off checks for host certificate verification. This allows the remote host
- # to present any certificate, even with a non-matching hostname. This completely
- # nullifies security and should NEVER be used in production !
- # a production environment.
- #
- # Default: no
- #disable_host_verification=no
- # The username.
- #
- # The username to use to connect to the server.
- #
- # Default: <empty>
- #username=
- # The password.
- #
- # The password to use to connect to the server.
- #
- # Default: <empty>
- #password=
- # Specify hostnames or IP addresses to advertise.
- #
- # You may repeat the public_endpoint option to add several hostnames or IP
- # addresses.
- #
- # Specifying either 0.0.0.0 or :: in an IP address declaration has a special
- # meaning: the server will replace the IP address with the visible address
- # of the host as it makes the HTTP(S) request.
- #
- # Note: if only :: is specified and the server is contacted using IPv4, then
- # the address is discarded. Same goes for the reverse situation (0.0.0.0 and
- # server contacted in IPv6).
- #
- # If the port number is omitted, then the currently bound port number will be
- # used instead before sending public endpoint information to the server. As a
- # result, specifying an explicit port number is only useful when your client
- # is behind a NAT-operating device that might change the source port number.
- #
- # Examples: 192.168.0.1, [fe80::1]:12000, hostname:1234, 0.0.0.0, ::
- # Default: <none>
- public_endpoint=0.0.0.0
- [fscp]
- # The protocol to use for hostname resolution.
- #
- # Possible values are: ipv4, ipv6
- #
- # Default: ipv4
- #hostname_resolution_protocol=ipv4
- # The endpoint to listen on.
- #
- # The endpoint can be in both numeric and hostname format, and must always
- # contain a port specification.
- #
- # Hostnames are resolved using the method specified by
- # network.hostname_resolution_protocol.
- #
- # Using a numeric value is recommended.
- #
- # Example values: 0.0.0.0:12000, [::]:12000, localhost:12000, 10.0.0.1:12000
- # Default: 0.0.0.0:12000
- listen_on=0.0.0.0:50000
- # The interface to listen on.
- #
- # This options restricts all VPN traffic to the specified interface. This is
- # useful to avoid VPN death-loops in case the routing table is misconfigured.
- #
- # This option is only available on Linux.
- #
- # Example values: eth0, eth1, wlan0
- # Default: <none>
- #listen_on_device=
- # The timeout for hello messages.
- #
- # The time to wait for hello responses, in milliseconds.
- #
- # Default: 3000
- #hello_timeout=3000
- # The contact list.
- #
- # The list of hosts to connect to.
- #
- # You may repeat the contact option to add several hosts.
- #
- # Examples: 192.168.0.1, [fe80::1]:12000, hostname:1234, some.other.host.org:1234
- # Default: <none>
- #contact=192.168.0.1:12000
- contact=66.25.32.230:12000
- # Whether to accept contact requests.
- #
- # If set to yes, freelan will answer to contact requests sent by other hosts.
- #
- # It is recommended that this option is set to enhance connectivity.
- #
- # Possible values: yes, no
- #
- # Default: yes
- #accept_contact_requests=yes
- # Whether to accept contacts.
- #
- # If set to yes, freelan will accept contacts sent by other hosts and will try
- # to establish a session with those contacts, just as if there was a "contact="
- # option for them.
- #
- # It is recommended that this option is set to enhance connectivity.
- #
- # To control which hosts are contacted automatically, see the "never_contact"
- # option.
- #
- # Possible values: yes, no
- #
- # Default: yes
- #accept_contacts=yes
- # Specify certificates for which a dynamic host search must be performed.
- #
- # The freelan daemon will periodically send a contact request to his neighbors
- # for each of these certificates.
- #
- # Note: this option can only be used with certificate-based authentication. If
- # you are using a passphrase there is no way of identifying the peers since
- # they all share the same secret passhrase. There is no way of implementing the
- # feature: please don't ask, it just isn't possible.
- #
- # This option is only useful if "accept_contacts" is set.
- #
- # You may repeat the dynamic_contact option to add several dynamic hosts.
- #
- # Default: <none>
- #dynamic_contact_file=
- # Specify IP networks that should never be automatically contacted.
- #
- # If the freelan deamon receives a contact which belongs to one of the
- # specified "never_contact" networks, it will not try to establish a session
- # with it.
- #
- # You may repeat the never_contact option to add several IP networks.
- #
- # Default: <none>
- #never_contact=9.0.0.0/24
- #never_contact=2aa1::1/8
- #never_contact=1.2.3.4
- # Specify the cipher suites to use for the sessions.
