add configuration for a gnunet node

requires the directory /tmp/gnunet/p2/ to be present

1 files changed, 1593 insertions, 0 deletions

diff --git a/etc/p2.conf b/etc/p2.conf
new file mode 100644
index 0000000..e3b3e81
--- /dev/null
+++ b/etc/p2.conf
@@ -0,0 +1,1593 @@
+[arm]
+PORT = 12087
+HOSTNAME = localhost
+BINARY = gnunet-service-arm
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+
+# Special case, uses user runtime dir even for per-system service.
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-arm.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+# In the "-l" option, format characters from 'strftime' are allowed;
+# In the GLOBAL_POSTFIX, "{}" stands for the name of the respective
+# service.  Thus the following option would introduce per-service
+# logging with a new log file each day.  Note that only the last 3
+# log files are preserved.
+# GLOBAL_POSTFIX = -l $GNUNET_CACHE_HOME/{}-%Y-%m-%d.log
+GLOBAL_PREFIX =
+
+# If set to YES, ARM will only start services that are marked as
+# system-level services (and we'll expect a second ARM to be
+# run per-user to run user-level services).  Note that in this
+# case you must have manually created a different configuration
+# file with the user where at least this and the USER_ONLY
+# options differ.
+# SYSTEM_ONLY = YES
+
+# If set to YES, ARM will only start services that are marked as
+# per-user services (and we'll expect a system user to run ARM to
+# provide system-level services).  Per-user services enable
+# better personalization and  priviledge separation and in particular
+# ensures that personal data is stored under $HOME, which might
+# be important in a multi-user system (or if $HOME is encrypted
+# and /var/ is not).
+#
+# Note that if you have different ARM services for SYSTEM and USER,
+# and you are not on UNIX, you need to change the PORT option for the
+# USER ARM instances to some free port (counting down from 2085 should
+# be sane).
+#
+# USER_ONLY = YES
+
+# File where we should log per-service resource consumption on exit.
+# RESOURCE_DIAGNOSTICS = resource.log
+
+
+# Name of the user that will be used to provide the service
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+[ats]
+AUTOSTART = YES
+PORT = 12098
+HOSTNAME = localhost
+BINARY = gnunet-service-ats
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-ats.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+# PREFIX = valgrind
+# Designated assignment mode: PROPORTIONAL / MLP / RIL
+MODE = proportional
+
+# Network specific inbound/outbound quotas
+UNSPECIFIED_QUOTA_IN = 64 KiB
+UNSPECIFIED_QUOTA_OUT = 64 KiB
+# LOOPBACK
+LOOPBACK_QUOTA_IN = unlimited
+LOOPBACK_QUOTA_OUT = unlimited
+# LAN
+LAN_QUOTA_IN = unlimited
+LAN_QUOTA_OUT = unlimited
+# WAN
+WAN_QUOTA_IN = 64 KiB
+WAN_QUOTA_OUT = 64 KiB
+# WLAN
+WLAN_QUOTA_IN = 1 MiB
+WLAN_QUOTA_OUT = 1 MiB
+# BLUETOOTH
+BLUETOOTH_QUOTA_IN = 128 KiB
+BLUETOOTH_QUOTA_OUT = 128 KiB
+# ATS options
+
+# Proportional specific settings
+# How proportional to preferences is bandwidth distribution in a network
+# 1.0: Fair with respect to addresses without preferences
+# > 1.0: The bigger, the more respect is payed to preferences
+PROP_PROPORTIONALITY_FACTOR = 2.00
+# Should we stick to existing connections are prefer to switch?
+# [1.0...2.0], lower value prefers to switch, bigger value is more tolerant
+PROP_STABILITY_FACTOR = 1.25
+
+# MLP specific settings
+# MLP defaults
+
+# Maximum duration for a solution process (both LP and MILP)
+# MLP_MAX_DURATION = 3 s
+# Maximum numbero of iterations for a solution process (only LP)
+# MLP_MAX_ITERATIONS =
+# Tolerated MIP Gap [0.0 .. 1.0], default 0.025
+MLP_MAX_MIP_GAP = 0.025
+# Tolerated LP/MIP Gap [0.0 .. 1.0], default 0.025
+MLP_MAX_LP_MIP_GAP = 0.025
+
+
+# Maximum number of iterations for a solution process
+# MLP_MAX_ITERATIONS = 1024
+# MLP_COEFFICIENT_D = 1.0
+# MLP_COEFFICIENT_U = 1.0
+# MLP_COEFFICIENT_R = 1.0
+# MLP_MIN_BANDWIDTH = 1024
+# MLP_MIN_CONNECTIONS = 4
+
+# MLP Log settings
+# Dump all problems to disk
+# MLP_DUMP_PROBLEM_ALL = YES
+# Dump all solution to disk
+# MLP_DUMP_SOLUTION_ALL = YES
+# Print GLPK output
+# MLP_GLPK_VERBOSE = YES
+
+# Dump all problems to disk
+MLP_DUMP_PROBLEM_ON_FAIL = YES
+# Dump all solution to disk
+MLP_DUMP_SOLUTION_ON_FAIL = YES
+
+# RIL specifc settings
+RIL_STEP_TIME_MIN = 500 ms
+RIL_STEP_TIME_MAX = 1000 ms
+
+# SARSA or Q-LEARNING
+RIL_ALGORITHM = Q-LEARNING
+RIL_DISCOUNT_BETA = 0.7
+RIL_GRADIENT_STEP_SIZE = 0.3
+RIL_TRACE_DECAY = 0.2
+RIL_EXPLORE_RATIO = 0.1
+RIL_GLOBAL_REWARD_SHARE = 1
+[cadet]
+FORCESTART = YES
+AUTOSTART = YES
+PORT = 12096
+HOSTNAME = localhost
+BINARY = gnunet-service-cadet
+# PREFIX = valgrind --leak-check=yes
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-cadet.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+
+# How often do we send KEEPALIVE messages on connections to keep them
+# from timing out?
+REFRESH_CONNECTION_TIME = 5 min
+
+# Percentage of packets CADET is artificially dropping. Used for testing only!
+# DROP_PERCENT =
+
+# How frequently do we usually anounce our presence in the DHT?
+ID_ANNOUNCE_TIME = 1 h
+
+# FIXME: document
+CONNECT_TIMEOUT = 30 s
+
+# What is the replication level we give to the DHT when announcing our
+# existence?  Usually there is no need to change this.
