Import Debian changes 1.0.9-1
tinc (1.0.9-1) unstable; urgency=low * New upstream release. - Binds IPv6 sockets only to IPv6. Closes: #440150 * Update copyright file. Closes: #482566
This commit is contained in:
commit
4812d2eb3d
53 changed files with 6947 additions and 1219 deletions
848
COPYING
848
COPYING
|
@ -1,285 +1,626 @@
|
||||||
GNU GENERAL PUBLIC LICENSE
|
GNU GENERAL PUBLIC LICENSE
|
||||||
Version 2, June 1991
|
Version 3, 29 June 2007
|
||||||
|
|
||||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
of this license document, but changing it is not allowed.
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
Preamble
|
Preamble
|
||||||
|
|
||||||
The licenses for most software are designed to take away your
|
The GNU General Public License is a free, copyleft license for
|
||||||
freedom to share and change it. By contrast, the GNU General Public
|
software and other kinds of works.
|
||||||
License is intended to guarantee your freedom to share and change free
|
|
||||||
software--to make sure the software is free for all its users. This
|
The licenses for most software and other practical works are designed
|
||||||
General Public License applies to most of the Free Software
|
to take away your freedom to share and change the works. By contrast,
|
||||||
Foundation's software and to any other program whose authors commit to
|
the GNU General Public License is intended to guarantee your freedom to
|
||||||
using it. (Some other Free Software Foundation software is covered by
|
share and change all versions of a program--to make sure it remains free
|
||||||
the GNU Library General Public License instead.) You can apply it to
|
software for all its users. We, the Free Software Foundation, use the
|
||||||
|
GNU General Public License for most of our software; it applies also to
|
||||||
|
any other work released this way by its authors. You can apply it to
|
||||||
your programs, too.
|
your programs, too.
|
||||||
|
|
||||||
When we speak of free software, we are referring to freedom, not
|
When we speak of free software, we are referring to freedom, not
|
||||||
price. Our General Public Licenses are designed to make sure that you
|
price. Our General Public Licenses are designed to make sure that you
|
||||||
have the freedom to distribute copies of free software (and charge for
|
have the freedom to distribute copies of free software (and charge for
|
||||||
this service if you wish), that you receive source code or can get it
|
them if you wish), that you receive source code or can get it if you
|
||||||
if you want it, that you can change the software or use pieces of it
|
want it, that you can change the software or use pieces of it in new
|
||||||
in new free programs; and that you know you can do these things.
|
free programs, and that you know you can do these things.
|
||||||
|
|
||||||
To protect your rights, we need to make restrictions that forbid
|
To protect your rights, we need to prevent others from denying you
|
||||||
anyone to deny you these rights or to ask you to surrender the rights.
|
these rights or asking you to surrender the rights. Therefore, you have
|
||||||
These restrictions translate to certain responsibilities for you if you
|
certain responsibilities if you distribute copies of the software, or if
|
||||||
distribute copies of the software, or if you modify it.
|
you modify it: responsibilities to respect the freedom of others.
|
||||||
|
|
||||||
For example, if you distribute copies of such a program, whether
|
For example, if you distribute copies of such a program, whether
|
||||||
gratis or for a fee, you must give the recipients all the rights that
|
gratis or for a fee, you must pass on to the recipients the same
|
||||||
you have. You must make sure that they, too, receive or can get the
|
freedoms that you received. You must make sure that they, too, receive
|
||||||
source code. And you must show them these terms so they know their
|
or can get the source code. And you must show them these terms so they
|
||||||
rights.
|
know their rights.
|
||||||
|
|
||||||
We protect your rights with two steps: (1) copyright the software, and
|
Developers that use the GNU GPL protect your rights with two steps:
|
||||||
(2) offer you this license which gives you legal permission to copy,
|
(1) assert copyright on the software, and (2) offer you this License
|
||||||
distribute and/or modify the software.
|
giving you legal permission to copy, distribute and/or modify it.
|
||||||
|
|
||||||
Also, for each author's protection and ours, we want to make certain
|
For the developers' and authors' protection, the GPL clearly explains
|
||||||
that everyone understands that there is no warranty for this free
|
that there is no warranty for this free software. For both users' and
|
||||||
software. If the software is modified by someone else and passed on, we
|
authors' sake, the GPL requires that modified versions be marked as
|
||||||
want its recipients to know that what they have is not the original, so
|
changed, so that their problems will not be attributed erroneously to
|
||||||
that any problems introduced by others will not reflect on the original
|
authors of previous versions.
|
||||||
authors' reputations.
|
|
||||||
|
|
||||||
Finally, any free program is threatened constantly by software
|
Some devices are designed to deny users access to install or run
|
||||||
patents. We wish to avoid the danger that redistributors of a free
|
modified versions of the software inside them, although the manufacturer
|
||||||
program will individually obtain patent licenses, in effect making the
|
can do so. This is fundamentally incompatible with the aim of
|
||||||
program proprietary. To prevent this, we have made it clear that any
|
protecting users' freedom to change the software. The systematic
|
||||||
patent must be licensed for everyone's free use or not licensed at all.
|
pattern of such abuse occurs in the area of products for individuals to
|
||||||
|
use, which is precisely where it is most unacceptable. Therefore, we
|
||||||
|
have designed this version of the GPL to prohibit the practice for those
|
||||||
|
products. If such problems arise substantially in other domains, we
|
||||||
|
stand ready to extend this provision to those domains in future versions
|
||||||
|
of the GPL, as needed to protect the freedom of users.
|
||||||
|
|
||||||
|
Finally, every program is threatened constantly by software patents.
|
||||||
|
States should not allow patents to restrict development and use of
|
||||||
|
software on general-purpose computers, but in those that do, we wish to
|
||||||
|
avoid the special danger that patents applied to a free program could
|
||||||
|
make it effectively proprietary. To prevent this, the GPL assures that
|
||||||
|
patents cannot be used to render the program non-free.
|
||||||
|
|
||||||
The precise terms and conditions for copying, distribution and
|
The precise terms and conditions for copying, distribution and
|
||||||
modification follow.
|
modification follow.
|
||||||
|
|
||||||
GNU GENERAL PUBLIC LICENSE
|
|
||||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
|
||||||
|
|
||||||
0. This License applies to any program or other work which contains
|
TERMS AND CONDITIONS
|
||||||
a notice placed by the copyright holder saying it may be distributed
|
|
||||||
under the terms of this General Public License. The "Program", below,
|
|
||||||
refers to any such program or work, and a "work based on the Program"
|
|
||||||
means either the Program or any derivative work under copyright law:
|
|
||||||
that is to say, a work containing the Program or a portion of it,
|
|
||||||
either verbatim or with modifications and/or translated into another
|
|
||||||
language. (Hereinafter, translation is included without limitation in
|
|
||||||
the term "modification".) Each licensee is addressed as "you".
|
|
||||||
|
|
||||||
Activities other than copying, distribution and modification are not
|
0. Definitions.
|
||||||
covered by this License; they are outside its scope. The act of
|
|
||||||
running the Program is not restricted, and the output from the Program
|
|
||||||
is covered only if its contents constitute a work based on the
|
|
||||||
Program (independent of having been made by running the Program).
|
|
||||||
Whether that is true depends on what the Program does.
|
|
||||||
|
|
||||||
1. You may copy and distribute verbatim copies of the Program's
|
"This License" refers to version 3 of the GNU General Public License.
