# Password auth is not possible so only Public Key auth must be used.
# Set "option IdentityFile" to the file from which the identity (private key) is read.
# By default the OpenSSH client checks for /root/.ssh/id_rsa, /root/.ssh/id_ed25519 and /root/.ssh/id_ecdsa
# See https://openwrt.org/docs/guide-user/services/ssh/sshtunnel

#config server example
#	option user			root
#	option hostname			server.example.com
#	option port			22
#	option retrydelay		1
#	option CheckHostIP		yes
#	option Compression		no
#	option IdentityFile		/root/.ssh/id_rsa
#	option LogLevel			INFO
#	option PKCS11Provider		/lib/pteidpkcs11.so
#	option ServerAliveCountMax	3
#	option ServerAliveInterval	0
#	option StrictHostKeyChecking	accept-new
#	option TCPKeepAlive		yes
#	option VerifyHostKeyDNS		yes

# tunnelR(emote) - when the connection will be initiated to the R(emote) endpoint at
# remoteaddress:remoteport and then forwarded to localaddress:localport
#
#config tunnelR http
#	option server		example
#	option remoteaddress	*
#	option remoteport	9009
#	option localaddress	192.168.1.13
#	option localport	80

# tunnelL(ocal) - when the connection will be initiated to the L(ocal) endpoint at
# localaddress:localport and then forwarded to remoteaddress:remoteport
#
#config tunnelL test
#	option server		example
#	option localaddress	*
#	option localport	1022
#	option remoteaddress	secretserver.example.com
#	option remoteport	22

# tunnelD(ynamic) - when the connection will be initiated with the SOCKS4 or SOCKS5 protocol
# to the local endpoint at localaddress:localport and then forwarded over the remote host
#
#config tunnelD proxy
#	option server		example
#	option localaddress	*
#	option localport	4055

# tunnelW - creates TUN/TAP devices on client and server to establish a VPN tunnel between them
# vpntypes:
#  point-to-point = TUN
#  ethernet = TAP
#
#config tunnelW proxy
#	option server           example
#	option vpntype		point-to-point|ethernet
#	option localdev		any|0|1|2|...
#	option remotedev	any|0|1|2|...