+DHT_REPLICATION_LEVEL = 3
+
+# FIXME: not implemented
+# MAX_TUNNELS = 1000
+
+# FIXME: not implemented, replaced by MAX_ROUTES in NEW CADET!
+MAX_CONNECTIONS = 1000
+
+# How many routes do we participate in at most?  Should be smaller
+# than MAX_MSGS_QUEUE
+MAX_ROUTES = 5000
+
+# FIXME: not implemented
+MAX_MSGS_QUEUE = 10000
+
+# FIXME: not implemented
+MAX_PEERS = 1000
+
+# How often do we advance the ratchet even if there is not
+# any traffic?
+RATCHET_TIME = 1 h
+
+# How often do we advance the ratched if there is traffic?
+RATCHET_MESSAGES = 64
+[consensus]
+AUTOSTART = YES
+PORT = 12103
+HOSTNAME = localhost
+BINARY = gnunet-service-consensus
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-consensus.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+[core]
+AUTOSTART = YES
+PORT = 12092
+HOSTNAME = localhost
+BINARY = gnunet-service-core
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-core.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+
+# Note: this MUST be set to YES in production, only set to NO for testing
+# for performance (testbed/cluster-scale use!).
+USE_EPHEMERAL_KEYS = YES
+[datacache-postgres]
+CONFIG = connect_timeout=10; dbname=gnunet
+[datastore]
+AUTOSTART = YES
+UNIXPATH = $GNUNET_HOME/gnunet-service-datastore.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+PORT = 2093
+HOSTNAME = localhost
+BINARY = gnunet-service-datastore
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+QUOTA = 5 GB
+BLOOMFILTER = $GNUNET_DATA_HOME/datastore/bloomfilter
+DATABASE = sqlite
+# DISABLE_SOCKET_FORWARDING = NO
+
+[datastore-sqlite]
+FILENAME = $GNUNET_DATA_HOME/datastore/sqlite.db
+
+[datastore-postgres]
+CONFIG = connect_timeout=10; dbname=gnunet
+
+[datastore-mysql]
+DATABASE = gnunet
+CONFIG = ~/.my.cnf
+# USER = gnunet
+# PASSWORD =
+# HOST = localhost
+PORT = 3306
+
+
+[datastore-heap]
+HASHMAPSIZE = 1024
+[dht]
+FORCESTART = YES
+AUTOSTART = YES
+PORT = 12095
+HOSTNAME = localhost
+BINARY = gnunet-service-dht
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+BUCKET_SIZE = 4
+UNIXPATH = $GNUNET_HOME/gnunet-service-dht.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+
+# Should the DHT cache results that we are routing in the DATACACHE as well?
+CACHE_RESULTS = YES
+
+# Special option to disable DHT calling 'try_connect' (for testing)
+DISABLE_TRY_CONNECT = NO
+
+
+[dhtcache]
+DATABASE = heap
+QUOTA = 50 MB
+
+# Disable RC-file for Bloom filter?  (for benchmarking with limited IO availability)
+DISABLE_BF_RC = NO
+[dns]
+AUTOSTART = YES
+HOSTNAME = localhost
+BINARY = gnunet-service-dns
+UNIXPATH = $GNUNET_HOME/gnunet-service-dns.sock
+PORT = 2122
+# Access to this service can compromise all DNS queries in this
+# system.  Thus access should be restricted to the same UID.
+# (see https://gnunet.org/gnunet-access-control-model)
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+# As there is no sufficiently restrictive access control for TCP,
+# we never use it, even if # is not set (just to be safe)
+PORT = 0
+
+# Name of the virtual interface we use to intercept DNS traffic.
+IFNAME = gnunet-dns
+
+# Use RFC 3849-style documentation IPv6 address (RFC 4773 might provide an alternative in the future)
+# FIXME: or just default to a site-local address scope as we do for VPN!?
+IPV6ADDR = 2001:DB8::1
+IPV6PREFIX = 126
+
+# Use RFC 3927-style link-local address
+IPV4ADDR = 169.254.1.1
+IPV4MASK = 255.255.0.0
+
+# Enable GNUnet-wide DNS-EXIT service by setting this value to the IP address (IPv4 or IPv6)
+# of a DNS resolver to use.  Only works if "PROVIDE_EXIT" is also set to YES.  Must absolutely
+# NOT be an address of any of GNUnet's virtual tunnel interfaces.  Use a well-known
+# public DNS resolver or your ISP's resolver from /etc/resolv.conf.
+DNS_EXIT = 8.8.8.8
+
+[exit]
+BINARY = gnunet-daemon-exit
+
+# IPv6 address for the TUN interface (must be changed as this
+# must be within the global IPv6 range of your system!)
+IPV6ADDR = 2001:DB8::1
+
+# Prefix for our IPv6 subnet on the TUN interface.
+IPV6PREFIX = 64
+
+# IPv4 address to use on our TUN interface (may need to be
+# changed to avoid conflicts with existing addresses on your system).
+# Use RFC 3927-style link-local address
+IPV4ADDR = 169.254.86.1
+
+# Netmask for the IPv4 subnet on the TUN interface.
+IPV4MASK = 255.255.255.0
+
+# IPv4 networks to which we are allowed to exit.
+# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
+EXIT_RANGE_IPV4_POLICY = 0.0.0.0/0:!25;
+
+# IPv6 networks to which we are allowed to exit.
+# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
+EXIT_RANGE_IPV6_POLICY = ::/0:!25;
+
+# Not a service, tell ARM no binding!
+NOARMBIND = YES
+
+# Name of the (virtual) tunnel interface the exit daemon will manage
+TUN_IFNAME = exit-gnunet
+
+# Name of the "real" interface that IPv4 traffic from this system will
+# leave from; this is the name of the interface where we need to
+# enable NAT on postrouting (typically something like 'eth0' or 'eth1'
+# or 'wlan0').  Not needed if EXIT_IPv4 is disabled AND if all
+# offered services run on 'localhost'.  In this case, the value
+# of the option can instead be set to "%" (to not enable NAT on any
+# interface).
+EXIT_IFNAME = eth0
+
+# Set this to YES to allow exiting this system via IPv4 to the Internet
+EXIT_IPV4 = NO
+
+# Set this to YES to allow exiting this system via IPv6 to the Internet
+EXIT_IPV6 = NO
+
+# This option should be set to YES to allow the DNS service to
+# perform lookups against the locally configured DNS resolver.
