j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Merged documentation with various updates I had lying around

Browse source
This commit is contained in:
Ivo Timmermans 2001-01-17 01:40:46 +00:00
parent 457c6fa7b6
commit 1d898e00a9
1 changed files with 58 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

77
doc/tinc.texi
View file

@ -1,5 +1,5 @@
\input texinfo @c -*-texinfo-*-
@c $Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $
@c $Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
@c %**start of header
@setfilename tinc.info
@settitle tinc Manual
@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $
$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $
$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
@ -613,6 +613,7 @@ VpnMask configuration variable.
* Multiple networks::
* How connections work::
* Configuration file::
* Required directives::
* Example::
@end menu
@ -657,7 +658,7 @@ will try to connect to it, on the given port. If this fails, tinc exits.
@c ==================================================================
@node Configuration file, Example, How connections work, Configuring tinc
@node Configuration file, Required directives, How connections work, Configuring tinc
@section Configuration file
The actual configuration of the daemon is done in the file
@ -726,10 +727,30 @@ on several interfaces at the same time though, if they share the same IP
address.
@item KeyExpire = <seconds> (3600)
This option controls the time the encryption keys used to encrypt the
data are valid. It is common practice to change keys at regular
intervals to make it even harder for crackers, even though it is thought
to be nearly impossible to crack a single key.
This option controls the time the encryption keys used to encrypt the data
are valid. It is common practice to change keys at regular intervals to
make it even harder for crackers, even though it is thought to be nearly
impossible to crack a single key.
@item ListenPort = <port> (655)
Listen on local port port. The computer connecting to this daemon should
use this number as the argument for his ConnectPort.
@item MyOwnVPNIP = <local address[/maskbits]> (required)
The local address is the number that the daemon will propagate to
other daemons on the network when it is identifying itself. Hence this
will be the file name of the passphrase file that the other end expects
to find the passphrase in.
The local address is the IP address of the tap device, not the real IP
address of the host running tincd. Due to changes in recent kernels, it
is also necessary that you make the ethernet (also known as MAC) address
equal to the IP address (see the example).
maskbits is the number of bits set to 1 in the netmask part.
@item MyVirtualIP = <local address[/maskbits]>
This is an alias for MyOwnVPNIP.
@item @strong{Name = <name>}
This is a symbolic name for this connection. It can be anything
@ -740,7 +761,7 @@ probe to the other end. If that other end doesn't answer within that
same amount of seconds, the connection is terminated, and the others
will be notified of this.
@item PrivateKey = <key>
@item @strong{PrivateKey = <key>}
This is the RSA private key for tinc. However, for safety reasons it is
advised to store private keys of any kind in separate files. This prevents
accidental eavesdropping if you are editting the configuration file.
@ -750,17 +771,35 @@ This is the full path name of the RSA private key file that was
generated by ``tincd --generate-keys''. It must be a full path, not a
relative directory.
Note that exactly @strong{one of the above two options} must be specified.
@item PublicKey = <key>
This is the full path name of the RSA public key file that was generated
by ``tincd --generate-keys''. It must be a full path, not a relative
directory. (NOTE: In version 1.0pre3, this variable was used to give
the key inline. This is no longer supported.)
@item Subnet = <IP address/maskbits>
This is the subnet range of all IP addresses that will be accepted by
the host that defines it. Please be careful that no two subnets
overlap. Every host @strong{must} have a different range of IP
addresses that it can handle, otherwise you will see messages like
`packet comes back to us'.
@item TapDevice = <device> (/dev/tap0)
The ethertap device to use. Note that you can only use one device per
daemon. The info pages of the tinc package contain more information
about configuring an ethertap device for Linux.
@item VpnMask = <mask>
The mask that defines the scope of the entire VPN. This option is not
used by the tinc daemon itself, but can be used by startup scripts to
configure the ethertap devices correctly.
@item TCPonly = <yes|no> (no, experimental)
If this variable is set to yes, then the packets are tunnelled over a TCP
connection instead of a UDP connection. This is especially useful for those
who want to run a tinc daemon from behind a masquerading firewall, or if
UDP packet routing is disabled somehow. This is experimental code,
try this at your own risk.
@item VpnMask = <mask> (optional)
The mask that defines the scope of the entire VPN. This option is not used
by the tinc daemon itself, but can be used by startup scripts to configure
the ethertap devices correctly.
@end table
@ -892,7 +931,7 @@ there. If you get an error, you can check @ref{Error messages}.
@c ==================================================================
@node Example, , Configuration file, Configuring tinc
@node Example, , Required directives, Configuring tinc
@section Example
@ -1193,10 +1232,8 @@ level of 5 or higher!
@item Network address and subnet mask do not match!
@table @bullet
@item The Subnet field must contain a network address. That means that
the lower order bits of the address must be zero. For example, 192.168.1.1/24
is wrong, you should use 192.168.1.0/24.
@item If you only want to use one IP address, set the netmask to /32.
@item The Subnet field must contain a network address
If you only want to use one IP address, set the netmask to /32.
@end table
@item This is a bug: net.c:253: 24: Some error
@ -1217,11 +1254,13 @@ files are bound to be in a different directory.
@end table
@end table
@c ==================================================================
@node Technical information, About us, Running tinc, Top
@chapter Technical information
@menu
* The Connection::
* Security::