Skip to content

Complete Configuration Options

You can use easytier-core --help to view all configuration options.

Basic Settings

Configuration Server

ParameterDescription
-w, --config-serverConfiguration server address. Allowed formats:
- Full URL: --config-server udp://127.0.0.1:22020/admin
- Username only: --config-server admin, will use the official server
[env: ET_CONFIG_SERVER=]
--machine-idWeb configuration server identifies machines through machine id, used for configuration recovery after disconnection and reconnection, must be unique and fixed. Default obtained from system. [env: ET_MACHINE_ID=]
-c, --config-fileConfiguration file path, note: options configured in command line will override options in configuration file [env: ET_CONFIG_FILE=]

Network Settings

ParameterDescription
--network-nameNetwork name used to identify this VPN network [env: ET_NETWORK_NAME=]
--network-secretNetwork secret, used to verify that this node belongs to the VPN network [env: ET_NETWORK_SECRET=]
-i, --ipv4IPv4 address of this VPN node. If empty, this node will only forward packets and will not create a TUN device [env: ET_IPV4=]
-d, --dhcpAutomatically determine and set IP address by Easytier, default starts from 10.0.0.1. Warning: When using DHCP, if IP conflicts occur in the network, IP will be automatically changed. [env: ET_DHCP=]
-p, --peersPeer nodes to connect to initially [env: ET_PEERS=]
-e, --external-nodeUse public shared nodes to discover peer nodes [env: ET_EXTERNAL_NODE=]
-n, --proxy-networksExport local network to other peer nodes in VPN, e.g.: 10.0.0.0/24. Supports mapping to other CIDR, e.g.: 10.0.0.0/24->192.168.0.0/24 [env: ET_PROXY_NETWORKS=]

RPC Settings

ParameterDescription
-r, --rpc-portalRPC portal address for management. Supports the following formats:
- 0 means random port
- 12345 means listen on localhost:12345
- 0.0.0.0:12345 means listen on all interfaces:12345
Default is 0, first try 15888
[env: ET_RPC_PORTAL=]
--rpc-portal-whitelistRPC portal whitelist, only allow these addresses to access RPC portal, e.g.: 127.0.0.1/32,127.0.0.0/8,::1/128 [env: ET_RPC_PORTAL_WHITELIST=]

Listener Settings

ParameterDescription
-l, --listenersListeners for accepting connections, supports the following formats:
- Port number: <11010>, means tcp/udp will listen on port 11010, ws/wss will listen on ports 11010 and 11011, wg will listen on port 11011.
- URL: <tcp://0.0.0.0:11010>, where tcp can be tcp, udp, ring, wg, ws, wss protocols.
- Protocol and port pair: <proto:port>, e.g. wg:11011, means use WireGuard protocol to listen on port 11011.
[env: ET_LISTENERS=]
--mapped-listenersManually specify the public address of the listener, other nodes can use this address to connect to this node. E.g.: tcp://123.123.123.123:11223, can specify multiple. [env: ET_MAPPED_LISTENERS=]
--no-listenerDon't listen on any port, only connect to peer nodes [env: ET_NO_LISTENER=]