+# (set to "NO" if no normal ISP is locally available and thus
+# requests for normal ".com"/".org"/etc. must be routed via
+# the GNUnet VPN (the GNUNET PT daemon then needs to be configured
+# to intercept and route DNS queries via cadet).
+# Set this to YES to allow using this system for DNS queries.
+EXIT_DNS = NO
+
+# Set this to an IPv4 or IPv6 address of a DNS resolver to use for DNS queries
+DNS_RESOLVER = 8.8.8.8
+
+# For IPv4-services offered by this peer, we need to at least enable IPv4
+ENABLE_IPV4 = YES
+
+# For IPv6-services offered by this peer, we need to at least enable IPv6
+ENABLE_IPV6 = YES
+
+
+# Maximum number of concurrent connections this exit supports.
+MAX_CONNECTIONS = 256
+[fs]
+AUTOSTART = YES
+FORCESTART = YES
+INDEXDB = $GNUNET_DATA_HOME/fs/idxinfo.lst
+RESPECT = $GNUNET_DATA_HOME/fs/credit/
+STATE_DIR = $GNUNET_DATA_HOME/fs/persistence/
+UPDATE_DIR = $GNUNET_DATA_HOME/fs/updates/
+PORT = 2094
+HOSTNAME = localhost
+BINARY = gnunet-service-fs
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+
+# Do we introduce artificial delays? (may improve anonymity)
+DELAY = YES
+
+# Do we cache content from other nodes? (may improve anonymity)
+CONTENT_CACHING = YES
+
+# Do we send unsolicited data to other nodes if we have excess bandwidth?
+# (may improve anonymity, probably not a good idea if content_caching is NO)
+CONTENT_PUSHING = YES
+
+UNIXPATH = $GNUNET_HOME/gnunet-service-fs.sock
+
+# Do we require users that want to access file-sharing to run this process
+# (usually not a good idea)
+UNIX_MATCH_UID = NO
+
+# Do we require users that want to access file-sharing to be in the 'gnunet' group?
+UNIX_MATCH_GID = YES
+
+# Maximum number of requests this peer tracks (important for
+# memory consumption; 2k RAM/request is not unusual)
+MAX_PENDING_REQUESTS = 65536
+
+# How many requests do we have at most waiting in the queue towards
+# the datastore? (important for memory consumption)
+DATASTORE_QUEUE_SIZE = 32
+
+# Maximum frequency we're allowed to poll the datastore
+# for content for migration (can be used to reduce
+# GNUnet's disk-IO rate)
+MIN_MIGRATION_DELAY = 100 ms
+
+# For how many neighbouring peers should we allocate hash maps?
+EXPECTED_NEIGHBOUR_COUNT = 128
+
+# Disable anonymous file-sharing (but keep non-anonymous transfers)?
+# This option is mostly for testing.
+DISABLE_ANON_TRANSFER = NO
+
+# Maximum number of non-anonymous transfers this peer will support
+# at the same time.  Excessive values mostly have the problem that
+# the service might use more memory, so we need to bound this at
+# some reasonable level.  And if we have a very, very large
+# number, we probably won't have enough bandwidth to support them
+# well anyway, so better have a moderate cap.
+MAX_CADET_CLIENTS = 128
+
+
+[gnunet-auto-share]
+BINARY = gnunet-auto-share
+FORCESTART = NO
+
+# Note: MUST specify path to auto-share directory and CAN specify other options
+# to gnunet-auto-share here!
+OPTIONS = $GNUNET_DATA_HOME/fs/share/
+[gns]
+AUTOSTART = YES
+FORCESTART = YES
+HOSTNAME = localhost
+BINARY = gnunet-service-gns
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-gns.sock
+PORT = 12102
+
+# Do we require users that want to access GNS to run this process
+# (usually not a good idea)
+UNIX_MATCH_UID = NO
+
+# Do we require users that want to access GNS to be in the 'gnunet' group?
+UNIX_MATCH_GID = YES
+
+# How many queries is GNS allowed to perform in the background at the same time?
+MAX_PARALLEL_BACKGROUND_QUERIES = 1000
+
+# Using caching or always ask DHT
+# USE_CACHE = YES
+
+# PREFIX = valgrind --leak-check=full --track-origins=yes
+
+
+[gns-proxy]
+BINARY = gnunet-gns-proxy
+AUTOSTART = NO
+USER_SERVICE = YES
+
+# Where is the certificate for the GNS proxy stored?
+PROXY_CACERT = $GNUNET_DATA_HOME/gns/gns_ca_cert.pem
+PROXY_UNIXPATH = $GNUNET_HOME/gnunet-gns-proxy.sock
+
+
+[dns2gns]
+BINARY = gnunet-dns2gns
+AUTOSTART = NO
+USER_SERVICE = YES
+
+# -d: DNS resolver to use, -s: suffix to use, -f: fcfs suffix to use
+OPTIONS = -d 8.8.8.8
+[gnunet-fs-gtk]
+MAX_PARALLEL_DOWNLOADS = 128
+MAX_PARALLEL_REQUESTS = 100000
+# DEFAULT_DOWNLOAD_DIRECTORY = "~/Documents/Downloads"
+ DEFAULT_DOWNLOAD_DIRECTORY = "~/Downloads"
+MAKE_UPDATEABLE_PUBLICATIONS_BY_DEFAULT = YES
+MAKE_NAMESPACE_PUBLICATIONS_BY_DEFAULT = NO
+MAKE_GLOBAL_PUBLICATIONS_BY_DEFAULT = YES
+
+[uri]
+fs = gnunet-fs-gtk
+[gnunet-namestore-gtk]
+NICK_EXPIRATION = 1 week
+
+[hostlist]
+FORCESTART = YES
+NOARMBIND = YES
+BINARY = gnunet-daemon-hostlist
+
+# port for hostlist http server
+HTTPPORT = 8080
+
+# External DNS name other peers should use to access this hostlist
+# EXTERNAL_DNS_NAME =
+
+# Where do we store URLs of other hostlists we have learned?
