j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Make text files Markdown-compatible.

Browse source
This commit is contained in:
Guus Sliepen 2016-04-13 15:34:16 +02:00
parent 7f749c7e75
commit fd3800324f
6 changed files with 590 additions and 784 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
COPYING.README
View file

@ -1,19 +1,17 @@
The following applies to tinc: The following applies to tinc:
This program is released under the GPL with the additional exemption that > This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed. You may provide binary > compiling, linking, and/or using OpenSSL is allowed. You may provide binary
packages linked to the OpenSSL libraries, provided that all other requirements > packages linked to the OpenSSL libraries, provided that all other requirements
of the GPL are met. > of the GPL are met.
The following applies to the LZO library: The following applies to the LZO library:
Hereby I grant a special exception to the tinc VPN project > Hereby I grant a special exception to the tinc VPN project
(http://tinc.nl.linux.org/) to link the LZO library with the OpenSSL library > (https://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
(http://www.openssl.org). > (https://openssl.org).
>
Markus F.X.J. Oberhumer > Markus F.X.J. Oberhumer
When tinc is compiled with the --enable-tunemu option, the resulting binary When tinc is compiled with the --enable-tunemu option, the resulting binary
falls under the GPL version 3 or later. falls under the GPL version 3 or later.

333
NEWS
View file

@ -1,179 +1,125 @@
Version 1.1pre11 December 27 2014 # Version 1.1pre11 December 27 2014
* Added a "network" command to list or switch networks. * Added a "network" command to list or switch networks.
* Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol.
* AutoConnect is now a boolean option, when enabled tinc always tries to keep * AutoConnect is now a boolean option, when enabled tinc always tries to keep
at least three meta-connections open. at least three meta-connections open.
* The new protocol now uses UDP much more often. * The new protocol now uses UDP much more often.
* Tinc "del" and "get" commands now return a non-zero exit code when they * Tinc "del" and "get" commands now return a non-zero exit code when they
don't find the requested variable. don't find the requested variable.
* Updated documentation. * Updated documentation.
* Added a "DeviceStandby" option to defer running tinc-up until a working * Added a "DeviceStandby" option to defer running tinc-up until a working
connection is made, and which on Windows will also change the network connection is made, and which on Windows will also change the network
interface link status accordingly. interface link status accordingly.
* Tinc now tells the resolver to reload /etc/resolv.conf when it receives * Tinc now tells the resolver to reload /etc/resolv.conf when it receives
SIGALRM. SIGALRM.
* Improved error messages and event loop handling on Windows. * Improved error messages and event loop handling on Windows.
* LocalDiscovery now uses local address learned from other nodes, and is * LocalDiscovery now uses local address learned from other nodes, and is
enabled by default. enabled by default.
* Added a "BroadcastSubnet" option to change the behavior of broadcast packets * Added a "BroadcastSubnet" option to change the behavior of broadcast packets
in router mode. in router mode.
* Added support for dotted quad notation in IPv6 (e.g. ::1.2.3.4). * Added support for dotted quad notation in IPv6 (e.g. ::1.2.3.4).
* Improved format of printed Subnets, MAC and IPv6 addresses. * Improved format of printed Subnets, MAC and IPv6 addresses.
* Added a "--batch" option to force the tinc CLI to run in non-interactive * Added a "--batch" option to force the tinc CLI to run in non-interactive
mode. mode.
* Improve default Device selection on *BSD and Mac OS X. * Improve default Device selection on *BSD and Mac OS X.
* Allow running tinc without RSA keys. * Allow running tinc without RSA keys.
Thanks to Etienne Dechamps, Sven-Haegar Koch, William A. Kennington III, Thanks to Etienne Dechamps, Sven-Haegar Koch, William A. Kennington III,
Baptiste Jonglez, Alexis Hildebrandt, Armin Fisslthaler, Franz Pletz, Alexander Baptiste Jonglez, Alexis Hildebrandt, Armin Fisslthaler, Franz Pletz, Alexander
Ried and Saverio Proto for their contributions to this version of tinc. Ried and Saverio Proto for their contributions to this version of tinc.
Version 1.1pre10 February 7 2014 # Version 1.1pre10 February 7 2014
* Added a benchmark tool (sptps_speed) for the new protocol. * Added a benchmark tool (sptps_speed) for the new protocol.
* Fixed a crash when using Name = $HOST while $HOST is not set. * Fixed a crash when using Name = $HOST while $HOST is not set.
* Use AES-256-GCM for the new protocol. * Use AES-256-GCM for the new protocol.
* Updated support for Solaris. * Updated support for Solaris.
* Allow running tincd without a private ECDSA key present when * Allow running tincd without a private ECDSA key present when
ExperimentalProtocol is not explicitly set. ExperimentalProtocol is not explicitly set.
* Enable various compiler hardening flags by default. * Enable various compiler hardening flags by default.
* Added support for a "conf.d" configuration directory. * Added support for a "conf.d" configuration directory.
* Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when * Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when
tinc-gui is run in a 64-bits Python environment. tinc-gui is run in a 64-bits Python environment.
* Added a "ListenAddress" option, which like BindToAddress adds more listening * Added a "ListenAddress" option, which like BindToAddress adds more listening
address/ports, but doesn't bind to them for outgoing sockets. address/ports, but doesn't bind to them for outgoing sockets.
* Make invitations work better when the "invite" and "join" commands are not * Make invitations work better when the "invite" and "join" commands are not
run interactively. run interactively.
* When creating meta-connections to a node for which no Address statement is * When creating meta-connections to a node for which no Address statement is
specified, try to use addresses learned from other nodes. specified, try to use addresses learned from other nodes.
Thanks to Dennis Joachimsthaler and Florent Clairambault for their contribution Thanks to Dennis Joachimsthaler and Florent Clairambault for their contribution
to this version of tinc. to this version of tinc.
Version 1.1pre9 September 8 2013 # Version 1.1pre9 September 8 2013
* The UNIX socket is now created before tinc-up is called. * The UNIX socket is now created before tinc-up is called.
* Windows users can now use any extension that is in %PATHEXT% for scripts, * Windows users can now use any extension that is in %PATHEXT% for scripts,
not only .bat. not only .bat.
* Outgoing sockets are bound to the address of the listening sockets again, * Outgoing sockets are bound to the address of the listening sockets again,
when there is no ambiguity. when there is no ambiguity.