|
||||||
source code as you receive it, in any medium, provided that you
|
|
||||||
conspicuously and appropriately publish on each copy an appropriate
|
|
||||||
copyright notice and disclaimer of warranty; keep intact all the
|
|
||||||
notices that refer to this License and to the absence of any warranty;
|
|
||||||
and give any other recipients of the Program a copy of this License
|
|
||||||
along with the Program.
|
|
||||||
|
|
||||||
You may charge a fee for the physical act of transferring a copy, and
|
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||||
you may at your option offer warranty protection in exchange for a fee.
|
works, such as semiconductor masks.
|
||||||
|
|
||||||
2. You may modify your copy or copies of the Program or any portion
|
"The Program" refers to any copyrightable work licensed under this
|
||||||
of it, thus forming a work based on the Program, and copy and
|
License. Each licensee is addressed as "you". "Licensees" and
|
||||||
distribute such modifications or work under the terms of Section 1
|
"recipients" may be individuals or organizations.
|
||||||
above, provided that you also meet all of these conditions:
|
|
||||||
|
|
||||||
a) You must cause the modified files to carry prominent notices
|
To "modify" a work means to copy from or adapt all or part of the work
|
||||||
stating that you changed the files and the date of any change.
|
in a fashion requiring copyright permission, other than the making of an
|
||||||
|
exact copy. The resulting work is called a "modified version" of the
|
||||||
|
earlier work or a work "based on" the earlier work.
|
||||||
|
|
||||||
b) You must cause any work that you distribute or publish, that in
|
A "covered work" means either the unmodified Program or a work based
|
||||||
whole or in part contains or is derived from the Program or any
|
on the Program.
|
||||||
part thereof, to be licensed as a whole at no charge to all third
|
|
||||||
parties under the terms of this License.
|
|
||||||
|
|
||||||
c) If the modified program normally reads commands interactively
|
To "propagate" a work means to do anything with it that, without
|
||||||
when run, you must cause it, when started running for such
|
permission, would make you directly or secondarily liable for
|
||||||
interactive use in the most ordinary way, to print or display an
|
infringement under applicable copyright law, except executing it on a
|
||||||
announcement including an appropriate copyright notice and a
|
computer or modifying a private copy. Propagation includes copying,
|
||||||
notice that there is no warranty (or else, saying that you provide
|
distribution (with or without modification), making available to the
|
||||||
a warranty) and that users may redistribute the program under
|
public, and in some countries other activities as well.
|
||||||
these conditions, and telling the user how to view a copy of this
|
|
||||||
License. (Exception: if the Program itself is interactive but
|
|
||||||
does not normally print such an announcement, your work based on
|
|
||||||
the Program is not required to print an announcement.)
|
|
||||||
|
|
||||||
These requirements apply to the modified work as a whole. If
|
|
||||||
identifiable sections of that work are not derived from the Program,
|
|
||||||
and can be reasonably considered independent and separate works in
|
|
||||||
themselves, then this License, and its terms, do not apply to those
|
|
||||||
sections when you distribute them as separate works. But when you
|
|
||||||
distribute the same sections as part of a whole which is a work based
|
|
||||||
on the Program, the distribution of the whole must be on the terms of
|
|
||||||
this License, whose permissions for other licensees extend to the
|
|
||||||
entire whole, and thus to each and every part regardless of who wrote it.
|
|
||||||
|
|
||||||
Thus, it is not the intent of this section to claim rights or contest
|
To "convey" a work means any kind of propagation that enables other
|
||||||
your rights to work written entirely by you; rather, the intent is to
|
parties to make or receive copies. Mere interaction with a user through
|
||||||
exercise the right to control the distribution of derivative or
|
a computer network, with no transfer of a copy, is not conveying.
|
||||||
collective works based on the Program.
|
|
||||||
|
|
||||||
In addition, mere aggregation of another work not based on the Program
|
An interactive user interface displays "Appropriate Legal Notices"
|
||||||
with the Program (or with a work based on the Program) on a volume of
|
to the extent that it includes a convenient and prominently visible
|
||||||
a storage or distribution medium does not bring the other work under
|
feature that (1) displays an appropriate copyright notice, and (2)
|
||||||
the scope of this License.
|
tells the user that there is no warranty for the work (except to the
|
||||||
|
extent that warranties are provided), that licensees may convey the
|
||||||
|
work under this License, and how to view a copy of this License. If
|
||||||
|
the interface presents a list of user commands or options, such as a
|
||||||
|
menu, a prominent item in the list meets this criterion.
|
||||||
|
|
||||||
3. You may copy and distribute the Program (or a work based on it,
|
1. Source Code.
|
||||||
under Section 2) in object code or executable form under the terms of
|
|
||||||
Sections 1 and 2 above provided that you also do one of the following:
|
|
||||||
|
|
||||||
a) Accompany it with the complete corresponding machine-readable
|
The "source code" for a work means the preferred form of the work
|
||||||
source code, which must be distributed under the terms of Sections
|
for making modifications to it. "Object code" means any non-source
|
||||||
1 and 2 above on a medium customarily used for software interchange; or,
|
form of a work.
|
||||||
|
|
||||||
b) Accompany it with a written offer, valid for at least three
|
A "Standard Interface" means an interface that either is an official
|
||||||
years, to give any third party, for a charge no more than your
|
standard defined by a recognized standards body, or, in the case of
|
||||||
cost of physically performing source distribution, a complete
|
interfaces specified for a particular programming language, one that
|
||||||
machine-readable copy of the corresponding source code, to be
|
is widely used among developers working in that language.
|
||||||
distributed under the terms of Sections 1 and 2 above on a medium
|
|
||||||
customarily used for software interchange; or,
|
|
||||||
|
|
||||||
c) Accompany it with the information you received as to the offer
|
The "System Libraries" of an executable work include anything, other
|
||||||
to distribute corresponding source code. (This alternative is
|
than the work as a whole, that (a) is included in the normal form of
|
||||||
allowed only for noncommercial distribution and only if you
|
packaging a Major Component, but which is not part of that Major
|
||||||
received the program in object code or executable form with such
|
Component, and (b) serves only to enable use of the work with that
|
||||||
an offer, in accord with Subsection b above.)
|
Major Component, or to implement a Standard Interface for which an
|
||||||
|
implementation is available to the public in source code form. A
|
||||||
|
"Major Component", in this context, means a major essential component
|
||||||
|
(kernel, window system, and so on) of the specific operating system
|
||||||
|
(if any) on which the executable work runs, or a compiler used to
|
||||||
|
produce the work, or an object code interpreter used to run it.
|
||||||
|
|
||||||
The source code for a work means the preferred form of the work for
|
The "Corresponding Source" for a work in object code form means all
|
||||||
making modifications to it. For an executable work, complete source
|
the source code needed to generate, install, and (for an executable
|
||||||
code means all the source code for all modules it contains, plus any
|
work) run the object code and to modify the work, including scripts to
|
||||||
associated interface definition files, plus the scripts used to
|
control those activities. However, it does not include the work's
|
||||||
control compilation and installation of the executable. However, as a
|
System Libraries, or general-purpose tools or generally available free
|
||||||
special exception, the source code distributed need not include
|
programs which are used unmodified in performing those activities but
|
||||||
anything that is normally distributed (in either source or binary
|
which are not part of the work. For example, Corresponding Source
|
||||||
form) with the major components (compiler, kernel, and so on) of the
|
includes interface definition files associated with source files for
|
||||||
operating system on which the executable runs, unless that component
|
the work, and the source code for shared libraries and dynamically
|
||||||
itself accompanies the executable.