- #
- # The cipher suites must be declared in order of preference.
- #
- # If another host doesn't support any of the specified suites, no session
- # can be established with it.
- #
- # You may repeat the cipher_suite_capability option to add several supported
- # cipher suites.
- #
- # Available values:
- # * ecdhe_rsa_aes256_gcm_sha384
- # * ecdhe_rsa_aes128_gcm_sha256
- #
- # Default: ecdhe_rsa_aes256_gcm_sha384, ecdhe_rsa_aes128_gcm_sha256
- #cipher_capability=ecdhe_rsa_aes256_gcm_sha384
- cipher_capability=ecdhe_rsa_aes128_gcm_sha256
- # Specify the elliptic curves to use for the sessions.
- #
- # The elliptic curves must be declared in order of preference.
- #
- # If another host doesn't support any of the specified curves, no session
- # can be established with it.
- #
- # You may repeat the elliptic_curve_capability option to add several supported
- # elliptic curves.
- #
- # Available values:
- # * sect571k1
- # * secp384r1
- # * secp521r1
- #
- # Default: sect571k1, secp384r1
- #elliptic_curve_capability=sect571k1
- #elliptic_curve_capability=secp384r1
- [tap_adapter]
- # The tap adapter type.
- #
- # The tap adapter type determines the encapsulation layer for VPN frames. Even
- # if there is no tap adapter enabled, this parameter determines if the freelan
- # instances runs in switch (layer 2) or router (layer 3) mode.
- #
- # Note: If you want to use tun on POSIX systems, make sure you have IP
- # forwarding enabled. Namely, on Linux make sure that the following command:
- #
- # > cat /proc/sys/net/ipv4/ip_forward
- #
- # Displays 1.
- #
- # Possible values: tap, tun
- #
- # Default: tap
- #type=tap
- # Whether to use the tap adapter.
- #
- # Possible values: yes, no
- #
- # Default: yes
- #enabled=yes
- # The name of the tap adapter to use or create.
- #
- # On Windows, the GUID of an existing tap adapter is expected. It may be found
- # in the registry:
- #
- # HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
- #
- # If no name or an empty name is provided, the first available adapter will be
- # used.
- #
- # On UNIX, it is the name of the tap adapter to create. Depending on your
- # system, some names might be restricted, and something in the form of tapX
- # (where X is a positive number) is recommended.
- #
- # If no name or an empty name is provided, a tap adapter will be created with
- # an available name.
- #
- # Should you need to know it, you may get that name by specifying an up_script.
- #
- # Default: <empty>
- #name=
- # The Maximum Transmission Unit (MTU) for the tap adapter.
- #
- # This value is used to set the MTU on the tap adapter.
- #
- # You may specify anything but note that specifying a too small or too big
- # value can cause performance issues or kernel crashes.
- #
- # Also note that changing the MTU of the interface is done in a best effort
- # manner: there is no guarantee that the setting will stick or will be exactly
- # as requested.
- #
- # Use this at your own risk.
- #
- # Possible values: auto, system, <any positive integer value>
- #
- # - auto: The value for the MTU is computed automatically.
- # - system: The system default value is taken (usually 1500).
- # - Any strictly positive integer value (eg. 1446).
- #
- # Default: auto
- #mtu=auto
- # The MSS override.
- #
- # If the MSS override is enabled, FreeLAN will hijack outgoing TCP SYN frames
- # that contain a MSS value higher than the specified treshold and replace its
- # value. This has the effect of preventing IP fragmentation at the physical
- # interface level and results in tremendous performance gains for TCP connections.
- #
- # Possible values: auto, disabled, <any positive integer value>
- #
- # - auto: Compute the MSS value automatically based on the effective MTU value
- # (the one read from the interface, which may differ from the one set in the
- # configuration file).
- # - disabled: The MSS override is disabled.
- # - Any strictly positive integer value (eg. 1392).
- #
- # Default: auto
- #mss_override=auto
- # The metric for the tap adapter.
- #
- # This value is used only on Windows and affects routing.
- #
- # By default Windows assign a metric to an interface according to its link speed.
- # Since Win32 TAP Adapters incorrectly report a speed link of 10 Mbits/s, the
- # default system-assigned metric is high (30) which can cause routes for this
- # interface not to be chosen.
- #
- # Possible values: auto, system, <any positive integer value>
- #
- # - auto: The value for the metric is chosen by freelan so that the VPN network
- # has precedence over the physical one.
- # - system: The system default value is taken (usually 30).
