j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Updated documentation.

Browse source
This commit is contained in:
Guus Sliepen 2002-03-01 13:38:02 +00:00
parent f93b1334e0
commit 0c879b8eee
2 changed files with 46 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
doc/tinc.conf.5
View file

@ -100,12 +100,15 @@ If you leave it out, remember to replace it with at least one space character.
Here are all valid variables, listed in alphabetical order. Here are all valid variables, listed in alphabetical order.
The default value is given between parentheses. The default value is given between parentheses.
.Bl -tag -width indent .Bl -tag -width indent
.It Va AddressFamily Li = ipv4 | ipv6 | any Pq ipv4 .It Va AddressFamily Li = ipv4 | ipv6 | any Po ipv4 Pc Bq experimental
This option affects the address family of listening and outgoing sockets. This option affects the address family of listening and outgoing sockets.
If If
.Qq any .Qq any
is selected, then the listening sockets will be IPv6 sockets, is selected, then depending on the operating system both IPv4 and IPv6 or just
but on most platforms those will also accept IPv4 connections. IPv6 listening sockets will be created.
.Pp
Mixing IPv4 and IPv6 may not work as desired.
It's best to choose one address family and use that for all tinc daemons on the VPN.
.It Va BindToInterface Li = Ar interface Bq experimental .It Va BindToInterface Li = Ar interface Bq experimental
If your computer has more than one network interface, If your computer has more than one network interface,
.Nm tinc .Nm tinc
@ -127,8 +130,8 @@ This option may not work on all platforms.
Specifies which other tinc daemon to connect to on startup. Specifies which other tinc daemon to connect to on startup.
Multiple Multiple
.Va ConnectTo .Va ConnectTo
variables may be specified; variables may be specified,
if connecting to the first one fails then tinc will try the next one, and so on. in which case outgoing connections to each specified tinc daemon are made.
The names should be known to this tinc daemon The names should be known to this tinc daemon
(i.e., there should be a host configuration file for the name on the (i.e., there should be a host configuration file for the name on the
.Va ConnectTo .Va ConnectTo
@ -174,11 +177,13 @@ variables in the host configuration files will be used to form a routing table.
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
.It switch .It switch
In this mode the MAC addresses of the packets on the VPN will be used to In this mode the MAC addresses of the packets on the VPN will be used to
dynamically create a routing table just like a network switch does. dynamically create a routing table just like an Ethernet switch does.
Unicast, multicast and broadcast packets of every Ethernet protocol are supported in this mode Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode
at the cost of frequent broadcast ARP requests and routing table updates. at the cost of frequent broadcast ARP requests and routing table updates.
.It hub .It hub
In this mode every packet will be broadcast to the other daemons. This mode is almost the same as the switch mode, but instead
every packet will be broadcast to the other daemons
while no routing table is created.
.El .El
.It Va Name Li = Ar name Bq required .It Va Name Li = Ar name Bq required
This is the name which identifies this tinc daemon. This is the name which identifies this tinc daemon.
@ -190,6 +195,9 @@ will wait before sending a probe to the other end.
If that other end doesn't answer within that same amount of time, If that other end doesn't answer within that same amount of time,
the connection is terminated, the connection is terminated,
and the others will be notified of this. and the others will be notified of this.
.It Va PriorityInheritance Li = yes | no Po no Pc Bq experimental
When this option is enabled the value of the TOS field of tunneled IPv4 packets
will be inherited by the UDP packets that are sent out.
.It Va PrivateKey Li = Ar key Bq obsolete .It Va PrivateKey Li = Ar key Bq obsolete
The private RSA key of this tinc daemon. The private RSA key of this tinc daemon.
It will allow this tinc daemon to authenticate itself to other daemons. It will allow this tinc daemon to authenticate itself to other daemons.
@ -216,6 +224,11 @@ no secrets are revealed by sending out this information.
.Bl -tag -width indent .Bl -tag -width indent
.It Va Address Li = Ar address Bq recommended .It Va Address Li = Ar address Bq recommended
The IP address or hostname of this tinc daemon on the real network. The IP address or hostname of this tinc daemon on the real network.
This wil only be used when trying to make an outgoing connection to this tinc daemon.
Multiple
.Va Address
variables can be specified, in which case each address will be tried until a working
connection has been established.
.It Va Cipher Li = Ar cipher Pq blowfish .It Va Cipher Li = Ar cipher Pq blowfish
The symmetric cipher algorithm used to encrypt UDP packets. The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by OpenSSL is recognised. Any cipher supported by OpenSSL is recognised.
@ -264,15 +277,20 @@ The subnet which this tinc daemon will serve.
tries to look up which other daemon it should send a packet to by searching the appropriate subnet. tries to look up which other daemon it should send a packet to by searching the appropriate subnet.
If the packet matches a subnet, If the packet matches a subnet,
it will be sent to the daemon who has this subnet in his host configuration file. it will be sent to the daemon who has this subnet in his host configuration file.
Multiple subnet lines can be specified. Multiple
.Va Subnet
variables can be specified.
.Pp .Pp
Subnets can either be single MAC, IPv4 or IPv6 addresses, Subnets can either be single MAC, IPv4 or IPv6 addresses,
in which case a subnet consisting of only that single address is assumed, in which case a subnet consisting of only that single address is assumed,
or they can be a IPv4 or IPv6 network address with a masklength. or they can be a IPv4 or IPv6 network address with a masklength.
Shorthand notations are not supported.
For example, IPv4 subnets must be in a form like 192.168.1.0/24, For example, IPv4 subnets must be in a form like 192.168.1.0/24,
where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask.
Note that subnets like 192.168.1.1/24 are invalid! Note that subnets like 192.168.1.1/24 are invalid!
Read a networking HOWTO/FAQ/guide if you don't understand this. Read a networking HOWTO/FAQ/guide if you don't understand this.
IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64.
MAC addresses are notated like 0:1a:2b:3c:4d:5e.
.It Va TCPOnly Li = yes | no Po no Pc Bq experimental .It Va TCPOnly Li = yes | no Po no Pc Bq experimental
If this variable is set to yes, If this variable is set to yes,
then the packets are tunnelled over the TCP connection instead of a UDP connection. then the packets are tunnelled over the TCP connection instead of a UDP connection.
@ -298,14 +316,14 @@ it will be executed right after the tinc daemon has connected to the virtual net
It can be used to set up the corresponding network interface. It can be used to set up the corresponding network interface.
.Pp .Pp
The environment variable The environment variable
.Ev NETNAME .Ev $NETNAME
will be passed to the executable. will be passed to the executable.
If specified with the If specified with the
.Va Interface .Va Interface
configuration variable, configuration variable,
or if the virtual network device is a Linux tun/tap device, or if the virtual network device is a Linux tun/tap device,
the environment variable the environment variable
.Ev INTERFACE .Ev $INTERFACE
will be set to the name of the network interface. will be set to the name of the network interface.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down .It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
If an executable file with this name exists, If an executable file with this name exists,