|
linked subprograms that the work is specifically designed to require,
|
||||||
|
such as by intimate data communication or control flow between those
|
||||||
|
subprograms and other parts of the work.
|
||||||
|
|
||||||
If distribution of executable or object code is made by offering
|
The Corresponding Source need not include anything that users
|
||||||
access to copy from a designated place, then offering equivalent
|
can regenerate automatically from other parts of the Corresponding
|
||||||
access to copy the source code from the same place counts as
|
Source.
|
||||||
distribution of the source code, even though third parties are not
|
|
||||||
compelled to copy the source along with the object code.
|
|
||||||
|
|
||||||
4. You may not copy, modify, sublicense, or distribute the Program
|
|
||||||
except as expressly provided under this License. Any attempt
|
|
||||||
otherwise to copy, modify, sublicense or distribute the Program is
|
|
||||||
void, and will automatically terminate your rights under this License.
|
|
||||||
However, parties who have received copies, or rights, from you under
|
|
||||||
this License will not have their licenses terminated so long as such
|
|
||||||
parties remain in full compliance.
|
|
||||||
|
|
||||||
5. You are not required to accept this License, since you have not
|
The Corresponding Source for a work in source code form is that
|
||||||
signed it. However, nothing else grants you permission to modify or
|
same work.
|
||||||
distribute the Program or its derivative works. These actions are
|
|
||||||
prohibited by law if you do not accept this License. Therefore, by
|
|
||||||
modifying or distributing the Program (or any work based on the
|
|
||||||
Program), you indicate your acceptance of this License to do so, and
|
|
||||||
all its terms and conditions for copying, distributing or modifying
|
|
||||||
the Program or works based on it.
|
|
||||||
|
|
||||||
6. Each time you redistribute the Program (or any work based on the
|
2. Basic Permissions.
|
||||||
Program), the recipient automatically receives a license from the
|
|
||||||
original licensor to copy, distribute or modify the Program subject to
|
All rights granted under this License are granted for the term of
|
||||||
these terms and conditions. You may not impose any further
|
copyright on the Program, and are irrevocable provided the stated
|
||||||
restrictions on the recipients' exercise of the rights granted herein.
|
conditions are met. This License explicitly affirms your unlimited
|
||||||
You are not responsible for enforcing compliance by third parties to
|
permission to run the unmodified Program. The output from running a
|
||||||
|
covered work is covered by this License only if the output, given its
|
||||||
|
content, constitutes a covered work. This License acknowledges your
|
||||||
|
rights of fair use or other equivalent, as provided by copyright law.
|
||||||
|
|
||||||
|
You may make, run and propagate covered works that you do not
|
||||||
|
convey, without conditions so long as your license otherwise remains
|
||||||
|
in force. You may convey covered works to others for the sole purpose
|
||||||
|
of having them make modifications exclusively for you, or provide you
|
||||||
|
with facilities for running those works, provided that you comply with
|
||||||
|
the terms of this License in conveying all material for which you do
|
||||||
|
not control copyright. Those thus making or running the covered works
|
||||||
|
for you must do so exclusively on your behalf, under your direction
|
||||||
|
and control, on terms that prohibit them from making any copies of
|
||||||
|
your copyrighted material outside their relationship with you.
|
||||||
|
|
||||||
|
Conveying under any other circumstances is permitted solely under
|
||||||
|
the conditions stated below. Sublicensing is not allowed; section 10
|
||||||
|
makes it unnecessary.
|
||||||
|
|
||||||
|
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||||
|
|
||||||
|
No covered work shall be deemed part of an effective technological
|
||||||
|
measure under any applicable law fulfilling obligations under article
|
||||||
|
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||||
|
similar laws prohibiting or restricting circumvention of such
|
||||||
|
measures.
|
||||||
|
|
||||||
|
When you convey a covered work, you waive any legal power to forbid
|
||||||
|
circumvention of technological measures to the extent such circumvention
|
||||||
|
is effected by exercising rights under this License with respect to
|
||||||
|
the covered work, and you disclaim any intention to limit operation or
|
||||||
|
modification of the work as a means of enforcing, against the work's
|
||||||
|
users, your or third parties' legal rights to forbid circumvention of
|
||||||
|
technological measures.
|
||||||
|
|
||||||
|
4. Conveying Verbatim Copies.
|
||||||
|
|
||||||
|
You may convey verbatim copies of the Program's source code as you
|
||||||
|
receive it, in any medium, provided that you conspicuously and
|
||||||
|
appropriately publish on each copy an appropriate copyright notice;
|
||||||
|
keep intact all notices stating that this License and any
|
||||||
|
non-permissive terms added in accord with section 7 apply to the code;
|
||||||
|
keep intact all notices of the absence of any warranty; and give all
|
||||||
|
recipients a copy of this License along with the Program.
|
||||||
|
|
||||||
|
You may charge any price or no price for each copy that you convey,
|
||||||
|
and you may offer support or warranty protection for a fee.
|
||||||
|
|
||||||
|
5. Conveying Modified Source Versions.
|
||||||
|
|
||||||
|
You may convey a work based on the Program, or the modifications to
|
||||||
|
produce it from the Program, in the form of source code under the
|
||||||
|
terms of section 4, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) The work must carry prominent notices stating that you modified
|
||||||
|
it, and giving a relevant date.
|
||||||
|
|
||||||
|
b) The work must carry prominent notices stating that it is
|
||||||
|
released under this License and any conditions added under section
|
||||||
|
7. This requirement modifies the requirement in section 4 to
|
||||||
|
"keep intact all notices".
|
||||||
|
|
||||||
|
c) You must license the entire work, as a whole, under this
|
||||||
|
License to anyone who comes into possession of a copy. This
|
||||||
|
License will therefore apply, along with any applicable section 7
|
||||||
|
additional terms, to the whole of the work, and all its parts,
|
||||||
|
regardless of how they are packaged. This License gives no
|
||||||
|
permission to license the work in any other way, but it does not
|
||||||
|
invalidate such permission if you have separately received it.
|
||||||
|
|
||||||
|
d) If the work has interactive user interfaces, each must display
|
||||||
|
Appropriate Legal Notices; however, if the Program has interactive
|
||||||
|
interfaces that do not display Appropriate Legal Notices, your
|
||||||
|
work need not make them do so.
|
||||||
|
|
||||||
|
A compilation of a covered work with other separate and independent
|
||||||
|
works, which are not by their nature extensions of the covered work,
|
||||||
|
and which are not combined with it such as to form a larger program,
|
||||||
|
in or on a volume of a storage or distribution medium, is called an
|
||||||
|
"aggregate" if the compilation and its resulting copyright are not
|
||||||
|
used to limit the access or legal rights of the compilation's users
|
||||||
|
beyond what the individual works permit. Inclusion of a covered work
|
||||||
|
in an aggregate does not cause this License to apply to the other
|
||||||
|
parts of the aggregate.
|
||||||
|
|
||||||
|
6. Conveying Non-Source Forms.
|
||||||
|
|
||||||
|
You may convey a covered work in object code form under the terms
|
||||||
|
of sections 4 and 5, provided that you also convey the
|
||||||
|
machine-readable Corresponding Source under the terms of this License,
|
||||||
|
in one of these ways:
|
||||||
|
|
||||||
|
a) Convey the object code in, or embodied in, a physical product
|
||||||
|
(including a physical distribution medium), accompanied by the
|
||||||
|
Corresponding Source fixed on a durable physical medium
|
||||||
|
customarily used for software interchange.
