j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Wrapped text to 70 (72?) columns for easy reading

Browse source
This commit is contained in:
Ivo Timmermans 2000-11-09 20:42:16 +00:00
parent 4310b17be9
commit e65a93053c
1 changed files with 45 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

84
README
View file

@ -1,60 +1,66 @@
This is the README file for tinc version 1.0pre3. Installation instructions may This is the README file for tinc version 1.0pre3. Installation
be found in the INSTALL file. instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>, tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans
Guus Sliepen <guus@sliepen.warande.net> and others. For a complete list of <itimmermans@bigfoot.com>, Guus Sliepen <guus@sliepen.warande.net> and
authors see the AUTHORS file. others. For a complete list of authors see the AUTHORS file.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify
the terms of the GNU General Public License as published by the Free Software it under the terms of the GNU General Public License as published by
Foundation; either version 2 of the License, or (at your option) any later the Free Software Foundation; either version 2 of the License, or (at
version. See the file COPYING for more details. your option) any later version. See the file COPYING for more details.
Security statement Security statement
------------------ ------------------
In august 2000, we discovered the existence of a security hole in all versions In august 2000, we discovered the existence of a security hole in all
of tinc up to and including 1.0pre2. This had to do with the way we exchanged versions of tinc up to and including 1.0pre2. This had to do with the
keys. Since then, we have been working on a new authentication scheme to make way we exchanged keys. Since then, we have been working on a new
tinc as secure as possible. The current version uses the OpenSSL library and authentication scheme to make tinc as secure as possible. The current
does authentication in much the same way as the SSH protocol does. version uses the OpenSSL library and does authentication in much the
same way as the SSH protocol does.
Cryptography is a hard thing to get right. We cannot make any
guarantees. Time, review and feedback are the only things that can
prove the security of any cryptographic product. If you wish to review
tinc or give us feedback, you are stronly encouraged to do so.
Cryptography is a hard thing to get right. We cannot make any guarantees. Time,
review and feedback are the only things that can prove the security of any
cryptographic product. If you wish to review tinc or give us feedback, you are
stronly encouraged to do so.
Requirements Requirements
------------ ------------
Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you
install this library first; grab it from http://www.openssl.org/. We recommend need to install this library first; grab it from
version 0.9.5 or better. If this library is not installed on you system, http://www.openssl.org/. We recommend version 0.9.5 or better. If
configure will fail. The manual in doc/tinc.texi contains more detailed this library is not installed on you system, configure will fail. The
information on how to install this library. manual in doc/tinc.texi contains more detailed information on how to
install this library.
Features Features
-------- --------
This version of tinc supports multiple virtual networks at once. To use this This version of tinc supports multiple virtual networks at once. To
feature, you may supply a netname via the -n or --net options. The standard use this feature, you may supply a netname via the -n or --net
locations for the config files will then be /etc/tinc/<net>/. Because of this options. The standard locations for the config files will then be
feature, tinc will send packets directly to their destinations, instead of to /etc/tinc/<net>/. Because of this feature, tinc will send packets
the uplink. If this behaviour is undesirable (for instance because of firewalls directly to their destinations, instead of to the uplink. If this
or other restrictions), please use an older version of tinc (I would recommend behaviour is undesirable (for instance because of firewalls or other
restrictions), please use an older version of tinc (I would recommend
tinc-0.2.19). tinc-0.2.19).
In order to force the kernel to accept received packets, the destination MAC In order to force the kernel to accept received packets, the
address will be set to FE:FD:00:00:00:00 upon reception. The MAC address of the destination MAC address will be set to FE:FD:00:00:00:00 upon
ethertap or tun/tap interface must also be set to this address. See the manual reception. The MAC address of the ethertap or tun/tap interface must
for more detailed information. also be set to this address. See the manual for more detailed
information.
tincd regenerates its encryption key pairs. It does this on the first activity tincd regenerates its encryption key pairs. It does this on the first
after the keys have expired. This period is adjustable in the configuration activity after the keys have expired. This period is adjustable in the
file, and the default time is 3600 seconds (one hour). configuration file, and the default time is 3600 seconds (one hour).
This version supports multiple subnets at once. They are also sorted on subnet This version supports multiple subnets at once. They are also sorted
mask size. This means that it is possible to have overlapping subnets on the on subnet mask size. This means that it is possible to have
VPN, as long as their subnet mask sizes differ. overlapping subnets on the VPN, as long as their subnet mask sizes
differ.