Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Conflicts: NEWS README configure.in lib/utils.c src/linux/device.c src/meta.c src/net.h src/net_setup.c src/net_socket.c src/protocol.c src/protocol_auth.c src/tincd.c
This commit is contained in:
commit
19be9cf715
16 changed files with 517 additions and 52 deletions
|
@ -159,8 +159,25 @@ It is possible to bind only to a single interface with this variable.
|
|||
.Pp
|
||||
This option may not work on all platforms.
|
||||
|
||||
.It Va Broadcast Li = yes | no Po yes Pc Bq experimental
|
||||
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
|
||||
.It Va Broadcast Li = no | mst | direct Po mst Pc Bq experimental
|
||||
This option selects the way broadcast packets are sent to other daemons.
|
||||
NOTE: all nodes in a VPN must use the same
|
||||
.Va Broadcast
|
||||
mode, otherwise routing loops can form.
|
||||
|
||||
.Bl -tag -width indent
|
||||
.It no
|
||||
Broadcast packets are never sent to other nodes.
|
||||
|
||||
.It mst
|
||||
Broadcast packets are sent and forwarded via the VPN's Minimum Spanning Tree.
|
||||
This ensures broadcast packets reach all nodes.
|
||||
|
||||
.It direct
|
||||
Broadcast packets are sent directly to all nodes that can be reached directly.
|
||||
Broadcast packets received from other nodes are never forwarded.
|
||||
If the IndirectData option is also set, broadcast packets will only be sent to nodes which we have a meta connection to.
|
||||
.El
|
||||
|
||||
.It Va ConnectTo Li = Ar name
|
||||
Specifies which other tinc daemon to connect to on startup.
|
||||
|
@ -409,6 +426,19 @@ while no routing table is managed.
|
|||
.It Va Name Li = Ar name Bq required
|
||||
This is the name which identifies this tinc daemon.
|
||||
It must be unique for the virtual private network this daemon will connect to.
|
||||
The Name may only consist of alphanumeric and underscore characters.
|
||||
|
||||
If
|
||||
.Va Name
|
||||
starts with a
|
||||
.Li $ ,
|
||||
then the contents of the environment variable that follows will be used.
|
||||
In that case, invalid characters will be converted to underscores.
|
||||
If
|
||||
.Va Name
|
||||
is
|
||||
.Li $HOST ,
|
||||
but no such environment variable exist, the hostname will be read using the gethostnname() system call.
|
||||
|
||||
.It Va PingInterval Li = Ar seconds Pq 60
|
||||
The number of seconds of inactivity that
|
||||
|
@ -441,8 +471,41 @@ specified in the configuration file.
|
|||
When this option is used the priority of the tincd process will be adjusted.
|
||||
Increasing the priority may help to reduce latency and packet loss on the VPN.
|
||||
|
||||
.It Va Proxy Li = socks4 | socks5 | http | exec Ar ... Bq experimental
|
||||
Use a proxy when making outgoing connections.
|
||||
The following proxy types are currently supported:
|
||||
.Bl -tag -width indent
|
||||
.It socks4 Ar address Ar port Op Ar username
|
||||
Connects to the proxy using the SOCKS version 4 protocol.
|
||||
Optionally, a
|
||||
.Ar username
|
||||
can be supplied which will be passed on to the proxy server.
|
||||
Only IPv4 connections can be proxied using SOCKS 4.
|
||||
.It socks5 Ar address Ar port Op Ar username Ar password
|
||||
Connect to the proxy using the SOCKS version 5 protocol.
|
||||
If a
|
||||
.Ar username
|
||||
and
|
||||
.Ar password
|
||||
are given, basic username/password authentication will be used,
|
||||
otherwise no authentication will be used.
|
||||
.It http Ar address Ar port
|
||||
Connects to the proxy and sends a HTTP CONNECT request.
|
||||
.It exec Ar command
|
||||
Executes the given
|
||||
.Ar command
|
||||
which should set up the outgoing connection.