+HOSTLISTFILE = $GNUNET_CONFIG_HOME/hostlist/learned.txt
+
+# Options:
+# -p : provide a hostlist as a hostlist servers
+# -b : bootstrap using configured hostlist servers
+# -e : enable learning advertised hostlists
+# -a : advertise hostlist to other servers
+OPTIONS = -b
+
+# Default list of hostlist servers for bootstrapping
+SERVERS = http://v10.gnunet.org/hostlist https://gnunet.io/hostlist
+# http://silent.0xdeadc0de.eu:8080/
+
+# bind hostlist http server to a specific IPv4
+# BINDTOIPV4 =
+
+# bind hostlist http server to a specific IPv6
+# BINDTOIPV6 =
+
+# Hostname or IP of proxy server for downloading hostlists
+# PROXY =
+
+# User name for proxy server
+# PROXY_USERNAME =
+# User password for proxy server
+# PROXY_PASSWORD =
+
+# Type of proxy server,
+# Valid values: HTTP, HTTP_1_0, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME
+# Default: HTTP
+# PROXY_TYPE = HTTP
+[identity]
+AUTOSTART = YES
+USER_SERVICE = YES
+PORT = 12108
+HOSTNAME = localhost
+BINARY = gnunet-service-identity
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+
+# Directory where we store information about our egos
+EGODIR = $GNUNET_DATA_HOME/identity/egos/
+
+# File where we store default identities for subsystems
+SUBSYSTEM_CFG = $GNUNET_CONFIG_HOME/identity/subsystem_defaults.conf
+[multicast]
+AUTOSTART = YES
+BINARY = gnunet-service-multicast
+
+UNIXPATH = $GNUNET_HOME/gnunet-service-multicast.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+PORT = 12109
+HOSTNAME = localhost
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+[namecache]
+AUTOSTART = YES
+USER_SERVICE = NO
+UNIXPATH = $GNUNET_HOME/gnunet-service-namecache.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+PORT = 2113
+HOSTNAME = localhost
+BINARY = gnunet-service-namecache
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+DATABASE = sqlite
+
+[namecache-sqlite]
+FILENAME = $GNUNET_DATA_HOME/namecache/sqlite.db
+
+[namecache-flat]
+FILENAME = $GNUNET_DATA_HOME/namecache/flat.db
+
+[namecache-postgres]
+CONFIG = connect_timeout=10; dbname=gnunet
+TEMPORARY_TABLE = NO
+
+
+
+[namestore]
+AUTOSTART = YES
+USER_SERVICE = YES
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-namestore.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+PORT = 2099
+HOSTNAME = localhost
+BINARY = gnunet-service-namestore
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+DATABASE = sqlite
+
+[namestore-sqlite]
+FILENAME = $GNUNET_DATA_HOME/namestore/sqlite.db
+
+[namestore-flat]
+FILENAME = $GNUNET_DATA_HOME/namestore/flat.db
+
+
+[namestore-postgres]
+CONFIG = connect_timeout=10; dbname=gnunet
+TEMPORARY_TABLE = NO
+
+[uri]
+gns = gnunet-namestore
+
+
+[fcfsd]
+# Name of the fcfs registration service binary (for ARM)
+BINARY = gnunet-namestore-fcfsd
+AUTOSTART = NO
+UNIXPATH = $GNUNET_HOME/gnunet-service-fcfsd.sock
+
+# On what port does the FCFS daemon listen for HTTP clients?
+HTTPPORT = 18080
+
+
+[nat-auto]
+AUTOSTART = YES
+PORT = 2124
+HOSTNAME = localhost
+BINARY = gnunet-service-nat-auto
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-nat-auto.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+[gnunet-nat-server]
+HOSTNAME = gnunet.org
+PORT = 5724
+NOARMBIND = YES
+[nat]
+AUTOSTART = YES
+PORT = 2121
+HOSTNAME = localhost
+BINARY = gnunet-service-nat
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-nat.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+# Enable UPNP by default?
+ENABLE_UPNP = YES
+
+# Disable IPv6 support
+# FIXME: move entirely to transport plugins!
+DISABLEV6 = NO
+
+# How often do we query the DNS resolver
+# for our hostname (to get our own IP)
+HOSTNAME_DNS_FREQUENCY = 20 min
+
+# How often do we iterate over our
+# network interfaces to check for changes
+# in our IP address?
+IFC_SCAN_FREQUENCY = 15 min
+
+# How often do we query the DNS resolver
+# for our hostname (to get our own IP)
+DYNDNS_FREQUENCY = 7 min
+
+# SHOULD USE STUN ?
+USE_STUN = YES
+STUN_FREQUENCY = 5 min
+# Default list of stun servers
+STUN_SERVERS = stun.gnunet.org stun.services.mozilla.com:3478 stun.ekiga.net:3478
+
+# After how long do we consider STUN data stale?
+STUN_STALE = 60 min
+
+[nse]
+AUTOSTART = YES
+FORCESTART = YES
+PORT = 12097
+HOSTNAME = localhost
+BINARY = gnunet-service-nse
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-nse.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+PROOFFILE = $GNUNET_DATA_HOME/nse/proof.dat
+
+# The directory where the NSE services logs timestamps everytime
+# a size estime flooding message is received
+# This option is only used for benchmarking, not in production.
+HISTOGRAM_DIR = $GNUNET_CACHE_HOME/nse/histogram
+
+# How 'slowly' should the proof-of-work be constructed (delay
+# between rounds); sane values between 0 and ~1000.
+# It should rarely make sense to change this value.
+# Only systems with slow CPUs where 5ms is a long time might
+# want it to be reduced.
+WORKDELAY = 5 ms
+
+# Note: changing any of the values below will make this peer
+# completely incompatible with other peers!
+
+# How often do peers exchange network size messages?
+# Note that all peers MUST use the same interval.
+# DO NOT CHANGE THIS VALUE, doing so will break the protocol!
+INTERVAL = 1 h
+
+# 2^22 hash operations take about 2-3h on a modern i7 (single-core)
+# for SCRYPT; with 2ms/op and 5ms workdelay, we can expect
+# the POW calculation to be done by a high-end peer in about 6h
+# DO NOT CHANGE THIS VALUE, doing so will break the protocol!
+WORKBITS = 22
+
+[peerinfo]
+AUTOSTART = YES
+PORT = 12090
+HOSTNAME = localhost
+BINARY = gnunet-service-peerinfo
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-peerinfo.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+HOSTS = $GNUNET_DATA_HOME/peerinfo/hosts/
+
+# Option to disable all disk IO; only useful for testbed runs
+# (large-scale experiments); disables persistence of HELLOs!