* Added invitation-created and invitation-accepted scripts. * Added invitation-created and invitation-accepted scripts.
* Invited nodes now learn of the Mode and Broadcast settings of the VPN. * Invited nodes now learn of the Mode and Broadcast settings of the VPN.
* Joining a VPN with an invitation now also works on Windows. * Joining a VPN with an invitation now also works on Windows.
* The port number tincd is listening on is now always included in the * The port number tincd is listening on is now always included in the
invitation URL. invitation URL.
* A running tincd is now correctly informed when a new invitation has been * A running tincd is now correctly informed when a new invitation has been
generated. generated.
* Several bug fixes for the new protocol. * Several bug fixes for the new protocol.
* Added a test suite. * Added a test suite.
Thanks to Etienne Dechamps for his contribution to this version of tinc. Thanks to Etienne Dechamps for his contribution to this version of tinc.
Version 1.1pre8 August 13 2013 # Version 1.1pre8 August 13 2013
* ExperimentalProtocol is now enabled by default. * ExperimentalProtocol is now enabled by default.
* Added an invitation protocol that makes it easy to invite new nodes. * Added an invitation protocol that makes it easy to invite new nodes.
* Added the LocalDiscoveryAddress option to change the broadcast address used * Added the LocalDiscoveryAddress option to change the broadcast address used
to find local nodes. to find local nodes.
* Limit the rate of incoming meta-connections. * Limit the rate of incoming meta-connections.
* Many small bug fixes and code cleanups. * Many small bug fixes and code cleanups.
Thanks to Etienne Dechamps and Sven-Haegar Koch for their contributions to this Thanks to Etienne Dechamps and Sven-Haegar Koch for their contributions to this
version of tinc. version of tinc.
Version 1.1pre7 April 22 2013 # Version 1.1pre7 April 22 2013
* Fixed large latencies on Windows. * Fixed large latencies on Windows.
* Renamed the tincctl tool to tinc. * Renamed the tincctl tool to tinc.
* Simplified changing the configuration using the tinc tool. * Simplified changing the configuration using the tinc tool.
* Added a full description of the ExperimentalProtocol to the manual. * Added a full description of the ExperimentalProtocol to the manual.
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428). * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Thanks to Martin Schobert for auditing tinc and reporting the vulnerability. Thanks to Martin Schobert for auditing tinc and reporting the vulnerability.
Version 1.1pre6 February 20 2013 # Version 1.1pre6 February 20 2013
* Fixed tincd exitting immediately on Windows. * Fixed tincd exitting immediately on Windows.
* Detect PMTU increases. * Detect PMTU increases.
* Fixed crashes when using a SOCKS5 proxy. * Fixed crashes when using a SOCKS5 proxy.
* Fixed control connection when using a proxy. * Fixed control connection when using a proxy.
Version 1.1pre5 January 20 2013 # Version 1.1pre5 January 20 2013
* Fixed long delays and possible hangs on Windows. * Fixed long delays and possible hangs on Windows.
* Fixed support for the tunemu device on iOS, the UML and VDE devices. * Fixed support for the tunemu device on iOS, the UML and VDE devices.
* Small improvements to the documentation and error messages. * Small improvements to the documentation and error messages.
* Fixed broadcast packets not reaching the whole VPN. * Fixed broadcast packets not reaching the whole VPN.
* Tincctl now connects via a UNIX socket to the tincd on platforms that * Tincctl now connects via a UNIX socket to the tincd on platforms that
support this. support this.
* The PriorityInheritance option now also works in switch mode. * The PriorityInheritance option now also works in switch mode.
Version 1.1pre4 December 5 2012 # Version 1.1pre4 December 5 2012
* Added the "AutoConnect" option which will let tinc automatically select * Added the "AutoConnect" option which will let tinc automatically select
which nodes to connect to. which nodes to connect to.
* Improved performance of VLAN-tagged IP traffic inside the VPN. * Improved performance of VLAN-tagged IP traffic inside the VPN.
* Ensured LocalDiscovery works with multiple BindToAddress statements and/or * Ensured LocalDiscovery works with multiple BindToAddress statements and/or
IPv6-only LANs. IPv6-only LANs.
* Dropped dependency on libevent. * Dropped dependency on libevent.
* Fixed Windows version not reading packets from the TAP adapter. * Fixed Windows version not reading packets from the TAP adapter.
Version 1.1pre3 October 14 2012 # Version 1.1pre3 October 14 2012
* New experimental protocol: * New experimental protocol:
* Uses 521 bit ECDSA keys for authentication. * Uses 521 bit ECDSA keys for authentication.
@ -181,7 +127,6 @@ Version 1.1pre3 October 14 2012
* Always provides perfect forward secrecy. * Always provides perfect forward secrecy.
* Used for both meta-connections and VPN packets. * Used for both meta-connections and VPN packets.
* VPN packets are encrypted end-to-end. * VPN packets are encrypted end-to-end.
* Many improvements to tincctl: * Many improvements to tincctl:
* "config" command shows/adds/changes configuration variables. * "config" command shows/adds/changes configuration variables.
* "export" and "import" commands help exchange configuration files. * "export" and "import" commands help exchange configuration files.
@ -191,16 +136,13 @@ Version 1.1pre3 October 14 2012
* Without a command it acts as a shell, with history and TAB completion. * Without a command it acts as a shell, with history and TAB completion.
* Improved starting/stopping tincd. * Improved starting/stopping tincd.
* Improved graph output. * Improved graph output.
* When trying to directly send UDP packets to a node for which multiple * When trying to directly send UDP packets to a node for which multiple
addresses are known, all of them are tried. addresses are known, all of them are tried.
* Many small fixes, code cleanups and documentation updates. * Many small fixes, code cleanups and documentation updates.
Version 1.1pre2 July 17 2011 # Version 1.1pre2 July 17 2011
* .cookie files are renamed to .pid files, which are compatible with 1.0.x. * .cookie files are renamed to .pid files, which are compatible with 1.0.x.
* Experimental protocol enhancements that can be enabled with the option * Experimental protocol enhancements that can be enabled with the option
ExperimentalProtocol = yes: ExperimentalProtocol = yes:
@ -210,441 +152,328 @@ Version 1.1pre2 July 17 2011
* ECDSA public keys are automatically exchanged after RSA authentication if * ECDSA public keys are automatically exchanged after RSA authentication if
nodes do not know each other's ECDSA public key yet. nodes do not know each other's ECDSA public key yet.
