badvpn-server(8) System Manager's Manual badvpn-server(8) NAME badvpn-server - chat server for the BadVPN peer-to-peer VPN system SYNOPSIS badvpn-server [--help] [--version] [--logger ] (logger=syslog? [--syslog-facility ] [--syslog-ident ] ) [--loglevel <0-5/none/error/warning/notice/info/debug>] [--channel-loglevel <0-5/none/error/warning/notice/info/debug>] ... [--listen-addr ] ... [--ssl --nssdb --server-cert-name ] [--comm-predicate ] [--relay-predicate ] [--client-socket-sndbuf ] INTRODUCTION This page documents the BadVPN server, which is used in a BadVPN VPN network by peers to talk to each other in order to establish data connections. For a general description of BadVPN, see badvpn(7). DESCRIPTION The BadVPN server is a chat server used by nodes in the VPN network to talk to each other in order to establish data connections. Once it initializes, the server only terminates if a signal is received. OPTIONS The BadVPN server is configured entirely from command line. --help Print version and command line syntax and exit. --version Print version and exit. --logger Select where to log messages. Default is stdout. Syslog is not available on Windows. --syslog-facility When logging to syslog, set the logging facility. The facility name must be in lower case. --syslog-ident When logging to syslog, set the ident. --loglevel <0-5/none/error/warning/notice/info/debug> Set the default logging level. --channel-loglevel <0-5/none/error/warning/notice/info/debug> Set the logging level for a specific logging channel. --listen-addr Add an address for the server to listen on. See below for address format. --ssl Use TLS. Requires --nssdb and --server-cert-name. --nssdb When using TLS, the NSS database to use. Probably something like sql:/some/folder. --server-cert-name When using TLS, the name of the certificate to use. The certificate must be readily accessible. --comm-predicate Set a predicate to define which pairs of clients are allowed to communicate. The predicate is a logical expression; see below for details. Available functions: p1name(string) - true if the TLS common name of peer 1 equals the given string. If TLS is not used, the common name is assumed to be an empty string. p1addr(string) - true if the IP address of peer 1 equals the given string. The string must not be a name. p2name(string) - true if the TLS common name of peer 2 equals the given string. If TLS is not used, the common name is assumed to be an empty string. p2addr(string) - true if the IP address of peer 2 equals the given string. The string must not be a name. There is no rule as to which is peer 1 and which peer 2. When the server needs to determine whether to allow two peers to communicate, it evaluates the predicate once and in no specific order. --relay-predicate Set a predicate to define how peers can relay data through other peers. The predicate is a logical expression; see below for details. If the predicate evaluates to true, peer P can relay data through peer R. Available functions: pname(string) - true if the TLS common name of peer P peer equals the given string. If TLS is not used, the common name is assumed to be an empty string. paddr(string) - true if the IP address of peer P equals the given string. The string must not be a name. rname(string) - true if the TLS common name of peer R peer equals the given string. If TLS is not used, the common name is assumed to be an empty string. raddr(string) - true if the IP address of peer R equals the given string. The string must not be a name. --client-socket-sndbuf Sets the value of the SO_SNDBUF socket option for client TCP sockets (zero to not set). Lower values will improve fairness when data from multiple peers is being sent to a given peer, but may result in lower bandwidth if the network's bandwidth-delay product to too big. EXIT CODE If initialization fails, exits with code 1. Otherwise runs until termination is requested and exits with code 1. ADDRESS FORMAT Addresses have the form ipaddr:port, where ipaddr is either an IPv4 address (name or numeric), or an IPv6 address enclosed in brackets [] (name or numeric again). PREDICATES The BadVPN server includes a small predicate language used to define certain policies. Syntax and semantics of the language are described here. true Logical true constant. Evaluates to 1. false Logical false constant. Evaluates to 0. NOT expression Logical negation. If the expression evaluates to error, the negation evaluates to error. expression OR expression Logical disjunction. The second expression is only evaluated if the first expression evaluates to false. If a sub-expression evaluates to error, the disjunction evaluates to error. expression AND expression Logical conjunction. The second expression is only evaluated if the first expression evaluates to true. If a sub-expression evaluates to error, the conjunction evaluates to error. function(arg, ..., arg) Evaluation of a user-provided function (function is the name of the function, [a-zA-Z0-9_]+). If the function with the given name does not exist, it evaluates to error. Arguments are evaluated from left to right. Each argument can either be a logical expression or a string (characters enclosed in double quotes, without any double quote). If an argument is encountered, but all needed arguments have already been evaluated, the function evaluates to error. If an argument is of wrong type, it is not evaluated and the function evaluates to error. If an argument evaluates to error, the function evaluates to error. If after all arguments have been evaluated, the function needs more arguments, it evaluates to error. Then the handler function is called. If it returns anything other than 1 and 0, the function evaluates to error. Otherwise it evaluates to what the handler function returned. EXAMPLES For examples of using BadVPN, see badvpn(7). SEE ALSO badvpn-client(8), badvpn(7) AUTHORS Ambroz Bizjak 21 June 2011 badvpn-server(8)