+NO_IO = NO
+
+# Load HELLOs shipped with GNUnet
+USE_INCLUDED_HELLOS = YES
+
+[uri]
+hello = gnunet-peerinfo
+friend-hello = gnunet-peerinfo
+[peerstore]
+AUTOSTART = YES
+PORT = 12110
+HOSTNAME = localhost
+BINARY = gnunet-service-peerstore
+UNIXPATH = $GNUNET_HOME/gnunet-service-peerstore.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+DATABASE = sqlite
+
+[peerstore-sqlite]
+FILENAME = $GNUNET_DATA_HOME/peerstore/sqlite.db
+
+[psyc]
+AUTOSTART = YES
+BINARY = gnunet-service-psyc
+
+UNIXPATH = $GNUNET_HOME/gnunet-service-psyc.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+PORT = 12115
+HOSTNAME = localhost
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+[psycstore]
+AUTOSTART = YES
+BINARY = gnunet-service-psycstore
+
+UNIXPATH = $GNUNET_HOME/gnunet-service-psycstore.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+PORT = 12111
+HOSTNAME = localhost
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+
+DATABASE = sqlite
+
+[psycstore-sqlite]
+FILENAME = $GNUNET_DATA_HOME/psycstore/sqlite.db
+
+[psycstore-mysql]
+DATABASE = gnunet
+CONFIG = ~/.my.cnf
+# USER = gnunet
+# PASSWORD =
+# HOST = localhost
+PORT = 3306
+
+[psycstore-postgres]
+CONFIG = connect_timeout=10; dbname=gnunet
+[pt]
+BINARY = gnunet-daemon-pt
+NOARMBIND = YES
+
+# Set this to YES to tunnel IPv4 traffic over GNUnet
+TUNNEL_IPV4 = NO
+
+# Set this to YES to tunnel IPv6 traffic over GNUnet
+TUNNEL_IPV6 = NO
+
+# Set this to YES to tunnel DNS traffic over GNUnet
+TUNNEL_DNS = NO
+[regex]
+AUTOSTART = YES
+PORT = 2107
+UNIXPATH = $GNUNET_HOME/gnunet-service-regex.sock
+HOSTNAME = localhost
+BINARY = gnunet-service-regex
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+[resolver]
+AUTOSTART = YES
+PORT = 12089
+HOSTNAME = localhost
+BINARY = gnunet-service-resolver
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-resolver.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = NO
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+
+[revocation]
+AUTOSTART = YES
+FORCESTART = YES
+PORT = 12112
+HOSTNAME = localhost
+BINARY = gnunet-service-revocation
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-revocation.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+
+# 2^25 hash operations take about 16-24h on a modern i7
+# (using only a single-core) with SCRYPT.
+# DO NOT CHANGE THIS VALUE, doing so will break the protocol!
+WORKBITS = 25
+
+DATABASE = $GNUNET_DATA_HOME/revocation.dat
+[scalarproduct-alice]
+AUTOSTART = YES
+BINARY = gnunet-service-scalarproduct-ecc-alice
+UNIXPATH = $GNUNET_HOME/gnunet-service-scalarproduct-alice.sock
+PORT = 2117
+#ACCEPT_FROM = 127.0.0.1;
+#ACCEPT_FROM6 = ::1;
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+#OPTIONS = -L DEBUG
+#PREFIX = valgrind
+
+
+[scalarproduct-bob]
+AUTOSTART = YES
+HOSTNAME = localhost
+BINARY = gnunet-service-scalarproduct-ecc-bob
+UNIXPATH = $GNUNET_HOME/gnunet-service-scalarproduct-bob.sock
+PORT = 2118
+
+#ACCEPT_FROM = 127.0.0.1;
+#ACCEPT_FROM6 = ::1;
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+#OPTIONS = -L DEBUG
+
+#PREFIX = valgrind
+[secretsharing]
+AUTOSTART = NO
+PORT = 12114
+HOSTNAME = localhost
+BINARY = gnunet-service-secretsharing
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-secretsharing.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+[set]
+AUTOSTART = YES
+PORT = 12106
+HOSTNAME = localhost
+BINARY = gnunet-service-set
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-set.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+#PREFIX = valgrind
+[social]
+AUTOSTART = YES
+BINARY = gnunet-service-social
+USER_SERVICE = YES
+
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-social.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+PORT = 12116
+HOSTNAME = localhost
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+
+DATA_HOME = $GNUNET_DATA_HOME/social
+[statistics]
+AUTOSTART = YES
+PORT = 12088
+HOSTNAME = localhost
+BINARY = gnunet-service-statistics
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-statistics.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+DATABASE = $GNUNET_DATA_HOME/statistics.dat
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+
+[template]
+AUTOSTART = NO
+PORT = 9999
+HOSTNAME = localhost
+BINARY = gnunet-service-template
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-template.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX =
+[testbed]
+AUTOSTART = NO
+PORT = 2101
+HOSTNAME = localhost
+BINARY = gnunet-service-testbed
+
+# How long should operations wait?
+OPERATION_TIMEOUT = 30 s
+
+# Set this to the path where the testbed helper is installed.  By default the
+# helper binary is searched in /usr/local/lib/gnunet/libexec/
+# HELPER_BINARY_PATH = /usr/local/lib/gnunet/libexec/gnunet-helper-testbed
+
+# Add your local network address here. For example, if you want to run
+# testbed on a group of hosts connected to network 192.168.1.0/24, then set
+#   ACCEPT_FROM = 127.0.0.1; 192.168.1.0/24;
+# Multiple network addresses can be given.  They should be separated by `;'
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+
+UNIXPATH = $GNUNET_HOME/gnunet-service-testbed.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+# How many maximum number of operations can be run in parallel.  This number
+# should be decreased if the system is getting overloaded and to reduce the load
+# exerted by the emulation.
+MAX_PARALLEL_OPERATIONS = 1000
+MAX_PARALLEL_TOPOLOGY_CONFIG_OPERATIONS = 1
+
+# What topology should be generated by the helper functions GNUNET_TESTBED_run()
+# and GNUNET_TESTBED_test_run().  This option has no effect if testbed is
+# initialized with other functions.  Valid values can be found at:
+# https://gnunet.org/supported-topologies
+OVERLAY_TOPOLOGY = NONE
+
+# Number of random links to be included to the generate the above topology.
+# Note that not all topologies require this option and ignore it.  Topologies
+# requiring this option are RANDOM, SMALL_WORLD and SMALL_WORLD ring.
+# OVERLAY_RANDOM_LINKS =
+
+# This option is required if the OVERLAY_TOPOLOGY is set to FROM_FILE.  It is
+# ignored for all other topologies.  This option should contain the path to
+# the file containing the topology information.  The format of the file is
+# presented at: https://gnunet.org/topology-file-format
+# OVERLAY_TOPOLOGY_FILE = /path/to/topology-file
+
+# The following options are required if the OVERLAY_TOPOLOGY is set to
+# SCALE_FREE.  They are ignored in all other cases.