Version 1.1pre1 June 25 2011 # Version 1.1pre1 June 25 2011
* Control interface allows control of a running tinc daemon. Used by: * Control interface allows control of a running tinc daemon. Used by:
* tincctl, a commandline utility * tincctl, a commandline utility
* tinc-gui, a preliminary GUI implemented in Python/wxWidgets * tinc-gui, a preliminary GUI implemented in Python/wxWidgets
* Code cleanups and reorganization. * Code cleanups and reorganization.
* Repleacable cryptography backend, currently supports OpenSSL and libgcrypt. * Repleacable cryptography backend, currently supports OpenSSL and libgcrypt.
* Use libevent to handle I/O events and timeouts. * Use libevent to handle I/O events and timeouts.
* Use splay trees instead of AVL trees to manage internal datastructures. * Use splay trees instead of AVL trees to manage internal datastructures.
Thanks to Scott Lamb and Sven-Haegar Koch for their contributions to this Thanks to Scott Lamb and Sven-Haegar Koch for their contributions to this
version of tinc. version of tinc.
Version 1.0.22 August 13 2013 # Version 1.0.22 August 13 2013
* Fixed the combination of Mode = router and DeviceType = tap. * Fixed the combination of Mode = router and DeviceType = tap.
* The $NAME variable is now set in subnet-up/down scripts. * The $NAME variable is now set in subnet-up/down scripts.
* Tinc now gives an error when unknown options are given on the command line. * Tinc now gives an error when unknown options are given on the command line.
* Tinc now correctly handles a space between a short command line option and * Tinc now correctly handles a space between a short command line option and
an optional argument. an optional argument.
Thanks to Etienne Dechamps for his contribution to this version of tinc. Thanks to Etienne Dechamps for his contribution to this version of tinc.
Version 1.0.21 April 22 2013 # Version 1.0.21 April 22 2013
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428). * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Thanks to Martin Schobert for auditing tinc and reporting this vulnerability. Thanks to Martin Schobert for auditing tinc and reporting this vulnerability.
Version 1.0.20 March 03 2013 # Version 1.0.20 March 03 2013
* Use /dev/tap0 by default on FreeBSD and NetBSD when using switch mode. * Use /dev/tap0 by default on FreeBSD and NetBSD when using switch mode.
* Minor improvements and clarifications in the documentation. * Minor improvements and clarifications in the documentation.
* Allow tinc to be cross-compiled with Android's NDK. * Allow tinc to be cross-compiled with Android's NDK.
* The discovered PMTU is now also applied to VLAN tagged traffic. * The discovered PMTU is now also applied to VLAN tagged traffic.
* The LocalDiscovery option now makes use of all addresses tinc is bound to. * The LocalDiscovery option now makes use of all addresses tinc is bound to.
* Fixed support for tunemu on iOS devices. * Fixed support for tunemu on iOS devices.
* The PriorityInheritance option now also works with switch mode. * The PriorityInheritance option now also works with switch mode.
* Fixed tinc crashing when using a SOCKS5 proxy. * Fixed tinc crashing when using a SOCKS5 proxy.
Thanks to Mesar Hameed, Vilbrekin and Martin Schürrer for their contributions Thanks to Mesar Hameed, Vilbrekin and Martin Schürrer for their contributions
to this version of tinc. to this version of tinc.
Version 1.0.19 June 25 2012 # Version 1.0.19 June 25 2012
* Allow :: notation in IPv6 Subnets. * Allow :: notation in IPv6 Subnets.
* Add support for systemd style socket activation. * Add support for systemd style socket activation.
* Allow environment variables to be used for the Name option. * Allow environment variables to be used for the Name option.
* Add basic support for SOCKS proxies, HTTP proxies, and proxying through an * Add basic support for SOCKS proxies, HTTP proxies, and proxying through an
external command. external command.
Version 1.0.18 March 25 2012 # Version 1.0.18 March 25 2012
* Fixed IPv6 in switch mode by turning off DecrementTTL by default. * Fixed IPv6 in switch mode by turning off DecrementTTL by default.
* Allow a port number to be specified in BindToAddress, which also allows tinc * Allow a port number to be specified in BindToAddress, which also allows tinc
to listen on multiple ports. to listen on multiple ports.
* Add support for multicast communication with UML/QEMU/KVM. * Add support for multicast communication with UML/QEMU/KVM.
Version 1.0.17 March 10 2012 # Version 1.0.17 March 10 2012
* The DeviceType option can now be used to select dummy, raw socket, UML and * The DeviceType option can now be used to select dummy, raw socket, UML and
VDE devices without needing to recompile tinc. VDE devices without needing to recompile tinc.
* Allow multiple BindToAddress statements. * Allow multiple BindToAddress statements.
* Decrement TTL value of IPv4 and IPv6 packets. * Decrement TTL value of IPv4 and IPv6 packets.
* Add LocalDiscovery option allowing tinc to detect peers that are behind the * Add LocalDiscovery option allowing tinc to detect peers that are behind the
same NAT. same NAT.
* Accept Subnets passed with the -o option when StrictSubnets = yes. * Accept Subnets passed with the -o option when StrictSubnets = yes.
* Disabling old RSA keys when generating new ones now also works properly on * Disabling old RSA keys when generating new ones now also works properly on
Windows. Windows.
Version 1.0.16 July 23 2011 # Version 1.0.16 July 23 2011
* Fixed a performance issue with TCP communication under Windows. * Fixed a performance issue with TCP communication under Windows.
* Fixed code that, during network outages, would cause tinc to exit when it * Fixed code that, during network outages, would cause tinc to exit when it
thought two nodes with identical Names were on the VPN. thought two nodes with identical Names were on the VPN.
Version 1.0.15 June 24 2011 # Version 1.0.15 June 24 2011
* Improved logging to file. * Improved logging to file.
* Reduced amount of process wakeups on platforms which support pselect(). * Reduced amount of process wakeups on platforms which support pselect().
* Fixed ProcessPriority option under Windows. * Fixed ProcessPriority option under Windows.
Thanks to Loïc Grenié for his contribution to this version of tinc. Thanks to Loïc Grenié for his contribution to this version of tinc.
Version 1.0.14 May 8 2011 # Version 1.0.14 May 8 2011
* Fixed reading configuration files that do not end with a newline. Again. * Fixed reading configuration files that do not end with a newline. Again.