|
||||
The environment variables
|
||||
.Ev NAME ,
|
||||
.Ev NODE ,
|
||||
.Ev REMOTEADDRES
|
||||
and
|
||||
.Ev REMOTEPORT
|
||||
are available.
|
||||
.El
|
||||
|
||||
.It Va ReplayWindow Li = Ar bytes Pq 16
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
vhis is the size of the replay tracking window for each remote node, in bytes.
|
||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||
the default setting of 16 will track up to 128 packets in the window. In high
|
||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||
|
|
|
@ -801,8 +801,23 @@ variable.
|
|||
This option may not work on all platforms.
|
||||
|
||||
@cindex Broadcast
|
||||
@item Broadcast = <yes | no> (yes) [experimental]
|
||||
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
|
||||
@item Broadcast = <no | mst | direct> (mst) [experimental]
|
||||
This option selects the way broadcast packets are sent to other daemons.
|
||||
@emph{NOTE: all nodes in a VPN must use the same Broadcast mode, otherwise routing loops can form.}
|
||||
|
||||
@table @asis
|
||||
@item no
|
||||
Broadcast packets are never sent to other nodes.
|
||||
|
||||
@item mst
|
||||
Broadcast packets are sent and forwarded via the VPN's Minimum Spanning Tree.
|
||||
This ensures broadcast packets reach all nodes.
|
||||
|
||||
@item direct
|
||||
Broadcast packets are sent directly to all nodes that can be reached directly.
|
||||
Broadcast packets received from other nodes are never forwarded.
|
||||
If the IndirectData option is also set, broadcast packets will only be sent to nodes which we have a meta connection to.
|
||||
@end table
|
||||
|
||||
@cindex ConnectTo
|
||||
@item ConnectTo = <@var{name}>
|
||||
|
@ -1031,6 +1046,11 @@ This only has effect when Mode is set to "switch".
|
|||
This is a symbolic name for this connection.
|
||||
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
|
||||
|
||||
If Name starts with a $, then the contents of the environment variable that follows will be used.
|
||||
In that case, invalid characters will be converted to underscores.
|
||||
If Name is $HOST, but no such environment variable exist,
|
||||
the hostname will be read using the gethostnname() system call.
|
||||
|
||||
@cindex PingInterval
|
||||
@item PingInterval = <@var{seconds}> (60)
|
||||
The number of seconds of inactivity that tinc will wait before sending a
|
||||
|
@ -1068,6 +1088,33 @@ specified in the configuration file.
|
|||
When this option is used the priority of the tincd process will be adjusted.
|
||||
Increasing the priority may help to reduce latency and packet loss on the VPN.
|
||||
|
||||
@cindex Proxy
|
||||
@item Proxy = socks4 | socks4 | http | exec @var{...} [experimental]
|
||||
Use a proxy when making outgoing connections.
|
||||
The following proxy types are currently supported:
|
||||
|
||||
@table @asis
|
||||
@cindex socks4
|
||||
@item socks4 <@var{address}> <@var{port}> [<@var{username}>]
|
||||
Connects to the proxy using the SOCKS version 4 protocol.
|
||||
Optionally, a @var{username} can be supplied which will be passed on to the proxy server.
|
||||
|
||||
@cindex socks5
|
||||
@item socks4 <@var{address}> <@var{port}> [<@var{username}> <@var{password}>]
|
||||
Connect to the proxy using the SOCKS version 5 protocol.
|
||||
If a @var{username} and @var{password} are given, basic username/password authentication will be used,
|
||||
otherwise no authentication will be used.
|
||||
|
||||
@cindex http
|
||||
@item http <@var{address}> <@var{port}>
|
||||
Connects to the proxy and sends a HTTP CONNECT request.
|
||||
|
||||
@cindex exec
|
||||
@item exec <@var{command}>
|
||||
Executes the given command which should set up the outgoing connection.
|
||||
The environment variables @env{NAME}, @env{NODE}, @env{REMOTEADDRES} and @env{REMOTEPORT} are available.
|
||||
@end table
|
||||
|
||||
@cindex ReplayWindow
|
||||
@item ReplayWindow = <bytes> (16)
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue