No description
Find a file
Guus Sliepen 5d34503574 Execute tinc-down BEFORE tap device is closed. This is a. more symmetric
(tinc-up is started after tap device is opened) and b. is needed for
tun/tap device, where the interface does not exist anymore after the
device file is closed.
2001-06-29 10:30:18 +00:00
debian Depend on new ssl package and install alias for universal TUN/TAP module. 2001-04-13 10:30:04 +00:00
doc Fix sample configuration to show keys in PEM format and correct tapdevice. 2001-05-25 18:57:37 +00:00
lib Removed compiler warning. 2001-02-27 16:50:29 +00:00
m4 Small fix to make it compile again 2001-06-26 22:00:57 +00:00
po Spanish translation removed. Nobody maintains it, and it is severely 2001-06-29 10:23:46 +00:00
redhat More files to ignore in CVS 2001-02-11 11:55:28 +00:00
src Execute tinc-down BEFORE tap device is closed. This is a. more symmetric 2001-06-29 10:30:18 +00:00
.cvsignore More files to ignore in CVS 2001-02-11 11:55:28 +00:00
acconfig.h - Don't even think about using sscanf with %as anymore 2000-12-22 21:34:24 +00:00
AUTHORS Mention fileutils, add a pointer to THANKS for more details 2000-11-02 21:43:03 +00:00
autogen.sh - Updated CVS_CREATED to remove intl/ directory and some other 2001-02-11 11:50:09 +00:00
configure.in Don't build Spanish translation. 2001-06-29 10:27:57 +00:00
COPYING Initial revision 2000-03-26 00:33:07 +00:00
COPYING.README Stated that distributing executables linked with OpenSSL is permitted 2000-12-01 13:45:46 +00:00
cvsusers Use cvs2cl instead of rcs2log to generate the ChangeLog. 2000-11-24 14:00:32 +00:00
INSTALL Initial revision 2000-03-26 00:33:07 +00:00
Makefile.am ABOUT-NLS is created by autogen.sh. 2001-06-29 10:27:33 +00:00
NEWS Second draft of the release notes 2001-01-17 01:34:08 +00:00
README - It's 2001, all copyright notices are updated. 2001-01-07 17:09:07 +00:00
system.h Added a check for a scanf that knows about %as. 2000-11-29 01:37:50 +00:00
THANKS - It's 2001, all copyright notices are updated. 2001-01-07 17:09:07 +00:00
TODO Documents are merged. Now we only need to check the ports and the TCPonly 2001-05-25 13:24:34 +00:00

This is the README file for tinc version 1.0pre4. Installation
instructions may be found in the INSTALL file.

tinc is Copyright (C) 1998-2001 by:

Ivo Timmermans <itimmermans@bigfoot.com>,
Guus Sliepen <guus@sliepen.warande.net>,
and others.

For a complete list of authors see the AUTHORS file.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version. See the file COPYING for more details.


Security statement
------------------

In august 2000, we discovered the existence of a security hole in all
versions of tinc up to and including 1.0pre2. This had to do with the
way we exchanged keys. Since then, we have been working on a new
authentication scheme to make tinc as secure as possible. The current
version uses the OpenSSL library and does authentication in much the
same way as the SSH protocol does.

Cryptography is a hard thing to get right. We cannot make any
guarantees. Time, review and feedback are the only things that can
prove the security of any cryptographic product. If you wish to review
tinc or give us feedback, you are stronly encouraged to do so.


Requirements
------------

Since 1.0pre3, we use OpenSSL for all cryptographic functions.  So you
need to install this library first; grab it from
http://www.openssl.org/.  We recommend version 0.9.5 or better.  If
this library is not installed on you system, configure will fail.  The
manual in doc/tinc.texi contains more detailed information on how to
install this library.


Features
--------

This version of tinc supports multiple virtual networks at once. To
use this feature, you may supply a netname via the -n or --net
options. The standard locations for the config files will then be
/etc/tinc/<net>/. Because of this feature, tinc will send packets
directly to their destinations, instead of to the uplink. If this
behaviour is undesirable (for instance because of firewalls or other
restrictions), please use an older version of tinc (I would recommend
tinc-0.2.19).

In order to force the kernel to accept received packets, the
destination MAC address will be set to FE:FD:00:00:00:00 upon
reception. The MAC address of the ethertap or tun/tap interface must
also be set to this address. See the manual for more detailed
information.

tincd regenerates its encryption key pairs. It does this on the first
activity after the keys have expired. This period is adjustable in the
configuration file, and the default time is 3600 seconds (one hour).

This version supports multiple subnets at once. They are also sorted
on subnet mask size. This means that it is possible to have
overlapping subnets on the VPN, as long as their subnet mask sizes
differ.