* Allow arbitrary configuration options being specified on the command line. * Allow arbitrary configuration options being specified on the command line.
* Allow all options in both tinc.conf and the local host config file. * Allow all options in both tinc.conf and the local host config file.
* Configurable replay window, UDP send and receive buffers for performance tuning. * Configurable replay window, UDP send and receive buffers for performance tuning.
* Try harder to get UDP communication back after falling back to TCP. * Try harder to get UDP communication back after falling back to TCP.
* Initial support for attaching tinc to a VDE switch. * Initial support for attaching tinc to a VDE switch.
* DragonFly BSD support. * DragonFly BSD support.
* Allow linking with OpenSSL 1.0.0. * Allow linking with OpenSSL 1.0.0.
Thanks to Brandon Black, Julien Muchembled, Michael Tokarev, Rumko and Timothy Thanks to Brandon Black, Julien Muchembled, Michael Tokarev, Rumko and Timothy
Redaelli for their contributions to this version of tinc. Redaelli for their contributions to this version of tinc.
Version 1.0.13 Apr 11 2010 # Version 1.0.13 Apr 11 2010
* Allow building tinc without LZO and/or Zlib. * Allow building tinc without LZO and/or Zlib.
* Clamp MSS of TCP packets in both directions. * Clamp MSS of TCP packets in both directions.
* Experimental StrictSubnets, Forwarding and DirectOnly options, * Experimental StrictSubnets, Forwarding and DirectOnly options,
giving more control over information and packets received from/sent to other giving more control over information and packets received from/sent to other
nodes. nodes.
* Ensure tinc never sends symbolic names for ports over the wire. * Ensure tinc never sends symbolic names for ports over the wire.
Version 1.0.12 Feb 3 2010 # Version 1.0.12 Feb 3 2010
* Really allow fast roaming of hosts to other nodes in a switched VPN. * Really allow fast roaming of hosts to other nodes in a switched VPN.
* Fixes missing or incorrect environment variables when calling host-up/down * Fixes missing or incorrect environment variables when calling host-up/down
and subnet-up/down scripts in some cases. and subnet-up/down scripts in some cases.
* Allow port to be specified in Address statements. * Allow port to be specified in Address statements.
* Clamp MSS of TCP packets to the discovered path MTU. * Clamp MSS of TCP packets to the discovered path MTU.
* Let two nodes behind NAT learn each others current UDP address and port via * Let two nodes behind NAT learn each others current UDP address and port via
a third node, potentially allowing direct communications in a similar way to a third node, potentially allowing direct communications in a similar way to
STUN. STUN.
Version 1.0.11 Nov 1 2009 # Version 1.0.11 Nov 1 2009
* Fixed potential crash when the HUP signal is sent. * Fixed potential crash when the HUP signal is sent.
* Fixes handling of weighted Subnets in switch and hub modes, preventing * Fixes handling of weighted Subnets in switch and hub modes, preventing
unnecessary broadcasts. unnecessary broadcasts.
* Works around a MinGW bug that caused packets to Windows nodes to always be * Works around a MinGW bug that caused packets to Windows nodes to always be
sent via TCP. sent via TCP.
* Improvements to the PMTU discovery code, especially on Windows. * Improvements to the PMTU discovery code, especially on Windows.
* Use UDP again in certain cases where 1.0.10 was too conservative and fell * Use UDP again in certain cases where 1.0.10 was too conservative and fell
back to TCP unnecessarily. back to TCP unnecessarily.
* Allow fast roaming of hosts to other nodes in a switched VPN. * Allow fast roaming of hosts to other nodes in a switched VPN.
Version 1.0.10 Oct 18 2009 # Version 1.0.10 Oct 18 2009
* Fixed potential crashes during shutdown and (in rare conditions) when other * Fixed potential crashes during shutdown and (in rare conditions) when other
nodes disconnected from the VPN. nodes disconnected from the VPN.
* Improved NAT handling: tinc now copes with mangled port numbers, and will * Improved NAT handling: tinc now copes with mangled port numbers, and will
automatically fall back to TCP if direct UDP connection between nodes is not automatically fall back to TCP if direct UDP connection between nodes is not
possible. The TCPOnly option should not have to be used anymore. possible. The TCPOnly option should not have to be used anymore.
* Allow configuration files with CRLF line endings to be read on UNIX. * Allow configuration files with CRLF line endings to be read on UNIX.
* Disable old RSA keys when generating new ones, and raise the default size of * Disable old RSA keys when generating new ones, and raise the default size of
new RSA keys to 2048 bits. new RSA keys to 2048 bits.
* Many fixes in the path MTU discovery code, especially when Compression is * Many fixes in the path MTU discovery code, especially when Compression is
being used. being used.
* Tinc can now drop privileges and/or chroot itself. * Tinc can now drop privileges and/or chroot itself.
* The TunnelServer code now just ignores information from clients instead of * The TunnelServer code now just ignores information from clients instead of
disconnecting them. disconnecting them.
* Improved performance on Windows by using the new ProcessPriority option and * Improved performance on Windows by using the new ProcessPriority option and
by making the handling of packets received from the TAP-Win32 adapter more by making the handling of packets received from the TAP-Win32 adapter more
efficient. efficient.
* Code cleanups: tinc now follows the C99 standard, copyright headers have * Code cleanups: tinc now follows the C99 standard, copyright headers have
been updated to include patch authors, checkpoint tracing and localisation been updated to include patch authors, checkpoint tracing and localisation
features have been removed. features have been removed.
* Support for (jailbroken) iPhone and iPod Touch has been added. * Support for (jailbroken) iPhone and iPod Touch has been added.
Thanks to Florian Forster, Grzegorz Dymarek and especially Michael Tokarev for Thanks to Florian Forster, Grzegorz Dymarek and especially Michael Tokarev for
their contributions to this version of tinc. their contributions to this version of tinc.
Version 1.0.9 Dec 26 2008 # Version 1.0.9 Dec 26 2008
* Fixed tinc as a service under Windows 2003. * Fixed tinc as a service under Windows 2003.
* Fixed reading configuration files that do not end with a newline. * Fixed reading configuration files that do not end with a newline.
* Fixed crashes in situations where hostnames could not be resolved or hosts * Fixed crashes in situations where hostnames could not be resolved or hosts
would disconnect at the same time as session keys were exchanged. would disconnect at the same time as session keys were exchanged.
