Commit graph

2331 commits

Author SHA1 Message Date
Guus Sliepen
9f7e2dffb2 Really fix compiling under Windows. 2014-02-07 23:05:33 +01:00
Guus Sliepen
173072ff07 Releasing 1.1pre10. 2014-02-07 21:40:42 +01:00
Guus Sliepen
cb5c1b5986 Check whether OpenSSL has support for GCM. 2014-02-07 21:40:29 +01:00
Guus Sliepen
cdda0388a8 Fix compiling for Windows. 2014-02-07 21:14:41 +01:00
Guus Sliepen
06a4a8c153 Update copyright notices. 2014-02-07 20:38:48 +01:00
Guus Sliepen
bc9347042b Attribution for Dennis Joachimsthaler. 2014-02-07 19:57:06 +01:00
Guus Sliepen
ac7f82cb23 Handle errors from TAP-Win32/64 adapter in a better way.
Before, the tapreader thread would just exit immediately after encountering the
first error, without notifying the main thread. Now, the tapreader thead never
exits itself, but tells the main thread to stop when more than ten errors are
encountered in a row.
2014-02-07 19:55:31 +01:00
Guus Sliepen
2f41780023 Attribution for various contributors.
Conflicts:
	THANKS
2014-02-07 19:55:28 +01:00
Guus Sliepen
e717e424c2 Use addresses learned from other nodes when making outgoing connections.
Before, when making a meta-connection to a node (either because of a ConnectTo
or because AutoConnect is set), tinc required one or more Address statements
in the corresponding host config file. However, tinc learns addresses from
other nodes that it uses for UDP connections. We can use those just as well for
TCP connections.
2014-01-30 17:10:30 +01:00
Guus Sliepen
995444c4f9 Document Weight and also allow it to be set from tinc.conf. 2014-01-29 17:32:18 +01:00
Guus Sliepen
2e318f3799 Don't ask questions if we are not running interactively.
When creating invitations or using them to join a VPN, and the tinc command is
not run interactively (ie, when stdin and stdout are not connected or
redirected to/from a file), don't ask questions. If normally tinc would ask for
a confirmation, just assume the default answer instead. If tinc really needs
some input, just print an error message instead.

In case an invitation is used for a VPN which uses a netname that is already in
use on the local host, tinc will store the configuration in a temporary
directory. Normally it asks for an alternative netname and then renames the
temporary directory, but when not run interactively, it now just prints the
location of the unchanged temporary directory.
2014-01-29 17:17:59 +01:00
Guus Sliepen
00398a60ec Add missing newlines when copying variables from tinc.conf to an invitation file. 2014-01-27 23:21:25 +01:00
Guus Sliepen
fa1e9b0461 Test two tinc daemons using network namespaces.
Testing multiple daemons connecting to each other on the same computer is
usually difficult, because connections to local IP addresses will bypass most
of the network stack. However, recent versions of Linux support network
namespaces, which can isolate network interfaces. We use this to isolate the
virtual interface of the daemons from each other, so we get the behaviour as if
the daemons were each running on their own machine. This can also be used for
more complicated tests (including those with firewall rules) without disturbing
the real network setup of the host computer.
2014-01-24 16:17:09 +01:00
Guus Sliepen
38adc8bf54 Add the ListenAddress option.
ListenAddress works the same as BindToAddress, except that from now on,
explicitly binding outgoing packets to the address of a socket is only done for
sockets specified with BindToAddress.
2014-01-20 21:19:13 +01:00
Guus Sliepen
e187758a7e Document that 1.1 uses AES-256 in GCM mode. 2014-01-20 20:21:15 +01:00
Guus Sliepen
1a115d1d1c Document clearly that tinc depends on curses and readline libraries. 2014-01-20 20:16:58 +01:00
Guus Sliepen
a3decd0951 Let tinc-gui use correct address family when connecting to tincd via TCP. 2014-01-19 21:15:23 +01:00
Dennis Joachimsthaler
c10f3105b3 Ensure tinc-gui running in 64 bits mode can find tinc's 32 bit registry key. 2014-01-17 18:15:40 +01:00
Dennis Joachimsthaler
ab583f7e8c Fix tinc-gui on Windows. 2014-01-17 16:10:10 +01:00
Guus Sliepen
11d562e9b2 Add index entries for the CLI commands. 2014-01-16 14:52:44 +01:00
Guus Sliepen
d8ea66ff1f Update the documentation of the tinc command. 2014-01-16 14:46:44 +01:00
Guus Sliepen
8af6d64fd9 Clarify StrictSubnets. 2014-01-16 14:29:35 +01:00
Florent Clairambault
c8543bbe6b Adding "conf.d" configuration dir support.
Any file matching the pattern /etc/tinc/$NETNAME/conf.d/*.conf will be
parsed after the tinc.conf file.
2013-12-29 23:11:54 +01:00
Guus Sliepen
e6b32936c5 Fix handling of --with-libgcrypt. 2013-12-10 17:13:15 +01:00
Guus Sliepen
b7d59f035b Don't enable -fstack-protector-all.
It is not supported on all architectures and is problematic on some
platforms.
2013-12-10 17:09:16 +01:00
Guus Sliepen
53b00f8c1a Add our own autoconf check for libgcrypt.
This one doesn't require one to have libgcrypt installed while running
autoreconf, making life easier for people who compile tinc from git.
2013-12-10 11:18:04 +01:00
Guus Sliepen
283c5d1cf0 Enable compiler hardening flags by default.
Check whether the compiler supports hardening flags and enable them unless
--disable-hardening is specified.

