diff options
| author | Hristo Venev <hristo@venev.name> | 2019-09-30 14:49:13 +0300 |
|---|---|---|
| committer | Hristo Venev <hristo@venev.name> | 2019-09-30 15:30:56 +0300 |
| commit | a4ff443588ad83f668a5434257dfcbb2716d5ef8 (patch) | |
| tree | da73ac30c19535a98b932192fc6c6a6900513efa /README.md | |
| parent | 8aead91532b116f40649ae7e9c1b7d15fbd67a4f (diff) | |
Document [peer], implement in procd.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -39,7 +39,15 @@ ipv6 = [ "2001:db8::5/128" ] All IP address ranges from the source URL not entirely contained within the config are discarded - if a source claims `0.0.0.0/0` but the config only allows `10.0.0.0/8`, nothing is allowed. -The preshared key is applied to all peers defined in a source. If a single peer is defined in multiple sources, only the endpoint and preshared key from a single nondeterministic source are considered, but all IP ranges are allowed (TODO: add some per-pubkey filtering). +The preshared key is applied to all peers defined in a source. If a single peer is defined in multiple sources, both the endpoint and preshared key are taken from a single source chosen nondeterministically, but all IP ranges are allowed. + +It is possible to override the preshared key for a specific public key, and to restrict the source that can define that peer: + +```toml +[peer."yIOdSFrFQ1WPYS6IUWCsRjzw2Iqq0HMcyVVEXu5z+nM="] +source = "remote2" +psk = "QJmzt2PpKx8g98qrOtsNR4tB1bik+fMSabNNXCC5OUU=" +``` Alternative configuration --- @@ -52,6 +60,7 @@ The arguments are a sequence of global options and sources: - `max_keepalive TIME` - `refresh_sec TIME` - `source NAME URL [psk PSK] [ipv4 NET,NET,...] [ipv6 NET,NET,...] [required]` + - `peer PUBKEY [psk PSK] [source NAME] Source format --- |