* Improved default settings of tun and tap devices on BSD platforms. * Improved default settings of tun and tap devices on BSD platforms.
* Make IPv6 sockets bind only to IPv6 on Linux. * Make IPv6 sockets bind only to IPv6 on Linux.
* Enable path MTU discovery by default. * Enable path MTU discovery by default.
* Fixed a memory leak that occured when connections were closed. * Fixed a memory leak that occured when connections were closed.
Thanks to Max Rijevski for his contributions to this version of tinc. Thanks to Max Rijevski for his contributions to this version of tinc.
Version 1.0.8 May 16 2007 # Version 1.0.8 May 16 2007
* Fixed some memory and resource leaks. * Fixed some memory and resource leaks.
* Made network sockets non-blocking under Windows. * Made network sockets non-blocking under Windows.
Thanks to Scott Lamb and "dnk" for their contributions to this version of tinc. Thanks to Scott Lamb and "dnk" for their contributions to this version of tinc.
Version 1.0.7 Jan 5 2007 # Version 1.0.7 Jan 5 2007
* Fixed a bug that caused slow network speeds on Windows. * Fixed a bug that caused slow network speeds on Windows.
* Fixed a bug that caused tinc unable to write packets to the tun device on * Fixed a bug that caused tinc unable to write packets to the tun device on
OpenBSD. OpenBSD.
Version 1.0.6 Dec 18 2006 # Version 1.0.6 Dec 18 2006
* More flexible detection of the LZO libraries when compiling. * More flexible detection of the LZO libraries when compiling.
* Fixed a bug where broadcasts in switch and hub modes sometimes would not * Fixed a bug where broadcasts in switch and hub modes sometimes would not
work anymore when part of the VPN had become disconnected from the rest. work anymore when part of the VPN had become disconnected from the rest.
Version 1.0.5 Nov 14 2006 # Version 1.0.5 Nov 14 2006
* Lots of small fixes. * Lots of small fixes.
* Broadcast packets no longer grow in size with each hop. This should * Broadcast packets no longer grow in size with each hop. This should
fix switch mode (again). fix switch mode (again).
* Generic host-up and host-down scripts. * Generic host-up and host-down scripts.
* Optionally dump graph in graphviz format to a file or a script. * Optionally dump graph in graphviz format to a file or a script.
* Support LZO 2.0 and later. * Support LZO 2.0 and later.
Thanks to Scott Lamb for his contributions to this version of tinc. Thanks to Scott Lamb for his contributions to this version of tinc.
Version 1.0.4 May 4 2005 # Version 1.0.4 May 4 2005
* Fix switch and hub modes. * Fix switch and hub modes.
* Optionally start scripts when a Subnet becomes (un)reachable. * Optionally start scripts when a Subnet becomes (un)reachable.
Version 1.0.3 Nov 11 2004 # Version 1.0.3 Nov 11 2004
* Show error message when failing to write a PID file. * Show error message when failing to write a PID file.
* Ignore spaces at end of lines in config files. * Ignore spaces at end of lines in config files.
* Fix handling of late packets. * Fix handling of late packets.
* Unify BSD tun/tap device handling. This allows IPv6 on tun devices and * Unify BSD tun/tap device handling. This allows IPv6 on tun devices and
anything on tap devices as long as the underlying OS supports it. anything on tap devices as long as the underlying OS supports it.
* Handle IPv6 on Solaris tun devices. * Handle IPv6 on Solaris tun devices.
* Allow tinc to work properly under Windows XP SP2. * Allow tinc to work properly under Windows XP SP2.
* Allow VLAN tagged Ethernet frames in switch and hub mode. * Allow VLAN tagged Ethernet frames in switch and hub mode.
* Experimental PMTUDiscovery, TunnelServer and BlockingTCP options. * Experimental PMTUDiscovery, TunnelServer and BlockingTCP options.
Version 1.0.2 Nov 8 2003 # Version 1.0.2 Nov 8 2003
* Fix address and hostname resolving under Windows. * Fix address and hostname resolving under Windows.
* Remove warnings about non-existing scripts and unsupported address families. * Remove warnings about non-existing scripts and unsupported address families.
* Use the event logger under Windows. * Use the event logger under Windows.
* Fix quoting of filenames and command line arguments under Windows. * Fix quoting of filenames and command line arguments under Windows.
* Strict checks for length incoming network packets and return values of * Strict checks for length incoming network packets and return values of
cryptographic functions, cryptographic functions,
* Fix a bug in metadata handling that made the tinc daemon abort. * Fix a bug in metadata handling that made the tinc daemon abort.
Version 1.0.1 Aug 14 2003 # Version 1.0.1 Aug 14 2003
* Allow empty lines in config files. * Allow empty lines in config files.
* Fix handling of spaces and backslashes in filenames under native Windows. * Fix handling of spaces and backslashes in filenames under native Windows.
* Allow scripts to be executed under native Windows. * Allow scripts to be executed under native Windows.
* Update documentation, make it less Linux specific. * Update documentation, make it less Linux specific.
Version 1.0 Aug 4 2003 # Version 1.0 Aug 4 2003
* Lots of small bugfixes and code cleanups. * Lots of small bugfixes and code cleanups.
* Throughput doubled and latency reduced. * Throughput doubled and latency reduced.
* Added support for LZO compression. * Added support for LZO compression.
* No need to set MAC address or disable ARP anymore. * No need to set MAC address or disable ARP anymore.
* Added support for Windows 2000 and XP, both natively and in a Cygwin * Added support for Windows 2000 and XP, both natively and in a Cygwin
environment. environment.
Version 1.0pre8 Sep 16 2002 # Version 1.0pre8 Sep 16 2002
* More fixes for subnets with prefixlength undivisible by 8. * More fixes for subnets with prefixlength undivisible by 8.
* Added support for NetBSD and MacOS/X. * Added support for NetBSD and MacOS/X.
* Switched from undirected graphs to directed graphs to avoid certain race * Switched from undirected graphs to directed graphs to avoid certain race
conditions and improve scalability. conditions and improve scalability.
* Generalized broadcasting and forwarding of protocol messages. * Generalized broadcasting and forwarding of protocol messages.
* Cleanup of source code. * Cleanup of source code.
Version 1.0pre7 Apr 7 2002 # Version 1.0pre7 Apr 7 2002
* Don't do blocking read()s when getting a signal. * Don't do blocking read()s when getting a signal.
