-
Notifications
You must be signed in to change notification settings - Fork 212
VpnHood Server Configuration
There are several configurations for the VPNHood server. The server uses the default value for any item you remove. Configure the server by putting "appsettings.json" in the VpnHood server's storage folder. The default location of the storage folder is:
- Linux > /opt/VpnHoodServer/storage
- Windows > C:\Program Files\VpnHood\VpnHoodServer\storage
The default value below will be used if no "appsettings.json" file is found.
appsettings.json
{
"LogLevel": "Information",
"HttpAccessManager": null,
"FileAccessManager": {
"ServerTokenUrls": ["https://domain/server-token"],
"HostPort": null,
"IsValidHostName": false,
"PublicEndPoints": [ "x.x.x.x:443", "[::]:443" ],
"TcpEndPoints": [ "0.0.0.0:443", "[::]:443" ],
"UdpEndPoints": [ "0.0.0.0:0", "[::]:0" ],
"DnsServers": [ "0.0.0.0:0", "[::]" ],
"AddListenerIpsToNetwork": null,
"SslCertificatesPassword": null,
"ReplyAccessKey": true,
"LogAnonymizer": true,
"Tracking": {
"TrackClientIp": false,
"TrackLocalPort": false,
"TrackDestinationIp": false,
"TrackDestinationPort": false
},
"Session": {
"Timeout": "01:00:00",
"UdpTimeout": "00:01:00",
"TcpTimeout": "00:15:00",
"IcmpTimeout": "00:30:00",
"MaxDatagramChannelCount": 8,
"MaxUdpClientCount": null,
"MaxIcmpClientCount": null,
"TcpKernelBufferSize": {"Send": 0, "Receive": 0},
"StreamProxyBufferSize": {"Send": 0, "Receive": 0},
"UdpProxyBufferSize": {"Send": 0, "Receive": 0},
"UdpChannelBufferSize": {"Send": 0, "Receive": 0}
},
"NetFilter": {
"IncludeLocalNetwork": false,
"PacketCaptureIncludeIpRanges": ["0.0.0.0/0", "[::]/0"],
"PacketCaptureExcludeIpRanges": [],
"IncludeIpRanges": ["0.0.0.0/0", "[::]/0"],
"ExcludeIpRanges": []
}
}
}Minimum log level of the server. It can be Trace, Debug, Information, Warning, and Error. The default is Information.
Use this to connect the VpnHood server to an enterprise Access Server. Please set it to null to use VpnHood's built-in simple file access server. A simple file access server is enough to run a server.
A list of URLs of the recent encrypted server token points to shared server credentials used by multiple clients. Uploading the encrypted server token to this URI is optional, but required if it is set. The default is null and ignored if not set.
Set to true if the domain is valid, and clients should attempt to retrieve the IP address via DNS.
Used when IsValidHostName is true. The default is null, and the VpnHood Server tries to find it automatically from TcpEndPoints.
The server's public TCP endpoint is embedded in the client access token, but it's not required if IsValidHostName is true. The default is null, and VpnHood uses TcpEndPoints when it is null.
The TCP listening ports on your server. The VpnHood server does not require root or admin access, but listening to the TCP port below 1024 requires root access.
The UDP listening ports on your server. The VpnHood server does not require root or admin access, but listening to the UDP port below 1024 requires root access. The default is 0, which means a random port is used. Note: The IP address must be the same as TCP. Clients will only receive the port number and use the same IP for TCP.
The recommended DNS servers for clients. It always adds to your included network range. Users can override this value only if the server has not excluded the client's DNS servers from its supported network address range. The client app chooses the default DNS servers. In most cases, this is Google's DNS servers.
Specifies the network interface name for auto-configuration. The listener IPs will be added to the given network interface if set. The value should be the network interface name. If the value is "*", the system will automatically select the first available network interface. The Default is null, which means no action will be taken. It can be null or "*" or "<network_interface_name>".
Note: Only supported on Linux
Set the password of "default.pfx" if any.
Push the recent client AccessKey to the client if true.
If true, sensitive information such as IP addresses will be redacted in the log file. The default is true.
If true, the VpnHood server logs the client's IP and the session number.
If true, the VpnHood server logs every local port number opened to the outside world, along with the session number.
If true, then the VpnHood server logs the redacted destination IP requested by the user.
If true, then the VpnHood server logs the destination port requested by the user.
The VpnHood server will close idle sessions after this period.
VpnHood server's internal NAT closes outbound UDP ports. It is the same as ordinary NAT.
The VpnHood server closes idle TCP sessions after this period. Since detecting dead TCP connections is challenging, VpnHood uses keep-alive for TCP connections and closes the idle TCP connection only if the socket poll returns an error after this period.
It limits the maximum number of TCP packet channels a client can access. VpnHood server closes old TCP channels if a VpnHood client requests more. Clients read this value from the server and do not request more TCP packet channels, suppressing their configuration.
Note: This value does not affect the use of UdpChannel. There is only one UdpChannel in UDP mode.
It limits the maximum concurrent UDP port from a client. Ordinary users typically need to open more than 100 simultaneous UDP ports, unless they use torrent applications. The default is 0, which means unlimited.
The stream buffer size for every proxy request. Each TCP proxy uses two stream connections. An ordinary user may request about 500 simultaneous stream proxies in a session. The server consumes a significant amount of memory when many users connect to your server, especially if you increase this value. Therefore, the default value is highly recommended. The default is null.
The UDP buffer size for UpdClient. VpnHood server ignores it if the server supports a TUN adapter. It can consume a lot of memory. The default is null.
UDP buffer size for the UpdClient of the UDP channel. The VpnHood server uses only one channel per server listening IP, so it does not consume a significant amount of memory. The default is null.
Set null to let the OS decide. Please refer to the following document for additional information. TcpClient.SendBufferSize TcpClient.ReceiveBufferSize
If false, the server's local network (LAN) will be unreachable to clients. If set to true, all local network requests will be routed to the VPN server. The default is false.
Filter networks in kernel mode. The format is "x.x.x.x/x" or "x.x.x.x-x.x.x.x". Filtering with PacketCapture is faster, but its item number is limited. Too many items will throw an error on clients' devices. Use IncludeIpRanges instead.
Filter networks in user mode. The format is "x.x.x.x/x" or "x.x.x.x-x.x.x.x" Many networks can be set, but it is slower than PacketCaptureIncludeIpRanges.