lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Upstream version 1.0.23

Browse source
This commit is contained in:
Guus Sliepen 2019-08-26 13:44:44 +02:00
parent 8dab3abc97
commit 413f90b815
57 changed files with 1202 additions and 2498 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/Makefile.am
View file

@ -6,7 +6,7 @@ man_MANS = tincd.8 tinc.conf.5
EXTRA_DIST = tincinclude.texi.in tincd.8.in tinc.conf.5.in sample-config.tar.gz
CLEANFILES = *.html tinc.info tincd.8 tinc.conf.5 tincinclude.texi
CLEANFILES = *.html tincd.8 tinc.conf.5 tincinclude.texi
# Use `ginstall' in the definition of man_MANS to avoid
# confusion with the `install' target. The install rule transforms `ginstall'

46
doc/Makefile.in
View file

@ -1,4 +1,4 @@
# Makefile.in generated by automake 1.13.3 from Makefile.am.
# Makefile.in generated by automake 1.14 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
@ -81,7 +81,7 @@ DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am texinfo.tex
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/openssl.m4 \
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@ -130,7 +130,7 @@ AM_V_texidevnull = $(am__v_texidevnull_@AM_V@)
am__v_texidevnull_ = $(am__v_texidevnull_@AM_DEFAULT_V@)
am__v_texidevnull_0 = > /dev/null
am__v_texidevnull_1 =
INFO_DEPS = tinc.info
INFO_DEPS = $(srcdir)/tinc.info
am__TEXINFO_TEX_DIR = $(srcdir)
DVIS = tinc.dvi
PDFS = tinc.pdf
@ -188,7 +188,6 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
# to install before applying any user-specified name transformations.
transform = s/ginstall/install/; @program_transform_name@
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AUTOCONF = @AUTOCONF@
@ -209,7 +208,6 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
GREP = @GREP@
INCLUDES = @INCLUDES@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@ -218,7 +216,6 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
@ -232,7 +229,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
@ -290,7 +286,7 @@ top_srcdir = @top_srcdir@
info_TEXINFOS = tinc.texi
man_MANS = tincd.8 tinc.conf.5
EXTRA_DIST = tincinclude.texi.in tincd.8.in tinc.conf.5.in sample-config.tar.gz
CLEANFILES = *.html tinc.info tincd.8 tinc.conf.5 tincinclude.texi
CLEANFILES = *.html tincd.8 tinc.conf.5 tincinclude.texi
substitute = sed \
-e s,'@PACKAGE\@',"$(PACKAGE)",g \
-e s,'@VERSION\@',"$(VERSION)",g \
@ -300,7 +296,7 @@ substitute = sed \
all: all-am
.SUFFIXES:
.SUFFIXES: .dvi .ps
.SUFFIXES: .dvi .html .info .pdf .ps .texi
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@ -332,49 +328,53 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
tinc.info: tinc.texi
.texi.info:
$(AM_V_MAKEINFO)restore=: && backupdir="$(am__leading_dot)am$$$$" && \
am__cwd=`pwd` && $(am__cd) $(srcdir) && \
rm -rf $$backupdir && mkdir $$backupdir && \
if ($(MAKEINFO) --version) >/dev/null 2>&1; then \
for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \
if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \
done; \
else :; fi && \
cd "$$am__cwd"; \
if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
-o $@ `test -f 'tinc.texi' || echo '$(srcdir)/'`tinc.texi; \
-o $@ $<; \
then \
rc=0; \
$(am__cd) $(srcdir); \
else \
rc=$$?; \
$(am__cd) $(srcdir) && \
$$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \
fi; \
rm -rf $$backupdir; exit $$rc
tinc.dvi: tinc.texi
.texi.dvi:
$(AM_V_TEXI2DVI)TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
$(TEXI2DVI) $(AM_V_texinfo) --build-dir=$(@:.dvi=.t2d) -o $@ $(AM_V_texidevnull) \
`test -f 'tinc.texi' || echo '$(srcdir)/'`tinc.texi
$<
tinc.pdf: tinc.texi
.texi.pdf:
$(AM_V_TEXI2PDF)TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
$(TEXI2PDF) $(AM_V_texinfo) --build-dir=$(@:.pdf=.t2p) -o $@ $(AM_V_texidevnull) \
`test -f 'tinc.texi' || echo '$(srcdir)/'`tinc.texi
$<
tinc.html: tinc.texi
.texi.html:
$(AM_V_MAKEINFO)rm -rf $(@:.html=.htp)
$(AM_V_at)if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
-o $(@:.html=.htp) `test -f 'tinc.texi' || echo '$(srcdir)/'`tinc.texi; \
-o $(@:.html=.htp) $<; \
then \
rm -rf $@; \
if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
mv $(@:.html=) $@; else mv $(@:.html=.htp) $@; fi; \
rm -rf $@ && mv $(@:.html=.htp) $@; \
else \
if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
rm -rf $(@:.html=); else rm -Rf $(@:.html=.htp) $@; fi; \
exit 1; \
rm -rf $(@:.html=.htp); exit 1; \
fi
$(srcdir)/tinc.info: tinc.texi
tinc.dvi: tinc.texi
tinc.pdf: tinc.texi
tinc.html: tinc.texi
.dvi.ps:
$(AM_V_DVIPS)TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
$(DVIPS) $(AM_V_texinfo) -o $@ $<

BIN
doc/sample-config.tar.gz
View file

Binary file not shown.