25
doc/tinc.texi
View file

@ -1,5 +1,5 @@
\input texinfo @c -*-texinfo-*- \input texinfo @c -*-texinfo-*-
@c $Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ @c $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $
@c %**start of header @c %**start of header
@setfilename tinc.info @setfilename tinc.info
@settitle tinc Manual @settitle tinc Manual
@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and <itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>. Wessel Dankers <wsl@@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $
Permission is granted to make and distribute verbatim copies of this Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are manual provided the copyright notice and this permission notice are
@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and <itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>. Wessel Dankers <wsl@@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $
Permission is granted to make and distribute verbatim copies of this Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are manual provided the copyright notice and this permission notice are
@ -737,13 +737,17 @@ required directives are given in @strong{bold}.
@table @asis @table @asis
@cindex AddressFamily @cindex AddressFamily
@item AddressFamily = <ipv4|ipv6|any> (ipv4) @item AddressFamily = <ipv4|ipv6|any> (ipv4) [experimental]
This option affects the address family of listening and outgoing sockets. This option affects the address family of listening and outgoing sockets.
If "any" is selected, then the listening sockets will be IPv6 sockets, If "any" is selected, then depending on the operating system
but on most platforms those will also accept IPv4 connections. both IPv4 and IPv6 or just IPv6 listening sockets will be created.
Mixing IPv4 and IPv6 may not work as desired.
It's best to choose one address family
and use that for all tinc daemons on the VPN.
@cindex BindToInterface @cindex BindToInterface
@item BindToInterface = <interface> @item BindToInterface = <interface> [experimental]
If you have more than one network interface in your computer, tinc will If you have more than one network interface in your computer, tinc will
by default listen on all of them for incoming connections. It is by default listen on all of them for incoming connections. It is
possible to bind tinc to a single interface like eth0 or ppp0 with this possible to bind tinc to a single interface like eth0 or ppp0 with this
@ -752,7 +756,7 @@ variable.
This option may not work on all platforms. This option may not work on all platforms.
@cindex BindToIP @cindex BindToIP
@item BindToIP = <address> @item BindToIP = <address> [experimental]
If your computer has more than one IP address on a single interface (for If your computer has more than one IP address on a single interface (for
example if you are running virtual hosts), tinc will by default listen example if you are running virtual hosts), tinc will by default listen
on all of them for incoming connections. It is possible to bind tinc to on all of them for incoming connections. It is possible to bind tinc to
@ -836,6 +840,11 @@ probe to the other end. If that other end doesn't answer within that
same amount of seconds, the connection is terminated, and the others same amount of seconds, the connection is terminated, and the others
will be notified of this. will be notified of this.
@cindex PriorityInheritance
@item PriorityInheritance = <yes|no> (no) [experimental]
When this option is enabled the value of the TOS field of tunneled IPv4 packets
will be inherited by the UDP packets that are sent out.
@cindex PrivateKey @cindex PrivateKey
@item PrivateKey = <key> [obsolete] @item PrivateKey = <key> [obsolete]
This is the RSA private key for tinc. However, for safety reasons it is This is the RSA private key for tinc. However, for safety reasons it is