Conflicts:
	configure.ac
2013-12-10 10:48:00 +01:00
Guus Sliepen
ef8efdfff1 Remove erroneous warning about SPTPS being disabled. 2013-12-08 21:37:56 +01:00
Guus Sliepen
be1446f5d0 Don't print an error when no ECDSA key is known for a node using the legacy protocol. 2013-12-08 21:32:21 +01:00
Guus Sliepen
c151cfa2e9 Give full path to unconfigured tinc-up script. 2013-12-08 21:31:50 +01:00
Guus Sliepen
1b580b2a6b Allow running without ECDSA keys If ExperimentalProtocol is not explicitly set.
To make upgrading less painful, allow running tinc 1.1 without ECDSA keys
unless ExperimentalProtocol is explicitly set to yes.
2013-12-08 21:10:06 +01:00
Guus Sliepen
41583d5dcf Don't print device statistics when exiting tinc.
Much more detailed statistics are now kept per node, which can be queried at
any time, which makes the device statistics obsolete.
2013-12-08 20:23:44 +01:00
Guus Sliepen
19b97e79aa Prefer ncurses over curses. 2013-12-07 22:59:37 +01:00
Guus Sliepen
b115de2199 Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris. 2013-12-07 22:54:02 +01:00
Guus Sliepen
cf9bea4e93 Avoid using a variable named "sun". Solaris doesn't like it. 2013-12-07 22:39:24 +01:00
Guus Sliepen
221f559bcf Stricter check for raw socket support. 2013-12-07 22:20:10 +01:00
Guus Sliepen
c1f7357e7d Include <limits.h> for PATH_MAX. 2013-12-07 22:19:39 +01:00
Guus Sliepen
c9bdac68e1 Update support for Solaris.
Adds support for the latest TAP driver from
http://www.whiteboard.ne.jp/~admin2/tuntap/, so tinc now also works in switch
mode on Solaris 11.
2013-12-07 21:52:41 +01:00
Guus Sliepen
06943e828c If no Port is specified, set myport to actual port of first listening socket.
If the Port statement is not used, there are two other ways to let tinc listen
on a non-default port: either by specifying one or more BindToAddress
statements including port numbers, or by starting it from systemd with socket
activation. Tinc announces its own port to other nodes, but before it only
announced what was set using the Port statement.
2013-12-05 15:01:30 +01:00
Guus Sliepen
3e924045cc Mention in the manual that multiple Address staments are allowed. 2013-12-05 14:36:29 +01:00
Guus Sliepen
51bddfd4dd Allow "none" for Cipher and Digest again. 2013-11-28 14:28:18 +01:00
Guus Sliepen
3d41e7d712 Make LocalDiscovery work for SPTPS packets. 2013-11-21 22:13:14 +01:00
Guus Sliepen
c1703ea917 Remove an unused variable. 2013-11-20 23:02:20 +01:00
Guus Sliepen
6168a9b6d5 Fix two warnings from Clang's static analyzer. 2013-11-15 15:32:53 +01:00
Guus Sliepen
29b42aa17e Fix sending bulk data starting with a newline. 2013-10-22 21:30:17 +02:00
Guus Sliepen
a5bcb29fdf Make sptps_test less verbose by default. 2013-10-22 21:19:41 +02:00
Guus Sliepen
7da999f4ae Clean up child processes from proxy type exec. 2013-10-18 16:58:47 +02:00
Guus Sliepen
9b2eaebdf6 Fix sending empty SPTPS records. 2013-10-15 14:09:42 +02:00
Guus Sliepen
0da0728088 Use AES-256-GCM for the SPTPS protocol.
It is faster than AES-256-CTR + HMAC-SHA256, especially on Intel chips with AES
and PCLMULQDQ instructions.
2013-10-13 01:02:52 +02:00
Guus Sliepen
e42bd60097 Fix typos in the documentation.
Thanks to Thomas Sattler for finding and reporting them.
2013-09-27 11:36:57 +02:00