lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Upstream version 1.0.29

Browse source
This commit is contained in:
Guus Sliepen 2019-08-26 13:44:47 +02:00
parent d08a5d8f0b
commit 1077a20a8c
39 changed files with 865 additions and 375 deletions
Download patch file Download diff file Expand all files Collapse all files

5
doc/Makefile.in
View file

@ -89,8 +89,11 @@ host_triplet = @host@
subdir = doc
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_append_flag.m4 \
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 \
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \

6
doc/tinc.conf.5.in
View file

@ -470,7 +470,7 @@ variables can be specified, in which case each address will be tried until a wor
connection has been established.
.It Va Cipher Li = Ar cipher Pq blowfish
The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by OpenSSL is recognised.
Any cipher supported by LibreSSL or OpenSSL is recognised.
Furthermore, specifying
.Qq none
will turn off packet encryption.
@ -485,7 +485,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
10 (fast lzo) and 11 (best lzo).
.It Va Digest Li = Ar digest Pq sha1
The digest algorithm used to authenticate UDP packets.
Any digest supported by OpenSSL is recognised.
Any digest supported by LibreSSL or OpenSSL is recognised.
Furthermore, specifying
.Qq none
will turn off packet authentication.
@ -657,7 +657,7 @@ its connection to the virtual network device.
.El
.Sh SEE ALSO
.Xr tincd 8 ,
.Pa http://www.tinc-vpn.org/ ,
.Pa https://www.tinc-vpn.org/ ,
.Pa http://www.tldp.org/LDP/nag2/ .
.Pp
The full documentation for

231
doc/tinc.info
View file

@ -147,7 +147,7 @@ will most likely compile and run, but it will not be able to send or
receive data packets.
For an up to date list of supported platforms, please check the list
on our website: <http://www.tinc-vpn.org/platforms/>.
on our website: <https://www.tinc-vpn.org/platforms/>.

File: tinc.info, Node: Preparations, Next: Installation, Prev: Introduction, Up: Top
@ -219,12 +219,8 @@ File: tinc.info, Node: Configuration of OpenBSD kernels, Next: Configuration o
2.1.3 Configuration of OpenBSD kernels
--------------------------------------
For OpenBSD version 2.9 and higher, the tun driver is included in the
default kernel configuration. There is also a kernel patch from
<http://diehard.n-r-g.com/stuff/openbsd/> which adds a tap device to
OpenBSD which should work with tinc, but with recent versions of
OpenBSD, a tun device can act as a tap device by setting the link0
option with ifconfig.
Recent versions of OpenBSD come with both tun and tap devices enabled in
the default kernel configuration.

File: tinc.info, Node: Configuration of NetBSD kernels, Next: Configuration of Solaris kernels, Prev: Configuration of OpenBSD kernels, Up: Configuring the kernel
@ -247,7 +243,7 @@ For Solaris 8 (SunOS 5.8) and higher, the tun driver may or may not be
included in the default kernel configuration. If it isn't, the source
can be downloaded from <http://vtun.sourceforge.net/tun/>. For x86 and
sparc64 architectures, precompiled versions can be found at
<http://www.monkey.org/~dugsong/fragroute/>. If the 'net/if_tun.h'
<https://www.monkey.org/~dugsong/fragroute/>. If the 'net/if_tun.h'
header file is missing, install it from the source package.

@ -274,7 +270,8 @@ File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin
------------------------------
You will need to install the latest TAP-Win32 driver from OpenVPN. You
can download it from <http://openvpn.sourceforge.net>. Using the
can download it from
<https://openvpn.net/index.php/open-source/downloads.html>. Using the
Network Connections control panel, configure the TAP-Win32 network
interface in the same way as you would do from the tinc-up script, as
explained in the rest of the documentation.
@ -285,25 +282,25 @@ File: tinc.info, Node: Libraries, Prev: Configuring the kernel, Up: Preparati
2.2 Libraries
=============
Before you can configure or build tinc, you need to have the OpenSSL,
zlib and lzo libraries installed on your system. If you try to
Before you can configure or build tinc, you need to have the LibreSSL or
OpenSSL, zlib and lzo libraries installed on your system. If you try to
configure tinc without having them installed, configure will give you an
error message, and stop.
* Menu:
* OpenSSL::
* LibreSSL/OpenSSL::
* zlib::
* lzo::