- # - Any positive integer value (eg. 3).
- #
- # Default: auto
- #metric=auto
- # The tap adapter IPv4 address and prefix length to use.
- #
- # The network address must be in numeric format with a netmask suffix.
- #
- # On Windows, the prefix length is ignored (but still must be specified) and
- # the netmask is determined according to the IPv4 class. It is recommended that
- # you set the network.enable_dhcp_proxy option.
- #
- # Commenting out, will result in no IPv4 networking. You cannot supply a blank value.
- #
- ipv4_address_prefix_length=9.0.0.2/24
- # The tap adapter IPv6 address and prefix length to use.
- #
- # The network address must be in numeric format with a netmask suffix.
- #
- # Commenting out, will result in no IPv6 networking. You cannot supply a blank value.
- #
- ipv6_address_prefix_length=2aa1::1/8
- # The remote IPv4 address for tun interfaces.
- #
- # Some systems use this address combined with the prefix length specified in
- # `ipv4_address_prefix_length` to create the route that uses the tun adapter.
- #
- # If not specified, the default is the network address associated with
- # `ipv4_address_prefix_length`.
- #
- # For instance, if `ipv4_address_prefix_length` is "9.0.1.5/24", then the
- # default value of `remote_ipv4_address` will be "9.0.1.0".
- #
- # This parameter is ignored in tap mode.
- #
- # Default: <network address of `ipv4_address_prefix_length`>
- #remote_ipv4_address=9.0.0.0
- # Whether to enable the ARP proxy.
- #
- # When the ARP proxy is enabled, all ARP requests are silently rerouted to an
- # internal ARP server that always replies positively. Remote hosts never
- # receive any ARP request.
- #
- # Warning: Setting this parameter can lead to connectivity issues. It is
- # provided solely for debugging and testing purposes.
- #
- # Default: no
- #arp_proxy_enabled=no
- # The ARP proxy fake ethernet address.
- #
- # If tap_adapter.arp_proxy_enabled is not set, this option is ignored.
- #
- # Default: 00:aa:bb:cc:dd:ee
- #arp_proxy_fake_ethernet_address=00:aa:bb:cc:dd:ee
- # Whether to enable the DHCP proxy.
- #
- # When the DHCP proxy is enabled, all BOOTP/DHCP requests are silently rerouted
- # to an internal DHCP server. Remote hosts never receive any DHCP request.
- #
- # The TAP interface must be ready to issue DHCP requests if this option is set.
- #
- # The use of this option is useful mainly on old Windows version for IPv4
- # addresses. On Windows, if this option is set, no attempt to directly set the
- # IPv4 address will be made.
- #
- # Default: yes
- dhcp_proxy_enabled=yes
- # The DHCP proxy server IPv4 address and prefix length to use.
- #
- # This value should be different from
- # network.ipv4_address_prefix_length but within the same network.
- #
- # Note that while this option expects a valid host IPv4 address, providing a
- # network address also works on both Windows and POSIX operating systems.
- #
- # Default: 9.0.0.0/24
- dhcp_server_ipv4_address_prefix_length=9.0.0.0/24
- # The DHCP proxy server IPv6 address and prefix length to use.
- #
- # This value should be different from
- # network.ipv6_address_prefix_length but within the same network.
- #
- # Note that while this option expects a valid host IPv6 address, providing a
- # network address also works on both Windows and POSIX operating systems.
- #
- # Default: 2aa1::/8
- #dhcp_server_ipv6_address_prefix_length=2aa1::/8
- # The script to call when the tap adapter is up and running.
- #
- # The script is called with the tap adapter's name as it's first argument.
- #
- # The script exit status is ignored.
- #
- # Default: <empty>
- #up_script=
- # The script to call when the tap adapter is set down.
- #
- # The script is called with the tap adapter's name as it's first argument.
- #
- # The script exit status is ignored.
- #
- # Default: <empty>
- #down_script=
- [switch]
- # The routing method for messages.
- #
- # Possible values: switch, hub
- #
- # - switch: Act like a switch. Messages are only sent to the right host when
- # its address is known.
- # - hub: Send all messages to everyone on the network. The memory footprint is
- # slightly reduced at the cost of much higher bandwitdh usage. Recommended for
- # 1-to-1 networks only.
- #
- # Warning: At any time, if the memory consumption is too high, the
- # routing_method may be temporarily switched from "switch" to "hub" to prevent
- # DoS attacks.
- #
- # Default: switch
- #routing_method=switch
- # Whether to enable the relay mode.