|
||||||
|
|
||||||
|
b) Convey the object code in, or embodied in, a physical product
|
||||||
|
(including a physical distribution medium), accompanied by a
|
||||||
|
written offer, valid for at least three years and valid for as
|
||||||
|
long as you offer spare parts or customer support for that product
|
||||||
|
model, to give anyone who possesses the object code either (1) a
|
||||||
|
copy of the Corresponding Source for all the software in the
|
||||||
|
product that is covered by this License, on a durable physical
|
||||||
|
medium customarily used for software interchange, for a price no
|
||||||
|
more than your reasonable cost of physically performing this
|
||||||
|
conveying of source, or (2) access to copy the
|
||||||
|
Corresponding Source from a network server at no charge.
|
||||||
|
|
||||||
|
c) Convey individual copies of the object code with a copy of the
|
||||||
|
written offer to provide the Corresponding Source. This
|
||||||
|
alternative is allowed only occasionally and noncommercially, and
|
||||||
|
only if you received the object code with such an offer, in accord
|
||||||
|
with subsection 6b.
|
||||||
|
|
||||||
|
d) Convey the object code by offering access from a designated
|
||||||
|
place (gratis or for a charge), and offer equivalent access to the
|
||||||
|
Corresponding Source in the same way through the same place at no
|
||||||
|
further charge. You need not require recipients to copy the
|
||||||
|
Corresponding Source along with the object code. If the place to
|
||||||
|
copy the object code is a network server, the Corresponding Source
|
||||||
|
may be on a different server (operated by you or a third party)
|
||||||
|
that supports equivalent copying facilities, provided you maintain
|
||||||
|
clear directions next to the object code saying where to find the
|
||||||
|
Corresponding Source. Regardless of what server hosts the
|
||||||
|
Corresponding Source, you remain obligated to ensure that it is
|
||||||
|
available for as long as needed to satisfy these requirements.
|
||||||
|
|
||||||
|
e) Convey the object code using peer-to-peer transmission, provided
|
||||||
|
you inform other peers where the object code and Corresponding
|
||||||
|
Source of the work are being offered to the general public at no
|
||||||
|
charge under subsection 6d.
|
||||||
|
|
||||||
|
A separable portion of the object code, whose source code is excluded
|
||||||
|
from the Corresponding Source as a System Library, need not be
|
||||||
|
included in conveying the object code work.
|
||||||
|
|
||||||
|
A "User Product" is either (1) a "consumer product", which means any
|
||||||
|
tangible personal property which is normally used for personal, family,
|
||||||
|
or household purposes, or (2) anything designed or sold for incorporation
|
||||||
|
into a dwelling. In determining whether a product is a consumer product,
|
||||||
|
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||||
|
product received by a particular user, "normally used" refers to a
|
||||||
|
typical or common use of that class of product, regardless of the status
|
||||||
|
of the particular user or of the way in which the particular user
|
||||||
|
actually uses, or expects or is expected to use, the product. A product
|
||||||
|
is a consumer product regardless of whether the product has substantial
|
||||||
|
commercial, industrial or non-consumer uses, unless such uses represent
|
||||||
|
the only significant mode of use of the product.
|
||||||
|
|
||||||
|
"Installation Information" for a User Product means any methods,
|
||||||
|
procedures, authorization keys, or other information required to install
|
||||||
|
and execute modified versions of a covered work in that User Product from
|
||||||
|
a modified version of its Corresponding Source. The information must
|
||||||
|
suffice to ensure that the continued functioning of the modified object
|
||||||
|
code is in no case prevented or interfered with solely because
|
||||||
|
modification has been made.
|
||||||
|
|
||||||
|
If you convey an object code work under this section in, or with, or
|
||||||
|
specifically for use in, a User Product, and the conveying occurs as
|
||||||
|
part of a transaction in which the right of possession and use of the
|
||||||
|
User Product is transferred to the recipient in perpetuity or for a
|
||||||
|
fixed term (regardless of how the transaction is characterized), the
|
||||||
|
Corresponding Source conveyed under this section must be accompanied
|
||||||
|
by the Installation Information. But this requirement does not apply
|
||||||
|
if neither you nor any third party retains the ability to install
|
||||||
|
modified object code on the User Product (for example, the work has
|
||||||
|
been installed in ROM).
|
||||||
|
|
||||||
|
The requirement to provide Installation Information does not include a
|
||||||
|
requirement to continue to provide support service, warranty, or updates
|
||||||
|
for a work that has been modified or installed by the recipient, or for
|
||||||
|
the User Product in which it has been modified or installed. Access to a
|
||||||
|
network may be denied when the modification itself materially and
|
||||||
|
adversely affects the operation of the network or violates the rules and
|
||||||
|
protocols for communication across the network.
|
||||||
|
|
||||||
|
Corresponding Source conveyed, and Installation Information provided,
|
||||||
|
in accord with this section must be in a format that is publicly
|
||||||
|
documented (and with an implementation available to the public in
|
||||||
|
source code form), and must require no special password or key for
|
||||||
|
unpacking, reading or copying.
|
||||||
|
|
||||||
|
7. Additional Terms.
|
||||||
|
|
||||||
|
"Additional permissions" are terms that supplement the terms of this
|
||||||
|
License by making exceptions from one or more of its conditions.
|
||||||
|
Additional permissions that are applicable to the entire Program shall
|
||||||
|
be treated as though they were included in this License, to the extent
|
||||||
|
that they are valid under applicable law. If additional permissions
|
||||||
|
apply only to part of the Program, that part may be used separately
|
||||||
|
under those permissions, but the entire Program remains governed by
|
||||||
|
this License without regard to the additional permissions.
|
||||||
|
|
||||||
|
When you convey a copy of a covered work, you may at your option
|
||||||
|
remove any additional permissions from that copy, or from any part of
|
||||||
|
it. (Additional permissions may be written to require their own
|
||||||
|
removal in certain cases when you modify the work.) You may place
|
||||||
|
additional permissions on material, added by you to a covered work,
|
||||||
|
for which you have or can give appropriate copyright permission.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, for material you
|
||||||
|
add to a covered work, you may (if authorized by the copyright holders of
|
||||||
|
that material) supplement the terms of this License with terms:
|
||||||
|
|
||||||
|
a) Disclaiming warranty or limiting liability differently from the
|
||||||
|
terms of sections 15 and 16 of this License; or
|
||||||
|
|
||||||
|
b) Requiring preservation of specified reasonable legal notices or
|
||||||
|
author attributions in that material or in the Appropriate Legal
|
||||||
|
Notices displayed by works containing it; or
|
||||||
|
|
||||||
|
c) Prohibiting misrepresentation of the origin of that material, or
|
||||||
|
requiring that modified versions of such material be marked in
|
||||||
|
reasonable ways as different from the original version; or
|
||||||
|
|
||||||
|
d) Limiting the use for publicity purposes of names of licensors or
|
||||||
|
authors of the material; or
|
||||||
|
|
||||||
|
e) Declining to grant rights under trademark law for use of some
|
||||||
|
trade names, trademarks, or service marks; or
|
||||||
|
|
||||||
|
f) Requiring indemnification of licensors and authors of that
|
||||||
|
material by anyone who conveys the material (or modified versions of
|
||||||
|
it) with contractual assumptions of liability to the recipient, for
|
||||||
|
any liability that these contractual assumptions directly impose on
|
||||||
|
those licensors and authors.