File: tinc.info, Node: OpenSSL, Next: zlib, Up: Libraries
File: tinc.info, Node: LibreSSL/OpenSSL, Next: zlib, Up: Libraries
2.2.1 OpenSSL
-------------
2.2.1 LibreSSL/OpenSSL
----------------------
For all cryptography-related functions, tinc uses the functions provided
by the OpenSSL library.
by the LibreSSL or the OpenSSL library.
If this library is not installed, you will get an error when
configuring tinc for build. Support for running tinc with other
@ -313,19 +310,22 @@ cryptographic libraries installed _may_ be added in the future.
if available. Make sure you install the development AND runtime
versions of this package.
If you have to install OpenSSL manually, you can get the source code
from <http://www.openssl.org/>. Instructions on how to configure, build
and install this package are included within the package. Please make
sure you build development and runtime libraries (which is the default).
If your operating system comes neither with LibreSSL or OpenSSL, you
have to install one manually. It is recommended that you get the latest
version of LibreSSL from <http://www.libressl.org/>. Instructions on
how to configure, build and install this package are included within the
package. Please make sure you build development and runtime libraries
(which is the default).
If you installed the OpenSSL libraries from source, it may be
necessary to let configure know where they are, by passing configure one
of the -with-openssl-* parameters.
If you installed the LibreSSL or OpenSSL libraries from source, it
may be necessary to let configure know where they are, by passing
configure one of the -with-openssl-* parameters. Note that you even
have to use -with-openssl-* if you are using LibreSSL.
--with-openssl=DIR OpenSSL library and headers prefix
--with-openssl-include=DIR OpenSSL headers directory
--with-openssl=DIR LibreSSL/OpenSSL library and headers prefix
--with-openssl-include=DIR LibreSSL/OpenSSL headers directory
(Default is OPENSSL_DIR/include)
--with-openssl-lib=DIR OpenSSL library directory
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
(Default is OPENSSL_DIR/lib)
License
@ -334,7 +334,7 @@ License
The complete source code of tinc is covered by the GNU GPL version 2.
Since the license under which OpenSSL is distributed is not directly
compatible with the terms of the GNU GPL
<http://www.openssl.org/support/faq.html#LEGAL2>, we include an
<https://www.openssl.org/support/faq.html#LEGAL2>, we include an
exemption to the GPL (see also the file COPYING.README) to allow
everyone to create a statically or dynamically linked executable:
@ -347,13 +347,13 @@ everyone to create a statically or dynamically linked executable:
also present the following exemption:
Hereby I grant a special exception to the tinc VPN project
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL
library (http://www.openssl.org).
(https://www.tinc-vpn.org/) to link the LZO library with the
OpenSSL library (https://www.openssl.org).
Markus F.X.J. Oberhumer

File: tinc.info, Node: zlib, Next: lzo, Prev: OpenSSL, Up: Libraries
File: tinc.info, Node: zlib, Next: lzo, Prev: LibreSSL/OpenSSL, Up: Libraries
2.2.2 zlib
----------
@ -373,10 +373,9 @@ if available. Make sure you install the development AND runtime
versions of this package.
If you have to install zlib manually, you can get the source code
from <http://www.gzip.org/zlib/>. Instructions on how to configure,
build and install this package are included within the package. Please
make sure you build development and runtime libraries (which is the
default).
from <http://www.zlib.net/>. Instructions on how to configure, build
and install this package are included within the package. Please make
sure you build development and runtime libraries (which is the default).