+# The number of maximum peers which can connect to a peer
+SCALE_FREE_TOPOLOGY_CAP = 70
+# The minimum number of peers which a peer has to connect
+SCALE_FREE_TOPOLOGY_M = 5
+
+# How many maximum number of handles to peers' services should be kept open at
+# any time.  This number also keeps a check on the number of open descriptors as
+# opening a service connection results in opening a file descriptor.
+MAX_PARALLEL_SERVICE_CONNECTIONS = 256
+
+# Size of the internal testbed cache.  It is used to cache handles to peers
+# while trying to connect them.
+CACHE_SIZE = 30
+
+# Maximum number of file descriptors a testbed controller is permitted to keep
+# open.
+MAX_OPEN_FDS = 512
+
+# How long should we wait for testbed to setup while using helper functions
+# GNUNET_TESTBED_test_run() and GNUNET_TESTBED_run()
+SETUP_TIMEOUT = 5 m
+
+# Where should testbed write load statistics data
+# STATS_DIR = /tmp/load
+
+# What services should be shared among peers.
+# Format is "[<service:share>] [<service:share>] ...".  The shared services are
+# started standalone without any other peer services or a hostkey.  For this
+# reason, only services which doesn't depend on other services can only be
+# shared.  Example: To share peerinfo among every 10 peers.  The following spec
+# will start 5 peerinfo services when 50 peers are started:
+#
+#   SHARED_SERVICES = peerinfo:10
+#
+# To share multiple services
+#
+#   SHARED_SERVICES = service1:n_share1 service2:n_share2 ...
+#
+# Default is to share no services
+SHARED_SERVICES =
+
+
+[testbed-barrier]
+AUTOSTART = NO
+PORT = 2103
+HOSTNAME = localhost
+UNIXPATH = $GNUNET_HOME/gnunet-service-testbed-barrier.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+
+# This section is related to configuring underlay restrictions to simulate
+# connectivity restrictions of NAT boxes
+[testbed-underlay]
+AUTOSTART = NO
+NOARMBIND = YES
+BINARY = gnunet-daemon-testbed-underlay
+# The sqlite3 database file containing information about what underlay
+# restrictions to apply
+# DBFILE =
+
+[latency-logger]
+AUTOSTART = NO
+NOARMBIND = YES
+BINARY = gnunet-daemon-latency-logger
+# The sqlite3 database file where the latency values are to be stored
+# DBFILE =
+[testbed]
+AUTOSTART = NO
+PORT = 2101
+HOSTNAME = localhost
+BINARY = gnunet-service-testbed
+
+# How long should operations wait?
+OPERATION_TIMEOUT = 30 s
+
+# Set this to the path where the testbed helper is installed.  By default the
+# helper binary is searched in /usr/local/lib/gnunet/libexec/
+# HELPER_BINARY_PATH = /usr/local/lib/gnunet/libexec/gnunet-helper-testbed
+
+# Add your local network address here. For example, if you want to run
+# testbed on a group of hosts connected to network 192.168.1.0/24, then set
+#   ACCEPT_FROM = 127.0.0.1; 192.168.1.0/24;
+# Multiple network addresses can be given.  They should be separated by `;'
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+
+UNIXPATH = $GNUNET_HOME/gnunet-service-testbed.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+# How many maximum number of operations can be run in parallel.  This number
+# should be decreased if the system is getting overloaded and to reduce the load
+# exerted by the emulation.
+MAX_PARALLEL_OPERATIONS = 1000
+MAX_PARALLEL_TOPOLOGY_CONFIG_OPERATIONS = 1
+
+# What topology should be generated by the helper functions GNUNET_TESTBED_run()
+# and GNUNET_TESTBED_test_run().  This option has no effect if testbed is
+# initialized with other functions.  Valid values can be found at:
+# https://gnunet.org/supported-topologies
+OVERLAY_TOPOLOGY = NONE
+
+# Number of random links to be included to the generate the above topology.
+# Note that not all topologies require this option and ignore it.  Topologies
+# requiring this option are RANDOM, SMALL_WORLD and SMALL_WORLD ring.
+# OVERLAY_RANDOM_LINKS =
+
+# This option is required if the OVERLAY_TOPOLOGY is set to FROM_FILE.  It is
+# ignored for all other topologies.  This option should contain the path to
+# the file containing the topology information.  The format of the file is
+# presented at: https://gnunet.org/topology-file-format
+# OVERLAY_TOPOLOGY_FILE = /path/to/topology-file
+
+# The following options are required if the OVERLAY_TOPOLOGY is set to
+# SCALE_FREE.  They are ignored in all other cases.
+# The number of maximum peers which can connect to a peer
+SCALE_FREE_TOPOLOGY_CAP = 70
+# The minimum number of peers which a peer has to connect
+SCALE_FREE_TOPOLOGY_M = 5
+
+# How many maximum number of handles to peers' services should be kept open at
+# any time.  This number also keeps a check on the number of open descriptors as
+# opening a service connection results in opening a file descriptor.
+MAX_PARALLEL_SERVICE_CONNECTIONS = 256
+
+# Size of the internal testbed cache.  It is used to cache handles to peers
+# while trying to connect them.
+CACHE_SIZE = 30
+
+# Maximum number of file descriptors a testbed controller is permitted to keep
+# open.
+MAX_OPEN_FDS = 512
+
+# How long should we wait for testbed to setup while using helper functions
+# GNUNET_TESTBED_test_run() and GNUNET_TESTBED_run()
+SETUP_TIMEOUT = 5 m
+
+# Where should testbed write load statistics data
+# STATS_DIR = /tmp/load
+
+# What services should be shared among peers.
+# Format is "[<service:share>] [<service:share>] ...".  The shared services are
+# started standalone without any other peer services or a hostkey.  For this
+# reason, only services which doesn't depend on other services can only be
+# shared.  Example: To share peerinfo among every 10 peers.  The following spec
+# will start 5 peerinfo services when 50 peers are started:
+#
+#   SHARED_SERVICES = peerinfo:10
+#
+# To share multiple services
+#
+#   SHARED_SERVICES = service1:n_share1 service2:n_share2 ...
