1badvpn-server(8)            System Manager's Manual           badvpn-server(8)
2
3
4

NAME

6       badvpn-server - chat server for the BadVPN peer-to-peer VPN system
7

SYNOPSIS

9       badvpn-server
10              [--help]
11              [--version]
12              [--logger <stdout/syslog>]
13              (logger=syslog?
14                     [--syslog-facility <string>]
15                     [--syslog-ident <string>]
16              )
17              [--loglevel <0-5/none/error/warning/notice/info/debug>]
18              [--channel-loglevel     <channel-name>     <0-5/none/error/warn‐
19              ing/notice/info/debug>] ...
20              [--listen-addr <addr>] ...
21              [--ssl --nssdb <string> --server-cert-name <string>]
22              [--comm-predicate <string>]
23              [--relay-predicate <string>]
24              [--client-socket-sndbuf <bytes / 0>]
25

INTRODUCTION

27       This page documents the BadVPN server, which is used in  a  BadVPN  VPN
28       network  by peers to talk to each other in order to establish data con‐
29       nections. For a general description of BadVPN, see badvpn(7).
30

DESCRIPTION

32       The BadVPN server is a chat server used by nodes in the VPN network  to
33       talk to each other in order to establish data connections. Once it ini‐
34       tializes, the server only terminates if a signal is received.
35

OPTIONS

37       The BadVPN server is configured entirely from command line.
38
39       --help Print version and command line syntax and exit.
40
41       --version
42              Print version and exit.
43
44       --logger <stdout/syslog>
45              Select where to log messages. Default is stdout. Syslog  is  not
46              available on Windows.
47
48       --syslog-facility <string>
49              When  logging  to syslog, set the logging facility. The facility
50              name must be in lower case.
51
52       --syslog-ident <string>
53              When logging to syslog, set the ident.
54
55       --loglevel <0-5/none/error/warning/notice/info/debug>
56              Set the default logging level.
57
58       --channel-loglevel         <channel-name>         <0-5/none/error/warn‐
59       ing/notice/info/debug>
60              Set the logging level for a specific logging channel.
61
62       --listen-addr <addr>
63              Add  an  address  for  the  server  to  listen on. See below for
64              address format.
65
66       --ssl  Use TLS. Requires --nssdb and --server-cert-name.
67
68       --nssdb <string>
69              When using TLS, the NSS database to use. Probably something like
70              sql:/some/folder.
71
72       --server-cert-name <string>
73              When using TLS, the name of the certificate to use. The certifi‐
74              cate must be readily accessible.
75
76       --comm-predicate <string>
77              Set a predicate to define which pairs of clients are allowed  to
78              communicate.  The  predicate  is a logical expression; see below
79              for details. Available functions:
80              p1name(string) - true if the TLS common name of  peer  1  equals
81              the given string. If TLS is not used, the common name is assumed
82              to be an empty string.
83              p1addr(string) - true if the IP address of  peer  1  equals  the
84              given string. The string must not be a name.
85              p2name(string)  -  true  if the TLS common name of peer 2 equals
86              the given string. If TLS is not used, the common name is assumed
87              to be an empty string.
88              p2addr(string)  -  true  if  the IP address of peer 2 equals the
89              given string. The string must not be a name.
90              There is no rule as to which is peer 1 and which  peer  2.  When
91              the server needs to determine whether to allow two peers to com‐
92              municate, it evaluates the predicate once  and  in  no  specific
93              order.
94
95       --relay-predicate <string>
96              Set a predicate to define how peers can relay data through other
97              peers. The predicate is a  logical  expression;  see  below  for
98              details.  If  the  predicate evaluates to true, peer P can relay
99              data through peer R. Available functions:
100              pname(string) - true if the TLS  common  name  of  peer  P  peer
101              equals  the given string. If TLS is not used, the common name is
102              assumed to be an empty string.
103              paddr(string) - true if the IP address  of  peer  P  equals  the
104              given string. The string must not be a name.
105              rname(string)  -  true  if  the  TLS  common name of peer R peer
106              equals the given string. If TLS is not used, the common name  is
107              assumed to be an empty string.
108              raddr(string)  -  true  if  the  IP address of peer R equals the
109              given string. The string must not be a name.
110
111       --client-socket-sndbuf <bytes / 0>
112              Sets the value of the SO_SNDBUF socket  option  for  client  TCP
113              sockets  (zero  to  not set). Lower values will improve fairness
114              when data from multiple peers is being sent to a given peer, but
115              may  result  in lower bandwidth if the network's bandwidth-delay
116              product to too big.
117

EXIT CODE

119       If initialization fails, exits with code 1. Otherwise runs until termi‐
120       nation is requested and exits with code 1.
121

ADDRESS FORMAT

123       Addresses  have  the  form  ipaddr:port, where ipaddr is either an IPv4
124       address (name or numeric), or an IPv6 address enclosed in  brackets  []
125       (name or numeric again).
126

PREDICATES

128       The  BadVPN  server  includes a small predicate language used to define
129       certain policies.  Syntax and semantics of the language  are  described
130       here.
131
132       true   Logical true constant. Evaluates to 1.
133
134       false  Logical false constant. Evaluates to 0.
135
136       NOT expression
137              Logical  negation.  If  the  expression  evaluates to error, the
138              negation evaluates to error.
139
140       expression OR expression
141              Logical disjunction. The second expression is only evaluated  if
142              the  first  expression  evaluates  to false. If a sub-expression
143              evaluates to error, the disjunction evaluates to error.
144
145       expression AND expression
146              Logical conjunction. The second expression is only evaluated  if
147              the  first  expression  evaluates  to  true. If a sub-expression
148              evaluates to error, the conjunction evaluates to error.
149
150       function(arg, ..., arg)
151              Evaluation of a user-provided function (function is the name  of
152              the  function,  [a-zA-Z0-9_]+).   If the function with the given
153              name does not exist, it evaluates to error.  Arguments are eval‐
154              uated  from left to right. Each argument can either be a logical
155              expression or a string (characters enclosed  in  double  quotes,
156              without  any  double quote).  If an argument is encountered, but
157              all needed arguments have already been evaluated,  the  function
158              evaluates  to error.  If an argument is of wrong type, it is not
159              evaluated and the function evaluates to error.  If  an  argument
160              evaluates  to  error, the function evaluates to error.  If after
161              all arguments have been evaluated, the function needs more argu‐
162              ments,  it  evaluates  to  error.   Then the handler function is
163              called. If it returns anything other than 1 and 0, the  function
164              evaluates  to  error. Otherwise it evaluates to what the handler
165              function returned.
166

EXAMPLES

168       For examples of using BadVPN, see badvpn(7).
169

SEE ALSO

171       badvpn-client(8), badvpn(7)
172

AUTHORS

174       Ambroz Bizjak <ambrop7@gmail.com>
175
176
177
178                                 21 June 2011                 badvpn-server(8)
Impressum