summaryrefslogtreecommitdiff
path: root/src/exit/exit.conf
blob: 829c5bf80605dedf9f18a0ced5a30447f7172c07 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
[exit]
BINARY = gnunet-daemon-exit

# IPv6 address for the TUN interface (must be changed as this
# must be within the global IPv6 range of your system!)
IPV6ADDR = 2001:DB8::1

# Prefix for our IPv6 subnet on the TUN interface.
IPV6PREFIX = 64

# IPv4 address to use on our TUN interface (may need to be
# changed to avoid conflicts with existing addresses on your system).
# Use RFC 3927-style link-local address
IPV4ADDR = 169.254.86.1

# Netmask for the IPv4 subnet on the TUN interface.
IPV4MASK = 255.255.255.0

# IPv4 networks to which we are allowed to exit.
# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
EXIT_RANGE_IPV4_POLICY = 0.0.0.0/0:!25;

# IPv6 networks to which we are allowed to exit.
# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
EXIT_RANGE_IPV6_POLICY = ::/0:!25;

# Not a service, tell ARM no binding!
NOARMBIND = YES

# Name of the (virtual) tunnel interface the exit daemon will manage
TUN_IFNAME = exit-gnunet

# Name of the "real" interface that IPv4 traffic from this system will
# leave from; this is the name of the interface where we need to
# enable NAT on postrouting (typically something like 'eth0' or 'eth1'
# or 'wlan0').  Not needed if EXIT_IPv4 is disabled AND if all
# offered services run on 'localhost'.  In this case, the value
# of the option can instead be set to "%" (to not enable NAT on any
# interface).
EXIT_IFNAME = eth0

# Set this to YES to allow exiting this system via IPv4 to the Internet
EXIT_IPV4 = NO

# Set this to YES to allow exiting this system via IPv6 to the Internet
EXIT_IPV6 = NO

# This option should be set to YES to allow the DNS service to
# perform lookups against the locally configured DNS resolver.
# (set to "NO" if no normal ISP is locally available and thus
# requests for normal ".com"/".org"/etc. must be routed via
# the GNUnet VPN (the GNUNET PT daemon then needs to be configured
# to intercept and route DNS queries via cadet).
# Set this to YES to allow using this system for DNS queries.
EXIT_DNS = NO

# Set this to an IPv4 or IPv6 address of a DNS resolver to use for DNS queries
DNS_RESOLVER = 8.8.8.8

# For IPv4-services offered by this peer, we need to at least enable IPv4
ENABLE_IPV4 = YES

# For IPv6-services offered by this peer, we need to at least enable IPv6
ENABLE_IPV6 = YES


# Maximum number of concurrent connections this exit supports.
MAX_CONNECTIONS = 256