+#
+# Default is to share no services
+SHARED_SERVICES =
+
+
+[testbed-logger]
+AUTOSTART = NO
+PORT = 2102
+HOSTNAME = localhost
+BINARY = gnunet-service-testbed-logger
+UNIXPATH = $GNUNET_HOME/gnunet-gnunet-testbed-logger.sock
+DIR = /tmp
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+
+[testbed-barrier]
+AUTOSTART = NO
+PORT = 2103
+HOSTNAME = localhost
+UNIXPATH = $GNUNET_HOME/gnunet-service-testbed-barrier.sock
+UNIX_MATCH_UID = YES
+UNIX_MATCH_GID = YES
+
+
+# This section is related to configuring underlay restrictions to simulate
+# connectivity restrictions of NAT boxes
+[testbed-underlay]
+AUTOSTART = NO
+NOARMBIND = YES
+BINARY = gnunet-daemon-testbed-underlay
+# The sqlite3 database file containing information about what underlay
+# restrictions to apply
+# DBFILE =
+
+[latency-logger]
+AUTOSTART = NO
+NOARMBIND = YES
+BINARY = gnunet-daemon-latency-logger
+# The sqlite3 database file where the latency values are to be stored
+# DBFILE =
+[TESTING]
+# How long before failing a connection?
+CONNECT_TIMEOUT = 30 s
+# How many connect attempts should we make?
+CONNECT_ATTEMPTS = 3
+# How many connections can happen simultaneously?
+MAX_OUTSTANDING_CONNECTIONS = 50
+
+# Should we clean up the files on peer group shutdown?
+DELETE_FILES = YES
+
+[topology]
+FORCESTART = YES
+NOARMBIND = YES
+MINIMUM-FRIENDS = 0
+FRIENDS-ONLY = NO
+TARGET-CONNECTION-COUNT = 16
+FRIENDS = $GNUNET_CONFIG_HOME/topology/friends.txt
+BINARY = gnunet-daemon-topology
+[transport]
+AUTOSTART = YES
+PORT = 12091
+HOSTNAME = localhost
+BINARY = gnunet-service-transport
+# PREFIX = valgrind
+
+# Maximum number of neighbours PER PLUGIN (not in total).
+NEIGHBOUR_LIMIT = 50
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+PLUGINS = tcp udp
+UNIXPATH = $GNUNET_HOME/gnunet-service-transport.sock
+BLACKLIST_FILE = $GNUNET_CONFIG_HOME/transport/blacklist
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+# DISABLE_SOCKET_FORWARDING = NO
+# USERNAME =
+# MAXBUF =
+# TIMEOUT =
+# DISABLEV6 =
+# BINDTO =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# PREFIX = valgrind --leak-check=full
+
+# Configuration settings related to traffic manipulation for testing purposes
+# Distance
+# MANIPULATE_DISTANCE_IN = 1
+# MANIPULATE_DISTANCE_OUT = 1
+# Delay; WARNING: to large values may lead to peers not connecting!
+# MANIPULATE_DELAY_IN = 1 ms
+# MANIPULATE_DELAY_OUT = 1 ms
+
+
+[transport-unix]
+UNIXPATH = $GNUNET_HOME/gnunet-transport-plugin-unix.sock
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+
+[transport-tcp]
+# Use 0 to ONLY advertise as a peer behind NAT (no port binding)
+PORT = 2086
+
+# Obsolete option, to be replaced by HOLE_EXTERNAL (soon)
+ADVERTISED_PORT = 2086
+
+# If we have a manually punched NAT, what is the external IP and port?
+# Can use DNS names for DynDNS-based detection of external IP.
+# Can use IPv6 addresses ([fefc::]:PORT).
+# Use "AUTO" for the hostname to automatically detect external IP.
+# Do not set if NAT is not manually punched.
+# HOLE_EXTERNAL = AUTO:2086
+
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+
+# Maximum number of open TCP connections allowed
+MAX_CONNECTIONS = 128
+
+TIMEOUT = 5 s
+# ACCEPT_FROM =
+# ACCEPT_FROM6 =
+# REJECT_FROM =
+# REJECT_FROM6 =
+# BINDTO =
+MAX_CONNECTIONS = 128
+
+# Enable TCP stealth?
+TCP_STEALTH = NO
+
+
+[transport-udp]
+# Use PORT = 0 to autodetect a port available
+PORT = 2086
+BROADCAST = YES
+BROADCAST_RECEIVE = YES
+BROADCAST_INTERVAL = 30 s
+
+# This limits UDP to 1MB/s for SENDING. Higher values are advised
+# for benchmarking or well-connected systems.  Note that this quota
+# applies IN ADDITION to the system-wide transport-wide WAN/LAN
+# quotas.
+MAX_BPS = 1000000
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+
+# If we have a manually punched NAT, what is the external IP and port?
+# Can use DNS names for DynDNS-based detection of external IP.
+# Can use IPv6 addresses ([fefc::]:PORT).
+# Use "AUTO" for the hostname to automatically detect external IP.
+# Do not set if NAT is not manually punched.
+# HOLE_EXTERNAL = AUTO:2086
+
+
+[transport-http_client]
+MAX_CONNECTIONS = 128
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+# Hostname or IP of proxy server
+# PROXY =
+
+# User name for proxy server
+# PROXY_USERNAME =
+# User password for proxy server
+# PROXY_PASSWORD =
+
+# Type of proxy server,
+# Valid values: HTTP, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME
+# Default: HTTP
+# PROXY_TYPE = HTTP
+
+# Enable tunneling proxy request instead of having proxy server evaluate it
+# Experimental, default: NO
+# PROXY_HTTP_TUNNELING = NO
+
+
+[transport-http_server]
+#EXTERNAL_HOSTNAME = <your hostname/path>
+PORT = 1080
+
+# Obsolete option, to be replaced by HOLE_EXTERNAL (soon)
+ADVERTISED_PORT = 1080
+
+# If we have a manually punched NAT, what is the external IP and port?
+# Can use DNS names for DynDNS-based detection of external IP.
+# Can use IPv6 addresses ([fefc::]:PORT).
+# Use "AUTO" for the hostname to automatically detect external IP.
+# Do not set if NAT is not manually punched.
+# HOLE_EXTERNAL = AUTO:1080
+
+MAX_CONNECTIONS = 128
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+
+# Enable TCP stealth?
