5 Server configuration

All command-line and dwunrc settings are optional and the defaults will be used if no user-supplied value is given.

See dwun -h for command-line options.

dwun [-p PORT] [-b IP] [-m NUM] [-a FILE] [-k NUM] [-r FILE] [-l FILE] [-d] [-v] [-h]

There is also an optional dwunrc file containing data in the following format:

keyword argument

If a keyword and its argument cannot fit all on one line you should allow it to flow to the next line without breaking.

Blank lines and those beginning with # are ignored.

Command-line options over-ride those in dwunrc.

For filenames in dwunrc, do not use shell-specific things such as a tilde. A path like ``./'' is fine.

After changing the rcfile, dwun must be restarted (either with the admin RESTART command or killing dwun with SIGHUP and then starting it again) before changes take effect.

For boolean arguments, ``on'' and ``true'' have the same meaning, as do ``off'' and ``false''.

keyword, -command-line option

description

port, -p

listen on this port for connections. 5540 by default.

bind, -b

listen on this IP address for connections. To have dwun bind on multiple IP addresses, list them separated by spaces or commas. 127.0.0.1 by default.

maxcon, -m

allow this number of clients as a maximum. Disallow new connections while still at this limit. -1 (unlimited) by default.

redials

allow commandon to exit this number of times in a in a row without us becoming connected before a fatal commandon error occurs. (Useful when using programs like wvdial that do their own redialing).

staydropped

register a fatal commandon error if commandon dies when we are in the ``#Connected'' state. This is useful when using the ``idle'' option to pppd for example. FALSE by default.

waitpipe

Wait for all processes launched by commandon to exit before considering ourselves ``#Disconnected''. Useful for daemons. ON by default.

disconnect_wait

wait this number of seconds before disconnecting in case someone CONNECTs in that time (removing the need to disconnect). This is particularly useful when you want to reboot into another operating system without needing to disconnect.

authfile, -a

use this file for authentication data. /etc/dwunauth by default. This file can be created with the dwunmakeauth6 utility.

keepalive, -k

every this number of seconds, require ALIVE command from client or we terminate them. Don't change this unless you know what you're doing. Clients can override7 this value for their session.

-r

read configuration data from this file. /etc/dwunrc by default.

logfile, -l

output logging info to this file. None (use syslog) by default or /var/log/dwun.log if your system lacks syslog.

commandon

Run /bin/sh -c 'argument' when we connect. For example commandon ifup ppp0. Please ensure that any programs started by /etc/ppp/ip-up will exit quickly if the connection goes down while they are running. (Pppd will wait for them to exit before exiting itself).

commandoff

Run /bin/sh -c 'argument' when we disconnect. By default there is no command. This means dwun will instead try to kill the processes that were launched with commandon. (With SIGHUP). If, having run commandoff, commandon hasn't exited within a certain amount of time we will attempt to kill all the processes launched by commandon and then run commandoff again. Dwun cannot kill daemons such as pppd without a program to run for commandoff.

pre_commandon

Run /bin/sh -c 'argument' before running commandon. (So you must end the command with & if you don't want dwun to wait for pre_commandon to exit before running commandon). File descriptor 3 can be used like the external fifo10 so ``echo %con:#foo > /usr/lib/dwun-msg'' and ``echo %con:#foo >&3'' are equivalent.

post_commandon

Like pre_commandon but for after commandon exits.

command_logfile

append standard error and standard output of commandon, commandoff, onconnect and ondisconnect into this file. None by default.

debug on, -d

enable debugging mode. This causes extra information to be logged that is useful for development. Off by default.

-v

display version information.

-h

display version information and help on command-line arguments.

pidfile

write dwun's pid to this file upon startup. Dwun will overwrite any existing data in this file and dwun removes the file when it exits. /var/run/dwun.pid by default.

hostmask

use this hostmask to allow/reject clients based on their IP address. Multiple hostmasks are allowed and should be separated by spaces or commas (e.g.``hostmask 192.168.1.0/255.255.255.0 127.0.0.0/255.0.0.0''). No hostmask by default.

onconnect

run /bin/sh -c 'argument' for each user when they run the CONNECT7 command. %b will be substituted with the IP address of the user. %p will be replaced with the pid of the child process serving the user. %u will be replaced with the username. Use %% for a literal %. (e.g. onconnect /sbin/ipchains -A forward -j MASQ -s %b -i ppp0). The command is executed before anything is done regarding commandon. If we are not already running commandon, dwun will wait for the onconnect command to complete before running commandon (to avoid waiting, add & to the end of the command). We will also wait for onconnect to exit before running ondisconnect unless & is used. No command by default.

ondisconnect

like onconnect but when users run the DISCONNECT7 command. When the last person disconnects, dwun will wait for the ondisconnect command to terminate before killing commandon or running commandoff. To avoid waiting, add & to the end of the command. (e.g. ondisconnect /sbin/ipchains -D forward -j MASQ -s %b -i ppp0). No command by default.

onconnect_wait

wait for their onconnect command to exit before we may tell a user they are #Connected. This is important when the onconnect command does something which is necessary to allow net access for that user, e.g. enables NAT / IP Masquerading for them. OFF by default.

external

when data is entered into this named pipe (FIFO), dwun will send the message to zero or more dwun clients. More details10 are available.

Multiple connections from the same host are allowed. You can differentiate these in the logs because syslog/logfile should include the pid (e.g. dwun[pid]: message) and each connection will have a different pid associated with it.