* Remove RSA key checking code, since it sometimes thinks perfectly good RSA * Remove RSA key checking code, since it sometimes thinks perfectly good RSA
keys are bad. keys are bad.
* Fix handling of subnets when prefixlength isn't divisible by 8. * Fix handling of subnets when prefixlength isn't divisible by 8.
Version 1.0pre6 Mar 27 2002 # Version 1.0pre6 Mar 27 2002
* Improvement of redundant links: * Improvement of redundant links:
* Non-blocking connects. * Non-blocking connects.
* Protocol broadcast messages can no longer go into an infinite loop. * Protocol broadcast messages can no longer go into an infinite loop.
* Graph algorithm updated to look harder for direct connections. * Graph algorithm updated to look harder for direct connections.
* Good support for routing IPv6 packets over the VPN. Works on Linux, * Good support for routing IPv6 packets over the VPN. Works on Linux,
FreeBSD, possibly OpenBSD but not on Solaris. FreeBSD, possibly OpenBSD but not on Solaris.
* Support for tunnels over IPv6 networks. Works on all supported * Support for tunnels over IPv6 networks. Works on all supported
operating systems. operating systems.
* Optional compression of UDP connections using zlib. * Optional compression of UDP connections using zlib.
* Optionally let UDP connections inherit TOS field of tunneled packets. * Optionally let UDP connections inherit TOS field of tunneled packets.
* Optionally start scripts when certain hosts become (un)reachable. * Optionally start scripts when certain hosts become (un)reachable.
Version 1.0pre5 Feb 9 2002 # Version 1.0pre5 Feb 9 2002
* Security enhancements: * Security enhancements:
* Added sequence number and optional message authentication code to * Added sequence number and optional message authentication code to
the packets. the packets.
* Configurable encryption cipher and digest algorithms. * Configurable encryption cipher and digest algorithms.
* More robust handling of dis- and reconnects. * More robust handling of dis- and reconnects.
* Added a "switch" and a "hub" mode to allow bridging setups. * Added a "switch" and a "hub" mode to allow bridging setups.
* Preliminary support for routing of IPv6 packets. * Preliminary support for routing of IPv6 packets.
* Supports Linux, FreeBSD, OpenBSD and Solaris. * Supports Linux, FreeBSD, OpenBSD and Solaris.
Version 1.0pre4 Jan 17 2001 # Version 1.0pre4 Jan 17 2001
* Updated documentation; the documentation now reflects the * Updated documentation; the documentation now reflects the
configuration as it is. configuration as it is.
* Some internal changes to make tinc scale better for large * Some internal changes to make tinc scale better for large
networks, such as using AVL trees instead of linked lists for the networks, such as using AVL trees instead of linked lists for the
connection list. connection list.
* RSA keys can be stored in separate files if needed. See the * RSA keys can be stored in separate files if needed. See the
documentation for more information. documentation for more information.
* Tinc has now been reported to run on Linux PowerPC and FreeBSD x86. * Tinc has now been reported to run on Linux PowerPC and FreeBSD x86.
Version 1.0pre3 Oct 31 2000 # Version 1.0pre3 Oct 31 2000
* The protocol has been redesigned, and although some details are * The protocol has been redesigned, and although some details are
still under discussion, this is secure. Care has been taken to still under discussion, this is secure. Care has been taken to
resist most, if not all, attacks. resist most, if not all, attacks.
* Unfortunately this protocol is not compatible with earlier versions, * Unfortunately this protocol is not compatible with earlier versions,
nor are earlier versions compatible with this version. Because the nor are earlier versions compatible with this version. Because the
older protocol has huge security flaws, we feel that not older protocol has huge security flaws, we feel that not
implementing backwards compatibility is justified. implementing backwards compatibility is justified.
* Some data about the protocol: * Some data about the protocol:
* It uses public/private RSA keys for authentication (this is the * It uses public/private RSA keys for authentication (this is the
actual fix for the security hole). actual fix for the security hole).
* All cryptographic functions have been taken out of tinc, instead * All cryptographic functions have been taken out of tinc, instead
it uses the OpenSSL library functions. it uses the OpenSSL library functions.
* Offers support for multiple subnets per tinc daemon. * Offers support for multiple subnets per tinc daemon.
* New is also the support for the universal tun/tap device. This * New is also the support for the universal tun/tap device. This
means better portability to FreeBSD and Solaris. means better portability to FreeBSD and Solaris.
* Tinc is tested to compile on Solaris, Linux x86, Linux alpha. * Tinc is tested to compile on Solaris, Linux x86, Linux alpha.
* Tinc now uses the OpenSSL library for cryptographic operations. * Tinc now uses the OpenSSL library for cryptographic operations.
More information on getting and installing OpenSSL is in the manual. More information on getting and installing OpenSSL is in the manual.
This also means that the GMP library is no longer required. This also means that the GMP library is no longer required.
* Further, thanks to Enrique Zanardi, we have Spanish messages; Matias * Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
Carrasco provided us with a Spanish translation of the manual. Carrasco provided us with a Spanish translation of the manual.
Version 1.0pre2 May 31 2000 # Version 1.0pre2 May 31 2000
* This version has been internationalized; and a Dutch translation has * This version has been internationalized; and a Dutch translation has
been included. been included.
* Two configuration variables have been added: * Two configuration variables have been added:
* VpnMask - the IP network mask for the entire VPN, not just our * VpnMask - the IP network mask for the entire VPN, not just our
subnet (as given by MyVirtualIP). The Redhat and Debian packages subnet (as given by MyVirtualIP). The Redhat and Debian packages
@ -653,178 +482,158 @@ Version 1.0pre2 May 31 2000
* Hostnames - if set to `yes', look up the names of IP addresses * Hostnames - if set to `yes', look up the names of IP addresses
trying to connect to us. Default set to `no', to prevent lockups trying to connect to us. Default set to `no', to prevent lockups
during lookups. during lookups.
* The system startup scripts for Debian and Redhat use * The system startup scripts for Debian and Redhat use
/etc/tinc/nets.boot to find out which networks need to be started /etc/tinc/nets.boot to find out which networks need to be started
during system boot. during system boot.
* Fixes to prevent denial of service attacks by sending random data * Fixes to prevent denial of service attacks by sending random data
after connecting (and even when the connection has been established), after connecting (and even when the connection has been established),
either random garbage or just nonsensical protocol fields. either random garbage or just nonsensical protocol fields.
* Tinc will retry to connect upon startup, does not quit if it doesn't * Tinc will retry to connect upon startup, does not quit if it doesn't
work the first time. work the first time.
* Hosts that are disconnected implicitly if we lose a connection get * Hosts that are disconnected implicitly if we lose a connection get
deleted from the internal list, to prevent hogging eachother with deleted from the internal list, to prevent hogging eachother with
add and delete requests when the connection is restored. add and delete requests when the connection is restored.
Version 1.0pre1 May 12 2000 # Version 1.0pre1 May 12 2000
* New meta-protocol * New meta-protocol
* Various other bugfixes * Various other bugfixes
* Documentation updates * Documentation updates
Version 0.3.3 Feb 9 2000 # Version 0.3.3 Feb 9 2000
* Fixed bug that made tinc stop working with latest kernels * Fixed bug that made tinc stop working with latest kernels
* Updated the manual * Updated the manual
Version 0.3.2 Nov 12 1999 # Version 0.3.2 Nov 12 1999
* No more `Invalid filedescriptor' when working with multiple * No more `Invalid filedescriptor' when working with multiple
connections. connections.
* Forward unknown packets to uplink. * Forward unknown packets to uplink.
Version 0.3.1 Oct 20 1999 # Version 0.3.1 Oct 20 1999
* Fixed a bug where tinc would exit without a trace. * Fixed a bug where tinc would exit without a trace.
Version 0.3 Aug 20 1999 # Version 0.3 Aug 20 1999
* Pings now work immediately. * Pings now work immediately.
* All packet sizes get transmitted correctly. * All packet sizes get transmitted correctly.
Version 0.2.26 Aug 15 1999 # Version 0.2.26 Aug 15 1999
* Fixed some remaining bugs. * Fixed some remaining bugs.
* --sysconfdir works with configure. * --sysconfdir works with configure.
* Last version before 0.3. * Last version before 0.3.
Version 0.2.25 Aug 8 1999 # Version 0.2.25 Aug 8 1999
* Improved stability, going towards 0.3 now. * Improved stability, going towards 0.3 now.
Version 0.2.24 Aug 7 1999 # Version 0.2.24 Aug 7 1999
* Added key aging, there's a new config variable, KeyExpire. * Added key aging, there's a new config variable, KeyExpire.
* Updated man and info pages. * Updated man and info pages.
Version 0.2.23 Aug 5 1999 # Version 0.2.23 Aug 5 1999
* All known bugs fixed, this is a candidate for 0.3. * All known bugs fixed, this is a candidate for 0.3.
Version 0.2.22 Apr 11 1999 # Version 0.2.22 Apr 11 1999
* Multiconnection thing is now working nearly perfect :) * Multiconnection thing is now working nearly perfect :)
Version 0.2.21 Apr 10 1999 # Version 0.2.21 Apr 10 1999
* You shouldn't notice a thing, but a lot has changed wrt key * You shouldn't notice a thing, but a lot has changed wrt key
management - except that it refuses to talk to versions < 0.2.20 management - except that it refuses to talk to versions < 0.2.20
Version 0.2.19 Apr 3 1999 # Version 0.2.19 Apr 3 1999
* Don't install a libcipher.so. * Don't install a libcipher.so.
Version 0.2.18 Apr 3 1999 # Version 0.2.18 Apr 3 1999
* Blowfish library dynamically loaded upon execution. * Blowfish library dynamically loaded upon execution.
* Included Eric Young's IDEA library. * Included Eric Young's IDEA library.
Version 0.2.17 Apr 1 1999 # Version 0.2.17 Apr 1 1999
* Tincd now re-executes itself in case of a segmentation fault. * Tincd now re-executes itself in case of a segmentation fault.
Version 0.2.16 Apr 1 1999 # Version 0.2.16 Apr 1 1999
* Wrote tincd.conf(5) man page, which still needs a lot of work. * Wrote tincd.conf(5) man page, which still needs a lot of work.
* Config file now accepts and tolerates spaces, and any integer base * Config file now accepts and tolerates spaces, and any integer base
for integer variables, and better error reporting. See for integer variables, and better error reporting. See
doc/tincd.conf.sample for an example. doc/tincd.conf.sample for an example.
Version 0.2.15 Mar 29 1999 # Version 0.2.15 Mar 29 1999
* Fixed bugs. * Fixed bugs.
Version 0.2.14 Feb 10 1999 # Version 0.2.14 Feb 10 1999
* Added --timeout flag and PingTimeout configuration. * Added --timeout flag and PingTimeout configuration.
* Did some first syslog cleanup work. * Did some first syslog cleanup work.
Version 0.2.13 Jan 23 1999 # Version 0.2.13 Jan 23 1999
* Bugfixes. * Bugfixes.
Version 0.2.12 Jan 23 1999 # Version 0.2.12 Jan 23 1999
* Fixed nauseating bug so that it would crash whenever a connection * Fixed nauseating bug so that it would crash whenever a connection
got lost. got lost.
Version 0.2.11 Jan 22 1999 # Version 0.2.11 Jan 22 1999
* Framework for multiple connections has been done. * Framework for multiple connections has been done.
* Simple manpage for tincd. * Simple manpage for tincd.
Version 0.2.10 Jan 18 1999 # Version 0.2.10 Jan 18 1999
* Passphrase support added. * Passphrase support added.
Version 0.2.9 Jan 13 1999 # Version 0.2.9 Jan 13 1999
* Bugs fixed. * Bugs fixed.
Version 0.2.8 Jan 11 1999 # Version 0.2.8 Jan 11 1999
* A reworked protocol version. * A reworked protocol version.
* A ping/pong system. * A ping/pong system.
* More reliable networking code. * More reliable networking code.
* Automatic reconnection. * Automatic reconnection.
* Still does not work with more than one connection :) * Still does not work with more than one connection :)
* Strips MAC addresses before sending, so there's less overhead, and * Strips MAC addresses before sending, so there's less overhead, and
less redundancy. less redundancy.
Version 0.2.7 Jan 3 1999 # Version 0.2.7 Jan 3 1999
* Several updates to make extending more easy. * Several updates to make extending more easy.
