Config-file lines consist of a keyword and data. The keyword, which is case-insensitive, consists of everything from the first non-whitespace character to the next whitespace character, or the end of line if there is no following whitespace character. If there are no non-whitespace characters at all, or if the first such is a #, the line is a comment and is ignored. The data begins with the first non-whitespace character after the keyword. (This implies it cannot begin with whitespace.) If a file ends with a partial line (ie, it has a last character but it isn't a newline), a newline is supplied. Note that this means that a partial line ending a file read with @ does not merge with the line after the @ - to put it another way, @ operates at a level where files are streams of lines, not streams of bytes. @ FILE FILE is read and its contents effectively inserted in place of this line. key KEY The cloud key is literally KEY. keyfile KEYFILE KEYFILE is read and the contents are the cloud key. If the file is larger than 64K, only the first 64K is used. Note that no transformations are applied to the file's contents; for example, using "key foo" is not the same as doing "echo foo > foofile" and then using "keyfile foofile", because the file will contain a fourth character, a newline, and a three-character key "foo" is as different from a four-character key "foo\n" as any other two distinct keys are. id N This member's cloud ID is N; N must be in 0..255. ip ADDR ADDR is one of this member's cloud IPs. This may be given multiple times; the resulting addresses accumulate. type T This member's type is T. T can be (case-insensitive) public This cloud member is type 1 or 2; it pays attention to PUBLIC packets and tries to maintain connections to the endpoints in them. private This cloud member is type 3 or 4; it ignores PUBLIC packets, using only the address(es) it has been configured with by `uplink' lines. listen ADDR/PORT [TYPE] This host is type 1 (or 4) and should listen on ADDR/PORT for cloud connections. This may be given multiple times to listen on multiple endpoints. The special strings *, *4, and *6 may be given for ADDR to listen on all local addresses, all local IPv4 addresses, and all local IPv6 addresses, respectively. TYPE is optional and may be "public" or "private". Public listening points are advertised in PUBLIC packets; private ones aren't. If TYPE is not given, listening points at RFC-1918 private addresses (for IPv4) or link-local or site-local addresses (for IPV6) are private and others are public. uplink ADDR/PORT This can be given multiple times, and the contact points accumulate. For a type 1 or 2 host, these give initial entry points into the public cloud; for types 3 and 4, these list the host's uplink(s). Uplinks configured this way never expire, in contrast to uplinks learned from PUBLIC messages. tun N [TYPE] tun DEVPATH [TYPE] These specify the tun device. If the argument is a number (anything accepted by strtol(3) with third argument 0), the device pathname is constructed from it a la /dev/tun%d; otherwise, the argument is used directly. (To use an all-numeric name as the device node, prefix it with a path, using ./ if necessary.) The optional TYPE may be POINTOPOINT or BROADCAST (case-insensitive). If specified, the tun interface mode is changed (with TUNSIFMODE) to that value. If neither is specified, no attempt to change the interface type is made. There is no escaping mechanism; it is not possible to use a DEVPATH string containing whitespace.