j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Small updates to the documentation.

Browse source 
Mention that TCPOnly is not necessary anymore since tinc will autodetect
whether it can send via UDP or not. Also mention the WEIGHT environment
variable and the new default value (2048 bits) of RSA keys.
This commit is contained in:
Guus Sliepen 2009-10-11 15:46:52 +02:00
parent 2c30af6c90
commit 927064e5fd
3 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
doc/tinc.conf.5.in
View file

@ -427,13 +427,17 @@ higher priority. Packets will be sent to the node with the highest priority,
unless that node is not reachable, in which case the node with the next highest unless that node is not reachable, in which case the node with the next highest
priority will be tried, and so on. priority will be tried, and so on.
.It Va TCPOnly Li = yes | no Pq no .It Va TCPOnly Li = yes | no Pq no Bq obsolete
If this variable is set to yes, If this variable is set to yes,
then the packets are tunnelled over the TCP connection instead of a UDP connection. then the packets are tunnelled over the TCP connection instead of a UDP connection.
This is especially useful for those who want to run a tinc daemon This is especially useful for those who want to run a tinc daemon
from behind a masquerading firewall, from behind a masquerading firewall,
or if UDP packet routing is disabled somehow. or if UDP packet routing is disabled somehow.
Setting this options also implicitly sets IndirectData. Setting this options also implicitly sets IndirectData.
.Pp
Since version 1.0.10, tinc will automatically detect whether communication via
UDP is possible or not.
.El .El
.Sh SCRIPTS .Sh SCRIPTS
@ -517,6 +521,10 @@ When a host becomes (un)reachable, this is set to the port number it uses for co
When a subnet becomes (un)reachable, this is set to the subnet. When a subnet becomes (un)reachable, this is set to the subnet.
.El .El
.It Ev WEIGHT
When a subnet becomes (un)reachable, this is set to the subnet weight.
.El
.Sh FILES .Sh FILES
The most important files are: The most important files are:
.Bl -tag -width indent .Bl -tag -width indent

16
doc/tinc.texi
View file

@ -1038,6 +1038,7 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes
/22. This conforms to standard CIDR notation as described in /22. This conforms to standard CIDR notation as described in
@uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519}
@cindex Subnet weight
A Subnet can be given a weight to indicate its priority over identical Subnets A Subnet can be given a weight to indicate its priority over identical Subnets
owned by different nodes. The default weight is 10. Lower values indicate owned by different nodes. The default weight is 10. Lower values indicate
higher priority. Packets will be sent to the node with the highest priority, higher priority. Packets will be sent to the node with the highest priority,
@ -1045,12 +1046,15 @@ unless that node is not reachable, in which case the node with the next highest
priority will be tried, and so on. priority will be tried, and so on.
@cindex TCPonly @cindex TCPonly
@item TCPonly = <yes|no> (no) @item TCPonly = <yes|no> (no) [deprecated]
If this variable is set to yes, then the packets are tunnelled over a If this variable is set to yes, then the packets are tunnelled over a
TCP connection instead of a UDP connection. This is especially useful TCP connection instead of a UDP connection. This is especially useful
for those who want to run a tinc daemon from behind a masquerading for those who want to run a tinc daemon from behind a masquerading
firewall, or if UDP packet routing is disabled somehow. firewall, or if UDP packet routing is disabled somehow.
Setting this options also implicitly sets IndirectData. Setting this options also implicitly sets IndirectData.
Since version 1.0.10, tinc will automatically detect whether communication via
UDP is possible or not.
@end table @end table
@ -1139,6 +1143,10 @@ this is set to the port number it uses for communication with other tinc daemons
@item SUBNET @item SUBNET
When a subnet becomes (un)reachable, this is set to the subnet. When a subnet becomes (un)reachable, this is set to the subnet.
@cindex WEIGHT
@item SUBNET
When a subnet becomes (un)reachable, this is set to the subnet weight.
@end table @end table
@ -1491,7 +1499,7 @@ Use configuration for net @var{netname}. @xref{Multiple networks}.
@item -K, --generate-keys[=@var{bits}] @item -K, --generate-keys[=@var{bits}]
Generate public/private keypair of @var{bits} length. If @var{bits} is not specified, Generate public/private keypair of @var{bits} length. If @var{bits} is not specified,
1024 is the default. tinc will ask where you want to store the files, 2048 is the default. tinc will ask where you want to store the files,
but will default to the configuration directory (you can use the -c or -n option but will default to the configuration directory (you can use the -c or -n option
in combination with -K). After that, tinc will quit. in combination with -K). After that, tinc will quit.
@ -1633,7 +1641,7 @@ Do you have a firewall or a NAT device (a masquerading firewall or perhaps an AD
If so, check that it allows TCP and UDP traffic on port 655. If so, check that it allows TCP and UDP traffic on port 655.
If it masquerades and the host running tinc is behind it, make sure that it forwards TCP and UDP traffic to port 655 to the host running tinc. If it masquerades and the host running tinc is behind it, make sure that it forwards TCP and UDP traffic to port 655 to the host running tinc.
You can add @samp{TCPOnly = yes} to your host config file to force tinc to only use a single TCP connection, You can add @samp{TCPOnly = yes} to your host config file to force tinc to only use a single TCP connection,
this works through most firewalls and NATs. this works through most firewalls and NATs. Since version 1.0.10, tinc will automatically fall back to TCP if direct communication via UDP is not possible.
@end itemize @end itemize
@ -1732,8 +1740,6 @@ or if that is not the case, try changing the prefix length into /32.
@itemize @itemize
@item If you see this only sporadically, it is harmless and caused by a node sending packets using an old key. @item If you see this only sporadically, it is harmless and caused by a node sending packets using an old key.
@item If you see this often and another node is not reachable anymore, then a NAT (masquerading firewall) is changing the source address of UDP packets.
You can add @samp{TCPOnly = yes} to host configuration files to force all VPN traffic to go over a TCP connection.
@end itemize @end itemize
@item Got bad/bogus/unauthorized REQUEST from foo (1.2.3.4 port 12345) @item Got bad/bogus/unauthorized REQUEST from foo (1.2.3.4 port 12345)

2
doc/tincd.8.in
View file

@ -68,7 +68,7 @@ Connect to net
Generate public/private RSA keypair and exit. Generate public/private RSA keypair and exit.
If If
.Ar BITS .Ar BITS
is omitted, the default length will be 1024 bits. is omitted, the default length will be 2048 bits.
When saving keys to existing files, tinc will not delete the old keys, When saving keys to existing files, tinc will not delete the old keys,
you have to remove them manually. you have to remove them manually.
.It Fl L, -mlock .It Fl L, -mlock