|
||||||
|
|
||||||
|
All other non-permissive additional terms are considered "further
|
||||||
|
restrictions" within the meaning of section 10. If the Program as you
|
||||||
|
received it, or any part of it, contains a notice stating that it is
|
||||||
|
governed by this License along with a term that is a further
|
||||||
|
restriction, you may remove that term. If a license document contains
|
||||||
|
a further restriction but permits relicensing or conveying under this
|
||||||
|
License, you may add to a covered work material governed by the terms
|
||||||
|
of that license document, provided that the further restriction does
|
||||||
|
not survive such relicensing or conveying.
|
||||||
|
|
||||||
|
If you add terms to a covered work in accord with this section, you
|
||||||
|
must place, in the relevant source files, a statement of the
|
||||||
|
additional terms that apply to those files, or a notice indicating
|
||||||
|
where to find the applicable terms.
|
||||||
|
|
||||||
|
Additional terms, permissive or non-permissive, may be stated in the
|
||||||
|
form of a separately written license, or stated as exceptions;
|
||||||
|
the above requirements apply either way.
|
||||||
|
|
||||||
|
8. Termination.
|
||||||
|
|
||||||
|
You may not propagate or modify a covered work except as expressly
|
||||||
|
provided under this License. Any attempt otherwise to propagate or
|
||||||
|
modify it is void, and will automatically terminate your rights under
|
||||||
|
this License (including any patent licenses granted under the third
|
||||||
|
paragraph of section 11).
|
||||||
|
|
||||||
|
However, if you cease all violation of this License, then your
|
||||||
|
license from a particular copyright holder is reinstated (a)
|
||||||
|
provisionally, unless and until the copyright holder explicitly and
|
||||||
|
finally terminates your license, and (b) permanently, if the copyright
|
||||||
|
holder fails to notify you of the violation by some reasonable means
|
||||||
|
prior to 60 days after the cessation.
|
||||||
|
|
||||||
|
Moreover, your license from a particular copyright holder is
|
||||||
|
reinstated permanently if the copyright holder notifies you of the
|
||||||
|
violation by some reasonable means, this is the first time you have
|
||||||
|
received notice of violation of this License (for any work) from that
|
||||||
|
copyright holder, and you cure the violation prior to 30 days after
|
||||||
|
your receipt of the notice.
|
||||||
|
|
||||||
|
Termination of your rights under this section does not terminate the
|
||||||
|
licenses of parties who have received copies or rights from you under
|
||||||
|
this License. If your rights have been terminated and not permanently
|
||||||
|
reinstated, you do not qualify to receive new licenses for the same
|
||||||
|
material under section 10.
|
||||||
|
|
||||||
|
9. Acceptance Not Required for Having Copies.
|
||||||
|
|
||||||
|
You are not required to accept this License in order to receive or
|
||||||
|
run a copy of the Program. Ancillary propagation of a covered work
|
||||||
|
occurring solely as a consequence of using peer-to-peer transmission
|
||||||
|
to receive a copy likewise does not require acceptance. However,
|
||||||
|
nothing other than this License grants you permission to propagate or
|
||||||
|
modify any covered work. These actions infringe copyright if you do
|
||||||
|
not accept this License. Therefore, by modifying or propagating a
|
||||||
|
covered work, you indicate your acceptance of this License to do so.
|
||||||
|
|
||||||
|
10. Automatic Licensing of Downstream Recipients.
|
||||||
|
|
||||||
|
Each time you convey a covered work, the recipient automatically
|
||||||
|
receives a license from the original licensors, to run, modify and
|
||||||
|
propagate that work, subject to this License. You are not responsible
|
||||||
|
for enforcing compliance by third parties with this License.
|
||||||
|
|
||||||
|
An "entity transaction" is a transaction transferring control of an
|
||||||
|
organization, or substantially all assets of one, or subdividing an
|
||||||
|
organization, or merging organizations. If propagation of a covered
|
||||||
|
work results from an entity transaction, each party to that
|
||||||
|
transaction who receives a copy of the work also receives whatever
|
||||||
|
licenses to the work the party's predecessor in interest had or could
|
||||||
|
give under the previous paragraph, plus a right to possession of the
|
||||||
|
Corresponding Source of the work from the predecessor in interest, if
|
||||||
|
the predecessor has it or can get it with reasonable efforts.
|
||||||
|
|
||||||
|
You may not impose any further restrictions on the exercise of the
|
||||||
|
rights granted or affirmed under this License. For example, you may
|
||||||
|
not impose a license fee, royalty, or other charge for exercise of
|
||||||
|
rights granted under this License, and you may not initiate litigation
|
||||||
|
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||||
|
any patent claim is infringed by making, using, selling, offering for
|
||||||
|
sale, or importing the Program or any portion of it.
|
||||||
|
|
||||||
|
11. Patents.
|
||||||
|
|
||||||
|
A "contributor" is a copyright holder who authorizes use under this
|
||||||
|
License of the Program or a work on which the Program is based. The
|
||||||
|
work thus licensed is called the contributor's "contributor version".
|
||||||
|
|
||||||
|
A contributor's "essential patent claims" are all patent claims
|
||||||
|
owned or controlled by the contributor, whether already acquired or
|
||||||
|
hereafter acquired, that would be infringed by some manner, permitted
|
||||||
|
by this License, of making, using, or selling its contributor version,
|
||||||
|
but do not include claims that would be infringed only as a
|
||||||
|
consequence of further modification of the contributor version. For
|
||||||
|
purposes of this definition, "control" includes the right to grant
|
||||||
|
patent sublicenses in a manner consistent with the requirements of
|
||||||
this License.
|
this License.
|
||||||
|
|
||||||
7. If, as a consequence of a court judgment or allegation of patent
|
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||||
infringement or for any other reason (not limited to patent issues),
|
patent license under the contributor's essential patent claims, to
|
||||||
conditions are imposed on you (whether by court order, agreement or
|
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||||
|
propagate the contents of its contributor version.
|
||||||
|
|
||||||
|
In the following three paragraphs, a "patent license" is any express
|
||||||
|
agreement or commitment, however denominated, not to enforce a patent
|
||||||
|
(such as an express permission to practice a patent or covenant not to
|
||||||
|
sue for patent infringement). To "grant" such a patent license to a
|
||||||
|
party means to make such an agreement or commitment not to enforce a
|
||||||
|
patent against the party.
|
||||||
|
|
||||||
|
If you convey a covered work, knowingly relying on a patent license,
|
||||||
|
and the Corresponding Source of the work is not available for anyone
|
||||||
|
to copy, free of charge and under the terms of this License, through a
|
||||||
|
publicly available network server or other readily accessible means,
|
||||||
|
then you must either (1) cause the Corresponding Source to be so
|
||||||
|
available, or (2) arrange to deprive yourself of the benefit of the
|
||||||
|
patent license for this particular work, or (3) arrange, in a manner
|
||||||
|
consistent with the requirements of this License, to extend the patent
|
||||||
|
license to downstream recipients. "Knowingly relying" means you have
|
||||||
|
actual knowledge that, but for the patent license, your conveying the
|
||||||
|
covered work in a country, or your recipient's use of the covered work
|
||||||
|
in a country, would infringe one or more identifiable patents in that
|
||||||
|
country that you have reason to believe are valid.
|
||||||
|
|
||||||
|
If, pursuant to or in connection with a single transaction or
|
||||||
|
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||||
|
covered work, and grant a patent license to some of the parties
|
||||||
|
receiving the covered work authorizing them to use, propagate, modify
|
||||||
|
or convey a specific copy of the covered work, then the patent license
|
||||||
|
you grant is automatically extended to all recipients of the covered
|
||||||
|
work and works based on it.
