Configuration file for afserver
Afserver supports several mechanisms to supply configuration and run-time parameters: command line options, afserver.conf and hard-coded defaults. When the same information is supplied in more than one way, the highest precedence mechanism is used. When configuration file is used (option: -f FILE) command line options like --hostname, --listenport, --manageport and --pass are ignored. Options from configuration file are taken before values from command line (with the exception of --cerfile, --keyfile and --dateformat ). When something is not declared, hard-coded values are used.
Afserver uses configuration file, which name is supplied by the -f FILE option. The afserver.conf file is composed of two sections which have to be in fixed order. In first section global values like cerfile, keyfile and logging options are set. The second section starts with first realm command and includes options describing specific realms. There may be several realm commands.
cerfile FILE
the name of the file with certificate (default: server-cert.pem)
cacerfile FILE
the name of the file with CA certificates (if used, require clients to have valid certificates)
cerdepth N
the maximum depth of valid certificate-chains
keyfile FILE
the name of the file with RSA key (default: server.rsa)
log LOGCMD
log choosen information to file/socket
dateformat FORMAT
format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S). Format string is trimmed. In order to include white characters into format string, use dots to mark beginning and end of the text. If the dot is first or last character, it's removed. Only one character from the beginning and one from the end can be removed.
realm [NAME]
starts configuration of the next realm. Name of the realm can be specified using this option.
hostname NAME
used when creating listening sockets (default: '')
listenport PORT
listening port number - users connect to it (required at least one)
manageport PORT
manage port number - afclient connects to it (required at least one)
pass PASSWORD
password used for client identification (default: no password)
users N
the amount of users allowed to use this server (default: 5)
timeout N
the timeout value for the client's connection (default: 5)
--maxidle N
the maximum idle time for the client's connection (default: disabled)
clients N
the number of allowed clients to use this server (default: 1)
raclients N
the number of allowed clients in remote administration mode to use this server (default: 1)
usrpcli N
the number of allowed users per client (default: $users)
climode N
strategy used to connect users with clients (default: 1) Available strategies: 1. fill first client before go to next
proto TYPE
type of server (tcp|udp) - what protocol it will be operating for (default: tcp)
nossl
ssl is not used to transfer data (but it's still used to establish a connection) (default: ssl is used)
nozlib
zlib is not used to compress data (default: zlib is used)
baseport
listenports are temporary and differ for each client
audit
additional information about connections are logged
dnslookups
try to obtain dns names of the computers rather than their numeric IP
ipv4
use ipv4 only
ipv6
use ipv6 only
enableproxy
enable http proxy mode
Jeremian <jeremian [at] poczta.fm>
Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>
Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.