# enable SSL support, please read the module section #
# of this configuration file. #
# #
+# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so #
+# modules, you must define this value to use ssl on #
+# that port. valid values are 'gnutls' or 'openssl' #
+# respectively. If the module is not loaded, this #
+# setting is ignored. #
+# #
+# transport - If you have m_spanningtree.so loaded, along with #
+# either of the SSL modules (m_ssl_gnutls or #
+# m_ssl_openssl) or m_ziplinks.so, then you may make #
+# use of this value. #
+# setting it to 'openssl' or 'gnutls' or 'zip' #
+# indicates that the port should accept connections #
+# using the given transport name. Transports are #
+# layers which sit on top of a socket and change the #
+# way data is sent and received, e.g. encryption, #
+# compression, and other such things. Because this #
+# may not be limited in use to just encryption, #
+# the 'ssl' value used for client ports does not #
+# exist for servers, and this value is used instead. #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# #
# Syntax is as follows: #
# #
-# <bind address="ip or host" port="port" type="clients"> #
-# <bind address="ip or host" port="port" type="servers"> #
+# <bind address="ip address" port="port" type="clients"> #
+# <bind address="ip address" port="port" type="servers"> #
# #
# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, #
# then you must specify your IPV6 clients in the following form: #
# default) then you do not need to prefix your addresses like this. #
# #
-<bind address="" port="6660-6669" type="clients">
+<bind address="" port="6000" type="clients">
+<bind address="" port="6660-6669" type="clients" ssl="gnutls">
+
+# When linking servers, the openssl and gnutls transports are largely
+# link-compatible and can be used alongside each other or either/or
+# on each end of the link without any significant issues.
+
<bind address="" port="7000,7001" type="servers">
+<bind address="1.2.3.4" port="7005" type="servers" transport="openssl">
#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
# autoconnect - Sets the server to autoconnect. Where x is the num. #
# (optional) of seconds between attempts. e.g. 300 = 5 minutes. #
# #
-# encryptionkey - Encryption key to be used for AES encryption, where #
-# supported. Links using the spanning tree protocol #
-# support AES. The encryption key must be EXACTLY 8, #
-# 16 or 32 characters in length for a 64, 128 or 256 #
-# bit key, respectively. #
+# transport - If defined, this is a transport name implemented by #
+# another module. Transports are layers on top of #
+# plaintext connections, which alter them in certain #
+# ways. Currently the three supported transports are #
+# 'openssl' and 'gnutls' which are types of SSL #
+# encryption, and 'zip' which is for compression. #
+# If you define a transport, both ends of the #
+# connection must use a compatible transport for the #
+# link to succeed. OpenSSL and GnuTLS are link- #
+# compatible with each other. #
# #
# hidden - When using m_spanningtree.so for linking. you may #
# set this to 'yes', and if you do, the IP address/ #
# information on how to load this module! If you do not load this #
# module, server links will NOT work! #
# #
+# Also, if you define any transports, you must load the modules for #
+# these transports BEFORE you load m_spanningtree, e.g. place them #
+# above it in the configuration file. Currently this means the three #
+# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on #
+# which you choose to use. #
+# #
<link name="hub.penguin.org"
ipaddr="penguin.box.com"
autoconnect="300"
failover="hub.other.net"
timeout="15"
+ transport="gnutls"
sendpass="outgoing!password"
recvpass="incoming!password">
# Oper channels mode: Adds the +O channel mode
#<module name="m_operchans.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper hash module: Allows hashed oper passwords
+# Relies on the module m_md5.so and/or m_sha256.so being loaded before
+# m_oper_hash.so in the configuration file.
+#<module name="m_oper_hash.so">
+#
+#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+#
+# To use this module, you must define a hash type for each oper's
+# password you want to hash. For example:
+#
+# <oper name="katsklaw"
+# host="ident@dialup15.isp.com"
+# hash="sha256"
+# password="a41d730937a53b79f788c0ab13e9e1d5"
+# type="NetAdmin">
+#
+# The types of hashing available vary depending on which hashing modules
+# you load, but usually if you load m_sha256.so and m_md5.so, both md5
+# and sha256 type hashing will be available (the most secure of which
+# is SHA256).
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper Join module: Forces opers to join a channel on oper-up
#<module name="m_operjoin.so">
# Specify the level as the 'level' parameter of the <type> tag
#<module name="m_operlevels.so">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper MD5 module: Allows MD5 hashed oper passwords
-# Relies on the module m_md5.so being loaded before m_opermd5.so in
-# the configuration file.
-#<module name="m_opermd5.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper SHA256 module: Allows SHA256 hashed oper passwords
-# This module is in src/modules/extra
-#<module name="m_opersha256.so">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper modes module: Allows you to specify modes to add/remove on oper
# Specify the modes as the 'modes' parameter of the <type> tag
# #
# m_ssl_gnutls.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/GnuTLS_SSL_Module #
+# #
+# NOTE: If you want to use this module to encrypt and sign your #
+# server to server traffic, you MUST load it before m_spanningtree in #
+# your configuration file! #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL Info module: Allows users to retrieve information about other
# #
# m_ssl_openssl.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/OpenSSL_SSL_Module #
+# #
+# NOTE: If you want to use this module to encrypt and sign your #
+# server to server traffic, you MUST load it before m_spanningtree in #
+# your configuration file! #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL Cert Oper module: Allows opers to oper up using the key fingerprint
# maintain notify lists.
#<module name="m_watch.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# ZipLinks module: Adds support for zlib deflate on server to server
+# connections. Both ends of the connection must load this module.
+#
+#<module name="m_ziplink.so">
+#
+# To use this module, you must enable it as a transport type in your
+# <link> tags or <bind> tags using the transport name 'zip'.
+# See the documentation of <link> and <bind>, respectively.
+#
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# The ban tags define nick masks, host masks and ip ranges which are #
projects / user / henk / code / inspircd.git / blobdiff