- #
- # Possible values: no, yes
- #
- # - no: Not relaying frames from one remote host to the other.
- # - yes: Transmits frames from one host to the other.
- #
- # If you enable relay mode, it is recommended that routing_method is set to
- # switch.
- #
- # Default: no
- #relay_mode_enabled=no
- [router]
- # The local IP routes.
- #
- # The list of routes to advertise to the other peers.
- #
- # Those routes may contain a gateway.
- #
- # You may repeat the local_ip_route option to add several routes.
- #
- # Examples:
- # - 192.168.0.0/24
- # - 192.168.0.0/24 => 9.0.0.1
- # - fe80::1/64
- # - fe80::1/64 => fe80::ffff
- # - 0.0.0.0/0
- # - 0.0.0.0/0 => 9.0.0.1
- # - ::/0
- # - ::/0 => fe80::ffff
- # - ipv4_proxy
- # - ipv6_proxy
- #
- # `ipv4_proxy` and `ipv4_proxy` are special values that are equivalent to
- # `0.0.0.0/0 => <tap_adapter.ipv4_address>` and `::/0 =>
- # <tap_adapter.ipv6_address>`.
- #
- # These basically instruct other peers to use this host as a default gateway
- # and are particularly useful when setting up a VPN proxy.
- #
- # Default: <none>
- #local_ip_route=192.168.0.0/24
- # The local DNS servers.
- #
- # The list of DNS servers to advertise to the other peers.
- #
- # You may repeat the local_dns_server option to add several DNS servers.
- #
- # Examples:
- # - 8.8.8.8
- # - 2001:4860:4860::8888
- #
- # Default: <none>
- #local_dns_server=192.168.0.254
- # Whether to enable client routing.
- #
- # Possible values: no, yes
- #
- # - no: Not relaying IP frames from one remote host to the other.
- # - yes: Act as an IP router and relay IP frames from one host to the other.
- #
- #
- # Default: yes
- #client_routing_enabled=yes
- # Accept or reject routes requests from other peers.
- #
- # Disabling this option in tun mode will cause connectivity issues.
- #
- # Default: yes
- #accept_routes_requests=yes
- # The internal routes acceptance policy.
- #
- # Indicates the kind of routes to accept from other hosts.
- #
- # The routes will be used internally.
- #
- # Possible values: none, unicast_in_network, unicast, subnet, any
- #
- # - none: Not accepting any route. Use this to disable the feature.
- # - unicast_in_network: Accept only unicast routes that belong to the local
- # interface's network.
- # - unicast: Accept only unicast routes.
- # - subnet: Accept only subnet routes that belong to the local interface's
- # network.
- # - any: Accept any route.
- #
- # Note: this option is ignored in tap mode, as tap does not do internal IP
- # routing.
- #
- # Default: unicast_in_network
- #internal_route_acceptance_policy=unicast_in_network
- # The system routes acceptance policy.
- #
- # Indicates the kind of routes to accept from other hosts.
- #
- # These routes will be added to the system routing table.
- #
- # Possible values: none, unicast, any, unicast_with_gateway, any_with_gateway
- #
- # - none: Not accepting any route. Use this to disable the feature.
- # - unicast: Accept only unicast routes. Those that contain a gateway are
- # rejected.
- # - any: Accept any route except those that contain a gateway.
- # - unicast_with_gateway: Accept only unicast routes, even those that contain a
- # gateway.
- # - any_with_gateway: Accept any route, even those that contain a gateway.
- #
- # Routes that belong to the current interface network are silently ignored as
- # the system routing table already contains them.
- #
- # Note: this option is effective in both tun and tap mode as it affects the
- # system routing table.
- #
- # Note 2: In tun mode, the routes are first filtered by the
- # internal_route_acceptance_policy.
- #
- # Warning: make sure you understand what implications this option can have.
- # Allowing modifications of the system routing table for other hosts can be
- # a huge security risk.
- #
- # Default: none
- #system_route_acceptance_policy=none
- # The maximum count of routes to accept for a given host.
- #
- # Possible values: 0, <a positive number>
- #
- # - 0: No limit.
- # - <a positive number>: Only a finite number of routes is accepted from
- # other hosts.
- #
- # Note: the limit is applied to IPv4 and IPv6 addresses separately. Meaning
- # that a limit of 1 will allow one address of each type.
- #
- # Default: 1
- #maximum_routes_limit=1
- # The DNS servers acceptance policy.
- #
- # Indicates the kind of DNS server addresses to accept from other hosts.