|
||||||
|
|
||||||
|
A patent license is "discriminatory" if it does not include within
|
||||||
|
the scope of its coverage, prohibits the exercise of, or is
|
||||||
|
conditioned on the non-exercise of one or more of the rights that are
|
||||||
|
specifically granted under this License. You may not convey a covered
|
||||||
|
work if you are a party to an arrangement with a third party that is
|
||||||
|
in the business of distributing software, under which you make payment
|
||||||
|
to the third party based on the extent of your activity of conveying
|
||||||
|
the work, and under which the third party grants, to any of the
|
||||||
|
parties who would receive the covered work from you, a discriminatory
|
||||||
|
patent license (a) in connection with copies of the covered work
|
||||||
|
conveyed by you (or copies made from those copies), or (b) primarily
|
||||||
|
for and in connection with specific products or compilations that
|
||||||
|
contain the covered work, unless you entered into that arrangement,
|
||||||
|
or that patent license was granted, prior to 28 March 2007.
|
||||||
|
|
||||||
|
Nothing in this License shall be construed as excluding or limiting
|
||||||
|
any implied license or other defenses to infringement that may
|
||||||
|
otherwise be available to you under applicable patent law.
|
||||||
|
|
||||||
|
12. No Surrender of Others' Freedom.
|
||||||
|
|
||||||
|
If conditions are imposed on you (whether by court order, agreement or
|
||||||
otherwise) that contradict the conditions of this License, they do not
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
excuse you from the conditions of this License. If you cannot
|
excuse you from the conditions of this License. If you cannot convey a
|
||||||
distribute so as to satisfy simultaneously your obligations under this
|
covered work so as to satisfy simultaneously your obligations under this
|
||||||
License and any other pertinent obligations, then as a consequence you
|
License and any other pertinent obligations, then as a consequence you may
|
||||||
may not distribute the Program at all. For example, if a patent
|
not convey it at all. For example, if you agree to terms that obligate you
|
||||||
license would not permit royalty-free redistribution of the Program by
|
to collect a royalty for further conveying from those to whom you convey
|
||||||
all those who receive copies directly or indirectly through you, then
|
the Program, the only way you could satisfy both those terms and this
|
||||||
the only way you could satisfy both it and this License would be to
|
License would be to refrain entirely from conveying the Program.
|
||||||
refrain entirely from distribution of the Program.
|
|
||||||
|
|
||||||
If any portion of this section is held invalid or unenforceable under
|
13. Use with the GNU Affero General Public License.
|
||||||
any particular circumstance, the balance of the section is intended to
|
|
||||||
apply and the section as a whole is intended to apply in other
|
|
||||||
circumstances.
|
|
||||||
|
|
||||||
It is not the purpose of this section to induce you to infringe any
|
Notwithstanding any other provision of this License, you have
|
||||||
patents or other property right claims or to contest validity of any
|
permission to link or combine any covered work with a work licensed
|
||||||
such claims; this section has the sole purpose of protecting the
|
under version 3 of the GNU Affero General Public License into a single
|
||||||
integrity of the free software distribution system, which is
|
combined work, and to convey the resulting work. The terms of this
|
||||||
implemented by public license practices. Many people have made
|
License will continue to apply to the part which is the covered work,
|
||||||
generous contributions to the wide range of software distributed
|
but the special requirements of the GNU Affero General Public License,
|
||||||
through that system in reliance on consistent application of that
|
section 13, concerning interaction through a network will apply to the
|
||||||
system; it is up to the author/donor to decide if he or she is willing
|
combination as such.
|
||||||
to distribute software through any other system and a licensee cannot
|
|
||||||
impose that choice.
|
|
||||||
|
|
||||||
This section is intended to make thoroughly clear what is believed to
|
14. Revised Versions of this License.
|
||||||
be a consequence of the rest of this License.
|
|
||||||
|
|
||||||
8. If the distribution and/or use of the Program is restricted in
|
|
||||||
certain countries either by patents or by copyrighted interfaces, the
|
|
||||||
original copyright holder who places the Program under this License
|
|
||||||
may add an explicit geographical distribution limitation excluding
|
|
||||||
those countries, so that distribution is permitted only in or among
|
|
||||||
countries not thus excluded. In such case, this License incorporates
|
|
||||||
the limitation as if written in the body of this License.
|
|
||||||
|
|
||||||
9. The Free Software Foundation may publish revised and/or new versions
|
The Free Software Foundation may publish revised and/or new versions of
|
||||||
of the General Public License from time to time. Such new versions will
|
the GNU General Public License from time to time. Such new versions will
|
||||||
be similar in spirit to the present version, but may differ in detail to
|
be similar in spirit to the present version, but may differ in detail to
|
||||||
address new problems or concerns.
|
address new problems or concerns.
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the Program
|
Each version is given a distinguishing version number. If the
|
||||||
specifies a version number of this License which applies to it and "any
|
Program specifies that a certain numbered version of the GNU General
|
||||||
later version", you have the option of following the terms and conditions
|
Public License "or any later version" applies to it, you have the
|
||||||
either of that version or of any later version published by the Free
|
option of following the terms and conditions either of that numbered
|
||||||
Software Foundation. If the Program does not specify a version number of
|
version or of any later version published by the Free Software
|
||||||
this License, you may choose any version ever published by the Free Software
|
Foundation. If the Program does not specify a version number of the
|
||||||
Foundation.
|
GNU General Public License, you may choose any version ever published
|
||||||
|
by the Free Software Foundation.
|
||||||
|
|
||||||
10. If you wish to incorporate parts of the Program into other free
|
If the Program specifies that a proxy can decide which future
|
||||||
programs whose distribution conditions are different, write to the author
|
versions of the GNU General Public License can be used, that proxy's
|
||||||
to ask for permission. For software which is copyrighted by the Free
|
public statement of acceptance of a version permanently authorizes you
|
||||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
to choose that version for the Program.
|
||||||
make exceptions for this. Our decision will be guided by the two goals
|
|
||||||
of preserving the free status of all derivatives of our free software and
|
|
||||||
of promoting the sharing and reuse of software generally.
|
|
||||||
|
|
||||||
NO WARRANTY
|
Later license versions may give you additional or different
|
||||||
|
permissions. However, no additional obligations are imposed on any
|
||||||
|
author or copyright holder as a result of your choosing to follow a
|
||||||
|
later version.
|
||||||
|
|
||||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
15. Disclaimer of Warranty.
|
||||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
|
||||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
|
||||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
|
||||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
||||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
|
||||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
|
||||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
|
||||||
REPAIR OR CORRECTION.
|
|
||||||
|
|
||||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||||
POSSIBILITY OF SUCH DAMAGES.
|
|
||||||
|
|
||||||
END OF TERMS AND CONDITIONS
|
16. Limitation of Liability.
|
||||||
|
|
||||||
How to Apply These Terms to Your New Programs
|
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||||
|
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||||
|
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||||
|
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||||
|
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||||
|
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||||
|
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||||
|
SUCH DAMAGES.
|
||||||
|
|
||||||
|
17. Interpretation of Sections 15 and 16.
|
||||||
|
|
||||||
|
If the disclaimer of warranty and limitation of liability provided
|
||||||
|
above cannot be given local legal effect according to their terms,
|
||||||
|
reviewing courts shall apply local law that most closely approximates
|
||||||
|
an absolute waiver of all civil liability in connection with the
|
||||||
|
Program, unless a warranty or assumption of liability accompanies a
|
||||||
|
copy of the Program in return for a fee.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
How to Apply These Terms to Your New Programs
|
||||||
|
|
||||||
If you develop a new program, and you want it to be of the greatest
|
If you develop a new program, and you want it to be of the greatest
|
||||||
possible use to the public, the best way to achieve this is to make it
|
possible use to the public, the best way to achieve this is to make it
|
||||||
|
@ -287,15 +628,15 @@ free software which everyone can redistribute and change under these terms.
|
||||||
|
|
||||||
To do so, attach the following notices to the program. It is safest
|
To do so, attach the following notices to the program. It is safest
|
||||||
to attach them to the start of each source file to most effectively
|
to attach them to the start of each source file to most effectively
|
||||||
convey the exclusion of warranty; and each file should have at least
|
state the exclusion of warranty; and each file should have at least
|
||||||
the "copyright" line and a pointer to where the full notice is found.
|
the "copyright" line and a pointer to where the full notice is found.
|
||||||
|
|
||||||
<one line to give the program's name and a brief idea of what it does.>
|
<one line to give the program's name and a brief idea of what it does.>
|
||||||
Copyright (C) <year> <name of author>
|
Copyright (C) <year> <name of author>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
(at your option) any later version.
|
(at your option) any later version.
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
This program is distributed in the hope that it will be useful,
|
||||||
|
@ -304,37 +645,30 @@ the "copyright" line and a pointer to where the full notice is found.
|
||||||
GNU General Public License for more details.
|
GNU General Public License for more details.
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
You should have received a copy of the GNU General Public License
|
||||||
along with this program; if not, write to the Free Software
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
||||||
|
|
||||||
|
|
||||||
Also add information on how to contact you by electronic and paper mail.
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
If the program is interactive, make it output a short notice like this
|
If the program does terminal interaction, make it output a short
|
||||||
when it starts in an interactive mode:
|
notice like this when it starts in an interactive mode:
|
||||||
|
|
||||||
Gnomovision version 69, Copyright (C) year name of author
|
<program> Copyright (C) <year> <name of author>
|
||||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||||
This is free software, and you are welcome to redistribute it
|
This is free software, and you are welcome to redistribute it
|
||||||
under certain conditions; type `show c' for details.
|
under certain conditions; type `show c' for details.
|
||||||
|
|
||||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||||
parts of the General Public License. Of course, the commands you use may
|
parts of the General Public License. Of course, your program's commands
|
||||||
be called something other than `show w' and `show c'; they could even be
|
might be different; for a GUI interface, you would use an "about box".
|
||||||
mouse-clicks or menu items--whatever suits your program.
|
|
||||||
|
|
||||||
You should also get your employer (if you work as a programmer) or your
|
You should also get your employer (if you work as a programmer) or school,
|
||||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||||
necessary. Here is a sample; alter the names:
|
For more information on this, and how to apply and follow the GNU GPL, see
|
||||||
|
<http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
The GNU General Public License does not permit incorporating your program
|
||||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
into proprietary programs. If your program is a subroutine library, you
|
||||||
|
may consider it more useful to permit linking proprietary applications with
|
||||||
<signature of Ty Coon>, 1 April 1989
|
the library. If this is what you want to do, use the GNU Lesser General
|
||||||
Ty Coon, President of Vice
|
Public License instead of this License. But first, please read
|
||||||
|
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
||||||
This General Public License does not permit incorporating your program into
|
|
||||||
proprietary programs. If your program is a subroutine library, you may
|
|
||||||
consider it more useful to permit linking proprietary applications with the
|
|
||||||
library. If this is what you want to do, use the GNU Library General
|
|
||||||
Public License instead of this License.
|
|
||||||
|
|
95
ChangeLog
95
ChangeLog
|
@ -1,3 +1,98 @@
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1600 | guus | 2008-12-24 00:14:37 +0100 (wo, 24 dec 2008) | 3 lines
|
||||||
|
|
||||||
|
Apply patch from Max Rijevski fixing a memory leak when closing connections.
|
||||||
|
It also cleans up more when stopping tinc, helping tools like valgrind.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1599 | guus | 2008-12-23 23:31:38 +0100 (di, 23 dec 2008) | 4 lines
|
||||||
|
|
||||||
|
Handle broadcast and multicast packets in router mode.
|
||||||
|
Multicast packets are treated as broadcast packets.
|
||||||
|
Based on a patch from Max Rijevski.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1598 | guus | 2008-12-22 22:49:23 +0100 (ma, 22 dec 2008) | 2 lines
|
||||||
|
|
||||||
|
Update the manpage as well, and some whitespace to make its source more legible.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1597 | guus | 2008-12-22 22:29:21 +0100 (ma, 22 dec 2008) | 5 lines
|
||||||
|
|
||||||
|
Update documentation.
|
||||||
|
- TCPOnly is not experimental.
|
||||||
|
- Do not mention old Linux kernels and Ethertap anymore.
|
||||||
|
- Document the DeviceType, PMTU and PMTUDiscovery options.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1596 | guus | 2008-12-22 21:35:45 +0100 (ma, 22 dec 2008) | 2 lines
|
||||||
|
|
||||||
|
Enable PMTU discovery by default.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1595 | guus | 2008-12-22 21:27:52 +0100 (ma, 22 dec 2008) | 2 lines
|
||||||
|
|
||||||
|
Update copyright information.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1594 | guus | 2008-12-22 20:43:49 +0100 (ma, 22 dec 2008) | 2 lines
|
||||||
|
|
||||||
|
Update Dutch translation.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1593 | guus | 2008-12-22 20:40:40 +0100 (ma, 22 dec 2008) | 4 lines
|
||||||
|
|
||||||
|
Make sure IPv6 sockets are IPv6 only.
|
||||||
|
This will get rid of the "Can't bind to 0.0.0.0 port 655/tcp: Address already
|
||||||
|
in use" message on Linux.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1592 | guus | 2008-12-22 20:33:37 +0100 (ma, 22 dec 2008) | 2 lines
|
||||||
|
|
||||||
|
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1591 | guus | 2008-12-21 17:19:31 +0100 (zo, 21 dec 2008) | 3 lines
|
||||||
|
|
||||||
|
Treat virtual network device as tap if Mode = switch or hub.
|
||||||
|
On OpenBSD, the link0 flag should still be set in tinc-up or by other means.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1579 | guus | 2008-12-05 15:17:39 +0100 (vr, 05 dec 2008) | 2 lines
|
||||||
|
|
||||||
|
Correct debug message.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1578 | guus | 2008-11-18 16:11:27 +0100 (di, 18 nov 2008) | 2 lines
|
||||||
|
|
||||||
|
Prevent freeing a NULL pointer when a hostname is unresolvable.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1577 | guus | 2008-10-25 21:54:00 +0200 (za, 25 okt 2008) | 2 lines
|
||||||
|
|
||||||
|
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1576 | guus | 2008-10-25 20:10:08 +0200 (za, 25 okt 2008) | 2 lines
|
||||||
|
|
||||||
|
Fix reading configuration files that do not end with a newline.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1575 | guus | 2007-12-14 22:17:08 +0100 (vr, 14 dec 2007) | 3 lines
|
||||||
|
|
||||||
|
Make sure the prefixlength of subnets is sane.
|
||||||
|
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1555 | guus | 2007-08-18 00:09:00 +0200 (za, 18 aug 2007) | 2 lines
|
||||||
|
|
||||||
|
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
|
||||||
|
|
||||||
|
------------------------------------------------------------------------
|
||||||
|
r1511 | guus | 2007-05-16 19:16:09 +0200 (wo, 16 mei 2007) | 2 lines
|
||||||
|
|
||||||
|
Releasing 1.0.8.
