| Brian Waters | 13d9601 | 2017-12-08 16:53:31 -0600 | [diff] [blame^] | 1 | # Configuration file for the peer whitelist extension. |
| 2 | # |
| 3 | # This extension is meant to allow connection from remote peers, without actively |
| 4 | # maintaining this connection ourselves (as it would be the case by declaring the |
| 5 | # peer in a ConnectPeer directive). |
| 6 | # The format of this file is very simple. It contains a list of peer names |
| 7 | # separated by spaces or newlines. |
| 8 | # |
| 9 | # The peer name must be a fqdn. We allow also a special "*" character as the |
| 10 | # first label of the fqdn, to allow all fqdn with the same domain name. |
| 11 | # Example: *.example.net will allow host1.example.net and host2.example.net |
| 12 | # |
| 13 | # At the beginning of a line, the following flags are allowed (case sensitive) -- either or both can appear: |
| 14 | # ALLOW_OLD_TLS : we accept unprotected CER/CEA exchange with Inband-Security-Id = TLS |
| 15 | # ALLOW_IPSEC : we accept implicitly protected connection with with peer (Inband-Security-Id = IPSec) |
| 16 | # It is specified for example as: |
| 17 | # ALLOW_IPSEC vpn.example.net vpn2.example.net *.vpn.example.net |
| 18 | # These flag take effect from their position, until the end of the line. |
| 19 | |