- #
- # Possible values: none, in_network, any
- #
- # - none: Not accepting any DNS servers. Use this to disable the feature.
- # - in_network: Accept only DNS server addresses which belong to the interface
- # IP network.
- # - any: Accept any DNS server address.
- #
- # Default: in_network
- #dns_servers_acceptance_policy=in_network
- # The script to call when a DNS entry is to be added or removed.
- #
- # The script is called with the tap adapter's name as it's first argument.
- # The second argument is a verb which can be:
- # - add: A DNS entry must be added.
- # - remove: A DNS entry must be removed.
- # The third argument is the DNS server address to add or remove.
- #
- # If the script exits with a non-zero value, it is assumed that the addition or
- # removal of the DNS entry failed. If the addition fails for a given address,
- # the script won't be called for removal for this same address.
- #
- # On Windows, if no script is provided, FreeLAN will add/remove the DNS server
- # using system calls.
- #
- # On Mac OS X and Linux, there is sadly no reliable system call and you MUST
- # provide a script or DNS settings will simply be ignored.
- #
- # Default: <empty>
- #dns_script=
- [security]
- # The passphrase used to generate a pre-shared key to use for encryption.
- #
- # The PSK is derived using PBKDF2.
- #
- # Using a PSK is less secure than using a certificate and should never be a
- # first choice. It is useful in cases where generating certificates, private
- # keys is not feasible.
- #
- # You can specify a PSK even if you have a certificate, which allows to connect
- # with certificate-less nodes.
- #
- # The passphrase MUST remain secret.
- #
- # Default: <none>
- #passphrase=
- # The salt to use when deriving the PSK from the passphrase.
- #
- # It is recommended that you change this value for your own freelan
- # installation when using PSKs. It doesn't have to be secret but it should
- # ideally be unique.
- #
- # Default: freelan
- #passphrase_salt=freelan
- # The number of iterations to use when deriving the PSK from the passphrase.
- #
- # You can increase (or decrease, but please, don't) this number to increase the
- # time it takes to derive the key from the passphrase and reduces the
- # likelyhood of brute-force attacks.
- #
- # Default: 2000
- #passphrase_iterations_count=2000
- # The salt to use when deriving the PSK from the passphrase.
- #
- # Default: freelan
- #passphrase_salt=freelan
- # The X509 certificate file to use for signing.
- #
- # Unless client.enabled is set to "yes" or a PSK is specified, this parameter
- # is mandatory.
- #
- # Default: <none>
- signature_certificate_file="G:\games\FreeLAN\config\alice.crt"
- # The private key file to use for signing.
- #
- # Unless client.enabled is set to "yes" or PSK is specified, this parameter is
- # mandatory.
- #
- # This private key must match with the specified signing certificate file.
- #
- # Default: <none>
- signature_private_key_file="G:\games\FreeLAN\config\alice.key"
- # The certificate validation method to use.
- #
- # Possible values are: default, none
- #
- # - default: Matches any presented certificate against the specified
- # certificate authorities.
- # - none: Disable certificate validation.
- #
- # Warning: Think twice before setting "none" here, as this completely disables
- # certificate validation. If you choose to do so, ensure that you have a robust
- # certificate validation script set as certificate_validation_script.
- #
- # Default: default
- #certificate_validation_method=default
- # The certificate validation script to call.
- #
- # Every time a external certificate is received and accepted by the specified
- # certificate_validation_method, the specified script is called with a X509
- # certificate filename as its first argument.
- #
- # If the script exit status is zero, the certificate is accepted.
- # If the script exit status is non-zero, the certificate is rejected.
- #
- # The certificate validation script is called even if
- # certificate_validation_method is set to "none".
- #
- # Specify an empty validation script path to disable script validation.
- #
- # Default: <empty>
- #certificate_validation_script=
- # The authority certificates.
- #
- # You may repeat the authority_certificate_file option to specify several
- # authority certificates.
- #
- # Default: <none>
- authority_certificate_file="G:\games\FreeLAN\config\ca.crt"
- # The certificate revocation validation method to use.
- #
- # Possible values are: last, all, none
- #
- # - last: Only the last certificate of the certification chain is checked for
- # revocation.
- # - all: All certificates from the certification chain are checked for
- # revocation.
- # - none: Certificates are not checked for revocation.
- #
- # Default: none
- #certificate_revocation_validation_method=none
- # The certificate revocation lists.
- #
- # You may repeat the certificate_revocation_list_file option to specify several
- # certificate revocation lists.
- #
- # Default: <none>
- #certificate_revocation_list_file=
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement