Skip to content

VpnHood Server Configuration

Trudy edited this page Oct 23, 2024 · 46 revisions

There are several configurations for the VPNHood server. The server uses the default value for any item you remove. Configure the server by putting "appsettings.json" in the VpnHood server's storage folder. The default location of the storage folder is:

  • Linux > /opt/VpnHoodServer/storage
  • Windows > C:\Program Files\VpnHood\VpnHoodServer\storage

The default value below will be used if there is no "appsettings.json" file.

appsettings.json

{
  "HttpAccessManager": null,
  "FileAccessManager": {
    "ServerTokenUrl": "https://domain/server-token",
    "HostPort": null,
    "IsValidHostName": false,
    "PublicEndPoints": [ "x.x.x.x:443", "[::]:443" ],
    "TcpEndPoints": [ "0.0.0.0:443", "[::]:443" ],
    "UdpEndPoints": [ "0.0.0.0:0", "[::]:0" ],
    "DnsServers": [ "0.0.0.0:0", "[::]" ],
    "AddListenerIpsToNetwork": null,
    "SslCertificatesPassword": null,
    "ReplyAccessKey": true,
    "Tracking": {
      "TrackClientIp": false,
      "TrackLocalPort": false,
      "TrackDestinationIp": false,
      "TrackDestinationPort": false
    },
    "Session": {
      "Timeout": "01:00:00",
      "UdpTimeout": "00:01:00",
      "TcpTimeout": "00:15:00",
      "IcmpTimeout": "00:30:00",
      "MaxDatagramChannelCount": 8,
      "MaxUdpClientCount": null,
      "MaxIcmpClientCount": null,
      "TcpBufferSize": 8192,
      "TcpKernelSendBufferSize": null,
      "TcpKernelReceiveBufferSize": null,
      "UdpSendBufferSize": null,
      "UdpReceiveBufferSize" : null
    },
    "NetFilter": {
      "IncludeLocalNetwork": false,
      "PacketCaptureIncludeIpRanges": ["0.0.0.0/0", "[::]/0"],
      "PacketCaptureExcludeIpRanges": [],
      "IncludeIpRanges": ["0.0.0.0/0", "[::]/0"],
      "ExcludeIpRanges": []
    }
  },
  "IsDiagnoseMode": false
}

HttpAccessManager

Use this to connect the VpnHood server to an enterprise Access Server. Please set it to null to use VpnHood's built-in simple file access server. A simple file access server is enough to run a server.

FileAccessManager

ServerTokenUrl

The URL of the recently encrypted server token points to shared server credentials between clients. Uploading the encrypted server token to this URI is optional but required if it is set. The default is null and ignored if not set.

IsValidHostName

set true if the domain is valid, and clients should try to get the IP via DNS.

HostPort

Used when IsValidHostName is true. The default is null, and the VpnHood Server tries to find it automatically from TcpEndPoints.

PublicEndPoints

The server's public TCP endpoint is embedded in the client access token, but it's not required if IsValidHostName is true. The default is null, and VpnHood uses TcpEndPoints when it is null.

TcpEndPoints

The TCP listening ports on your server. VpnHood server does not require root or admin access, but listening to the TCP port below 1024 requires root access.

UdpEndPoints

The UDP listening ports on your server. VpnHood server does not require root or admin access, but listening to the UDP port below 1024 requires root access. The default is 0, which means random port. Note: The IP address must be the same as TCP. Clients will only receive the port number, and they use the same IP for TCP.

DnsServers

The recommended DNS servers for clients. It always adds to your included network range. Users can override this value only if the server has not excluded the client's DNS servers from its supported network address range. The client app chooses the default DNS servers. In most cases, this is Google DNS servers.

AddListenerIpsToNetwork

Specifies the network interface name for auto-configuration. The listener IPs will be added to the given network interface if set. The value should be the network interface name. If the value is "*", the system will automatically select a network interface, usually the first. The Default is null, which means no action will be taken. It can be null or "*" or "<network_interface_name>".

Note: Only supported on Linux

SslCertificatesPassword

Set the password of "default.pfx" if any.

ReplyAccessKey

Push recent client AccessKey to the client if true.

Tracking

TrackClientIp

If true, the VpnHood server logs the client's IP and the session number.

TrackLocalPort

If true, the VpnHood server logs every local port number opened to the outside world and the session number.

TrackDestinationIp

If true, then the VpnHood server logs the redacted destination IP requested by the user.

TrackDestinationPort

If true, then the VpnHood server logs the destination port requested by the user.

Session

Timeout

The VpnHood server will close idle sessions after this period.

UdpTimeout

VpnHood server's internal NAT closes outbound UDP ports. It is the same as ordinary NAT.

TcpTimeout

The VpnHood server closes idle TCP sessions after this period. Since detecting dead TCP connections is challenging, VpnHood uses keep-alive for TCP connections and closes the idle TCP connection only if the socket poll returns an error after this period.

MaxDatagramChannelCount

It limits the maximum number of TcpDatagram channels a client can access. VpnHood server closes old TCP channels if a VpnHood client requests more. Clients read this value from the server and do not request more TcpDatagram channels suppressing their configuration.

Note: This value does not affect the use of UdpChannel. There is only one UdpChannel in UDP mode.

MaxUdpPortCount

It limits the maximum concurrent UDP port from a client. Ordinary users merely need to open more than 100 simultaneous UDP ports unless they use torrent apps. The default is 0, which means unlimited.

TcpBufferSize

The TCP buffer size for every TcpProxy request. Each TCP proxy uses two TCP connections. An ordinary user may request about 500 simultaneous TCP proxies in a session. VpnHood Server consumes much memory if many users connect to your server, significantly if you increase this value, so the default value is highly recommended.

TcpKernelSendBufferSize

Set null to let OS decide. See the following document for more information.

TcpClient.SendBufferSize

TcpKernelReceiveBufferSize

Set null to let OS decide. See the following document for more information.

TcpClient.ReceiveBufferSize

NetFilter

IncludeLocalNetwork

If false, the server's local network (LAN) will be unreachable to clients. If set to true, all local network requests will be routed to the VPN server. The default is false.

PacketCaptureIncludeIpRanges

Filter networks at kernel mode. The format is "x.x.x.x/x" or "x.x.x.x-x.x.x.x". Filtering with PacketCapture is faster, but its item number is limited. Too many items will throw an error on clients' devices. Use IncludeIpRanges instead.

IncludeIpRanges

Filter networks at user mode. The format is "x.x.x.x/x" or "x.x.x.x-x.x.x.x" Many networks can be set, but it is slower than PacketCaptureIncludeIpRanges.

Misc

IsDiagnoseMode

It must be true to log some packet deep-level logging. It puts much overhead on your machine if you set it to true.

Clone this wiki locally