1badvpn-server(8) System Manager's Manual badvpn-server(8)
2
6 badvpn-server - chat server for the BadVPN peer-to-peer VPN system
7
9 badvpn-server
10 [--help]
11 [--version]
12 [--logger <stdout/syslog>]
13 (logger=syslog?
14 [--syslog-facility <string>]
15 [--syslog-ident <string>]
16 )
17 [--loglevel <0-5/none/error/warning/notice/info/debug>]
18 [--channel-loglevel <channel-name> <0-5/none/error/warn‐
19 ing/notice/info/debug>] ...
20 [--listen-addr <addr>] ...
21 [--ssl --nssdb <string> --server-cert-name <string>]
22 [--comm-predicate <string>]
23 [--relay-predicate <string>]
24 [--client-socket-sndbuf <bytes / 0>]
25
27 This page documents the BadVPN server, which is used in a BadVPN VPN
28 network by peers to talk to each other in order to establish data con‐
29 nections. For a general description of BadVPN, see badvpn(7).
30
32 The BadVPN server is a chat server used by nodes in the VPN network to
33 talk to each other in order to establish data connections. Once it ini‐
34 tializes, the server only terminates if a signal is received.
35
37 The BadVPN server is configured entirely from command line.
38 --help Print version and command line syntax and exit.
40 --version
42 Print version and exit.
43 --logger <stdout/syslog>
45 Select where to log messages. Default is stdout. Syslog is not
46 available on Windows.
47 --syslog-facility <string>
49 When logging to syslog, set the logging facility. The facility
50 name must be in lower case.
51 --syslog-ident <string>
53 When logging to syslog, set the ident.
54 --loglevel <0-5/none/error/warning/notice/info/debug>
56 Set the default logging level.
57 --channel-loglevel <channel-name> <0-5/none/error/warn‐
59 ing/notice/info/debug>
60 Set the logging level for a specific logging channel.
61 --listen-addr <addr>
63 Add an address for the server to listen on. See below for
64 address format.
65 --ssl Use TLS. Requires --nssdb and --server-cert-name.
67 --nssdb <string>
69 When using TLS, the NSS database to use. Probably something like
70 sql:/some/folder.
71 --server-cert-name <string>
73 When using TLS, the name of the certificate to use. The certifi‐
74 cate must be readily accessible.
75 --comm-predicate <string>
77 Set a predicate to define which pairs of clients are allowed to
78 communicate. The predicate is a logical expression; see below
79 for details. Available functions:
80 p1name(string) - true if the TLS common name of peer 1 equals
81 the given string. If TLS is not used, the common name is assumed
82 to be an empty string.
83 p1addr(string) - true if the IP address of peer 1 equals the
84 given string. The string must not be a name.
85 p2name(string) - true if the TLS common name of peer 2 equals
86 the given string. If TLS is not used, the common name is assumed
87 to be an empty string.
88 p2addr(string) - true if the IP address of peer 2 equals the
89 given string. The string must not be a name.
90 There is no rule as to which is peer 1 and which peer 2. When
91 the server needs to determine whether to allow two peers to com‐
92 municate, it evaluates the predicate once and in no specific
93 order.
94 --relay-predicate <string>
96 Set a predicate to define how peers can relay data through other
97 peers. The predicate is a logical expression; see below for
98 details. If the predicate evaluates to true, peer P can relay
99 data through peer R. Available functions:
100 pname(string) - true if the TLS common name of peer P peer
101 equals the given string. If TLS is not used, the common name is
102 assumed to be an empty string.
103 paddr(string) - true if the IP address of peer P equals the
104 given string. The string must not be a name.
105 rname(string) - true if the TLS common name of peer R peer
106 equals the given string. If TLS is not used, the common name is
107 assumed to be an empty string.
108 raddr(string) - true if the IP address of peer R equals the
109 given string. The string must not be a name.
110 --client-socket-sndbuf <bytes / 0>
112 Sets the value of the SO_SNDBUF socket option for client TCP
113 sockets (zero to not set). Lower values will improve fairness
114 when data from multiple peers is being sent to a given peer, but
115 may result in lower bandwidth if the network's bandwidth-delay
116 product to too big.
117
119 If initialization fails, exits with code 1. Otherwise runs until termi‐
120 nation is requested and exits with code 1.
121
123 Addresses have the form ipaddr:port, where ipaddr is either an IPv4
124 address (name or numeric), or an IPv6 address enclosed in brackets []
125 (name or numeric again).
126
128 The BadVPN server includes a small predicate language used to define
129 certain policies. Syntax and semantics of the language are described
130 here.
131 true Logical true constant. Evaluates to 1.
133 false Logical false constant. Evaluates to 0.
135 NOT expression
137 Logical negation. If the expression evaluates to error, the
138 negation evaluates to error.
139 expression OR expression
141 Logical disjunction. The second expression is only evaluated if
142 the first expression evaluates to false. If a sub-expression
143 evaluates to error, the disjunction evaluates to error.
144 expression AND expression
146 Logical conjunction. The second expression is only evaluated if
147 the first expression evaluates to true. If a sub-expression
148 evaluates to error, the conjunction evaluates to error.
149 function(arg, ..., arg)
151 Evaluation of a user-provided function (function is the name of
152 the function, [a-zA-Z0-9_]+). If the function with the given
153 name does not exist, it evaluates to error. Arguments are eval‐
154 uated from left to right. Each argument can either be a logical
155 expression or a string (characters enclosed in double quotes,
156 without any double quote). If an argument is encountered, but
157 all needed arguments have already been evaluated, the function
158 evaluates to error. If an argument is of wrong type, it is not
159 evaluated and the function evaluates to error. If an argument
160 evaluates to error, the function evaluates to error. If after
161 all arguments have been evaluated, the function needs more argu‐
162 ments, it evaluates to error. Then the handler function is
163 called. If it returns anything other than 1 and 0, the function
164 evaluates to error. Otherwise it evaluates to what the handler
165 function returned.
166
168 For examples of using BadVPN, see badvpn(7).
169
171 badvpn-client(8), badvpn(7)
172
174 Ambroz Bizjak <ambrop7@gmail.com>
175 21 June 2011 badvpn-server(8)