j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Documentation updates. Removed all references to configuration variable

Browse source 
"AllowConnect", since it is NOT used in tinc. Added information about
"VpnMask". Elaborated a bit about "private" and "virtual" networks.
This commit is contained in:
Guus Sliepen 2000-05-27 13:21:20 +00:00
parent 85e3c1f271
commit 4d71de15e8
2 changed files with 35 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
doc/tinc.conf.5
View file

@ -61,11 +61,6 @@ one space character.
.PP .PP
Here are all valid variables, listed in alphabetical order: Here are all valid variables, listed in alphabetical order:
.TP .TP
\fBAllowConnect = \fB(\fIyes\fB|\fIno\fB)\fR
If set to \fIyes\fR, anyone may try to connect to you. If you set this
to no, no incoming connections will be accepted. This does not affect
the outgoing connections.
.TP
\fBConnectPort = \fIport\fR \fBConnectPort = \fIport\fR
Connect to the upstream host (given with the \fBConnectTo\fR Connect to the upstream host (given with the \fBConnectTo\fR
directive) on port \fIport\fR. \fIport\fR may be given in decimal directive) on port \fIport\fR. \fIport\fR may be given in decimal
@ -123,6 +118,11 @@ will be notified of this.
The ethertap device to use. Note that you can only use one device per The ethertap device to use. Note that you can only use one device per
daemon. The info pages of the tinc package contain more information daemon. The info pages of the tinc package contain more information
about configuring an ethertap device for linux. about configuring an ethertap device for linux.
.TP
\fBNetMask = \fImask\fR
The mask that defines the scope of the entire VPN. This option is not used
by the tinc daemon itself, but can be used by startup scripts to configure
the ethertap devices correctly.
.PP .PP
.SH "FILES" .SH "FILES"
.TP .TP

43
doc/tinc.texi
View file

@ -97,11 +97,27 @@ by a few elected computers that participate. This goal is achievable in
more than just one way. more than just one way.
@cindex private @cindex private
For instance, a VPN can consist of a single stand-alone ethernet LAN. Or Private networks can consist of a single stand-alone ethernet LAN. Or
even two computers hooked up using a null-modem cable@footnote{Though even two computers hooked up using a null-modem cable. In these cases,
discuss-able, I think it qualifies as a VPN.}. In these cases, it is it is
obvious that the network is @emph{private}. But there is another type obvious that the network is @emph{private}, noone can access it from the
of VPN, the type tinc was made for. outside. But if your computers are linked to the internet, the network
is not private anymore, unless one uses firewalls to block all private
traffic. But then, there is no way to send private data to trusted
computers on the other end of the internet.
@cindex virtual
This problem can be solved by using @emph{virtual} networks. Virtual
networks can live on top of other networks, but do not interfere with
each other. Mostly, virtual networks appear like a singe LAN, even though
they can span the entire world. But virtual networks can't be secured
by using firewalls, because the traffic that flows through it has to go
through the internet, where other people can look at it.
When one introduces encryption, we can form a true VPN. Other people may
see encrypted traffic, but if they don't know how to decipher it (they
need to know the key for that), they cannot read the information that flows
through the VPN. This is what tinc was made for.
@cindex virtual @cindex virtual
tinc uses normal IP datagrams to encapsulate data that goes over the VPN tinc uses normal IP datagrams to encapsulate data that goes over the VPN
@ -383,11 +399,6 @@ Here are all valid variables, listed in alphabetical order:
@c straight from the manpage @c straight from the manpage
@table @asis @table @asis
@item AllowConnect = (yes|no)
If set to yes, anyone may try to connect to you. If you set this to no,
no incoming connections will be accepted. This does not affect the
outgoing connections.
@item ConnectPort = port @item ConnectPort = port
Connect to the upstream host (given with the ConnectTo directive) on Connect to the upstream host (given with the ConnectTo directive) on
port port. port may be given in decimal (default), octal (when preceded port port. port may be given in decimal (default), octal (when preceded
@ -440,6 +451,10 @@ The ethertap device to use. Note that you can only use one device per
daemon. The info pages of the tinc package contain more information daemon. The info pages of the tinc package contain more information
about configuring an ethertap device for Linux. about configuring an ethertap device for Linux.
@item VpnMask = mask
The mask that defines the scope of the entire VPN. This option is not used
by the tinc daemon itself, but can be used by startup scripts to configure
the ethertap devices correctly.
@end table @end table
@ -486,6 +501,7 @@ and in /etc/tinc/tinc.conf:
@example @example
TapDevice = /dev/tap0 TapDevice = /dev/tap0
MyVirtualIP = 10.1.54.1/16 MyVirtualIP = 10.1.54.1/16
VpnMask = 255.0.0.0
@end example @end example
@subsubheading For B @subsubheading For B
@ -502,7 +518,7 @@ and in /etc/tinc/tinc.conf:
TapDevice = /dev/tap0 TapDevice = /dev/tap0
MyVirtualIP = 10.2.1.12/16 MyVirtualIP = 10.2.1.12/16
ConnectTo = 1.2.3.4 ConnectTo = 1.2.3.4
AllowConnect = no VpnMask = 255.0.0.0
@end example @end example
Note here that the internal address (on eth0) doesn't have to be the Note here that the internal address (on eth0) doesn't have to be the
@ -523,6 +539,7 @@ and in /etc/tinc/A/tinc.conf:
MyVirtualIP = 10.3.69.254/16 MyVirtualIP = 10.3.69.254/16
ConnectTo = 1.2.3.4 ConnectTo = 1.2.3.4
ListenPort = 2000 ListenPort = 2000
VpnMask = 255.0.0.0
@end example @end example
C already has another daemon that runs on port 655, so they have to C already has another daemon that runs on port 655, so they have to
@ -543,7 +560,7 @@ and in /etc/tinc/tinc.conf:
MyVirtualIP = 10.4.3.32/16 MyVirtualIP = 10.4.3.32/16
ConnectTo = 3.4.5.6 ConnectTo = 3.4.5.6
ConnectPort = 2000 ConnectPort = 2000
AllowConnect = no VpnMask=255.0.0.0
@end example @end example
D will be connecting to C, which has a tincd running for this network on D will be connecting to C, which has a tincd running for this network on
@ -745,7 +762,7 @@ and it writes the decrypted information to its own ethertap device.
@node The Meta-connection, , Protocol Preview, The Connection @node The Meta-connection, , Protocol Preview, The Connection
@subsection The meta-connection @subsection The meta-connection
Having only a UDP connection available is not enough. Though suitable Having only an UDP connection available is not enough. Though suitable
for transmitting data, we want to be able to reliably send other for transmitting data, we want to be able to reliably send other
information, such as routing and encryption information to somebody. information, such as routing and encryption information to somebody.