Commit graph

187 commits

Author SHA1 Message Date
Guus Sliepen
f0e7e6b03e Rename ECDSA to Ed25519. 2014-05-18 20:47:04 +02:00
Guus Sliepen
332b55d472 Change AutoConnect from int to bool.
The proper value is 3, not 2 or 4, and 5 is right out. So just hardcode this value,
and only have the option to turn AutoConnect on or off.
2014-05-06 14:11:55 +02:00
Guus Sliepen
44c7f554c7 Add "network" command to list or switch networks. 2014-02-26 11:04:42 +01:00
Guus Sliepen
06a4a8c153 Update copyright notices. 2014-02-07 20:38:48 +01:00
Guus Sliepen
995444c4f9 Document Weight and also allow it to be set from tinc.conf. 2014-01-29 17:32:18 +01:00
Guus Sliepen
38adc8bf54 Add the ListenAddress option.
ListenAddress works the same as BindToAddress, except that from now on,
explicitly binding outgoing packets to the address of a socket is only done for
sockets specified with BindToAddress.
2014-01-20 21:19:13 +01:00
Guus Sliepen
1a115d1d1c Document clearly that tinc depends on curses and readline libraries. 2014-01-20 20:16:58 +01:00
Guus Sliepen
11d562e9b2 Add index entries for the CLI commands. 2014-01-16 14:52:44 +01:00
Guus Sliepen
d8ea66ff1f Update the documentation of the tinc command. 2014-01-16 14:46:44 +01:00
Guus Sliepen
8af6d64fd9 Clarify StrictSubnets. 2014-01-16 14:29:35 +01:00
Florent Clairambault
c8543bbe6b Adding "conf.d" configuration dir support.
Any file matching the pattern /etc/tinc/$NETNAME/conf.d/*.conf will be
parsed after the tinc.conf file.
2013-12-29 23:11:54 +01:00
Guus Sliepen
3e924045cc Mention in the manual that multiple Address staments are allowed. 2013-12-05 14:36:29 +01:00
Guus Sliepen
e42bd60097 Fix typos in the documentation.
Thanks to Thomas Sattler for finding and reporting them.
2013-09-27 11:36:57 +02:00
Guus Sliepen
21184674b3 Execute scripts when invitations are created or accepted. 2013-08-21 00:24:55 +02:00
Guus Sliepen
8f84244458 Don't force a .bat extension for scripts under Windows. 2013-08-18 18:20:41 +02:00
Guus Sliepen
b03bbaa385 Allow extra options to be passed to "tinc restart" again. 2013-07-21 00:20:54 +02:00
Guus Sliepen
24e3ec863e Add connection rate limiting.
Tinc now strictly limits incoming connections from the same host to 1 per
second. For incoming connections from multiple hosts short bursts of incoming
connections are allowed (by default 100), but on average also only 1 connection
per second is allowed.

When an incoming connection exceeds the limit, tinc will keep the connection in
a tarpit; the connection will be kept open but it is ignored completely. Only
one connection is in a tarpit at a time to limit the number of useless open
connections.
2013-07-11 23:38:38 +02:00
Guus Sliepen
b811e980e3 Add the LocalDiscoveryAddress option.
When LocalDiscovery is enabled, tinc normally sends broadcast packets during
PMTU discovery to the broadcast address (255.255.255.255 or ff02::1). This
option lets tinc use a different address.

At the moment only one LocalDiscoveryAddress can be specified.
2013-05-31 18:50:34 +02:00
Guus Sliepen
ced4c1a327 Add an invitation protocol.
Using the tinc command, an administrator of an existing VPN can generate
invitations for new nodes. The invitation is a small URL that can easily
be copy&pasted into email or live chat. Another person can have tinc
automatically setup the necessary configuration files and exchange keys
with the server, by only using the invitation URL.

The invitation protocol uses temporary ECDSA keys. The invitation URL
consists of the hostname and port of the server, a hash of the server's
temporary ECDSA key and a cookie. When the client wants to accept an
invitation, it also creates a temporary ECDSA key, connects to the server
and says it wants to accept an invitation. Both sides exchange their
temporary keys. The client verifies that the server's key matches the hash
in the invitation URL. After setting up an SPTPS connection using the
temporary keys, the client gives the cookie to the server. If the cookie
is valid, the server sends the client an invitation file containing the
client's new name and a copy of the server's host config file. If everything
is ok, the client will generate a long-term ECDSA key and send it to the
server, which will add it to a new host config file for the client.

The invitation protocol currently allows multiple host config files to be
send from the server to the client. However, the client filters out
most configuration variables for its own host configuration file. In
particular, it only accepts Name, Mode, Broadcast, ConnectTo, Subnet and
AutoConnect. Also, at the moment no tinc-up script is generated.

When an invitation has succesfully been accepted, the client needs to start
the tinc daemon manually.
2013-05-29 18:31:10 +02:00
Guus Sliepen
c83c2d080f Enable the SPTPS protocol by default. 2013-05-10 21:18:32 +02:00
Guus Sliepen
f8f250ca12 Describe the SPTPS protocol in the manual.
Also mention that Cipher, Digest and MACLength have no influence on the SPTPS protocol,
since that uses a fixed ciphersuite.
2013-03-12 10:49:45 +01:00
Guus Sliepen
40666a5f5b Remove references to the config keyword. 2013-03-08 16:26:21 +01:00
Guus Sliepen
23a634becf Rename tincctl to tinc. 2013-03-08 16:22:56 +01:00
Guus Sliepen
cc3c69c892 Releasing 1.1pre5. 2013-01-20 21:03:22 +01:00
Guus Sliepen
b50a92d0c3 Add the tincctl exchange and exchange-all commands.
These are identical to an export/export-all followed by an import, and make
it simpler to exchange host config files with other nodes.
2013-01-15 13:31:51 +01:00
Guus Sliepen
c90c431bc9 Mention that the -L, -R and -U options are not supported on all platforms. 2013-01-14 12:58:24 +01:00
Guus Sliepen
5b88f5ba74 Note that tincctl import is only meant to work with data from tincctl export. 2013-01-14 12:57:33 +01:00
Guus Sliepen
bb228e2f05 Note that node Names are case sensitive. 2013-01-14 12:56:54 +01:00
Guus Sliepen
2c7ecdcd0c Fix a typo. 2013-01-14 12:56:14 +01:00
Guus Sliepen
b300f99dfb Clarify the description of IndirectData and Mode = router. 2012-12-06 16:55:28 +01:00
Guus Sliepen
5e3607b616 Remove GraphDumpFile from the manual and manpages.
This option is not supported in tinc 1.1, "tincctl dump graph" can be used
instead.
2012-12-03 13:09:40 +01:00
Guus Sliepen
a717b9bcfb Add option to dump only a list of reachable nodes. 2012-12-03 13:08:03 +01:00
Guus Sliepen
6bc5d626a8 Drop libevent and use our own event handling again.
There are several reasons for this:

- MacOS/X doesn't support polling the tap device using kqueue, requiring a
  workaround to fall back to select().
- On Windows only sockets are properly handled, therefore tinc uses a second
  thread that does a blocking ReadFile() on the TAP-Win32/64 device. However,
  this does not mix well with libevent.
- Libevent, event just the core, is quite large, and although it is easy to get
  and install on many platforms, it can be a burden.
- Libev is more lightweight and seems technically superior, but it doesn't
  abstract away all the platform differences (for example, async events are not
  supported on Windows).
2012-11-29 12:28:23 +01:00
Guus Sliepen
818c92e658 Remove text saying you must have one of PrivateKey or PrivateKeyFile in tinc.conf. 2012-11-14 10:44:35 +01:00
Guus Sliepen
5bfbb8f6c5 Fix index entry for section about readline library. 2012-11-11 19:01:02 +01:00
Guus Sliepen
5766518589 Mention in the manual that support for LZO and zlib can be disabled. 2012-11-11 18:53:23 +01:00
Guus Sliepen
6ec4596557 Mention libcurses and libreadline in the manual. 2012-11-11 18:45:40 +01:00
Guus Sliepen
717ea66d7b Add the AutoConnect option.
When set to a non-zero value, tinc will try to maintain exactly that number of
meta connections to other nodes.  If there are not enough connections, it will
periodically try to set up an outgoing connection to a random node.  If there
are too many connections, it will periodically try to remove an outgoing
connection.
2012-10-21 17:35:13 +02:00
Guus Sliepen
368727c3da tincctl: add node colors and edge weight to graph dump. 2012-10-14 16:12:17 +02:00
Guus Sliepen
2e09986a1f Fix links in documentation. 2012-09-27 17:18:49 +02:00
Guus Sliepen
38dbc63f11 Update documentation of the "dump graph" command. 2012-09-26 23:56:21 +02:00
Guus Sliepen
6bcd03c202 Update the documentation to encourage using "tincctl init" and "tincctl config". 2012-08-01 22:22:52 +02:00
Guus Sliepen
b0f3a76e9b Add the ability to query configuration variables to tincctl. 2012-08-01 15:53:20 +02:00
Guus Sliepen
248d300f1b Merge branch 'master' into 1.1 2012-07-27 22:48:24 +02:00
Mesar Hameed
e895b358db Minor clarification, tinc.conf hostnames=[yes|no] variable only resolves names for logging purposes. 2012-07-24 07:20:04 +01:00
Guus Sliepen
c52c46f871 Add an easy way to export and import host configuration files. 2012-07-16 16:48:24 +02:00
Guus Sliepen
53735a9d96 "tincctl info" gives more human readable information about nodes or subnets. 2012-07-16 01:05:25 +02:00
Guus Sliepen
9be8980a2b Let tincctl ignore tincd options, so they will be passed on. 2012-07-15 21:17:10 +02:00
Guus Sliepen
eb01fd9625 Add an easy way to edit a configuration file. 2012-07-15 20:37:38 +02:00
Guus Sliepen
03f72c6173 Allow configuration variables to be added/removed using tincctl. 2012-07-15 18:16:35 +02:00