Version 0.2.6 Dec 20 1998 # Version 0.2.6 Dec 20 1998
* Point-to-Point connections have been established, including * Point-to-Point connections have been established, including
Blowfish encryption and a secret key-exchange. Blowfish encryption and a secret key-exchange.
Version 0.2.5 Dec 16 1998 # Version 0.2.5 Dec 16 1998
* Project renamed to tinc, in honour of TINC. * Project renamed to tinc, in honour of TINC.
Version 0.2.4 Dec 16 1998 # Version 0.2.4 Dec 16 1998
* Now it really does ;) * Now it really does ;)
Version 0.2.3 Nov 24 1998 # Version 0.2.3 Nov 24 1998
* It sort of works now. * It sort of works now.
Version 0.2.2 Nov 20 1998 # Version 0.2.2 Nov 20 1998
* Uses GNU gmp. * Uses GNU gmp.
Version 0.2.1 Nov 14 1998 # Version 0.2.1 Nov 14 1998
* Bare version. * Bare version.

27
README
View file

@ -1,11 +1,7 @@
This is the README file for tinc version 1.1pre11. Installation This is the README file for tinc version 1.1pre11. Installation
instructions may be found in the INSTALL file. instructions may be found in the INSTALL file.
tinc is Copyright (C) 1998-2014 by: tinc is Copyright © 1998-2016 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.
Ivo Timmermans,
Guus Sliepen <guus@tinc-vpn.org>,
and others.
For a complete list of authors see the AUTHORS file. For a complete list of authors see the AUTHORS file.
@ -49,15 +45,14 @@ Requirements
In order to compile tinc, you will need a GNU C compiler environment. Please In order to compile tinc, you will need a GNU C compiler environment. Please
ensure you have the latest stable versions of all the required libraries: ensure you have the latest stable versions of all the required libraries:
- OpenSSL (http://www.openssl.org/) version 1.0.0 or later, with support for - LibreSSL (http://www.libressl.org/) or OpenSSL (https://openssl.org/) version 1.0.0 or later.
elliptic curve cryptography (ECC) and Galois counter mode (GCM) enabled.
The following libraries are used by default, but can be disabled if necessary: The following libraries are used by default, but can be disabled if necessary:
- zlib (http://www.gzip.org/zlib/) - zlib (http://www.zlib.net/)
- lzo (http://www.oberhumer.com/opensource/lzo/) - LZO (https://www.oberhumer.com/opensource/lzo/)
- ncurses (http://invisible-island.net/ncurses/) - ncurses (http://invisible-island.net/ncurses/)
- readline (ftp://ftp.gnu.org/pub/gnu/readline/) - readline (https://cnswww.cns.cwru.edu/php/chet/readline/rltop.html)
Features Features
@ -70,12 +65,12 @@ those nodes, tinc will learn about all other nodes on the VPN, and will make
connections automatically. When direct connections are not possible, data will connections automatically. When direct connections are not possible, data will
be forwarded by intermediate nodes. be forwarded by intermediate nodes.
By default, nodes authenticate each other using 2048 bit RSA (or 521 bit Tinc 1.1 support two protocols. The first is a legacy protocol that provides
ECDSA*) keys. Traffic is encrypted using Blowfish in CBC mode (or AES-256 in backwards compatibility with tinc 1.0 nodes, and which by default uses 2048 bit
GCM mode*), authenticated using HMAC-SHA1 (or GCM*), and is protected against RSA keys for authentication, and encrypts traffic using Blowfish in CBC mode
replay attacks. and HMAC-SHA1. The second is a new protocol which uses Curve25519 keys for
authentication, and encrypts traffic using Chacha20-Poly1305, and provides
*) When using the ExperimentalProtocol option. forward secrecy.
Tinc fully supports IPv6. Tinc fully supports IPv6.

9
README.android
View file

@ -1,11 +1,13 @@
Quick how-o cross compile tinc for android (done from $HOME/android/): Quick how-to cross compile tinc for Android (done from $HOME/android/):
- Download Android NDK and setup local ARM toolchain:
- Download android NDK and setup local ARM toolchain:
wget http://dl.google.com/android/ndk/android-ndk-r8b-linux-x86.tar.bz2 wget http://dl.google.com/android/ndk/android-ndk-r8b-linux-x86.tar.bz2
tar xfj android-ndk-r8b-linux-x86.tar.bz2 tar xfj android-ndk-r8b-linux-x86.tar.bz2
./android-ndk-r8b/build/tools/make-standalone-toolchain.sh --platform=android-5 --install-dir=/tmp/my-android-toolchain ./android-ndk-r8b/build/tools/make-standalone-toolchain.sh --platform=android-5 --install-dir=/tmp/my-android-toolchain
- Download and cross-compile openSSL for ARM: - Download and cross-compile OpenSSL for ARM:
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar xfz openssl-1.0.1c.tar.gz tar xfz openssl-1.0.1c.tar.gz
cd openssl-1.0.1c cd openssl-1.0.1c
@ -13,6 +15,7 @@ cd openssl-1.0.1c
make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-android-toolchain/bin/arm-linux-androideabi-ar r" RANLIB=/tmp/my-android-toolchain/bin/arm-linux-androideabi-ranlib make CC=/tmp/my-android-toolchain/bin/arm-linux-androideabi-gcc AR="/tmp/my-android-toolchain/bin/arm-linux-androideabi-ar r" RANLIB=/tmp/my-android-toolchain/bin/arm-linux-androideabi-ranlib
- Clone and cross-compile tinc: - Clone and cross-compile tinc:
git clone git://tinc-vpn.org/tinc git clone git://tinc-vpn.org/tinc
cd tinc cd tinc
autoreconf -fsi autoreconf -fsi

4
README.git
View file

@ -1,9 +1,9 @@
Before you can start compiling tinc from a fresh git clone, you have Before you can start compiling tinc from a fresh git clone, you have
to install the very latest versions of the following packages: to install the very latest versions of the following packages:
- OpenSSL - LibreSSL or OpenSSL
- zlib - zlib
- lzo - LZO
- GCC - GCC
- automake - automake
- autoconf - autoconf

5
THANKS
View file

@ -101,5 +101,6 @@ We would like to thank the following people for their contributions to tinc:
And everyone we forgot (if we did, please let us know). Thank you! And everyone we forgot (if we did, please let us know). Thank you!
Ivo Timmermans ---
Guus Sliepen Ivo Timmermans,
Guus Sliepen.