+#
+# Example configuration file. Note that this attempts to present various
+# configuration possibilities and may not actually give any sensible
+# configuration. For real life example see the examples/ directory.
+#
+
#
# Configured ciphers.
#
# If the cipher is builtin the <module path> maybe omitted.
#
[Cipher]
-twofish:../lib/silcsim/modules/twofish.sim.so:16:16
-rc6:../lib/silcsim/modules/rc6.sim.so:16:16
-mars:../lib/silcsim/modules/mars.sim.so:16:16
-none:../lib/silcsim/modules/none.sim.so:0:0
+aes-256-cbc:/usr/local/silc/modules/aes.sim.so:32:16
+aes-192-cbc:/usr/local/silc/modules/aes.sim.so:24:16
+aes-128-cbc:/usr/local/silc/modules/aes.sim.so:16:16
+twofish-256-cbc:/usr/local/silc/modules/twofish.sim.so:32:16
+twofish-192-cbc:/usr/local/silc/modules/twofish.sim.so:24:16
+twofish-128-cbc:/usr/local/silc/modules/twofish.sim.so:16:16
+mars-256-cbc:/usr/local/silc/modules/mars.sim.so:32:16
+mars-192-cbc:/usr/local/silc/modules/mars.sim.so:24:16
+mars-128-cbc:/usr/local/silc/modules/mars.sim.so:16:16
+none:/usr/local/silc/modules/none.sim.so:0:0
#
# Configured hash functions.
#
# If the hash function is builtin the <module path> maybe omitted.
#
-[HashFunction]
-md5::64:16
+[Hash]
sha1::64:20
+md5::64:16
#
-# Configured PKCS.
+# Configured HMAC functions. The hash function used in the HMAC must
+# configured to the [hash] section.
#
-# Format: <name>:<module path>:<key length>
+# Format: <name>:<hash name>:<mac length>
#
-# NOTE: <module path> must be omitted as PKCS cannot be modules currently.
+[hmac]
+hmac-sha1-96:sha1:12
+hmac-md5-96:md5:12
+hmac-sha1:sha1:20
+hmac-md5:md5:16
+
+#
+# Configured PKCS.
#
-#[PKCS]
-#rsa::1024
-#dss::1024
+# Format: <name>
+#
+[PKCS]
+rsa
#
# Run SILC server as specific user and group. The server must be initially
[ServerInfo]
lassi.kuo.fi.ssh.com:10.2.1.6:Kuopio, Finland:706
+#
+# Server keys
+#
+# Format: +<public key>:<private key>
+#
+[ServerKeys]
+/etc/silc/silcd.pub:/etc/silc/silcd.prv
+
#
# Listenning ports.
#
-# Format: <local IP/UNIX socket path>:<remote IP>:<port>
+# Format: <local IP>:<Listener IP>:<port>
#
[ListenPort]
10.2.1.6:10.2.1.6:706
# fatallogile:<path>:<max byte size>
#
[Logging]
-infologfile:silcd.log:10000
-#warninglogfile:/var/log/silcd_warning.log:10000
-#errorlogfile:ERROR.log:10000
-#fatallogfile:/var/log/silcd_error.log:
+infologfile:/usr/local/silc/logs/silcd.log:10000
+#warninglogfile:/usr/local/silc/logs/silcd_warning.log:10000
+#errorlogfile:/usr/local/silc/logs/error.log:10000
+#fatallogfile:/usr/local/silc/logs/silcd_error.log:
#
# Connection classes.
#
# Format: <remote host>:<auth method>:<auth data>:<port>:<class>
#
+# The <auth data> is either passphrase or file path to the public key
+# file.
+#
[ClientConnection]
-:::1333:1
+:::706:1
#
# Configured server administrator connections
#
-# Format: <host>:<auth method>:<auth data>:<nickname hash>:<class>
+# Format: <host>:<username>:<nickname>:<auth method>:<auth data>
+#
+# The <auth data> is either passphrase or file path to the public key
+# file.
#
[AdminConnection]
-10.2.1.199:passwd:veryscret:XXX:1
+10.2.1.199:priikone:pekka:passwd:veryscret
#
# Configured server connections.
# Thus, if your server is not router do not configure this section. If
# your server is router, this must be configured.
#
-# Format: <remote host>:<auth method>:<auth data>:<port>:<version ID>:<vlass>
+# Format: <remote host>:<auth method>:<auth data>:<port>:
+# <version ID>:<class>:<backup connection>
+#
+# The <auth data> is either passphrase or file path to the public key
+# file. If the connection is backup connection then set the <backup
+# connection> to value 1. For normal connections set it 0. If it is
+# set to value 1 then this server will be backup router.
#
[ServerConnection]
-10.2.1.7:passwd:veryscret:706:1:1
+10.2.1.7:passwd:veryscret:706:1:1:0
+10.2.1.17:passwd:veryscret13:706:1:1:1 # backup connection, that host
+ # will use this server as backup
+ # router.
#
# Configured router connections.
# this sections includes all configured router connections. The first
# configured connection is the primary route.
#
-# Format: <remote host>:<auth method>:<auth data>:<port>:<version ID>:<class>:<initiator>
+# Format: <remote host>:<auth method>:<auth data>:<port>:<version ID>:
+# <class>:<initiator>:<backup replace IP>:<backup replace port>:
+# <local backup>
+#
+# The <auth data> is either passphrase or file path to the public key
+# file. If you are the initiator of the connection then set the <initiator>
+# to value 1. If you are the responder of the connection (waiting for
+# incoming connection) then set it to 0.
+#
+# If the connection is backup router connection then set the <backup
+# replace IP> to the IP address of the router that the backup router will
+# replace if it becomes unavailable. Set also the router's port to the
+# <backup replace port>. For normal connection leave both empty. If this
+# backup router is in our cell then set the <local backup> to value 1.
+# If the backup router is in other cell then set it to value 0.
#
[RouterConnection]
#10.2.1.100:passwd:veryverysecret:706:1:1:1
+#10.2.100.131:pubkey:/path/to/the/publickey:706:1:1:1
+#10.2.100.100:pubkey:/path/to/the/publickey:706:1:1:0:10.2.1.6:706:1
#
# Denied connections.
#
# These connections are denied to connect our server.
#
-# Format: <remote host/nickname>:<time interval>:<comment>:<port>
+# Format: <remote host>:<port>:<comment>
#
[DenyConnection]
-
-#
-# Redirected client connections.
-#
-# Clients will be redirected to these servers when our server is full.
-#
-# Format: <remote host>:<port>
-#
-[RedirectClient]
+#10.2.1.99:0:Your connection has been denied