This file is located under
/etc/mcc/mcc.conf path by default.
To override the path pass the new one as the argument to
listen-addr = 0.0.0.0:9376
Listen address (
Parent nodes' socket addresses (
parents-resolve-period = 1h
How frequently the parents' hostnames need to be resolved.
resolver.ipv4-network = 10.83.0.0/16
IPv4 network that is used to resolve node IDs. Beware that the addresses from this network are always local to the current node and are assigned dynamically. The same address on different nodes may point to a different node ID. The address is reassigned only if the system runs out of IP addresses, i.e. you resolve over 65536 unique node IDs from a single node.
resolver.ipv6-network = 200::/7
IPv6 network that is used to resolve node IDs. The default is unused IPv6 range deprecated in RFC 4048.
resolver.mac-address-mask = AE:00:00:00:00:00
MAC address mask that is used to resolve node IDs.
resolver.domain = .home.arpa
Domain under which node IDs are resolved.
The default is
.home.arpa (RFC 8375).
resolver.ttl = 0
TTL of DNS entries in seconds.
unix-socket-path = /tmp/.mcc-socket
UNIX socket path used by
unix-enable = true
Enable UNIX socket server.
Without this server
mcc commands do not work.
keep-alive-period = 30s
How frequently the parent node needs to be checked.
topology-update-period = 2m
How frequently topology needs to be sent to the parent node.
rejoin-period = 1m
How frequently a node tries to switch to the first parent.
log-level = info
Log verbosity level.
Redirect all MCC output to the specified file.
data-dir = /var/lib/mcc
Internal data storage directory.
tun-device-name = mcc0
tun-device-name = utun83
TUN device name (
utun83 on MacOS,
tun-device-mtu = 1280
TUN device MTU.
firewall-chain-name = MCC
Firewall chain name.
dns-addr = 127.0.0.1:8353
Bind address (
ip:port) of internal DNS server that is used to resolve node IDs.
dns-enable = true
Enable local DNS server. Without this server node ID resolution does not work on musl-based Linux distributions and MacOS, but still works on glibc-based Linux distributions via NSS module.
node-certificate = /etc/mcc/node-certificate.txt
Node's certificate path.
node-private-key = /etc/mcc/node-private-key.txt
Node's private key path.
network-certificates = /etc/mcc/network-certificate.txt
Comma-separated list of files with trusted network certificates.
compression = none
Compression method for tunneled packets.
cert-update-addr = cas.staex.io:8081
The address (
ip:port) of a server to get updated certificates from.
cert-update-enable = true
Enable automatic update of network certificates.
cert-update-period = 3h
How frequently to update network certificates.
Tags associated with the node.
dependent-nodes = /etc/mcc/dependent-nodes
A directory that contains dependent nodes configuration files.
static-addr = 10.115.0.0/16
Static address of this node in overlay network. Please note that dynamic IP addresses is more secure against man-in-the-middle attacks than static ones: dynamic addresses resolve to node ids locally whereas static addresses resolve to node ids by contacting a parent node. This also means that dynamic addresses are much faster to resolve than static ones.
network-lookup-ttl = 64
Network lookup TTL, i.e. the maximum number of hops a packet will travel before being dropped. This applies to static IP address and DNS name resolution.
network-lookup-timeout = 20s
Network lookup timeout. This applies to static IP address and DNS name resolution.
forwarding-rules = /etc/mcc/forwarding-rules.conf
Packet forwarding rules.
forwarding-rules-commit-timeout = 7s
The timeout of applying new forwarding rules with
Enable Dnsmasq integration.
When enabled MCC will generate configuration file for Dnsmasq and
place it under
The integration is enabled by default if
Note that MCC does not restart Dnsmasq and does not delete generated configuration file.
dnsmasq-directory = /etc/dnsmasq.d
Dnsmasq directory that contains additional (usually per-domain) configuration files.
Dnsmasq restart shell command.
By default MCC does not restart Dnsmasq after the configuration file is generated,
because it may interfere with system boot sequence.
If you are sure that this is not an issue, specify restart command here.
systemctl restart dnsmasq.