Other Settings

ParameterDescription
--hostnameHostname used to identify this device [env: ET_HOSTNAME=]
-m, --instance-nameInstance name, used to identify this VPN node on the same machine [env: ET_INSTANCE_NAME=]
--vpn-portalDefine the URL of the VPN portal, allowing other VPN clients to connect. E.g.: wg://0.0.0.0:11010/10.14.14.0/24 [env: ET_VPN_PORTAL=]
--default-protocolDefault protocol used when connecting to peer nodes [env: ET_DEFAULT_PROTOCOL=]
-u, --disable-encryptionDisable encryption for peer node communication, default is false, must be the same as peer nodes [env: ET_DISABLE_ENCRYPTION=]
--multi-threadUse multi-threaded runtime, default is single-threaded [env: ET_MULTI_THREAD=]
--disable-ipv6Don't use IPv6 [env: ET_DISABLE_IPV6=]
--dev-nameOptional TUN interface name [env: ET_DEV_NAME=]
--mtuMTU of TUN device, default is 1380 when not encrypted, 1360 when encrypted [env: ET_MTU=]
--latency-firstLatency priority mode, will try to use the lowest latency path to forward traffic, default uses shortest path [env: ET_LATENCY_FIRST=]
--exit-nodesExit nodes for forwarding all traffic, virtual IPv4 addresses, priority determined by list order [env: ET_EXIT_NODES=]
--enable-exit-nodeAllow this node to become an exit node [env: ET_ENABLE_EXIT_NODE=]
--proxy-forward-by-systemForward subnet proxy packets through system kernel, disable built-in NAT [env: ET_PROXY_FORWARD_BY_SYSTEM=]
--no-tunDon't create TUN device, can use subnet proxy to access nodes [env: ET_NO_TUN=]
--use-smoltcpEnable smoltcp stack for subnet proxy and KCP proxy [env: ET_USE_SMOLTCP=]
--manual-routesManually assign route CIDR, will disable subnet proxy and wireguard routes propagated from peer nodes. E.g.: 192.168.0.0/16 [env: ET_MANUAL_ROUTES=]
--relay-network-whitelistOnly forward traffic from whitelisted networks, supports wildcard strings. Multiple network names can be separated by English spaces. [env: ET_RELAY_NETWORK_WHITELIST=]
--disable-p2pDisable P2P communication, only forward packets through nodes specified by --peers [env: ET_DISABLE_P2P=]
--disable-udp-hole-punchingDisable UDP hole punching function [env: ET_DISABLE_UDP_HOLE_PUNCHING=]
--relay-all-peer-rpcForward RPC packets from all peer nodes, even if peer nodes are not in the relay network whitelist. [env: ET_RELAY_ALL_PEER_RPC=]
--socks5Enable socks5 server, allowing socks5 clients to access virtual network. Format: <port>, e.g.: 1080 [env: ET_SOCKS5=]
--compressionCompression algorithm to use, supports none, zstd. Default is none [env: ET_COMPRESSION=]
--bind-deviceBind the connector's socket to a physical device to avoid routing issues. [env: ET_BIND_DEVICE=]
--enable-kcp-proxyUse KCP proxy for TCP streams, improving latency and throughput on UDP packet loss networks. [env: ET_ENABLE_KCP_PROXY=]
--disable-kcp-inputDon't allow other nodes to use KCP proxy TCP streams to this node. [env: ET_DISABLE_KCP_INPUT=]
--enable-quic-proxyUse QUIC proxy for TCP streams, improving latency and throughput on UDP packet loss networks. [env: ET_ENABLE_QUIC_PROXY=]
--disable-quic-inputDon't allow other nodes to use QUIC proxy TCP streams to this node. [env: ET_DISABLE_QUIC_INPUT=]
--port-forwardForward local ports to remote ports in virtual network. E.g.: udp://0.0.0.0:12345/10.126.126.1:23456 [env: ET_PORT_FORWARD=]
--accept-dnsIf true, enable Magic DNS. With Magic DNS, you can use domain names to access other nodes, e.g.: <hostname>.et.net [env: ET_ACCEPT_DNS=]
--private-modeIf true, don't allow nodes using different network names and passwords from this network to handshake or relay through this node [env: ET_PRIVATE_MODE=]
--foreign-relay-bps-limitLimit bandwidth for relayed traffic [env: ET_FOREIGN_RELAY_BPS_LIMIT=]
--console-log-levelConsole log level [env: ET_CONSOLE_LOG_LEVEL=]
--file-log-levelFile log level [env: ET_FILE_LOG_LEVEL=]
--file-log-dirDirectory to store log files [env: ET_FILE_LOG_DIR=]

For more configuration options, please refer to the output of easytier-core --help.