2 <Opengatemd ConfigVersion="0.6.0">
4 <!-- Debug dump level -->
5 <!-- Set 0 to write only open/close and error messages to syslog -->
6 <!-- Set 1 to write some information adding to 0 -->
7 <!-- Set 2 to write many information to syslog -->
8 <!-- Set 3 to write many information (including busy loop) to syslog -->
11 <!-- Syslog (local0, local1, .., local7)-->
14 <Facility>local1</Facility>
17 <!-- ### MUST BE MODIFIED ## -->
18 <!-- MySql database (for mac address management) parameters -->
20 <Server>localhost</Server>
23 <Database>opengatem</Database>
26 <!-- UDP server port to receive command from managing machine -->
27 <!-- Be care to set firewall properly to pass the udp packet -->
28 <UdpServerPort>4989</UdpServerPort>
30 <!-- ### MUST BE MODIFIED ## -->
31 <!-- # Set hosts where opengateMmng are running # -->
32 <!-- OpengateMmng acts as UDP client and Md(daemon) acts as server -->
33 <!-- DB update is transmitted immediately with this UDP -->
34 <!-- (If failed, update is transmitted after cache timeout) -->
35 <!-- Following set trusted UDP clients from which UDP are allowed -->
36 <!-- (Local host is trusted) -->
37 <!-- Be care to set firewall properly to pass the packet -->
39 <UdpClient>192.168.1.1</UdpClient>
40 <UdpClient>192.168.2.1</UdpClient>
41 <UdpClient>192.168.3.1</UdpClient>
44 <!-- ### MUST BE MODIFIED ## -->
45 <!--libpcap parameters -->
47 <!-- device to sniff on -->
50 <!-- snapshot length (=tcpdump defalut) -->
51 <SnapLength>68</SnapLength>
53 <!-- capture timeout in msec -->
54 <Timeout>200</Timeout>
56 <!-- promiscuous mode(1=on) -->
57 <Promiscuous>0</Promiscuous>
60 <!-- %s is replaced with mac address of this pcap device -->
61 <Filter>(not ether src %s) and (not src net fe80::0/64)</Filter>
64 <!-- valid initial ttl values in many systems -->
65 <!-- (http://noahdavids.org/self_published/TTL_values.html) -->
66 <ValidInitialTtl>30 32 60 64 128 200 255</ValidInitialTtl>
68 <!-- IPFW rule number range and tag number used by opengate -->
72 <Interval>1</Interval>
75 <!-- IPFW Tag number used in rc.firewall -->
76 <IpfwTagNumber>123</IpfwTagNumber>
78 <!-- if no packet relating to the address is detected -->
79 <!-- in this time length (second), -->
80 <!-- close the network and remove session -->
81 <UselessTimeout>3600</UselessTimeout>
83 <!-- interval (second) to run procedure for above checking -->
84 <UselessCheckInterval>3600</UselessCheckInterval>
86 <!-- Address Pair Cache Timeout: packet check skip Interval (second) -->
87 <CacheTimeout>1200</CacheTimeout>
89 <!-- Mac Address Cache Timeout: MAC DB Cache Hold Time (second) -->
90 <MacCacheTimeout>1200</MacCacheTimeout>
92 <!-- SQLite busy timeout (milli-seconds) -->
93 <SqliteBusyTimeout>100</SqliteBusyTimeout>
95 <!-- Save Log of session to Management DB (1:YES/0:NO) -->
96 <SaveLogToMngDb>1</SaveLogToMngDb>
98 <!-- SQLite database file -->
99 <!-- for opengatemd work -->
100 <SqliteDbMd>/tmp/opengatemd.db</SqliteDbMd>
102 <!-- SQLite database file -->
103 <!-- for opengate session management -->
104 <SqliteDb>/tmp/opengate.db</SqliteDb>
107 <MacCheckDaemon>opengatemd</MacCheckDaemon>
109 <!-- Related command path -->
110 <IpfwPath>/sbin/ipfw</IpfwPath>
112 <!-- ipfw exclusive exec lock timeout (second) -->
113 <LockTimeout>10</LockTimeout>
115 <!-- Lock file to prevent overlapped ipfw rule number -->
116 <!-- exclusive execution to opengate processes -->
117 <LockFile>/tmp/opengate.lock</LockFile>
119 <!-- Lock file to prevent overlapped daemon proc -->
120 <DaemonLockFile>/tmp/opengatemd.lock</DaemonLockFile>
122 <!-- Ipfw is opened via perl script(1) or direct from C(0) -->
125 <Path>/etc/opengate/ipfwctrlmd.pl</Path>
128 <!-- Related command path -->
129 <ArpPath>/usr/sbin/arp</ArpPath>
130 <NdpPath>/usr/sbin/ndp</NdpPath>
132 <!-- flag to write log at detecting nat/router insertion -->
133 <!-- if ShowNat=1, write at detecting unknown nat/router -->
134 <!-- if ShowRouter=1, write at detecting routers defined below -->
136 <ShowRouter>0</ShowRouter>
138 <!-- subnets under the gateway -->
139 <!-- use to ignore valid routers in nat detectiion -->
140 <!-- if not set, nat/router under gateway is suspected as nat -->
141 <!-- [(ipv4 address)/(netmask length) (router hop count)] -->
143 <!-- <SubnetHopCount>192.168.0.0/22 1</SubnetHopCount> -->
144 <!-- <SubnetHopCount>192.168.1.0/24 2</SubnetHopCount> -->
145 <!-- <SubnetHopCount>192.168.161.0/22 1</SubnetHopCount> -->
146 <!-- <SubnetHopCount>192.168.240.0/22 1</SubnetHopCount> -->
147 <!-- <SubnetHopCount>192.168.161.0/24 2</SubnetHopCount> -->
149 <!-- Caution: ExrtaSet cannot use in opengatemd -->
150 <!-- because one deamon controls all users -->
153 <!-- ## End of Configuration ## -->