Cipher = (aes-256-cbc)
The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet encryption. It is best to use only those ciphers which support CBC mode.
ClampMSS = <yes|no> (yes)
This option specifies whether Weble VPN should clamp the maximum segment size (MSS) of TCP packets to the path MTU. This helps in situations where ICMP Fragmentation Needed or Packet too Big messages are dropped by firewalls.
Compression = (0)
This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo).
Digest = (sha256)
The digest algorithm used to authenticate UDP packets. Any digest supported by LibreSSL or OpenSSL is recognized. Furthermore, specifying "none" will turn off packet authentication.
IndirectData = <yes|no> (no)
This option specifies whether other Weble VPN daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to make a connection from the outside to your Weble VPN daemon. Otherwise, it is best to leave this option out or set it to no.
MACLength = (4)
The length of the message authentication code used to authenticate UDP packets. Can be anything from 0 up to the length of the digest produced by the digest algorithm.
PMTU = (1514)
This option controls the initial path MTU to this node.
PMTUDiscovery = <yes|no> (yes)
When this option is enabled, Weble VPN will try to discover the path MTU to this node. After the path MTU has been discovered, it will be enforced on the VPN.
TCPonly = <yes|no> (no)
If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a Weble VPN daemon from behind a masquerading firewall, or if UDP packet routing is disabled somehow. Setting this options also implicitly sets IndirectData.