149
doc/tinc.info
View file

@ -5,7 +5,7 @@ START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.21, a Virtual Private
This is the info manual for tinc version 1.0.22, a Virtual Private
Network daemon.
Copyright (C) 1998-2013 Ivo Timmermans, Guus Sliepen
@ -868,6 +868,9 @@ Hostnames = <yes|no> (no)
configuration file, but whether hostnames should be resolved while
logging.
IffOneQueue = <yes|no> (no) [experimental]
(Linux only) Set IFF_ONE_QUEUE flag on TUN/TAP devices.
Interface = <INTERFACE>
Defines the name of the interface corresponding to the virtual
network device. Depending on the operating system and the type of
@ -876,6 +879,12 @@ Interface = <INTERFACE>
interface will be used. If you specified a Device, this variable
is almost always already correctly set.
KeyExpire = <SECONDS> (3600)
This option controls the time the encryption keys used to encrypt
the data are valid. It is common practice to change keys at
regular intervals to make it even harder for crackers, even though
it is thought to be nearly impossible to crack a single key.
LocalDiscovery = <yes | no> (no) [experimental]
When enabled, tinc will try to detect peers that are on the same
local network. This will allow direct communication using LAN
@ -887,6 +896,15 @@ LocalDiscovery = <yes | no> (no) [experimental]
packets to the LAN during path MTU discovery. This feature may not
work in all possible situations.
MACExpire = <SECONDS> (600)
This option controls the amount of time MAC addresses are kept
before they are removed. This only has effect when Mode is set to
"switch".
MaxTimeout = <SECONDS> (900)
This is the maximum delay before trying to reconnect to other tinc
daemons.
Mode = <router|switch|hub> (router)
This option selects the way packets are routed to other daemons.
@ -914,17 +932,6 @@ Mode = <router|switch|hub> (router)
every packet will be broadcast to the other daemons while no
routing table is managed.
KeyExpire = <SECONDS> (3600)
This option controls the time the encryption keys used to encrypt
the data are valid. It is common practice to change keys at
regular intervals to make it even harder for crackers, even though
it is thought to be nearly impossible to crack a single key.
MACExpire = <SECONDS> (600)
This option controls the amount of time MAC addresses are kept
before they are removed. This only has effect when Mode is set to
"switch".
Name = <NAME> [required]
This is a symbolic name for this connection. The name should
consist only of alfanumeric and underscore characters (a-z, A-Z,
@ -967,7 +974,7 @@ ProcessPriority = <low|normal|high>
adjusted. Increasing the priority may help to reduce latency and
packet loss on the VPN.
Proxy = socks4 | socks4 | http | exec ... [experimental]
Proxy = socks4 | socks5 | http | exec ... [experimental]
Use a proxy when making outgoing connections. The following proxy
types are currently supported:
@ -976,7 +983,7 @@ Proxy = socks4 | socks4 | http | exec ... [experimental]
Optionally, a USERNAME can be supplied which will be passed on
to the proxy server.
socks4 <ADDRESS> <PORT> [<USERNAME> <PASSWORD>]
socks5 <ADDRESS> <PORT> [<USERNAME> <PASSWORD>]
Connect to the proxy using the SOCKS version 5 protocol. If a
USERNAME and PASSWORD are given, basic username/password
authentication will be used, otherwise no authentication will
@ -1001,7 +1008,7 @@ ReplayWindow = <bytes> (16)
pass all traffic, but leaves tinc vulnerable to replay-based
attacks on your traffic.
StrictSubnets <yes|no> (no) [experimental]
StrictSubnets = <yes|no> (no) [experimental]
When this option is enabled tinc will only use Subnet statements
which are present in the host config files in the local
'/etc/tinc/NETNAME/hosts/' directory.
@ -2457,7 +2464,7 @@ Concept Index
* example: Example configuration.
(line 6)
* exec: Main configuration variables.
(line 308)
(line 315)
* Forwarding: Main configuration variables.
(line 152)
* frame type: The UDP tunnel. (line 6)
@ -2466,40 +2473,44 @@ Concept Index
* Hostnames: Main configuration variables.
(line 180)
* http: Main configuration variables.
(line 305)
(line 312)
* hub: Main configuration variables.
(line 232)
(line 250)
* ID: Authentication protocol.
(line 10)
* IffOneQueue: Main configuration variables.
(line 191)
* IndirectData: Host configuration variables.
(line 34)
* Interface: Main configuration variables.
(line 191)
(line 194)
* INTERFACE: Scripts. (line 56)
* IRC: Contact information. (line 9)
* key generation: Generating keypairs. (line 6)
* KeyExpire: Main configuration variables.
(line 237)
(line 202)
* KEY_CHANGED: The meta-protocol. (line 63)
* libraries: Libraries. (line 6)
* license: OpenSSL. (line 35)
* LocalDiscovery: Main configuration variables.
(line 199)
(line 208)
* lzo: lzo. (line 6)
* MACExpire: Main configuration variables.
(line 243)
(line 219)
* MACLength: Host configuration variables.
(line 42)
* MaxTimeout: Main configuration variables.
(line 224)
* meta-protocol: The meta-connection. (line 18)
* META_KEY: Authentication protocol.
(line 10)
* Mode: Main configuration variables.
(line 210)
(line 228)
* multicast: Main configuration variables.
(line 99)
* multiple networks: Multiple networks. (line 6)
* Name: Main configuration variables.
(line 248)
(line 255)
* NAME: Scripts. (line 50)
* netmask: Network interfaces. (line 33)
* netname: Multiple networks. (line 6)
@ -2513,9 +2524,9 @@ Concept Index
(line 67)
* PING: The meta-protocol. (line 88)
* PingInterval: Main configuration variables.
(line 259)
(line 266)
* PingTimeout: Main configuration variables.
(line 263)
(line 270)
* platforms: Supported platforms. (line 6)
* PMTU: Host configuration variables.
(line 47)
@ -2526,17 +2537,17 @@ Concept Index
(line 55)
* port numbers: Other files. (line 17)
* PriorityInheritance: Main configuration variables.
(line 269)
(line 276)
* private: Virtual Private Networks.
(line 10)
* PrivateKey: Main configuration variables.
(line 274)
(line 281)
* PrivateKeyFile: Main configuration variables.
(line 280)
(line 287)
* ProcessPriority: Main configuration variables.
(line 285)
(line 292)
* Proxy: Main configuration variables.
(line 290)
(line 297)
* PublicKey: Host configuration variables.
(line 59)
* PublicKeyFile: Host configuration variables.
@ -2547,11 +2558,11 @@ Concept Index
* REMOTEADDRESS: Scripts. (line 65)
* REMOTEPORT: Scripts. (line 68)
* ReplayWindow: Main configuration variables.
(line 313)
(line 320)
* requirements: Libraries. (line 6)
* REQ_KEY: The meta-protocol. (line 63)
* router: Main configuration variables.
(line 213)
(line 231)
* runtime options: Runtime options. (line 9)
* scalability: tinc. (line 19)
* scripts: Scripts. (line 6)
@ -2559,11 +2570,11 @@ Concept Index
(line 18)
* signals: Signals. (line 6)
* socks4: Main configuration variables.
(line 294)
(line 301)
* socks5: Main configuration variables.
(line 299)
(line 306)
* StrictSubnets: Main configuration variables.
(line 324)
(line 331)
* Subnet: Host configuration variables.
(line 74)
* SUBNET: Scripts. (line 72)
@ -2571,7 +2582,7 @@ Concept Index
(line 96)
* SVPN: Security. (line 11)
* switch: Main configuration variables.
(line 221)
(line 239)
* TCP: The meta-connection. (line 10)
* TCPonly: Host configuration variables.
(line 103)
@ -2585,16 +2596,16 @@ Concept Index
* tunifhead: Main configuration variables.
(line 134)
* TunnelServer: Main configuration variables.
(line 329)
(line 336)
* tunnohead: Main configuration variables.
(line 128)
* UDP: The UDP tunnel. (line 30)
* UDP <1>: Encryption of network packets.
(line 12)
* UDPRcvBuf: Main configuration variables.
(line 336)
(line 343)
* UDPSndBuf: Main configuration variables.
(line 341)
(line 348)
* UML: Main configuration variables.
(line 110)
* Universal tun/tap: Configuration of Linux kernels.
@ -2646,34 +2657,34 @@ Node: Multiple networks21634
Node: How connections work23059
Node: Configuration files24281
Node: Main configuration variables25669
Node: Host configuration variables41412
Node: Scripts46767
Node: How to configure49530
Node: Generating keypairs50787
Node: Network interfaces51286
Node: Example configuration53134
Node: Running tinc58459
Node: Runtime options59049
Node: Signals62351
Node: Debug levels63542
Node: Solving problems64478
Node: Error messages66030
Node: Sending bug reports70039
Node: Technical information70986
Node: The connection71217
Node: The UDP tunnel71529
Node: The meta-connection74592
Node: The meta-protocol76061
Node: Security81078
Node: Authentication protocol82211
Node: Encryption of network packets87228
Node: Security issues88604
Node: Platform specific information90231
Node: Interface configuration90459
Node: Routes92912
Node: About us94829
Node: Contact information95004
Node: Authors95408
Node: Concept Index95813
Node: Host configuration variables41635
Node: Scripts46990
Node: How to configure49753
Node: Generating keypairs51010
Node: Network interfaces51509
Node: Example configuration53357
Node: Running tinc58682
Node: Runtime options59272
Node: Signals62574
Node: Debug levels63765
Node: Solving problems64701
Node: Error messages66253
Node: Sending bug reports70262
Node: Technical information71209
Node: The connection71440
Node: The UDP tunnel71752
Node: The meta-connection74815
Node: The meta-protocol76284
Node: Security81301
Node: Authentication protocol82434
Node: Encryption of network packets87451
Node: Security issues88827
Node: Platform specific information90454
Node: Interface configuration90682
Node: Routes93135
Node: About us95052
Node: Contact information95227
Node: Authors95631
Node: Concept Index96036

End Tag Table

39
doc/tinc.texi
View file

@ -950,6 +950,10 @@ it does a lookup if your DNS server is not responding.
This does not affect resolving hostnames to IP addresses from the
configuration file, but whether hostnames should be resolved while logging.
@cindex IffOneQueue
@item IffOneQueue = <yes|no> (no) [experimental]
(Linux only) Set IFF_ONE_QUEUE flag on TUN/TAP devices.
@cindex Interface
@item Interface = <@var{interface}>
Defines the name of the interface corresponding to the virtual network device.
@ -957,6 +961,13 @@ Depending on the operating system and the type of device this may or may not act
Under Windows, this variable is used to select which network interface will be used.
If you specified a Device, this variable is almost always already correctly set.
@cindex KeyExpire
@item KeyExpire = <@var{seconds}> (3600)
This option controls the time the encryption keys used to encrypt the data
are valid. It is common practice to change keys at regular intervals to
make it even harder for crackers, even though it is thought to be nearly
impossible to crack a single key.
@cindex LocalDiscovery
@item LocalDiscovery = <yes | no> (no) [experimental]
When enabled, tinc will try to detect peers that are on the same local network.
@ -967,6 +978,15 @@ which normally would prevent the peers from learning each other's LAN address.
Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
This feature may not work in all possible situations.
@cindex MACExpire
@item MACExpire = <@var{seconds}> (600)
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when Mode is set to "switch".
@cindex MaxTimeout
@item MaxTimeout = <@var{seconds}> (900)
This is the maximum delay before trying to reconnect to other tinc daemons.
@cindex Mode
@item Mode = <router|switch|hub> (router)
This option selects the way packets are routed to other daemons.
@ -996,18 +1016,6 @@ every packet will be broadcast to the other daemons
while no routing table is managed.
@end table
@cindex KeyExpire
@item KeyExpire = <@var{seconds}> (3600)
This option controls the time the encryption keys used to encrypt the data
are valid. It is common practice to change keys at regular intervals to
make it even harder for crackers, even though it is thought to be nearly
impossible to crack a single key.
@cindex MACExpire
@item MACExpire = <@var{seconds}> (600)
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when Mode is set to "switch".
@cindex Name
@item Name = <@var{name}> [required]
This is a symbolic name for this connection.
@ -1052,7 +1060,7 @@ When this option is used the priority of the tincd process will be adjusted.
Increasing the priority may help to reduce latency and packet loss on the VPN.
@cindex Proxy
@item Proxy = socks4 | socks4 | http | exec @var{...} [experimental]
@item Proxy = socks4 | socks5 | http | exec @var{...} [experimental]
Use a proxy when making outgoing connections.
The following proxy types are currently supported:
@ -1063,7 +1071,7 @@ Connects to the proxy using the SOCKS version 4 protocol.
Optionally, a @var{username} can be supplied which will be passed on to the proxy server.
@cindex socks5
@item socks4 <@var{address}> <@var{port}> [<@var{username}> <@var{password}>]
@item socks5 <@var{address}> <@var{port}> [<@var{username}> <@var{password}>]
Connect to the proxy using the SOCKS version 5 protocol.
If a @var{username} and @var{password} are given, basic username/password authentication will be used,
otherwise no authentication will be used.
@ -1089,9 +1097,8 @@ reordering. Setting this to zero will disable replay tracking completely and
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
traffic.
@cindex StrictSubnets
@item StrictSubnets <yes|no> (no) [experimental]
@item StrictSubnets = <yes|no> (no) [experimental]
When this option is enabled tinc will only use Subnet statements which are
present in the host config files in the local
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory.