Update documentation.
- TCPOnly is not experimental. - Do not mention old Linux kernels and Ethertap anymore. - Document the DeviceType, PMTU and PMTUDiscovery options.
This commit is contained in:
		
							parent
							
								
									0e4d419aae
								
							
						
					
					
						commit
						e8f08ced76
					
				
					 1 changed files with 57 additions and 85 deletions
				
			
		
							
								
								
									
										142
									
								
								doc/tinc.texi
									
										
									
									
									
								
							
							
						
						
									
										142
									
								
								doc/tinc.texi
									
										
									
									
									
								
							|  | @ -16,7 +16,7 @@ | |||
| 
 | ||||
| This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. | ||||
| 
 | ||||
| Copyright @copyright{} 1998-2006 Ivo Timmermans, | ||||
| Copyright @copyright{} 1998-2008 Ivo Timmermans, | ||||
| Guus Sliepen <guus@@tinc-vpn.org> and | ||||
| Wessel Dankers <wsl@@tinc-vpn.org>. | ||||
| 
 | ||||
|  | @ -225,8 +225,7 @@ support tinc. | |||
| @section Configuring the kernel | ||||
| 
 | ||||
| @menu | ||||
| * Configuration of Linux kernels 2.1.60 up to 2.4.0:: | ||||
| * Configuration of Linux kernels 2.4.0 and higher:: | ||||
| * Configuration of Linux kernels:: | ||||
| * Configuration of FreeBSD kernels:: | ||||
| * Configuration of OpenBSD kernels:: | ||||
| * Configuration of NetBSD kernels:: | ||||
|  | @ -237,51 +236,11 @@ support tinc. | |||
| 
 | ||||
| 
 | ||||
| @c ================================================================== | ||||
| @node       Configuration of Linux kernels 2.1.60 up to 2.4.0 | ||||
| @subsection Configuration of Linux kernels 2.1.60 up to 2.4.0 | ||||
| 
 | ||||
| @cindex ethertap | ||||
| For kernels up to 2.4.0, you need a kernel that supports the ethertap device. | ||||
| Most distributions come with kernels that already support this. | ||||
| If not, here are the options you have to turn on when configuring a new kernel: | ||||
| 
 | ||||
| @example | ||||
| Code maturity level options | ||||
| [*] Prompt for development and/or incomplete code/drivers | ||||
| Networking options | ||||
| [*] Kernel/User netlink socket | ||||
| <M> Netlink device emulation | ||||
| Network device support | ||||
| <M> Ethertap network tap | ||||
| @end example | ||||
| 
 | ||||
| If you want to run more than one instance of tinc or other programs that use | ||||
| the ethertap, you have to compile the ethertap driver as a module, otherwise | ||||
| you can also choose to compile it directly into the kernel. | ||||
| 
 | ||||
| If you decide to build any of these as dynamic kernel modules, it's a good idea | ||||
| to add these lines to @file{/etc/modules.conf}: | ||||
| 
 | ||||
| @example | ||||
| alias char-major-36 netlink_dev | ||||
| alias tap0 ethertap | ||||
| options tap0 -o tap0 unit=0 | ||||
| alias tap1 ethertap | ||||
| options tap1 -o tap1 unit=1 | ||||
| ... | ||||
| alias tap@emph{N} ethertap | ||||
| options tap@emph{N} -o tap@emph{N} unit=@emph{N} | ||||
| @end example | ||||
| 
 | ||||
| Add as much alias/options lines as necessary. | ||||
| 
 | ||||
| 
 | ||||
| @c ================================================================== | ||||
| @node       Configuration of Linux kernels 2.4.0 and higher | ||||
| @subsection Configuration of Linux kernels 2.4.0 and higher | ||||
| @node       Configuration of Linux kernels | ||||
| @subsection Configuration of Linux kernels | ||||
| 
 | ||||
| @cindex Universal tun/tap | ||||
| For kernels 2.4.0 and higher, you need a kernel that supports the Universal tun/tap device. | ||||
| For tinc to work, you need a kernel that supports the Universal tun/tap device. | ||||
| Most distributions come with kernels that already support this. | ||||
| Here are the options you have to turn on when configuring a new kernel: | ||||
| 
 | ||||
|  | @ -295,11 +254,6 @@ Network device support | |||
| It's not necessary to compile this driver as a module, even if you are going to | ||||
| run more than one instance of tinc. | ||||
| 
 | ||||
| If you have an early 2.4 kernel, you can choose both the tun/tap driver and the | ||||
| `Ethertap network tap' device.  This latter is marked obsolete, and chances are | ||||
| that it won't even function correctly anymore.  Make sure you select the | ||||
| universal tun/tap driver. | ||||
| 
 | ||||
| If you decide to build the tun/tap driver as a kernel module, add these lines | ||||
| to @file{/etc/modules.conf}: | ||||
| 
 | ||||
|  | @ -323,9 +277,9 @@ Using tap devices is recommended. | |||
| For OpenBSD version 2.9 and higher, | ||||
| the tun driver is included in the default kernel configuration. | ||||
| There is also a kernel patch from @uref{http://diehard.n-r-g.com/stuff/openbsd/} | ||||
| which adds a tap device to OpenBSD. | ||||
| This should work with tinc. | ||||
| 
 | ||||
| which adds a tap device to OpenBSD which should work with tinc, | ||||
| but with recent versions of OpenBSD, | ||||
| a tun device can act as a tap device by setting the link0 option with ifconfig. | ||||
| 
 | ||||
| @c ================================================================== | ||||
| @node       Configuration of NetBSD kernels | ||||
|  | @ -609,40 +563,16 @@ files on your system. | |||
| @subsection Device files | ||||
| 
 | ||||
| @cindex device files | ||||
