-
Notifications
You must be signed in to change notification settings - Fork 151
VpnHood Server Configuration
There are several configurations for the VPNHood server. The server uses the default value for any item you remove. Configure the server by putting "appsettings.json" in the VpnHood server's storage folder. The default location of the storage folder is:
- Linux > /opt/VpnHoodServer/storage
- Windows > C:\Program Files\VpnHood\VpnHoodServer\storage
The default value below will be used if there is no "appsettings.json" file.
appsettings.json
{
"HttpAccessManager": null,
"FileAccessManager": {
"ServerTokenUrl": "https://domain/server-token",
"HostPort": null,
"IsValidHostName": false,
"PublicEndPoints": [ "x.x.x.x:443", "[::]:443" ],
"TcpEndPoints": [ "0.0.0.0:443", "[::]:443" ],
"UdpEndPoints": [ "0.0.0.0:0", "[::]:0" ],
"DnsServers": [ "0.0.0.0:0", "[::]" ],
"AddListenerIpsToNetwork": null,
"SslCertificatesPassword": null,
"ReplyAccessKey": true,
"Tracking": {
"TrackClientIp": false,
"TrackLocalPort": false,
"TrackDestinationIp": false,
"TrackDestinationPort": false
},
"Session": {
"Timeout": "01:00:00",
"UdpTimeout": "00:01:00",
"TcpTimeout": "00:15:00",
"IcmpTimeout": "00:30:00",
"MaxDatagramChannelCount": 8,
"MaxUdpClientCount": null,
"MaxIcmpClientCount": null,
"TcpBufferSize": 8192,
"TcpKernelSendBufferSize": null,
"TcpKernelReceiveBufferSize": null,
"UdpSendBufferSize": null,
"UdpReceiveBufferSize" : null
},
"NetFilter": {
"IncludeLocalNetwork": false,
"PacketCaptureIncludeIpRanges": ["0.0.0.0/0", "[::]/0"],
"PacketCaptureExcludeIpRanges": [],
"IncludeIpRanges": ["0.0.0.0/0", "[::]/0"],
"ExcludeIpRanges": []
}
},
"IsDiagnoseMode": false
}Use this to connect the VpnHood server to an enterprise Access Server. Please set it to null to use VpnHood's built-in simple file access server. A simple file access server is enough to run a server.
The URL of the recently encrypted server token points to shared server credentials between clients. Uploading the encrypted server token to this URI is optional but required if it is set. The default is null and ignored if not set.
set true if the domain is valid, and clients should try to get the IP via DNS.
Used when IsValidHostName is true. The default is null, and the VpnHood Server tries to find it automatically from TcpEndPoints.
The server's public TCP endpoint is embedded in the client access token, but it's not required if IsValidHostName is true. The default is null, and VpnHood uses TcpEndPoints when it is null.
The TCP listening ports on your server. VpnHood server does not require root or admin access, but listening to the TCP port below 1024 requires root access.
The UDP listening ports on your server. VpnHood server does not require root or admin access, but listening to the UDP port below 1024 requires root access. The default is 0, which means random port. Note: The IP address must be the same as TCP. Clients will only receive the port number, and they use the same IP for TCP.
The recommended DNS servers for clients. It always adds to your included network range. Users can override this value only if the server has not excluded the client's DNS servers from its supported network address range. The client app chooses the default DNS servers. In most cases, this is Google DNS servers.
Specifies the network interface name for auto-configuration. The listener IPs will be added to the given network interface if set. The value should be the network interface name. If the value is "*", the system will automatically select a network interface, usually the first. The Default is null, which means no action will be taken. It can be null or "*" or "<network_interface_name>".
Note: Only supported on Linux
Set the password of "default.pfx" if any.
Push recent client AccessKey to the client if true.
If true, the VpnHood server logs the client's IP and the session number.
If true, the VpnHood server logs every local port number opened to the outside world and the session number.
If true, then the VpnHood server logs the redacted destination IP requested by the user.
If true, then the VpnHood server logs the destination port requested by the user.
The VpnHood server will close idle sessions after this period.
VpnHood server's internal NAT closes outbound UDP ports. It is the same as ordinary NAT.
The VpnHood server closes idle TCP sessions after this period. Since detecting dead TCP connections is challenging, VpnHood uses keep-alive for TCP connections and closes the idle TCP connection only if the socket poll returns an error after this period.
It limits the maximum number of TcpDatagram channels a client can access. VpnHood server closes old TCP channels if a VpnHood client requests more. Clients read this value from the server and do not request more TcpDatagram channels suppressing their configuration.
Note: This value does not affect the use of UdpChannel. There is only one UdpChannel in UDP mode.
It limits the maximum concurrent UDP port from a client. Ordinary users merely need to open more than 100 simultaneous UDP ports unless they use torrent apps. The default is 0, which means unlimited.
The TCP buffer size for every TcpProxy request. Each TCP proxy uses two TCP connections. An ordinary user may request about 500 simultaneous TCP proxies in a session. VpnHood Server consumes much memory if many users connect to your server, significantly if you increase this value, so the default value is highly recommended.
Set null to let OS decide. See the following document for more information.
Set null to let OS decide. See the following document for more information.
If false, the server's local network (LAN) will be unreachable to clients. If set to true, all local network requests will be routed to the VPN server. The default is false.
Filter networks at kernel mode. The format is "x.x.x.x/x" or "x.x.x.x-x.x.x.x". Filtering with PacketCapture is faster, but its item number is limited. Too many items will throw an error on clients' devices. Use IncludeIpRanges instead.
Filter networks at user mode. The format is "x.x.x.x/x" or "x.x.x.x-x.x.x.x" Many networks can be set, but it is slower than PacketCaptureIncludeIpRanges.
It must be true to log some packet deep-level logging. It puts much overhead on your machine if you set it to true.