+TCP_STEALTH = NO
+
+
+[transport-https_client]
+MAX_CONNECTIONS = 128
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+# Hostname or IP of proxy server
+# PROXY =
+
+# User name for proxy server
+# PROXY_USERNAME =
+# User password for proxy server
+# PROXY_PASSWORD =
+
+# Type of proxy server,
+# Valid values: HTTP, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME
+# Default: HTTP
+# PROXY_TYPE = HTTP
+
+# Enable tunneling proxy request instead of having proxy server evaluate it
+# Experimental, default: NO
+# PROXY_HTTP_TUNNELING = NO
+
+
+[transport-https_server]
+# EXTERNAL_HOSTNAME = <your hostname/path>
+# EXTERNAL_HOSTNAME_ONLY = YES
+# If you have a valid SSL certificate for your external hostname tell,
+# clients to verify it
+# VERIFY_EXTERNAL_HOSTNAME = YES
+# Does the external hostname use the same port?
+# EXTERNAL_HOSTNAME_USE_PORT = YES
+PORT = 4433
+
+# Obsolete option, to be replaced by HOLE_EXTERNAL (soon)
+ADVERTISED_PORT = 4433
+
+# If we have a manually punched NAT, what is the external IP and port?
+# Can use DNS names for DynDNS-based detection of external IP.
+# Can use IPv6 addresses ([fefc::]:PORT).
+# Use "AUTO" for the hostname to automatically detect external IP.
+# Do not set if NAT is not manually punched.
+# HOLE_EXTERNAL = AUTO:4433
+
+CRYPTO_INIT = NORMAL
+KEY_FILE = $GNUNET_DATA_HOME/transport/https.key
+CERT_FILE = $GNUNET_DATA_HOME/transport/https.cert
+MAX_CONNECTIONS = 128
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+
+# Enable TCP stealth?
+TCP_STEALTH = NO
+
+
+[transport-wlan]
+# Name of the interface in monitor mode (typically monX)
+INTERFACE = mon0
+# Real hardware, no testing
+TESTMODE = 0
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+
+
+[transport-bluetooth]
+# Name of the interface (typically hciX)
+INTERFACE = hci0
+# Real hardware, no testing
+TESTMODE = 0
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
+[PATHS]
+# The PATHS section is special, as filenames including $-expression are
+# expanded using the values from PATHS or the system environment (PATHS
+# is checked first).  GNUnet also supports expanding $-expressions using
+# defaults with the syntax "${VAR:-default}".  Here, "default" can again
+# be a $-expression.
+#
+# We usually want $HOME for $GNUNET_HOME, but we allow testcases to
+# easily override this by setting $GNUNET_TEST_HOME.
+#
+GNUNET_HOME = /tmp/gnunet/p2
+
+# see XDG Base Directory Specification at
+# http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
+# for how these should be used.
+
+# Persistant data storage
+GNUNET_DATA_HOME = ${XDG_DATA_HOME:-$GNUNET_HOME/.local/share}/gnunet/
+
+# Configuration files
+GNUNET_CONFIG_HOME = ${XDG_CONFIG_HOME:-$GNUNET_HOME/.config}/gnunet/
+
+# Cached data, no big deal if lost
+GNUNET_CACHE_HOME = ${XDG_CACHE_HOME:-$GNUNET_HOME/.cache}/gnunet/
+
+# Runtime data (i.e UNIX domain sockets, locks, always lost on system boot)
+# This is the variable for system-wide services; use GNUNET_USER_RUNTIME_DIR
+# for per-user services (where USER_SERVICE=YES is set)
+# Note that the 'gnunet'/system user must have $TMPDIR/$TMP set to
+# exactly the same values as 'normal' users, otherwise this will fail.
+# If $TMPDIR or $TMP are set to different directories for different
+# users, this option should be changed to point to the same directory
+# for all users (i.e. by simply using "/tmp/gnunet-system-runtime/").
+GNUNET_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/gnunet-system-runtime/
+
+# Runtime data for per-user services
+GNUNET_USER_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/gnunet-${USERHOME:-${USER:-user}}-runtime/
+
+
+# Override for GNUNET_HOME used by test cases.
+# GNUNET_TEST_HOME = /tmp/foo/bar
+
+# DEFAULTCONFIG = /etc/gnunet.conf
+# If 'DEFAULTCONFIG' is not defined, the current
+# configuration file is assumed to be the default,
+# which is what we want by default...
+
+
+[PEER]
+# Where do we store our private key?
+PRIVATE_KEY = $GNUNET_DATA_HOME/private_key.ecc
+
+# What kind of system are we on? Choices are
+# INFRASTRUCTURE (always-on, grid, data center)
+# DESKTOP (sometimes-on, grid, office)
+# NOTEBOOK (sometimes-on, mobile, often limited network,
+#           if on-battery than large battery)
+# MOBILE (sometimes-on, mobile, always limited network,
+#           always battery limited)
+# UNKNOWN (not configured/specified/known)
+SYSTEM_TYPE = UNKNOWN
+
+[TESTING]
+SPEEDUP_INTERVAL = 0 ms
+SPEEDUP_DELTA = 0 ms
+# This following option is applicable to LINUX.  Enabling this option causes all
+# UNIX domain sockets to be opened as abstract sockets.  Note that the
+# filesystem level restrictions no longer apply for abstract sockets.  An
+# end-user should not modify this option.
+USE_ABSTRACT_SOCKETS = NO
+[vpn]
+AUTOSTART = YES
+PORT = 2105
+HOSTNAME = localhost
+BINARY = gnunet-service-vpn
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_HOME/gnunet-service-vpn.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+
+IPV6ADDR = 1234::1
+IPV6PREFIX = 32
+IPV4ADDR = 10.11.10.1
+IPV4MASK = 255.255.0.0
+VIRTDNS = 10.11.10.2
+VIRTDNS6 = 1234::17
+IFNAME = vpn-gnunet
+
+[zonemaster]
+AUTOSTART = YES
+FORCESTART = YES
+HOSTNAME = localhost
+BINARY = gnunet-service-zonemaster
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-zonemaster.sock
+PORT = 2123
+
+# Do we require users that want to access GNS to run this process
+# (usually not a good idea)
+UNIX_MATCH_UID = NO
+
+# Do we require users that want to access GNS to be in the 'gnunet' group?
+UNIX_MATCH_GID = NO
+
+# How many queries is GNS allowed to perform in the background at the same time?
+MAX_PARALLEL_BACKGROUND_QUERIES = 1000
+
+# How frequently do we try to publish our full zone?
+ZONE_PUBLISH_TIME_WINDOW = 4 h
+
+# Using caching or always ask DHT
+# USE_CACHE = YES
+
+# PREFIX = valgrind --leak-check=full --track-origins=yes