File: tinc.info, Node: lzo, Prev: zlib, Up: Libraries
@ -398,7 +397,7 @@ if available. Make sure you install the development AND runtime
versions of this package.
If you have to install lzo manually, you can get the source code from
<http://www.oberhumer.com/opensource/lzo/>. Instructions on how to
<https://www.oberhumer.com/opensource/lzo/>. Instructions on how to
configure, build and install this package are included within the
package. Please make sure you build development and runtime libraries
(which is the default).
@ -416,9 +415,7 @@ startup scripts and sample configurations.
If you cannot use one of the precompiled packages, or you want to
compile tinc for yourself, you can use the source. The source is
distributed under the GNU General Public License (GPL). Download the
source from the download page (http://www.tinc-vpn.org/download/), which
has the checksums of these files listed; you may wish to check these
with md5sum before continuing.
source from the download page (https://www.tinc-vpn.org/download/).
Tinc comes in a convenient autoconf/automake package, which you can
just treat the same as any other package. Which is just untar it, type
@ -456,13 +453,13 @@ File: tinc.info, Node: Darwin (Mac OS X) build environment, Next: Cygwin (Wind
3.1.1 Darwin (Mac OS X) build environment
-----------------------------------------
In order to build tinc on Darwin, you need to install the Mac OS X
Developer Tools from <http://developer.apple.com/tools/macosxtools.html>
and preferably a recent version of Fink from
<http://www.finkproject.org/>.
In order to build tinc on Darwin, you need to install Xcode from
<https://developer.apple.com/xcode/>. It might also help to install a
recent version of Fink from <http://www.finkproject.org/>.
After installation use fink to download and install the following
packages: autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
You need to download and install LibreSSL (or OpenSSL) and LZO,
either directly from their websites (see *note Libraries::) or using
Fink.

File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Windows) build environment, Prev: Darwin (Mac OS X) build environment, Up: Building and installing tinc
@ -471,7 +468,7 @@ File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Window
----------------------------------------
If Cygwin hasn't already been installed, install it directly from
<http://www.cygwin.com/>.
<https://www.cygwin.com/>.
When tinc is compiled in a Cygwin environment, it can only be run in
this environment, but all programs, including those started outside the
@ -485,7 +482,8 @@ File: tinc.info, Node: MinGW (Windows) build environment, Prev: Cygwin (Window
---------------------------------------
You will need to install the MinGW environment from
<http://www.mingw.org>.
<http://www.mingw.org>. You also need to download and install LibreSSL
(or OpenSSL) and LZO.
When tinc is compiled using MinGW it runs natively under Windows, it
is not necessary to keep MinGW installed.
@ -1057,9 +1055,9 @@ Address = <IP ADDRESS|HOSTNAME> [<port>] [recommended]
Cipher = <CIPHER> (blowfish)
The symmetric cipher algorithm used to encrypt UDP packets. Any
cipher supported by OpenSSL is recognized. Furthermore, specifying
"none" will turn off packet encryption. It is best to use only
those ciphers which support CBC mode.
cipher supported by LibreSSL or OpenSSL is recognized.
Furthermore, specifying "none" will turn off packet encryption. It
is best to use only those ciphers which support CBC mode.
ClampMSS = <yes|no> (yes)
This option specifies whether tinc should clamp the maximum segment
@ -1074,8 +1072,8 @@ Compression = <LEVEL> (0)
Digest = <DIGEST> (sha1)
The digest algorithm used to authenticate UDP packets. Any digest
supported by OpenSSL is recognized. Furthermore, specifying "none"
will turn off packet authentication.
supported by LibreSSL or OpenSSL is recognized. Furthermore,
specifying "none" will turn off packet authentication.
IndirectData = <yes|no> (no)
This option specifies whether other tinc daemons besides the one
@ -1137,7 +1135,7 @@ Subnet = <ADDRESS[/PREFIXLENGTH[#WEIGHT]]>
Prefixlength is the number of bits set to 1 in the netmask part;
for example: netmask 255.255.255.0 would become /24, 255.255.252.0
becomes /22. This conforms to standard CIDR notation as described
in RFC1519 (http://www.ietf.org/rfc/rfc1519.txt)
in RFC1519 (https://www.ietf.org/rfc/rfc1519.txt)
A Subnet can be given a weight to indicate its priority over
identical Subnets owned by different nodes. The default weight is
@ -2098,7 +2096,7 @@ intercept. The encryption algorithm and message authentication
algorithm can be changed in the configuration. The length of the
message authentication codes is also adjustable. The length of the key
for the encryption algorithm is always the default length used by
OpenSSL.
LibreSSL/OpenSSL.
* Menu:
@ -2256,8 +2254,8 @@ In August 2000, we discovered the existence of a security hole in all
versions of tinc up to and including 1.0pre2. This had to do with the
way we exchanged keys. Since then, we have been working on a new
authentication scheme to make tinc as secure as possible. The current
version uses the OpenSSL library and uses strong authentication with RSA
keys.
version uses the LibreSSL or OpenSSL library and uses strong
authentication with RSA keys.
On the 29th of December 2001, Jerome Etienne posted a security
analysis of tinc 1.0pre4. Due to a lack of sequence numbers and a
@ -2393,12 +2391,12 @@ File: tinc.info, Node: Contact information, Next: Authors, Up: About us
8.1 Contact information
=======================
Tinc's website is at <http://www.tinc-vpn.org/>, this server is located
Tinc's website is at <https://www.tinc-vpn.org/>, this server is located
in the Netherlands.
We have an IRC channel on the FreeNode and OFTC IRC networks.
Connect to irc.freenode.net (http://www.freenode.net/) or irc.oftc.net
(http://www.oftc.net/) and join channel #tinc.
Connect to irc.freenode.net (https://freenode.net/) or irc.oftc.net
(https://www.oftc.net/) and join channel #tinc.