| First, you'll need the special device file(s) that form the interface | ||||
| between the kernel and the daemon. | ||||
| Most operating systems nowadays come with the necessary device files by default, | ||||
| or they have a mechanism to create them on demand. | ||||
| 
 | ||||
| The permissions for these files have to be such that only the super user | ||||
| may read/write to this file.  You'd want this, because otherwise | ||||
| eavesdropping would become a bit too easy.  This does, however, imply | ||||
| that you'd have to run tincd as root. | ||||
| 
 | ||||
| If you use Linux and have a kernel version prior to 2.4.0, you have to make the | ||||
| ethertap devices: | ||||
| If you use Linux and do not have udev installed, | ||||
| you may need to create the following device file if it does not exist: | ||||
| 
 | ||||
| @example | ||||
| mknod -m 600 /dev/tap0 c 36 16 | ||||
| mknod -m 600 /dev/tap1 c 36 17 | ||||
| ... | ||||
| mknod -m 600 /dev/tap@emph{N} c 36 @emph{N+16} | ||||
| mknod -m 600 /dev/net/tun c 10 200 | ||||
| @end example | ||||
| 
 | ||||
| There is a maximum of 16 ethertap devices. | ||||
| 
 | ||||
| If you use the universal tun/tap driver, you have to create the | ||||
| following device file (unless it already exist): | ||||
| 
 | ||||
| @example | ||||
| mknod -m 600 /dev/tun c 10 200 | ||||
| @end example | ||||
| 
 | ||||
| If you use Linux, and you run the new 2.4 kernel using the devfs filesystem, | ||||
| then the tun/tap device will probably be automatically generated as | ||||
| @file{/dev/net/tun}. | ||||
| 
 | ||||
| Unlike the ethertap device, you do not need multiple device files if | ||||
| you are planning to run multiple tinc daemons. | ||||
| 
 | ||||
| 
 | ||||
| @c ================================================================== | ||||
| @node       Other files | ||||
|  | @ -862,6 +792,38 @@ Under Windows, use @var{Interface} instead of @var{Device}. | |||
| Note that you can only use one device per daemon. | ||||
| See also @ref{Device files}. | ||||
| 
 | ||||
| @cindex DeviceType | ||||
| @item DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms) | ||||
| The type of the virtual network device. | ||||
| Tinc will normally automatically select the right type, and this option should not be used. | ||||
| However, in case tinc does not seem to correctly interpret packets received from the virtual network device, | ||||
| using this option might help. | ||||
| 
 | ||||
| @table @asis | ||||
| @item tun | ||||
| Set type to tun. | ||||
| Depending on the platform, this can either be with or without an address family header (see below). | ||||
| 
 | ||||
| @cindex tunnohead | ||||
| @item tunnohead | ||||
| Set type to tun without an address family header. | ||||
| Tinc will expect packets read from the virtual network device to start with an IP header. | ||||
| On some platforms IPv6 packets cannot be read from or written to the device in this mode. | ||||
| 
 | ||||
| @cindex tunifhead | ||||
| @item tunifhead | ||||
| Set type to tun with an address family header. | ||||
| Tinc will expect packets read from the virtual network device | ||||
| to start with a four byte header containing the address family, | ||||
| followed by an IP header. | ||||
| This mode should support both IPv4 and IPv6 packets. | ||||
| 
 | ||||
| @item tap | ||||
| Set type to tap. | ||||
| Tinc will expect packets read from the virtual network device | ||||
| to start with an Ethernet header. | ||||
| @end table | ||||
| 
 | ||||
| @cindex GraphDumpFile | ||||
| @item GraphDumpFile = <@var{filename}> [experimental] | ||||
| If this option is present, | ||||
|  | @ -932,7 +894,8 @@ This only has effect when Mode is set to "switch". | |||
| 
 | ||||
| @cindex Name | ||||
| @item Name = <@var{name}> [required] | ||||
| This is a symbolic name for this connection.  It can be anything | ||||
| This is a symbolic name for this connection. | ||||
| The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _). | ||||
| 
 | ||||
| @cindex PingInterval | ||||
| @item PingInterval = <@var{seconds}> (60) | ||||
|  | @ -1019,6 +982,15 @@ The length of the message authentication code used to authenticate UDP packets. | |||
| Can be anything from 0 | ||||
| up to the length of the digest produced by the digest algorithm. | ||||
| 
 | ||||
| @cindex PMTU | ||||
| @item PMTU = <@var{mtu}> (1514) | ||||
| This option controls the initial path MTU to this node. | ||||
| 
 | ||||
| @cindex PMTUDiscovery | ||||
| @item PMTUDiscovery = <yes|no> (yes) | ||||
| When this option is enabled, tinc will try to discover the path MTU to this node. | ||||
| After the path MTU has been discovered, it will be enforced on the VPN. | ||||
| 
 | ||||
| @cindex Port | ||||
| @item Port = <@var{port}> (655) | ||||
| This is the port this tinc daemon listens on. | ||||
|  | @ -1068,7 +1040,7 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes | |||
| @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} | ||||
| 
 | ||||
| @cindex TCPonly | ||||
| @item TCPonly = <yes|no> (no) [experimental] | ||||
| @item TCPonly = <yes|no> (no) | ||||
| If this variable is set to yes, then the packets are tunnelled over a | ||||
| TCP connection instead of a UDP connection.  This is especially useful | ||||
| for those who want to run a tinc daemon from behind a masquerading | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue