Import Debian changes 1.0.9-1
tinc (1.0.9-1) unstable; urgency=low
* New upstream release.
- Binds IPv6 sockets only to IPv6. Closes: #440150
* Update copyright file. Closes: #482566
This commit is contained in:
commit
4812d2eb3d
53 changed files with 6947 additions and 1219 deletions
249
doc/tinc/tinc_0.html
Normal file
249
doc/tinc/tinc_0.html
Normal file
|
|
@ -0,0 +1,249 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||
<html>
|
||||
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||
<!--
|
||||
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||
Karl Berry <karl@freefriends.org>
|
||||
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||
and many others.
|
||||
Maintained by: Many creative people.
|
||||
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||
|
||||
-->
|
||||
<head>
|
||||
<title>tinc Manual: 1. Introduction</title>
|
||||
|
||||
<meta name="description" content="tinc Manual: 1. Introduction">
|
||||
<meta name="keywords" content="tinc Manual: 1. Introduction">
|
||||
<meta name="resource-type" content="document">
|
||||
<meta name="distribution" content="global">
|
||||
<meta name="Generator" content="texi2html 1.78">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
a.summary-letter {text-decoration: none}
|
||||
pre.display {font-family: serif}
|
||||
pre.format {font-family: serif}
|
||||
pre.menu-comment {font-family: serif}
|
||||
pre.menu-preformatted {font-family: serif}
|
||||
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||
pre.smallexample {font-size: smaller}
|
||||
pre.smallformat {font-family: serif; font-size: smaller}
|
||||
pre.smalllisp {font-size: smaller}
|
||||
span.roman {font-family:serif; font-weight:normal;}
|
||||
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||
ul.toc {list-style: none}
|
||||
-->
|
||||
</style>
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||
|
||||
<a name="Introduction"></a>
|
||||
<a name="SEC1"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[ < ]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC2" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[ << ]</td>
|
||||
<td valign="middle" align="left">[ Up ]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h1 class="chapter"> 1. Introduction </h1>
|
||||
|
||||
<p>Tinc is a Virtual Private Network (VPN) daemon that uses tunneling and
|
||||
encryption to create a secure private network between hosts on the
|
||||
Internet.
|
||||
</p>
|
||||
<p>Because the tunnel appears to the IP level network code as a normal
|
||||
network device, there is no need to adapt any existing software.
|
||||
The encrypted tunnels allows VPN sites to share information with each other
|
||||
over the Internet without exposing any information to others.
|
||||
</p>
|
||||
<p>This document is the manual for tinc. Included are chapters on how to
|
||||
configure your computer to use tinc, as well as the configuration
|
||||
process of tinc itself.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC2">1.1 Virtual Private Networks</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC3">1.2 tinc</a></td><td> </td><td align="left" valign="top"> About tinc
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC4">1.3 Supported platforms</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Virtual-Private-Networks"></a>
|
||||
<a name="SEC2"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC1" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC3" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 1.1 Virtual Private Networks </h2>
|
||||
|
||||
<a name="IDX1"></a>
|
||||
<p>A Virtual Private Network or VPN is a network that can only be accessed
|
||||
by a few elected computers that participate. This goal is achievable in
|
||||
more than just one way.
|
||||
</p>
|
||||
<a name="IDX2"></a>
|
||||
<p>Private networks can consist of a single stand-alone Ethernet LAN. Or
|
||||
even two computers hooked up using a null-modem cable. In these cases,
|
||||
it is
|
||||
obvious that the network is <em>private</em>, no one can access it from the
|
||||
outside. But if your computers are linked to the Internet, the network
|
||||
is not private anymore, unless one uses firewalls to block all private
|
||||
traffic. But then, there is no way to send private data to trusted
|
||||
computers on the other end of the Internet.
|
||||
</p>
|
||||
<p>This problem can be solved by using <em>virtual</em> networks. Virtual
|
||||
networks can live on top of other networks, but they use encapsulation to
|
||||
keep using their private address space so they do not interfere with
|
||||
the Internet. Mostly, virtual networks appear like a singe LAN, even though
|
||||
they can span the entire world. But virtual networks can't be secured
|
||||
by using firewalls, because the traffic that flows through it has to go
|
||||
through the Internet, where other people can look at it.
|
||||
</p>
|
||||
<p>As is the case with either type of VPN, anybody could eavesdrop. Or
|
||||
worse, alter data. Hence it's probably advisable to encrypt the data
|
||||
that flows over the network.
|
||||
</p>
|
||||
<p>When one introduces encryption, we can form a true VPN. Other people may
|
||||
see encrypted traffic, but if they don't know how to decipher it (they
|
||||
need to know the key for that), they cannot read the information that flows
|
||||
through the VPN. This is what tinc was made for.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="tinc"></a>
|
||||
<a name="SEC3"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC2" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC4" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 1.2 tinc </h2>
|
||||
|
||||
<a name="IDX3"></a>
|
||||
<p>I really don't quite remember what got us started, but it must have been
|
||||
Guus' idea. He wrote a simple implementation (about 50 lines of C) that
|
||||
used the ethertap device that Linux knows of since somewhere
|
||||
about kernel 2.1.60. It didn't work immediately and he improved it a
|
||||
bit. At this stage, the project was still simply called "vpnd".
|
||||
</p>
|
||||
<p>Since then, a lot has changed—to say the least.
|
||||
</p>
|
||||
<a name="IDX4"></a>
|
||||
<p>Tinc now supports encryption, it consists of a single daemon (tincd) for
|
||||
both the receiving and sending end, it has become largely
|
||||
runtime-configurable—in short, it has become a full-fledged
|
||||
professional package.
|
||||
</p>
|
||||
<a name="IDX5"></a>
|
||||
<p>Tinc also allows more than two sites to connect to eachother and form a single VPN.
|
||||
Traditionally VPNs are created by making tunnels, which only have two endpoints.
|
||||
Larger VPNs with more sites are created by adding more tunnels.
|
||||
Tinc takes another approach: only endpoints are specified,
|
||||
the software itself will take care of creating the tunnels.
|
||||
This allows for easier configuration and improved scalability.
|
||||
</p>
|
||||
<p>A lot can—and will be—changed. We have a number of things that we would like to
|
||||
see in the future releases of tinc. Not everything will be available in
|
||||
the near future. Our first objective is to make tinc work perfectly as
|
||||
it stands, and then add more advanced features.
|
||||
</p>
|
||||
<p>Meanwhile, we're always open-minded towards new ideas. And we're
|
||||
available too.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Supported-platforms"></a>
|
||||
<a name="SEC4"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC3" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 1.3 Supported platforms </h2>
|
||||
|
||||
<a name="IDX6"></a>
|
||||
<p>Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment),
|
||||
with various hardware architectures. These are some of the platforms
|
||||
that are supported by the universal tun/tap device driver or other virtual network device drivers.
|
||||
Without such a driver, tinc will most
|
||||
likely compile and run, but it will not be able to send or receive data
|
||||
packets.
|
||||
</p>
|
||||
<p>For an up to date list of supported platforms, please check the list on
|
||||
our website:
|
||||
<a href="http://www.tinc-vpn.org/platforms">http://www.tinc-vpn.org/platforms</a>.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<p>
|
||||
<font size="-1">
|
||||
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||
</font>
|
||||
<br>
|
||||
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
536
doc/tinc/tinc_1.html
Normal file
536
doc/tinc/tinc_1.html
Normal file
|
|
@ -0,0 +1,536 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||
<html>
|
||||
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||
<!--
|
||||
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||
Karl Berry <karl@freefriends.org>
|
||||
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||
and many others.
|
||||
Maintained by: Many creative people.
|
||||
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||
|
||||
-->
|
||||
<head>
|
||||
<title>tinc Manual: 2. Preparations</title>
|
||||
|
||||
<meta name="description" content="tinc Manual: 2. Preparations">
|
||||
<meta name="keywords" content="tinc Manual: 2. Preparations">
|
||||
<meta name="resource-type" content="document">
|
||||
<meta name="distribution" content="global">
|
||||
<meta name="Generator" content="texi2html 1.78">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
a.summary-letter {text-decoration: none}
|
||||
pre.display {font-family: serif}
|
||||
pre.format {font-family: serif}
|
||||
pre.menu-comment {font-family: serif}
|
||||
pre.menu-preformatted {font-family: serif}
|
||||
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||
pre.smallexample {font-size: smaller}
|
||||
pre.smallformat {font-family: serif; font-size: smaller}
|
||||
pre.smalllisp {font-size: smaller}
|
||||
span.roman {font-family:serif; font-weight:normal;}
|
||||
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||
ul.toc {list-style: none}
|
||||
-->
|
||||
</style>
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||
|
||||
<a name="Preparations"></a>
|
||||
<a name="SEC5"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="tinc_0.html#SEC4" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h1 class="chapter"> 2. Preparations </h1>
|
||||
|
||||
<p>This chapter contains information on how to prepare your system to
|
||||
support tinc.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC6">2.1 Configuring the kernel</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC14">2.2 Libraries</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Configuring-the-kernel"></a>
|
||||
<a name="SEC6"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC5" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC7" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 2.1 Configuring the kernel </h2>
|
||||
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC7">2.1.1 Configuration of Linux kernels</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC8">2.1.2 Configuration of FreeBSD kernels</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC9">2.1.3 Configuration of OpenBSD kernels</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC10">2.1.4 Configuration of NetBSD kernels</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC11">2.1.5 Configuration of Solaris kernels</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC12">2.1.6 Configuration of Darwin (MacOS/X) kernels</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC13">2.1.7 Configuration of Windows</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Configuration-of-Linux-kernels"></a>
|
||||
<a name="SEC7"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC6" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC8" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.1.1 Configuration of Linux kernels </h3>
|
||||
|
||||
<p>For tinc to work, you need a kernel that supports the Universal tun/tap device.
|
||||
Most distributions come with kernels that already support this.
|
||||
Here are the options you have to turn on when configuring a new kernel:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">Code maturity level options
|
||||
[*] Prompt for development and/or incomplete code/drivers
|
||||
Network device support
|
||||
<M> Universal tun/tap device driver support
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>It's not necessary to compile this driver as a module, even if you are going to
|
||||
run more than one instance of tinc.
|
||||
</p>
|
||||
<p>If you decide to build the tun/tap driver as a kernel module, add these lines
|
||||
to ‘<tt>/etc/modules.conf</tt>’:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">alias char-major-10-200 tun
|
||||
</pre></td></tr></table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Configuration-of-FreeBSD-kernels"></a>
|
||||
<a name="SEC8"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC7" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC9" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.1.2 Configuration of FreeBSD kernels </h3>
|
||||
|
||||
<p>For FreeBSD version 4.1 and higher, tun and tap drivers are included in the default kernel configuration.
|
||||
Using tap devices is recommended.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Configuration-of-OpenBSD-kernels"></a>
|
||||
<a name="SEC9"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC8" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC10" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.1.3 Configuration of OpenBSD kernels </h3>
|
||||
|
||||
<p>For OpenBSD version 2.9 and higher,
|
||||
the tun driver is included in the default kernel configuration.
|
||||
There is also a kernel patch from <a href="http://diehard.n-r-g.com/stuff/openbsd/">http://diehard.n-r-g.com/stuff/openbsd/</a>
|
||||
which adds a tap device to OpenBSD which should work with tinc,
|
||||
but with recent versions of OpenBSD,
|
||||
a tun device can act as a tap device by setting the link0 option with ifconfig.
|
||||
</p>
|
||||
<hr size="6">
|
||||
<a name="Configuration-of-NetBSD-kernels"></a>
|
||||
<a name="SEC10"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC9" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC11" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.1.4 Configuration of NetBSD kernels </h3>
|
||||
|
||||
<p>For NetBSD version 1.5.2 and higher,
|
||||
the tun driver is included in the default kernel configuration.
|
||||
</p>
|
||||
<p>Tunneling IPv6 may not work on NetBSD's tun device.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Configuration-of-Solaris-kernels"></a>
|
||||
<a name="SEC11"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC10" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC12" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.1.5 Configuration of Solaris kernels </h3>
|
||||
|
||||
<p>For Solaris 8 (SunOS 5.8) and higher,
|
||||
the tun driver may or may not be included in the default kernel configuration.
|
||||
If it isn't, the source can be downloaded from <a href="http://vtun.sourceforge.net/tun/">http://vtun.sourceforge.net/tun/</a>.
|
||||
For x86 and sparc64 architectures, precompiled versions can be found at <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a>.
|
||||
If the ‘<tt>net/if_tun.h</tt>’ header file is missing, install it from the source package.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="NOD12"></a>
|
||||
<a name="SEC12"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC11" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC13" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.1.6 Configuration of Darwin (MacOS/X) kernels </h3>
|
||||
|
||||
<p>Tinc on Darwin relies on a tunnel driver for its data acquisition from the kernel.
|
||||
Tinc supports either the driver from <a href="http://www-user.rhrk.uni-kl.de/~nissler/tuntap/">http://www-user.rhrk.uni-kl.de/~nissler/tuntap/</a>,
|
||||
which supports both tun and tap style devices,
|
||||
and also the driver from from <a href="http://chrisp.de/en/projects/tunnel.html">http://chrisp.de/en/projects/tunnel.html</a>.
|
||||
The former driver is recommended.
|
||||
The tunnel driver must be loaded before starting tinc with the following command:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">kmodload tunnel
|
||||
</pre></td></tr></table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Configuration-of-Windows"></a>
|
||||
<a name="SEC13"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC12" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC14" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.1.7 Configuration of Windows </h3>
|
||||
|
||||
<p>You will need to install the latest TAP-Win32 driver from OpenVPN.
|
||||
You can download it from <a href="http://openvpn.sourceforge.net">http://openvpn.sourceforge.net</a>.
|
||||
Using the Network Connections control panel,
|
||||
configure the TAP-Win32 network interface in the same way as you would do from the tinc-up script,
|
||||
as explained in the rest of the documentation.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Libraries"></a>
|
||||
<a name="SEC14"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC13" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC15" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 2.2 Libraries </h2>
|
||||
|
||||
<p>Before you can configure or build tinc, you need to have the OpenSSL,
|
||||
zlib and lzo libraries installed on your system. If you try to configure tinc without
|
||||
having them installed, configure will give you an error message, and stop.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC15">2.2.1 OpenSSL</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC17">2.2.2 zlib</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC18">2.2.3 lzo</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="OpenSSL"></a>
|
||||
<a name="SEC15"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC14" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC17" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC14" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.2.1 OpenSSL </h3>
|
||||
|
||||
<p>For all cryptography-related functions, tinc uses the functions provided
|
||||
by the OpenSSL library.
|
||||
</p>
|
||||
<p>If this library is not installed, you wil get an error when configuring
|
||||
tinc for build. Support for running tinc without having OpenSSL
|
||||
installed <em>may</em> be added in the future.
|
||||
</p>
|
||||
<p>You can use your operating system's package manager to install this if
|
||||
available. Make sure you install the development AND runtime versions
|
||||
of this package.
|
||||
</p>
|
||||
<p>If you have to install OpenSSL manually, you can get the source code
|
||||
from <a href="http://www.openssl.org/">http://www.openssl.org/</a>. Instructions on how to configure,
|
||||
build and install this package are included within the package. Please
|
||||
make sure you build development and runtime libraries (which is the
|
||||
default).
|
||||
</p>
|
||||
<p>If you installed the OpenSSL libraries from source, it may be necessary
|
||||
to let configure know where they are, by passing configure one of the
|
||||
–with-openssl-* parameters.
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">--with-openssl=DIR OpenSSL library and headers prefix
|
||||
--with-openssl-include=DIR OpenSSL headers directory
|
||||
(Default is OPENSSL_DIR/include)
|
||||
--with-openssl-lib=DIR OpenSSL library directory
|
||||
(Default is OPENSSL_DIR/lib)
|
||||
</pre></td></tr></table>
|
||||
|
||||
|
||||
<a name="SEC16"></a>
|
||||
<h4 class="subsubheading"> License </h4>
|
||||
|
||||
<p>The complete source code of tinc is covered by the GNU GPL version 2.
|
||||
Since the license under which OpenSSL is distributed is not directly
|
||||
compatible with the terms of the GNU GPL
|
||||
<a href="http://www.openssl.org/support/faq.html#LEGAL2">http://www.openssl.org/support/faq.html#LEGAL2</a>, we
|
||||
include an exemption to the GPL (see also the file COPYING.README) to allow
|
||||
everyone to create a statically or dynamically linked executable:
|
||||
</p>
|
||||
<blockquote><p>This program is released under the GPL with the additional exemption
|
||||
that compiling, linking, and/or using OpenSSL is allowed. You may
|
||||
provide binary packages linked to the OpenSSL libraries, provided that
|
||||
all other requirements of the GPL are met.
|
||||
</p></blockquote>
|
||||
|
||||
<p>Since the LZO library used by tinc is also covered by the GPL,
|
||||
we also present the following exemption:
|
||||
</p>
|
||||
<blockquote><p>Hereby I grant a special exception to the tinc VPN project
|
||||
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
|
||||
(http://www.openssl.org).
|
||||
</p>
|
||||
<p>Markus F.X.J. Oberhumer
|
||||
</p></blockquote>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="zlib"></a>
|
||||
<a name="SEC17"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC15" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC18" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC14" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.2.2 zlib </h3>
|
||||
|
||||
<p>For the optional compression of UDP packets, tinc uses the functions provided
|
||||
by the zlib library.
|
||||
</p>
|
||||
<p>If this library is not installed, you wil get an error when configuring
|
||||
tinc for build. Support for running tinc without having zlib
|
||||
installed <em>may</em> be added in the future.
|
||||
</p>
|
||||
<p>You can use your operating system's package manager to install this if
|
||||
available. Make sure you install the development AND runtime versions
|
||||
of this package.
|
||||
</p>
|
||||
<p>If you have to install zlib manually, you can get the source code
|
||||
from <a href="http://www.gzip.org/zlib/">http://www.gzip.org/zlib/</a>. Instructions on how to configure,
|
||||
build and install this package are included within the package. Please
|
||||
make sure you build development and runtime libraries (which is the
|
||||
default).
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="lzo"></a>
|
||||
<a name="SEC18"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC17" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC14" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 2.2.3 lzo </h3>
|
||||
|
||||
<a name="IDX7"></a>
|
||||
<p>Another form of compression is offered using the lzo library.
|
||||
</p>
|
||||
<p>If this library is not installed, you wil get an error when configuring
|
||||
tinc for build. Support for running tinc without having lzo
|
||||
installed <em>may</em> be added in the future.
|
||||
</p>
|
||||
<p>You can use your operating system's package manager to install this if
|
||||
available. Make sure you install the development AND runtime versions
|
||||
of this package.
|
||||
</p>
|
||||
<p>If you have to install lzo manually, you can get the source code
|
||||
from <a href="http://www.oberhumer.com/opensource/lzo/">http://www.oberhumer.com/opensource/lzo/</a>. Instructions on how to configure,
|
||||
build and install this package are included within the package. Please
|
||||
make sure you build development and runtime libraries (which is the
|
||||
default).
|
||||
</p>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<p>
|
||||
<font size="-1">
|
||||
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||
</font>
|
||||
<br>
|
||||
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
344
doc/tinc/tinc_2.html
Normal file
344
doc/tinc/tinc_2.html
Normal file
|
|
@ -0,0 +1,344 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||
<html>
|
||||
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||
<!--
|
||||
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||
Karl Berry <karl@freefriends.org>
|
||||
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||
and many others.
|
||||
Maintained by: Many creative people.
|
||||
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||
|
||||
-->
|
||||
<head>
|
||||
<title>tinc Manual: 3. Installation</title>
|
||||
|
||||
<meta name="description" content="tinc Manual: 3. Installation">
|
||||
<meta name="keywords" content="tinc Manual: 3. Installation">
|
||||
<meta name="resource-type" content="document">
|
||||
<meta name="distribution" content="global">
|
||||
<meta name="Generator" content="texi2html 1.78">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
a.summary-letter {text-decoration: none}
|
||||
pre.display {font-family: serif}
|
||||
pre.format {font-family: serif}
|
||||
pre.menu-comment {font-family: serif}
|
||||
pre.menu-preformatted {font-family: serif}
|
||||
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||
pre.smallexample {font-size: smaller}
|
||||
pre.smallformat {font-family: serif; font-size: smaller}
|
||||
pre.smalllisp {font-size: smaller}
|
||||
span.roman {font-family:serif; font-weight:normal;}
|
||||
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||
ul.toc {list-style: none}
|
||||
-->
|
||||
</style>
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||
|
||||
<a name="Installation"></a>
|
||||
<a name="SEC19"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="tinc_1.html#SEC18" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC20" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h1 class="chapter"> 3. Installation </h1>
|
||||
|
||||
<p>If you use Debian, you may want to install one of the
|
||||
precompiled packages for your system. These packages are equipped with
|
||||
system startup scripts and sample configurations.
|
||||
</p>
|
||||
<p>If you cannot use one of the precompiled packages, or you want to compile tinc
|
||||
for yourself, you can use the source. The source is distributed under
|
||||
the GNU General Public License (GPL). Download the source from the
|
||||
<a href="http://www.tinc-vpn.org/download">download page</a>, which has
|
||||
the checksums of these files listed; you may wish to check these with
|
||||
md5sum before continuing.
|
||||
</p>
|
||||
<p>Tinc comes in a convenient autoconf/automake package, which you can just
|
||||
treat the same as any other package. Which is just untar it, type
|
||||
`./configure' and then `make'.
|
||||
More detailed instructions are in the file ‘<tt>INSTALL</tt>’, which is
|
||||
included in the source distribution.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC20">3.1 Building and installing tinc</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC24">3.2 System files</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Building-and-installing-tinc"></a>
|
||||
<a name="SEC20"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC19" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC21" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 3.1 Building and installing tinc </h2>
|
||||
|
||||
<p>Detailed instructions on configuring the source, building tinc and installing tinc
|
||||
can be found in the file called ‘<tt>INSTALL</tt>’.
|
||||
</p>
|
||||
<p>If you happen to have a binary package for tinc for your distribution,
|
||||
you can use the package management tools of that distribution to install tinc.
|
||||
The documentation that comes along with your distribution will tell you how to do that.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC21">3.1.1 Darwin (MacOS/X) build environment</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC22">3.1.2 Cygwin (Windows) build environment</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC23">3.1.3 MinGW (Windows) build environment</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="NOD20"></a>
|
||||
<a name="SEC21"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC20" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC22" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC20" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 3.1.1 Darwin (MacOS/X) build environment </h3>
|
||||
|
||||
<p>In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools
|
||||
from <a href="http://developer.apple.com/tools/macosxtools.html">http://developer.apple.com/tools/macosxtools.html</a> and
|
||||
a recent version of Fink from <a href="http://fink.sourceforge.net/">http://fink.sourceforge.net/</a>.
|
||||
</p>
|
||||
<p>After installation use fink to download and install the following packages:
|
||||
autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
||||
</p>
|
||||
<hr size="6">
|
||||
<a name="NOD21"></a>
|
||||
<a name="SEC22"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC21" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC23" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC20" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 3.1.2 Cygwin (Windows) build environment </h3>
|
||||
|
||||
<p>If Cygwin hasn't already been installed, install it directly from
|
||||
<a href="http://www.cygwin.com/">http://www.cygwin.com/</a>.
|
||||
</p>
|
||||
<p>When tinc is compiled in a Cygwin environment, it can only be run in this environment,
|
||||
but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
|
||||
It will also support all features.
|
||||
</p>
|
||||
<hr size="6">
|
||||
<a name="NOD22"></a>
|
||||
<a name="SEC23"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC22" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC24" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC20" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 3.1.3 MinGW (Windows) build environment </h3>
|
||||
|
||||
<p>You will need to install the MinGW environment from <a href="http://www.mingw.org">http://www.mingw.org</a>.
|
||||
</p>
|
||||
<p>When tinc is compiled using MinGW it runs natively under Windows,
|
||||
it is not necessary to keep MinGW installed.
|
||||
</p>
|
||||
<p>When detaching, tinc will install itself as a service,
|
||||
which will be restarted automatically after reboots.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="System-files"></a>
|
||||
<a name="SEC24"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC23" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC25" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 3.2 System files </h2>
|
||||
|
||||
<p>Before you can run tinc, you must make sure you have all the needed
|
||||
files on your system.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC25">3.2.1 Device files</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC26">3.2.2 Other files</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Device-files"></a>
|
||||
<a name="SEC25"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC24" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC26" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC24" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 3.2.1 Device files </h3>
|
||||
|
||||
<p>Most operating systems nowadays come with the necessary device files by default,
|
||||
or they have a mechanism to create them on demand.
|
||||
</p>
|
||||
<p>If you use Linux and do not have udev installed,
|
||||
you may need to create the following device file if it does not exist:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">mknod -m 600 /dev/net/tun c 10 200
|
||||
</pre></td></tr></table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Other-files"></a>
|
||||
<a name="SEC26"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC25" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC24" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 3.2.2 Other files </h3>
|
||||
|
||||
<a name="SEC27"></a>
|
||||
<h4 class="subsubheading"> ‘<tt>/etc/networks</tt>’ </h4>
|
||||
|
||||
<p>You may add a line to ‘<tt>/etc/networks</tt>’ so that your VPN will get a
|
||||
symbolic name. For example:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">myvpn 10.0.0.0
|
||||
</pre></td></tr></table>
|
||||
|
||||
<a name="SEC28"></a>
|
||||
<h4 class="subsubheading"> ‘<tt>/etc/services</tt>’ </h4>
|
||||
|
||||
<a name="IDX8"></a>
|
||||
<p>You may add this line to ‘<tt>/etc/services</tt>’. The effect is that you
|
||||
may supply a ‘<samp>tinc</samp>’ as a valid port number to some programs. The
|
||||
number 655 is registered with the IANA.
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">tinc 655/tcp TINC
|
||||
tinc 655/udp TINC
|
||||
# Ivo Timmermans <ivo@tinc-vpn.org>
|
||||
</pre></td></tr></table>
|
||||
|
||||
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<p>
|
||||
<font size="-1">
|
||||
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||
</font>
|
||||
<br>
|
||||
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
1137
doc/tinc/tinc_3.html
Normal file
1137
doc/tinc/tinc_3.html
Normal file
File diff suppressed because it is too large
Load diff
533
doc/tinc/tinc_4.html
Normal file
533
doc/tinc/tinc_4.html
Normal file
|
|
@ -0,0 +1,533 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||
<html>
|
||||
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||
<!--
|
||||
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||
Karl Berry <karl@freefriends.org>
|
||||
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||
and many others.
|
||||
Maintained by: Many creative people.
|
||||
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||
|
||||
-->
|
||||
<head>
|
||||
<title>tinc Manual: 5. Running tinc</title>
|
||||
|
||||
<meta name="description" content="tinc Manual: 5. Running tinc">
|
||||
<meta name="keywords" content="tinc Manual: 5. Running tinc">
|
||||
<meta name="resource-type" content="document">
|
||||
<meta name="distribution" content="global">
|
||||
<meta name="Generator" content="texi2html 1.78">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
a.summary-letter {text-decoration: none}
|
||||
pre.display {font-family: serif}
|
||||
pre.format {font-family: serif}
|
||||
pre.menu-comment {font-family: serif}
|
||||
pre.menu-preformatted {font-family: serif}
|
||||
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||
pre.smallexample {font-size: smaller}
|
||||
pre.smallformat {font-family: serif; font-size: smaller}
|
||||
pre.smalllisp {font-size: smaller}
|
||||
span.roman {font-family:serif; font-weight:normal;}
|
||||
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||
ul.toc {list-style: none}
|
||||
-->
|
||||
</style>
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||
|
||||
<a name="Running-tinc"></a>
|
||||
<a name="SEC49"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="tinc_3.html#SEC42" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC50" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h1 class="chapter"> 5. Running tinc </h1>
|
||||
|
||||
<p>If everything else is done, you can start tinc by typing the following command:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">tincd -n <var>netname</var>
|
||||
</pre></td></tr></table>
|
||||
|
||||
<a name="IDX64"></a>
|
||||
<p>Tinc will detach from the terminal and continue to run in the background like a good daemon.
|
||||
If there are any problems however you can try to increase the debug level
|
||||
and look in the syslog to find out what the problems are.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC50">5.1 Runtime options</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC51">5.2 Signals</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC52">5.3 Debug levels</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC53">5.4 Solving problems</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC54">5.5 Error messages</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC55">5.6 Sending bug reports</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Runtime-options"></a>
|
||||
<a name="SEC50"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC49" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC51" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 5.1 Runtime options </h2>
|
||||
|
||||
<p>Besides the settings in the configuration file, tinc also accepts some
|
||||
command line options.
|
||||
</p>
|
||||
<a name="IDX65"></a>
|
||||
<a name="IDX66"></a>
|
||||
<a name="IDX67"></a>
|
||||
<dl compact="compact">
|
||||
<dt> ‘<samp>-c, --config=<var>path</var></samp>’</dt>
|
||||
<dd><p>Read configuration options from the directory <var>path</var>. The default is
|
||||
‘<tt>/etc/tinc/<var>netname</var>/</tt>’.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>-D, --no-detach</samp>’</dt>
|
||||
<dd><p>Don't fork and detach.
|
||||
This will also disable the automatic restart mechanism for fatal errors.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>-d, --debug=<var>level</var></samp>’</dt>
|
||||
<dd><p>Set debug level to <var>level</var>. The higher the debug level, the more gets
|
||||
logged. Everything goes via syslog.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>-k, --kill[=<var>signal</var>]</samp>’</dt>
|
||||
<dd><p>Attempt to kill a running tincd (optionally with the specified <var>signal</var> instead of SIGTERM) and exit.
|
||||
Use it in conjunction with the -n option to make sure you kill the right tinc daemon.
|
||||
Under native Windows the optional argument is ignored,
|
||||
the service will always be stopped and removed.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>-n, --net=<var>netname</var></samp>’</dt>
|
||||
<dd><p>Use configuration for net <var>netname</var>. See section <a href="tinc_3.html#SEC31">Multiple networks</a>.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>-K, --generate-keys[=<var>bits</var>]</samp>’</dt>
|
||||
<dd><p>Generate public/private keypair of <var>bits</var> length. If <var>bits</var> is not specified,
|
||||
1024 is the default. tinc will ask where you want to store the files,
|
||||
but will default to the configuration directory (you can use the -c or -n option
|
||||
in combination with -K). After that, tinc will quit.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>-L, --mlock</samp>’</dt>
|
||||
<dd><p>Lock tinc into main memory.
|
||||
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>--logfile[=<var>file</var>]</samp>’</dt>
|
||||
<dd><p>Write log entries to a file instead of to the system logging facility.
|
||||
If <var>file</var> is omitted, the default is ‘<tt>/var/log/tinc.<var>netname</var>.log</tt>’.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>--pidfile=<var>file</var></samp>’</dt>
|
||||
<dd><p>Write PID to <var>file</var> instead of ‘<tt>/var/run/tinc.<var>netname</var>.pid</tt>’.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>--bypass-security</samp>’</dt>
|
||||
<dd><p>Disables encryption and authentication.
|
||||
Only useful for debugging.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>--help</samp>’</dt>
|
||||
<dd><p>Display a short reminder of these runtime options and terminate.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>--version</samp>’</dt>
|
||||
<dd><p>Output version information and exit.
|
||||
</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Signals"></a>
|
||||
<a name="SEC51"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC50" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC52" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 5.2 Signals </h2>
|
||||
|
||||
<p>You can also send the following signals to a running tincd process:
|
||||
</p>
|
||||
<dl compact="compact">
|
||||
<dt> ‘<samp>ALRM</samp>’</dt>
|
||||
<dd><p>Forces tinc to try to connect to all uplinks immediately.
|
||||
Usually tinc attempts to do this itself,
|
||||
but increases the time it waits between the attempts each time it failed,
|
||||
and if tinc didn't succeed to connect to an uplink the first time after it started,
|
||||
it defaults to the maximum time of 15 minutes.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>HUP</samp>’</dt>
|
||||
<dd><p>Partially rereads configuration files.
|
||||
Connections to hosts whose host config file are removed are closed.
|
||||
New outgoing connections specified in ‘<tt>tinc.conf</tt>’ will be made.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>INT</samp>’</dt>
|
||||
<dd><p>Temporarily increases debug level to 5.
|
||||
Send this signal again to revert to the original level.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>USR1</samp>’</dt>
|
||||
<dd><p>Dumps the connection list to syslog.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>USR2</samp>’</dt>
|
||||
<dd><p>Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>WINCH</samp>’</dt>
|
||||
<dd><p>Purges all information remembered about unreachable nodes.
|
||||
</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Debug-levels"></a>
|
||||
<a name="SEC52"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC51" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC53" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 5.3 Debug levels </h2>
|
||||
|
||||
<p>The tinc daemon can send a lot of messages to the syslog.
|
||||
The higher the debug level, the more messages it will log.
|
||||
Each level inherits all messages of the previous level:
|
||||
</p>
|
||||
<dl compact="compact">
|
||||
<dt> ‘<samp>0</samp>’</dt>
|
||||
<dd><p>This will log a message indicating tinc has started along with a version number.
|
||||
It will also log any serious error.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>1</samp>’</dt>
|
||||
<dd><p>This will log all connections that are made with other tinc daemons.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>2</samp>’</dt>
|
||||
<dd><p>This will log status and error messages from scripts and other tinc daemons.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>3</samp>’</dt>
|
||||
<dd><p>This will log all requests that are exchanged with other tinc daemons. These include
|
||||
authentication, key exchange and connection list updates.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>4</samp>’</dt>
|
||||
<dd><p>This will log a copy of everything received on the meta socket.
|
||||
</p>
|
||||
</dd>
|
||||
<dt> ‘<samp>5</samp>’</dt>
|
||||
<dd><p>This will log all network traffic over the virtual private network.
|
||||
</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Solving-problems"></a>
|
||||
<a name="SEC53"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC52" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC54" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 5.4 Solving problems </h2>
|
||||
|
||||
<p>If tinc starts without problems, but if the VPN doesn't work, you will have to find the cause of the problem.
|
||||
The first thing to do is to start tinc with a high debug level in the foreground,
|
||||
so you can directly see everything tinc logs:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">tincd -n <var>netname</var> -d5 -D
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>If tinc does not log any error messages, then you might want to check the following things:
|
||||
</p>
|
||||
<ul class="toc">
|
||||
<li> ‘<tt>tinc-up</tt>’ script
|
||||
Does this script contain the right commands?
|
||||
Normally you must give the interface the address of this host on the VPN, and the netmask must be big enough so that the entire VPN is covered.
|
||||
|
||||
</li><li> Subnet
|
||||
Does the Subnet (or Subnets) in the host configuration file of this host match the portion of the VPN that belongs to this host?
|
||||
|
||||
</li><li> Firewalls and NATs
|
||||
Do you have a firewall or a NAT device (a masquerading firewall or perhaps an ADSL router that performs masquerading)?
|
||||
If so, check that it allows TCP and UDP traffic on port 655.
|
||||
If it masquerades and the host running tinc is behind it, make sure that it forwards TCP and UDP traffic to port 655 to the host running tinc.
|
||||
You can add ‘<samp>TCPOnly = yes</samp>’ to your host config file to force tinc to only use a single TCP connection,
|
||||
this works through most firewalls and NATs.
|
||||
|
||||
</li></ul>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Error-messages"></a>
|
||||
<a name="SEC54"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC53" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC55" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 5.5 Error messages </h2>
|
||||
|
||||
<p>What follows is a list of the most common error messages you might find in the logs.
|
||||
Some of them will only be visible if the debug level is high enough.
|
||||
</p>
|
||||
<dl compact="compact">
|
||||
<dt> ‘<samp>Could not open /dev/tap0: No such device</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> You forgot to `modprobe netlink_dev' or `modprobe ethertap'.
|
||||
</li><li> You forgot to compile `Netlink device emulation' in the kernel.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Can't write to /dev/net/tun: No such device</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> You forgot to `modprobe tun'.
|
||||
</li><li> You forgot to compile `Universal TUN/TAP driver' in the kernel.
|
||||
</li><li> The tun device is located somewhere else in ‘<tt>/dev/</tt>’.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Network address and prefix length do not match!</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> The Subnet field must contain a <em>network</em> address, trailing bits should be 0.
|
||||
</li><li> If you only want to use one IP address, set the netmask to /32.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Error reading RSA key file `rsa_key.priv': No such file or directory</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> You forgot to create a public/private keypair.
|
||||
</li><li> Specify the complete pathname to the private key file with the ‘<samp>PrivateKeyFile</samp>’ option.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Warning: insecure file permissions for RSA private key file `rsa_key.priv'!</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> The private key file is readable by users other than root.
|
||||
Use chmod to correct the file permissions.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Creating metasocket failed: Address family not supported</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> By default tinc tries to create both IPv4 and IPv6 sockets.
|
||||
On some platforms this might not be implemented.
|
||||
If the logs show ‘<samp>Ready</samp>’ later on, then at least one metasocket was created,
|
||||
and you can ignore this message.
|
||||
You can add ‘<samp>AddressFamily = ipv4</samp>’ to ‘<tt>tinc.conf</tt>’ to prevent this from happening.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Cannot route packet: unknown IPv4 destination 1.2.3.4</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> You try to send traffic to a host on the VPN for which no Subnet is known.
|
||||
</li><li> If it is a broadcast address (ending in .255), it probably is a samba server or a Windows host sending broadcast packets.
|
||||
You can ignore it.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Cannot route packet: ARP request for unknown address 1.2.3.4</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> You try to send traffic to a host on the VPN for which no Subnet is known.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Packet with destination 1.2.3.4 is looping back to us!</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> Something is not configured right. Packets are being sent out to the
|
||||
virtual network device, but according to the Subnet directives in your host configuration
|
||||
file, those packets should go to your own host. Most common mistake is that
|
||||
you have a Subnet line in your host configuration file with a prefix length which is
|
||||
just as large as the prefix of the virtual network interface. The latter should in almost all
|
||||
cases be larger. Rethink your configuration.
|
||||
Note that you will only see this message if you specified a debug
|
||||
level of 5 or higher!
|
||||
</li><li> Chances are that a ‘<samp>Subnet = ...</samp>’ line in the host configuration file of this tinc daemon is wrong.
|
||||
Change it to a subnet that is accepted locally by another interface,
|
||||
or if that is not the case, try changing the prefix length into /32.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Node foo (1.2.3.4) is not reachable</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> Node foo does not have a connection anymore, its tinc daemon is not running or its connection to the Internet is broken.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Received UDP packet from unknown source 1.2.3.4 (port 12345)</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> If you see this only sporadically, it is harmless and caused by a node sending packets using an old key.
|
||||
</li><li> If you see this often and another node is not reachable anymore, then a NAT (masquerading firewall) is changing the source address of UDP packets.
|
||||
You can add ‘<samp>TCPOnly = yes</samp>’ to host configuration files to force all VPN traffic to go over a TCP connection.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
<dt> ‘<samp>Got bad/bogus/unauthorized REQUEST from foo (1.2.3.4 port 12345)</samp>’</dt>
|
||||
<dd>
|
||||
<ul class="toc">
|
||||
<li> Node foo does not have the right public/private keypair.
|
||||
Generate new keypairs and distribute them again.
|
||||
</li><li> An attacker tries to gain access to your VPN.
|
||||
</li><li> A network error caused corruption of metadata sent from foo.
|
||||
</li></ul>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Sending-bug-reports"></a>
|
||||
<a name="SEC55"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC54" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 5.6 Sending bug reports </h2>
|
||||
|
||||
<p>If you really can't find the cause of a problem, or if you suspect tinc is not working right,
|
||||
you can send us a bugreport, see <a href="tinc_7.html#SEC69">Contact information</a>.
|
||||
Be sure to include the following information in your bugreport:
|
||||
</p>
|
||||
<ul class="toc">
|
||||
<li> A clear description of what you are trying to achieve and what the problem is.
|
||||
</li><li> What platform (operating system, version, hardware architecture) and which version of tinc you use.
|
||||
</li><li> If compiling tinc fails, a copy of ‘<tt>config.log</tt>’ and the error messages you get.
|
||||
</li><li> Otherwise, a copy of ‘<tt>tinc.conf</tt>’, ‘<tt>tinc-up</tt>’ and all files in the ‘<tt>hosts/</tt>’ directory.
|
||||
</li><li> The output of the commands ‘<samp>ifconfig -a</samp>’ and ‘<samp>route -n</samp>’ (or ‘<samp>netstat -rn</samp>’ if that doesn't work).
|
||||
</li><li> The output of any command that fails to work as it should (like ping or traceroute).
|
||||
</li></ul>
|
||||
|
||||
<hr size="6">
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<p>
|
||||
<font size="-1">
|
||||
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||
</font>
|
||||
<br>
|
||||
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
655
doc/tinc/tinc_5.html
Normal file
655
doc/tinc/tinc_5.html
Normal file
|
|
@ -0,0 +1,655 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||
<html>
|
||||
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||
<!--
|
||||
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||
Karl Berry <karl@freefriends.org>
|
||||
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||
and many others.
|
||||
Maintained by: Many creative people.
|
||||
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||
|
||||
-->
|
||||
<head>
|
||||
<title>tinc Manual: 6. Technical information</title>
|
||||
|
||||
<meta name="description" content="tinc Manual: 6. Technical information">
|
||||
<meta name="keywords" content="tinc Manual: 6. Technical information">
|
||||
<meta name="resource-type" content="document">
|
||||
<meta name="distribution" content="global">
|
||||
<meta name="Generator" content="texi2html 1.78">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
a.summary-letter {text-decoration: none}
|
||||
pre.display {font-family: serif}
|
||||
pre.format {font-family: serif}
|
||||
pre.menu-comment {font-family: serif}
|
||||
pre.menu-preformatted {font-family: serif}
|
||||
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||
pre.smallexample {font-size: smaller}
|
||||
pre.smallformat {font-family: serif; font-size: smaller}
|
||||
pre.smalllisp {font-size: smaller}
|
||||
span.roman {font-family:serif; font-weight:normal;}
|
||||
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||
ul.toc {list-style: none}
|
||||
-->
|
||||
</style>
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||
|
||||
<a name="Technical-information"></a>
|
||||
<a name="SEC56"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="tinc_4.html#SEC55" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC57" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_4.html#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h1 class="chapter"> 6. Technical information </h1>
|
||||
|
||||
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC57">6.1 The connection</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC60">6.2 The meta-protocol</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC61">6.3 Security</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="The-connection"></a>
|
||||
<a name="SEC57"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC56" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC58" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 6.1 The connection </h2>
|
||||
|
||||
<p>Tinc is a daemon that takes VPN data and transmit that to another host
|
||||
computer over the existing Internet infrastructure.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC58">6.1.1 The UDP tunnel</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC59">6.1.2 The meta-connection</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="The-UDP-tunnel"></a>
|
||||
<a name="SEC58"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC57" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC59" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC57" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 6.1.1 The UDP tunnel </h3>
|
||||
|
||||
<a name="IDX68"></a>
|
||||
<p>The data itself is read from a character device file, the so-called
|
||||
<em>virtual network device</em>. This device is associated with a network
|
||||
interface. Any data sent to this interface can be read from the device,
|
||||
and any data written to the device gets sent from the interface.
|
||||
There are two possible types of virtual network devices:
|
||||
`tun' style, which are point-to-point devices which can only handle IPv4 and/or IPv6 packets,
|
||||
and `tap' style, which are Ethernet devices and handle complete Ethernet frames.
|
||||
</p>
|
||||
<p>So when tinc reads an Ethernet frame from the device, it determines its
|
||||
type. When tinc is in it's default routing mode, it can handle IPv4 and IPv6
|
||||
packets. Depending on the Subnet lines, it will send the packets off to their destination IP address.
|
||||
In the `switch' and `hub' mode, tinc will use broadcasts and MAC address discovery
|
||||
to deduce the destination of the packets.
|
||||
Since the latter modes only depend on the link layer information,
|
||||
any protocol that runs over Ethernet is supported (for instance IPX and Appletalk).
|
||||
However, only `tap' style devices provide this information.
|
||||
</p>
|
||||
<p>After the destination has been determined,
|
||||
the packet will be compressed (optionally),
|
||||
a sequence number will be added to the packet,
|
||||
the packet will then be encrypted
|
||||
and a message authentication code will be appended.
|
||||
</p>
|
||||
<a name="IDX69"></a>
|
||||
<a name="IDX70"></a>
|
||||
<p>When that is done, time has come to actually transport the
|
||||
packet to the destination computer. We do this by sending the packet
|
||||
over an UDP connection to the destination host. This is called
|
||||
<em>encapsulating</em>, the VPN packet (though now encrypted) is
|
||||
encapsulated in another IP datagram.
|
||||
</p>
|
||||
<p>When the destination receives this packet, the same thing happens, only
|
||||
in reverse. So it checks the message authentication code, decrypts the contents of the UDP datagram,
|
||||
checks the sequence number
|
||||
and writes the decrypted information to its own virtual network device.
|
||||
</p>
|
||||
<p>If the virtual network device is a `tun' device (a point-to-point tunnel),
|
||||
there is no problem for the kernel to accept a packet.
|
||||
However, if it is a `tap' device (this is the only available type on FreeBSD),
|
||||
the destination MAC address must match that of the virtual network interface.
|
||||
If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC
|
||||
can not be known by the sending host.
|
||||
Tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface
|
||||
and overwriting the destination MAC address of the received packet.
|
||||
</p>
|
||||
<p>In switch or hub modes ARP does work so the sender already knows the correct destination MAC address.
|
||||
In those modes every interface should have a unique MAC address, so make sure they are not the same.
|
||||
Because switch and hub modes rely on MAC addresses to function correctly,
|
||||
these modes cannot be used on the following operating systems which don't have a `tap' style virtual network device:
|
||||
OpenBSD, NetBSD, Darwin and Solaris.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="The-meta_002dconnection"></a>
|
||||
<a name="SEC59"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC58" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC60" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC57" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 6.1.2 The meta-connection </h3>
|
||||
|
||||
<p>Having only a UDP connection available is not enough. Though suitable
|
||||
for transmitting data, we want to be able to reliably send other
|
||||
information, such as routing and session key information to somebody.
|
||||
</p>
|
||||
<a name="IDX71"></a>
|
||||
<p>TCP is a better alternative, because it already contains protection
|
||||
against information being lost, unlike UDP.
|
||||
</p>
|
||||
<p>So we establish two connections. One for the encrypted VPN data, and one
|
||||
for other information, the meta-data. Hence, we call the second
|
||||
connection the meta-connection. We can now be sure that the
|
||||
meta-information doesn't get lost on the way to another computer.
|
||||
</p>
|
||||
<a name="IDX72"></a>
|
||||
<a name="IDX73"></a>
|
||||
<p>Like with any communication, we must have a protocol, so that everybody
|
||||
knows what everything stands for, and how she should react. Because we
|
||||
have two connections, we also have two protocols. The protocol used for
|
||||
the UDP data is the “data-protocol,” the other one is the
|
||||
“meta-protocol.”
|
||||
</p>
|
||||
<p>The reason we don't use TCP for both protocols is that UDP is much
|
||||
better for encapsulation, even while it is less reliable. The real
|
||||
problem is that when TCP would be used to encapsulate a TCP stream
|
||||
that's on the private network, for every packet sent there would be
|
||||
three ACKs sent instead of just one. Furthermore, if there would be
|
||||
a timeout, both TCP streams would sense the timeout, and both would
|
||||
start re-sending packets.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="The-meta_002dprotocol"></a>
|
||||
<a name="SEC60"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC59" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC61" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 6.2 The meta-protocol </h2>
|
||||
|
||||
<p>The meta protocol is used to tie all tinc daemons together, and
|
||||
exchange information about which tinc daemon serves which virtual
|
||||
subnet.
|
||||
</p>
|
||||
<p>The meta protocol consists of requests that can be sent to the other
|
||||
side. Each request has a unique number and several parameters. All
|
||||
requests are represented in the standard ASCII character set. It is
|
||||
possible to use tools such as telnet or netcat to connect to a tinc
|
||||
daemon started with the –bypass-security option
|
||||
and to read and write requests by hand, provided that one
|
||||
understands the numeric codes sent.
|
||||
</p>
|
||||
<p>The authentication scheme is described in <a href="#SEC62">Authentication protocol</a>. After a
|
||||
successful authentication, the server and the client will exchange all the
|
||||
information about other tinc daemons and subnets they know of, so that both
|
||||
sides (and all the other tinc daemons behind them) have their information
|
||||
synchronised.
|
||||
</p>
|
||||
<a name="IDX74"></a>
|
||||
<a name="IDX75"></a>
|
||||
<table><tr><td> </td><td><pre class="example">message
|
||||
------------------------------------------------------------------
|
||||
ADD_EDGE node1 node2 21.32.43.54 655 222 0
|
||||
| | | | | +-> options
|
||||
| | | | +----> weight
|
||||
| | | +--------> UDP port of node2
|
||||
| | +----------------> real address of node2
|
||||
| +-------------------------> name of destination node
|
||||
+-------------------------------> name of source node
|
||||
|
||||
ADD_SUBNET node 192.168.1.0/24
|
||||
| | +--> prefixlength
|
||||
| +--------> network address
|
||||
+------------------> owner of this subnet
|
||||
------------------------------------------------------------------
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>The ADD_EDGE messages are to inform other tinc daemons that a connection between
|
||||
two nodes exist. The address of the destination node is available so that
|
||||
VPN packets can be sent directly to that node.
|
||||
</p>
|
||||
<p>The ADD_SUBNET messages inform other tinc daemons that certain subnets belong
|
||||
to certain nodes. tinc will use it to determine to which node a VPN packet has
|
||||
to be sent.
|
||||
</p>
|
||||
<a name="IDX76"></a>
|
||||
<a name="IDX77"></a>
|
||||
<table><tr><td> </td><td><pre class="example">message
|
||||
------------------------------------------------------------------
|
||||
DEL_EDGE node1 node2
|
||||
| +----> name of destination node
|
||||
+----------> name of source node
|
||||
|
||||
DEL_SUBNET node 192.168.1.0/24
|
||||
| | +--> prefixlength
|
||||
| +--------> network address
|
||||
+------------------> owner of this subnet
|
||||
------------------------------------------------------------------
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>In case a connection between two daemons is closed or broken, DEL_EDGE messages
|
||||
are sent to inform the other daemons of that fact. Each daemon will calculate a
|
||||
new route to the the daemons, or mark them unreachable if there isn't any.
|
||||
</p>
|
||||
<a name="IDX78"></a>
|
||||
<a name="IDX79"></a>
|
||||
<a name="IDX80"></a>
|
||||
<table><tr><td> </td><td><pre class="example">message
|
||||
------------------------------------------------------------------
|
||||
REQ_KEY origin destination
|
||||
| +--> name of the tinc daemon it wants the key from
|
||||
+----------> name of the daemon that wants the key
|
||||
|
||||
ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4
|
||||
| | \______________/ | | +--> MAC length
|
||||
| | | | +-----> digest algorithm
|
||||
| | | +--------> cipher algorithm
|
||||
| | +--> 128 bits key
|
||||
| +--> name of the daemon that wants the key
|
||||
+----------> name of the daemon that uses this key
|
||||
|
||||
KEY_CHANGED origin
|
||||
+--> daemon that has changed it's packet key
|
||||
------------------------------------------------------------------
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>The keys used to encrypt VPN packets are not sent out directly. This is
|
||||
because it would generate a lot of traffic on VPNs with many daemons, and
|
||||
chances are that not every tinc daemon will ever send a packet to every
|
||||
other daemon. Instead, if a daemon needs a key it sends a request for it
|
||||
via the meta connection of the nearest hop in the direction of the
|
||||
destination.
|
||||
</p>
|
||||
<a name="IDX81"></a>
|
||||
<table><tr><td> </td><td><pre class="example">daemon message
|
||||
------------------------------------------------------------------
|
||||
origin PING
|
||||
dest. PONG
|
||||
------------------------------------------------------------------
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>There is also a mechanism to check if hosts are still alive. Since network
|
||||
failures or a crash can cause a daemon to be killed without properly
|
||||
shutting down the TCP connection, this is necessary to keep an up to date
|
||||
connection list. PINGs are sent at regular intervals, except when there
|
||||
is also some other traffic. A little bit of salt (random data) is added
|
||||
with each PING and PONG message, to make sure that long sequences of PING/PONG
|
||||
messages without any other traffic won't result in known plaintext.
|
||||
</p>
|
||||
<p>This basically covers what is sent over the meta connection by tinc.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Security"></a>
|
||||
<a name="SEC61"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC60" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC62" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h2 class="section"> 6.3 Security </h2>
|
||||
|
||||
<a name="IDX82"></a>
|
||||
<p>Tinc got its name from “TINC,” short for <em>There Is No Cabal</em>; the
|
||||
alleged Cabal was/is an organisation that was said to keep an eye on the
|
||||
entire Internet. As this is exactly what you <em>don't</em> want, we named
|
||||
the tinc project after TINC.
|
||||
</p>
|
||||
<p>But in order to be “immune” to eavesdropping, you'll have to encrypt
|
||||
your data. Because tinc is a <em>Secure</em> VPN (SVPN) daemon, it does
|
||||
exactly that: encrypt.
|
||||
Tinc by default uses blowfish encryption with 128 bit keys in CBC mode, 32 bit
|
||||
sequence numbers and 4 byte long message authentication codes to make sure
|
||||
eavesdroppers cannot get and cannot change any information at all from the
|
||||
packets they can intercept. The encryption algorithm and message authentication
|
||||
algorithm can be changed in the configuration. The length of the message
|
||||
authentication codes is also adjustable. The length of the key for the
|
||||
encryption algorithm is always the default length used by OpenSSL.
|
||||
</p>
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC62">6.3.1 Authentication protocol</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC63">6.3.2 Encryption of network packets</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC64">6.3.3 Security issues</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
|
||||
<hr size="6">
|
||||
<a name="Authentication-protocol"></a>
|
||||
<a name="SEC62"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC61" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC63" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC61" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 6.3.1 Authentication protocol </h3>
|
||||
|
||||
<a name="IDX83"></a>
|
||||
<p>A new scheme for authentication in tinc has been devised, which offers some
|
||||
improvements over the protocol used in 1.0pre2 and 1.0pre3. Explanation is
|
||||
below.
|
||||
</p>
|
||||
<a name="IDX84"></a>
|
||||
<a name="IDX85"></a>
|
||||
<a name="IDX86"></a>
|
||||
<a name="IDX87"></a>
|
||||
<table><tr><td> </td><td><pre class="example">daemon message
|
||||
--------------------------------------------------------------------------
|
||||
client <attempts connection>
|
||||
|
||||
server <accepts connection>
|
||||
|
||||
client ID client 12
|
||||
| +---> version
|
||||
+-------> name of tinc daemon
|
||||
|
||||
server ID server 12
|
||||
| +---> version
|
||||
+-------> name of tinc daemon
|
||||
|
||||
client META_KEY 5f0823a93e35b69e...7086ec7866ce582b
|
||||
\_________________________________/
|
||||
+-> RSAKEYLEN bits totally random string S1,
|
||||
encrypted with server's public RSA key
|
||||
|
||||
server META_KEY 6ab9c1640388f8f0...45d1a07f8a672630
|
||||
\_________________________________/
|
||||
+-> RSAKEYLEN bits totally random string S2,
|
||||
encrypted with client's public RSA key
|
||||
|
||||
From now on:
|
||||
- the client will symmetrically encrypt outgoing traffic using S1
|
||||
- the server will symmetrically encrypt outgoing traffic using S2
|
||||
|
||||
client CHALLENGE da02add1817c1920989ba6ae2a49cecbda0
|
||||
\_________________________________/
|
||||
+-> CHALLEN bits totally random string H1
|
||||
|
||||
server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d57f
|
||||
\_________________________________/
|
||||
+-> CHALLEN bits totally random string H2
|
||||
|
||||
client CHAL_REPLY 816a86
|
||||
+-> 160 bits SHA1 of H2
|
||||
|
||||
server CHAL_REPLY 928ffe
|
||||
+-> 160 bits SHA1 of H1
|
||||
|
||||
After the correct challenge replies are received, both ends have proved
|
||||
their identity. Further information is exchanged.
|
||||
|
||||
client ACK 655 123 0
|
||||
| | +-> options
|
||||
| +----> estimated weight
|
||||
+--------> listening port of client
|
||||
|
||||
server ACK 655 321 0
|
||||
| | +-> options
|
||||
| +----> estimated weight
|
||||
+--------> listening port of server
|
||||
--------------------------------------------------------------------------
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>This new scheme has several improvements, both in efficiency and security.
|
||||
</p>
|
||||
<p>First of all, the server sends exactly the same kind of messages over the wire
|
||||
as the client. The previous versions of tinc first authenticated the client,
|
||||
and then the server. This scheme even allows both sides to send their messages
|
||||
simultaneously, there is no need to wait for the other to send something first.
|
||||
This means that any calculations that need to be done upon sending or receiving
|
||||
a message can also be done in parallel. This is especially important when doing
|
||||
RSA encryption/decryption. Given that these calculations are the main part of
|
||||
the CPU time spent for the authentication, speed is improved by a factor 2.
|
||||
</p>
|
||||
<p>Second, only one RSA encrypted message is sent instead of two. This reduces the
|
||||
amount of information attackers can see (and thus use for a cryptographic
|
||||
attack). It also improves speed by a factor two, making the total speedup a
|
||||
factor 4.
|
||||
</p>
|
||||
<p>Third, and most important:
|
||||
The symmetric cipher keys are exchanged first, the challenge is done
|
||||
afterwards. In the previous authentication scheme, because a man-in-the-middle
|
||||
could pass the challenge/chal_reply phase (by just copying the messages between
|
||||
the two real tinc daemons), but no information was exchanged that was really
|
||||
needed to read the rest of the messages, the challenge/chal_reply phase was of
|
||||
no real use. The man-in-the-middle was only stopped by the fact that only after
|
||||
the ACK messages were encrypted with the symmetric cipher. Potentially, it
|
||||
could even send it's own symmetric key to the server (if it knew the server's
|
||||
public key) and read some of the metadata the server would send it (it was
|
||||
impossible for the mitm to read actual network packets though). The new scheme
|
||||
however prevents this.
|
||||
</p>
|
||||
<p>This new scheme makes sure that first of all, symmetric keys are exchanged. The
|
||||
rest of the messages are then encrypted with the symmetric cipher. Then, each
|
||||
side can only read received messages if they have their private key. The
|
||||
challenge is there to let the other side know that the private key is really
|
||||
known, because a challenge reply can only be sent back if the challenge is
|
||||
decrypted correctly, and that can only be done with knowledge of the private
|
||||
key.
|
||||
</p>
|
||||
<p>Fourth: the first thing that is sent via the symmetric cipher encrypted
|
||||
connection is a totally random string, so that there is no known plaintext (for
|
||||
an attacker) in the beginning of the encrypted stream.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Encryption-of-network-packets"></a>
|
||||
<a name="SEC63"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC62" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC64" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC61" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 6.3.2 Encryption of network packets </h3>
|
||||
<a name="IDX88"></a>
|
||||
|
||||
<p>A data packet can only be sent if the encryption key is known to both
|
||||
parties, and the connection is activated. If the encryption key is not
|
||||
known, a request is sent to the destination using the meta connection
|
||||
to retrieve it. The packet is stored in a queue while waiting for the
|
||||
key to arrive.
|
||||
</p>
|
||||
<p>The UDP packet containing the network packet from the VPN has the following layout:
|
||||
</p>
|
||||
<table><tr><td> </td><td><pre class="example">... | IP header | UDP header | seqno | VPN packet | MAC | UDP trailer
|
||||
\___________________/\_____/
|
||||
| |
|
||||
V +---> digest algorithm
|
||||
Encrypted with symmetric cipher
|
||||
</pre></td></tr></table>
|
||||
|
||||
<p>So, the entire VPN packet is encrypted using a symmetric cipher, including a 32 bits
|
||||
sequence number that is added in front of the actual VPN packet, to act as a unique
|
||||
IV for each packet and to prevent replay attacks. A message authentication code
|
||||
is added to the UDP packet to prevent alteration of packets. By default the
|
||||
first 4 bytes of the digest are used for this, but this can be changed using
|
||||
the MACLength configuration variable.
|
||||
</p>
|
||||
<hr size="6">
|
||||
<a name="Security-issues"></a>
|
||||
<a name="SEC64"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC63" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC61" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h3 class="subsection"> 6.3.3 Security issues </h3>
|
||||
|
||||
<p>In August 2000, we discovered the existence of a security hole in all versions
|
||||
of tinc up to and including 1.0pre2. This had to do with the way we exchanged
|
||||
keys. Since then, we have been working on a new authentication scheme to make
|
||||
tinc as secure as possible. The current version uses the OpenSSL library and
|
||||
uses strong authentication with RSA keys.
|
||||
</p>
|
||||
<p>On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
|
||||
1.0pre4. Due to a lack of sequence numbers and a message authentication code
|
||||
for each packet, an attacker could possibly disrupt certain network services or
|
||||
launch a denial of service attack by replaying intercepted packets. The current
|
||||
version adds sequence numbers and message authentication codes to prevent such
|
||||
attacks.
|
||||
</p>
|
||||
<p>On the 15th of September 2003, Peter Gutmann posted a security analysis of tinc
|
||||
1.0.1. He argues that the 32 bit sequence number used by tinc is not a good IV,
|
||||
that tinc's default length of 4 bytes for the MAC is too short, and he doesn't
|
||||
like tinc's use of RSA during authentication. We do not know of a security hole
|
||||
in this version of tinc, but tinc's security is not as strong as TLS or IPsec.
|
||||
We will address these issues in tinc 2.0.
|
||||
</p>
|
||||
<p>Cryptography is a hard thing to get right. We cannot make any
|
||||
guarantees. Time, review and feedback are the only things that can
|
||||
prove the security of any cryptographic product. If you wish to review
|
||||
tinc or give us feedback, you are stronly encouraged to do so.
|
||||
</p>
|
||||
|
||||
<hr size="6">
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<p>
|
||||
<font size="-1">
|
||||
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||
</font>
|
||||
<br>
|
||||
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
82
doc/tinc/tinc_6.html
Normal file
82
doc/tinc/tinc_6.html
Normal file
|
|
@ -0,0 +1,82 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||
<html>
|
||||
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||
<!--
|
||||
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||
Karl Berry <karl@freefriends.org>
|
||||
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||
and many others.
|
||||
Maintained by: Many creative people.
|
||||
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||
|
||||
-->
|
||||
<head>
|
||||
<title>tinc Manual: 7. Platform specific information</title>
|
||||
|
||||
<meta name="description" content="tinc Manual: 7. Platform specific information">
|
||||
<meta name="keywords" content="tinc Manual: 7. Platform specific information">
|
||||
<meta name="resource-type" content="document">
|
||||
<meta name="distribution" content="global">
|
||||
<meta name="Generator" content="texi2html 1.78">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
a.summary-letter {text-decoration: none}
|
||||
pre.display {font-family: serif}
|
||||
pre.format {font-family: serif}
|
||||
pre.menu-comment {font-family: serif}
|
||||
pre.menu-preformatted {font-family: serif}
|
||||
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||
pre.smallexample {font-size: smaller}
|
||||
pre.smallformat {font-family: serif; font-size: smaller}
|
||||
pre.smalllisp {font-size: smaller}
|
||||
span.roman {font-family:serif; font-weight:normal;}
|
||||
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||
ul.toc {list-style: none}
|
||||
-->
|
||||
</style>
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||
|
||||
<a name="Platform-specific-information"></a>
|
||||
<a name="SEC65"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="tinc_5.html#SEC64" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC66" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_7.html#SEC68" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||
</tr></table>
|
||||
<h1 class="chapter"> 7. Platform specific information </h1>
|
||||
|
||||
<table class="menu" border="0" cellspacing="0">
|
||||
<tr><td align="left" valign="top"><a href="#SEC66">7.1 Interface configuration</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
<tr><td align="left" valign="top"><a href="#SEC67">7.2 Routes</a></td><td> </td><td align="left" valign="top">
|
||||
</td></tr>
|
||||
</table>
|
||||
|
||||
<hr size="6">
|
||||
<a name="Interface-configuration"></a>
|
||||
<a name="SEC66"></a>
|
||||
<table cellpadding="1" cellspacing="1" border="0">
|
||||
<tr><td valign="middle" align="left">[<a href="#SEC65" title="Previous section in reading order"> < </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC67" title="Next section in reading order"> > </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middle" align="left">[<a href="#SEC65" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="#SEC65" title="Up section"> Up </a>]</td>
|
||||
<td valign="middle" align="left">[<a href="tinc_7.html#SEC68" title="Next chapter"> >> </a>]</td>
|
||||
<td valign="middle" align="left"> </td>
|
||||
<td valign="middl
|
||||
Loading…
Add table
Add a link
Reference in a new issue