File: tinc.info, Node: Authors, Prev: Contact information, Up: About us
@ -2515,7 +2513,8 @@ Concept Index
(line 206)
* KEY_CHANGED: The meta-protocol. (line 63)
* libraries: Libraries. (line 6)
* license: OpenSSL. (line 35)
* LibreSSL: LibreSSL/OpenSSL. (line 6)
* license: LibreSSL/OpenSSL. (line 38)
* LocalDiscovery: Main configuration variables.
(line 212)
* lzo: lzo. (line 6)
@ -2542,7 +2541,7 @@ Concept Index
* Network Administrators Guide: Configuration introduction.
(line 15)
* NODE: Scripts. (line 71)
* OpenSSL: OpenSSL. (line 6)
* OpenSSL: LibreSSL/OpenSSL. (line 6)
* options: Runtime options. (line 9)
* PEM format: Host configuration variables.
(line 69)
@ -2656,61 +2655,61 @@ Node: Introduction1105
Node: Virtual Private Networks1915
Node: tinc3639
Node: Supported platforms5166
Node: Preparations5866
Node: Configuring the kernel6122
Node: Configuration of Linux kernels6532
Node: Configuration of FreeBSD kernels7387
Node: Configuration of OpenBSD kernels7852
Node: Configuration of NetBSD kernels8460
Node: Configuration of Solaris kernels8865
Node: Configuration of Darwin (Mac OS X) kernels9527
Node: Configuration of Windows10346
Node: Libraries10860
Node: OpenSSL11248
Node: zlib13536
Node: lzo14564
Node: Installation15546
Node: Building and installing tinc16561
Node: Darwin (Mac OS X) build environment17221
Node: Cygwin (Windows) build environment17803
Node: MinGW (Windows) build environment18391
Node: System files18915
Node: Device files19180
Node: Other files19596
Node: Configuration20209
Node: Configuration introduction20520
Node: Multiple networks21788
Node: How connections work23214
Node: Configuration files24436
Node: Main configuration variables25930
Node: Host configuration variables42187
Node: Scripts47690
Node: How to configure50956
Node: Generating keypairs52214
Node: Network interfaces52713
Node: Example configuration54561
Node: Running tinc59886
Node: Runtime options60476
Node: Signals63778
Node: Debug levels64969
Node: Solving problems65905
Node: Error messages67457
Node: Sending bug reports71466
Node: Technical information72413
Node: The connection72644
Node: The UDP tunnel72956
Node: The meta-connection76017
Node: The meta-protocol77486
Node: Security82503
Node: Authentication protocol83636
Node: Encryption of network packets88681
Node: Security issues90057
Node: Platform specific information91684
Node: Interface configuration91912
Node: Routes94383
Node: About us96397
Node: Contact information96572
Node: Authors96976
Node: Concept Index97381
Node: Preparations5867
Node: Configuring the kernel6123
Node: Configuration of Linux kernels6533
Node: Configuration of FreeBSD kernels7388
Node: Configuration of OpenBSD kernels7853
Node: Configuration of NetBSD kernels8210
Node: Configuration of Solaris kernels8615
Node: Configuration of Darwin (Mac OS X) kernels9278
Node: Configuration of Windows10097
Node: Libraries10637
Node: LibreSSL/OpenSSL11046
Node: zlib13588
Node: lzo14620
Node: Installation15603
Node: Building and installing tinc16513
Node: Darwin (Mac OS X) build environment17173
Node: Cygwin (Windows) build environment17738
Node: MinGW (Windows) build environment18327
Node: System files18921
Node: Device files19186
Node: Other files19602
Node: Configuration20215
Node: Configuration introduction20526
Node: Multiple networks21794
Node: How connections work23220
Node: Configuration files24442
Node: Main configuration variables25936
Node: Host configuration variables42193
Node: Scripts47720
Node: How to configure50986
Node: Generating keypairs52244
Node: Network interfaces52743
Node: Example configuration54591
Node: Running tinc59916
Node: Runtime options60506
Node: Signals63808
Node: Debug levels64999
Node: Solving problems65935
Node: Error messages67487
Node: Sending bug reports71496
Node: Technical information72443
Node: The connection72674
Node: The UDP tunnel72986
Node: The meta-connection76047
Node: The meta-protocol77516
Node: Security82533
Node: Authentication protocol83675
Node: Encryption of network packets88720
Node: Security issues90096
Node: Platform specific information91735
Node: Interface configuration91963
Node: Routes94434
Node: About us96448
Node: Contact information96623
Node: Authors97026
Node: Concept Index97431

End Tag Table

86
doc/tinc.texi
View file

@ -186,7 +186,7 @@ packets.
@cindex release
For an up to date list of supported platforms, please check the list on
our website:
@uref{http://www.tinc-vpn.org/platforms/}.
@uref{https://www.tinc-vpn.org/platforms/}.
@c
@c
@ -268,12 +268,7 @@ The tap driver can be loaded with @code{kldload if_tap}, or by adding @code{if_t
@node Configuration of OpenBSD kernels
@subsection Configuration of OpenBSD kernels
For OpenBSD version 2.9 and higher,
the tun driver is included in the default kernel configuration.
There is also a kernel patch from @uref{http://diehard.n-r-g.com/stuff/openbsd/}
which adds a tap device to OpenBSD which should work with tinc,
but with recent versions of OpenBSD,
a tun device can act as a tap device by setting the link0 option with ifconfig.
Recent versions of OpenBSD come with both tun and tap devices enabled in the default kernel configuration.
@c ==================================================================
@ -293,7 +288,7 @@ Tunneling IPv6 may not work on NetBSD's tun device.
For Solaris 8 (SunOS 5.8) and higher,
the tun driver may or may not be included in the default kernel configuration.
If it isn't, the source can be downloaded from @uref{http://vtun.sourceforge.net/tun/}.
For x86 and sparc64 architectures, precompiled versions can be found at @uref{http://www.monkey.org/~dugsong/fragroute/}.
For x86 and sparc64 architectures, precompiled versions can be found at @uref{https://www.monkey.org/~dugsong/fragroute/}.
If the @file{net/if_tun.h} header file is missing, install it from the source package.
@ -317,7 +312,7 @@ You can also omit the number, in which case the first free number will be chosen
@subsection Configuration of Windows
You will need to install the latest TAP-Win32 driver from OpenVPN.
You can download it from @uref{http://openvpn.sourceforge.net}.
You can download it from @uref{https://openvpn.net/index.php/open-source/downloads.html}.
Using the Network Connections control panel,
configure the TAP-Win32 network interface in the same way as you would do from the tinc-up script,
as explained in the rest of the documentation.
@ -329,24 +324,25 @@ as explained in the rest of the documentation.
@cindex requirements
@cindex libraries
Before you can configure or build tinc, you need to have the OpenSSL,
Before you can configure or build tinc, you need to have the LibreSSL or OpenSSL,
zlib and lzo libraries installed on your system. If you try to configure tinc without
having them installed, configure will give you an error message, and stop.
@menu
* OpenSSL::
* LibreSSL/OpenSSL::
* zlib::
* lzo::
@end menu
@c ==================================================================
@node OpenSSL
@subsection OpenSSL
@node LibreSSL/OpenSSL
@subsection LibreSSL/OpenSSL
@cindex LibreSSL
@cindex OpenSSL
For all cryptography-related functions, tinc uses the functions provided
by the OpenSSL library.
by the LibreSSL or the OpenSSL library.
If this library is not installed, you will get an error when configuring
tinc for build. Support for running tinc with other cryptographic libraries
@ -356,21 +352,23 @@ You can use your operating system's package manager to install this if
available. Make sure you install the development AND runtime versions
of this package.
If you have to install OpenSSL manually, you can get the source code
from @url{http://www.openssl.org/}. Instructions on how to configure,
build and install this package are included within the package. Please
make sure you build development and runtime libraries (which is the
If your operating system comes neither with LibreSSL or OpenSSL, you have to
install one manually. It is recommended that you get the latest version of
LibreSSL from @url{http://www.libressl.org/}. Instructions on how to
configure, build and install this package are included within the package.
Please make sure you build development and runtime libraries (which is the
default).
If you installed the OpenSSL libraries from source, it may be necessary
If you installed the LibreSSL or OpenSSL libraries from source, it may be necessary
to let configure know where they are, by passing configure one of the
--with-openssl-* parameters.
--with-openssl-* parameters. Note that you even have to use --with-openssl-* if you
are using LibreSSL.
@example
--with-openssl=DIR OpenSSL library and headers prefix
--with-openssl-include=DIR OpenSSL headers directory
--with-openssl=DIR LibreSSL/OpenSSL library and headers prefix
--with-openssl-include=DIR LibreSSL/OpenSSL headers directory
(Default is OPENSSL_DIR/include)
--with-openssl-lib=DIR OpenSSL library directory
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
(Default is OPENSSL_DIR/lib)
@end example
@ -381,7 +379,7 @@ to let configure know where they are, by passing configure one of the
The complete source code of tinc is covered by the GNU GPL version 2.
Since the license under which OpenSSL is distributed is not directly
compatible with the terms of the GNU GPL
@uref{http://www.openssl.org/support/faq.html#LEGAL2}, we
@uref{https://www.openssl.org/support/faq.html#LEGAL2}, we
include an exemption to the GPL (see also the file COPYING.README) to allow
everyone to create a statically or dynamically linked executable:
@ -397,8 +395,8 @@ we also present the following exemption:
@quotation
Hereby I grant a special exception to the tinc VPN project
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
(http://www.openssl.org).
(https://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
(https://www.openssl.org).
Markus F.X.J. Oberhumer
@end quotation
@ -423,7 +421,7 @@ available. Make sure you install the development AND runtime versions
of this package.
If you have to install zlib manually, you can get the source code
from @url{http://www.gzip.org/zlib/}. Instructions on how to configure,
from @url{http://www.zlib.net/}. Instructions on how to configure,
build and install this package are included within the package. Please
make sure you build development and runtime libraries (which is the
default).
@ -447,7 +445,7 @@ available. Make sure you install the development AND runtime versions
of this package.
If you have to install lzo manually, you can get the source code
from @url{http://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure,
from @url{https://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure,
build and install this package are included within the package. Please
make sure you build development and runtime libraries (which is the
default).
@ -473,9 +471,7 @@ system startup scripts and sample configurations.
If you cannot use one of the precompiled packages, or you want to compile tinc
for yourself, you can use the source. The source is distributed under
the GNU General Public License (GPL). Download the source from the
@uref{http://www.tinc-vpn.org/download/, download page}, which has
the checksums of these files listed; you may wish to check these with
md5sum before continuing.
@uref{https://www.tinc-vpn.org/download/, download page}.
Tinc comes in a convenient autoconf/automake package, which you can just
treat the same as any other package. Which is just untar it, type
@ -512,19 +508,18 @@ The documentation that comes along with your distribution will tell you how to d
@node Darwin (Mac OS X) build environment
@subsection Darwin (Mac OS X) build environment
In order to build tinc on Darwin, you need to install the Mac OS X Developer Tools
from @uref{http://developer.apple.com/tools/macosxtools.html} and
preferably a recent version of Fink from @uref{http://www.finkproject.org/}.
In order to build tinc on Darwin, you need to install Xcode from @uref{https://developer.apple.com/xcode/}.
It might also help to install a recent version of Fink from @uref{http://www.finkproject.org/}.
After installation use fink to download and install the following packages:
autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
You need to download and install LibreSSL (or OpenSSL) and LZO,
either directly from their websites (see @ref{Libraries}) or using Fink.
@c ==================================================================
@node Cygwin (Windows) build environment
@subsection Cygwin (Windows) build environment
If Cygwin hasn't already been installed, install it directly from
@uref{http://www.cygwin.com/}.
@uref{https://www.cygwin.com/}.
When tinc is compiled in a Cygwin environment, it can only be run in this environment,
but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
@ -535,6 +530,7 @@ It will also support all features.
@subsection MinGW (Windows) build environment
You will need to install the MinGW environment from @uref{http://www.mingw.org}.
You also need to download and install LibreSSL (or OpenSSL) and LZO.
When tinc is compiled using MinGW it runs natively under Windows,
it is not necessary to keep MinGW installed.
@ -1149,7 +1145,7 @@ tried until a working connection has been established.
@cindex Cipher
@item Cipher = <@var{cipher}> (blowfish)
The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by OpenSSL is recognized.
Any cipher supported by LibreSSL or OpenSSL is recognized.
Furthermore, specifying "none" will turn off packet encryption.
It is best to use only those ciphers which support CBC mode.
@ -1168,7 +1164,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
@cindex Digest
@item Digest = <@var{digest}> (sha1)
The digest algorithm used to authenticate UDP packets.
Any digest supported by OpenSSL is recognized.
Any digest supported by LibreSSL or OpenSSL is recognized.
Furthermore, specifying "none" will turn off packet authentication.
@cindex IndirectData
@ -1239,7 +1235,7 @@ MAC addresses are notated like 0:1a:2b:3c:4d:5e.
Prefixlength is the number of bits set to 1 in the netmask part; for
example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes
/22. This conforms to standard CIDR notation as described in
@uref{http://www.ietf.org/rfc/rfc1519.txt, RFC1519}
@uref{https://www.ietf.org/rfc/rfc1519.txt, RFC1519}
@cindex Subnet weight
A Subnet can be given a weight to indicate its priority over identical Subnets
@ -2254,7 +2250,7 @@ eavesdroppers cannot get and cannot change any information at all from the
packets they can intercept. The encryption algorithm and message authentication
algorithm can be changed in the configuration. The length of the message
authentication codes is also adjustable. The length of the key for the
encryption algorithm is always the default length used by OpenSSL.
encryption algorithm is always the default length used by LibreSSL/OpenSSL.
@menu
* Authentication protocol::
@ -2413,7 +2409,7 @@ the MACLength configuration variable.
In August 2000, we discovered the existence of a security hole in all versions
of tinc up to and including 1.0pre2. This had to do with the way we exchanged
keys. Since then, we have been working on a new authentication scheme to make
tinc as secure as possible. The current version uses the OpenSSL library and
tinc as secure as possible. The current version uses the LibreSSL or OpenSSL library and
uses strong authentication with RSA keys.
On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
@ -2586,14 +2582,14 @@ Adding routes to IPv6 subnets:
@section Contact information
@cindex website
Tinc's website is at @url{http://www.tinc-vpn.org/},
Tinc's website is at @url{https://www.tinc-vpn.org/},
this server is located in the Netherlands.
@cindex IRC
We have an IRC channel on the FreeNode and OFTC IRC networks. Connect to
@uref{http://www.freenode.net/, irc.freenode.net}
@uref{https://freenode.net/, irc.freenode.net}
or
@uref{http://www.oftc.net/, irc.oftc.net}
@uref{https://www.oftc.net/, irc.oftc.net}
and join channel #tinc.

2
doc/tincd.8.in
View file

@ -207,7 +207,7 @@ If you find any bugs, report them to tinc@tinc-vpn.org.
A lot, especially security auditing.
.Sh SEE ALSO
.Xr tinc.conf 5 ,
.Pa http://www.tinc-vpn.org/ ,
.Pa https://www.tinc-vpn.org/ ,
.Pa http://www.cabal.org/ .
.Pp
The full documentation for tinc is maintained as a Texinfo manual.