|
||||||
|
|
||||||
------------------------------------------------------------------------
|
------------------------------------------------------------------------
|
||||||
r1510 | guus | 2007-05-16 16:46:25 +0200 (wo, 16 mei 2007) | 2 lines
|
r1510 | guus | 2007-05-16 16:46:25 +0200 (wo, 16 mei 2007) | 2 lines
|
||||||
|
|
||||||
|
|
5
INSTALL
5
INSTALL
|
@ -2,7 +2,7 @@ Installation Instructions
|
||||||
*************************
|
*************************
|
||||||
|
|
||||||
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
|
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
|
||||||
2006 Free Software Foundation, Inc.
|
2006, 2007 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This file is free documentation; the Free Software Foundation gives
|
This file is free documentation; the Free Software Foundation gives
|
||||||
unlimited permission to copy, distribute and modify it.
|
unlimited permission to copy, distribute and modify it.
|
||||||
|
@ -67,6 +67,9 @@ The simplest way to compile this package is:
|
||||||
all sorts of other programs in order to regenerate files that came
|
all sorts of other programs in order to regenerate files that came
|
||||||
with the distribution.
|
with the distribution.
|
||||||
|
|
||||||
|
6. Often, you can also type `make uninstall' to remove the installed
|
||||||
|
files again.
|
||||||
|
|
||||||
Compilers and Options
|
Compilers and Options
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
|
|
25
Makefile.in
25
Makefile.in
|
@ -1,8 +1,8 @@
|
||||||
# Makefile.in generated by automake 1.10 from Makefile.am.
|
# Makefile.in generated by automake 1.10.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
|
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
# with or without modifications, as long as this notice is preserved.
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
@ -320,8 +320,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
mkid -fID $$unique
|
mkid -fID $$unique
|
||||||
tags: TAGS
|
tags: TAGS
|
||||||
|
|
||||||
|
@ -346,8 +346,8 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
|
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
|
||||||
test -n "$$unique" || unique=$$empty_fix; \
|
test -n "$$unique" || unique=$$empty_fix; \
|
||||||
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
||||||
|
@ -357,13 +357,12 @@ ctags: CTAGS
|
||||||
CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
||||||
$(TAGS_FILES) $(LISP)
|
$(TAGS_FILES) $(LISP)
|
||||||
tags=; \
|
tags=; \
|
||||||
here=`pwd`; \
|
|
||||||
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
|
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|
||||||
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
||||||
$$tags $$unique
|
$$tags $$unique
|
||||||
|
@ -434,6 +433,10 @@ dist-bzip2: distdir
|
||||||
tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
|
tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
|
||||||
$(am__remove_distdir)
|
$(am__remove_distdir)
|
||||||
|
|
||||||
|
dist-lzma: distdir
|
||||||
|
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
|
||||||
|
$(am__remove_distdir)
|
||||||
|
|
||||||
dist-tarZ: distdir
|
dist-tarZ: distdir
|
||||||
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
|
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
|
||||||
$(am__remove_distdir)
|
$(am__remove_distdir)
|
||||||
|
@ -460,6 +463,8 @@ distcheck: dist
|
||||||
GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
|
GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
|
||||||
*.tar.bz2*) \
|
*.tar.bz2*) \
|
||||||
bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
|
bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||||
|
*.tar.lzma*) \
|
||||||
|
unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
|
||||||
*.tar.Z*) \
|
*.tar.Z*) \
|
||||||
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
||||||
*.shar.gz*) \
|
*.shar.gz*) \
|
||||||
|
@ -610,7 +615,7 @@ uninstall-am:
|
||||||
.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
|
.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
|
||||||
all all-am am--refresh check check-am clean clean-generic \
|
all all-am am--refresh check check-am clean clean-generic \
|
||||||
ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
|
ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
|
||||||
dist-shar dist-tarZ dist-zip distcheck distclean \
|
dist-lzma dist-shar dist-tarZ dist-zip distcheck distclean \
|
||||||
distclean-generic distclean-hdr distclean-tags distcleancheck \
|
distclean-generic distclean-hdr distclean-tags distcleancheck \
|
||||||
distdir distuninstallcheck dvi dvi-am html html-am info \
|
distdir distuninstallcheck dvi dvi-am html html-am info \
|
||||||
info-am install install-am install-data install-data-am \
|
info-am install install-am install-data install-data-am \
|
||||||
|
|
17
NEWS
17
NEWS
|
@ -1,3 +1,20 @@
|
||||||
|
Version 1.0.9 Dec 26 2008
|
||||||
|
|
||||||
|
* Fixed tinc as a service under Windows 2003.
|
||||||
|
|
||||||
|
* Fixed reading configuration files that do not end with a newline.
|
||||||
|
|
||||||
|
* Fixed crashes in situations where hostnames could not be resolved or hosts
|
||||||
|
would disconnect at the same time as session keys were exchanged.
|
||||||
|
|
||||||
|
* Improved default settings of tun and tap devices on BSD platforms.
|
||||||
|
|
||||||
|
* Make IPv6 sockets bind only to IPv6 on Linux.
|
||||||
|
|
||||||
|
* Enable path MTU discovery by default.
|
||||||
|
|
||||||
|
* Fixed a memory leak that occured when connections were closed.
|
||||||
|
|
||||||
Version 1.0.8 May 16 2007
|
Version 1.0.8 May 16 2007
|
||||||
|
|
||||||
* Fixed some memory and resource leaks.
|
* Fixed some memory and resource leaks.
|
||||||
|
|
6
README
6
README
|
@ -1,7 +1,7 @@
|
||||||
This is the README file for tinc version 1.0.8. Installation
|
This is the README file for tinc version 1.0.9. Installation
|
||||||
instructions may be found in the INSTALL file.
|
instructions may be found in the INSTALL file.
|
||||||
|
|
||||||
tinc is Copyright (C) 1998-2007 by:
|
tinc is Copyright (C) 1998-2008 by:
|
||||||
|
|
||||||
Ivo Timmermans,
|
Ivo Timmermans,
|
||||||
Guus Sliepen <guus@tinc-vpn.org>,
|
Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
||||||
Compatibility
|
Compatibility
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Version 1.0.8 is compatible with 1.0pre8, 1.0 and later, but not with older
|
Version 1.0.9 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||||
versions of tinc.
|
versions of tinc.
|
||||||
|
|
||||||
|
|
||||||
|
|
1
THANKS
1
THANKS
|
@ -21,6 +21,7 @@ We would like to thank the following people for their contributions to tinc:
|
||||||
* Markus Goetz
|
* Markus Goetz
|
||||||
* Martin Kihlgren
|
* Martin Kihlgren
|
||||||
* Matias Carrasco
|
* Matias Carrasco
|
||||||
|
* Max Rijevski
|
||||||
* Miles Nordin
|
* Miles Nordin
|
||||||
* Nick Patavalis
|
* Nick Patavalis
|
||||||
* Paul Littlefield
|
* Paul Littlefield
|
||||||
|
|
38
aclocal.m4
vendored
38
aclocal.m4
vendored
|
@ -1,7 +1,7 @@
|
||||||
# generated automatically by aclocal 1.10 -*- Autoconf -*-
|
# generated automatically by aclocal 1.10.1 -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
||||||
# 2005, 2006 Free Software Foundation, Inc.
|
# 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
# with or without modifications, as long as this notice is preserved.
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
@ -11,12 +11,15 @@
|
||||||
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||||
# PARTICULAR PURPOSE.
|
# PARTICULAR PURPOSE.
|
||||||
|
|
||||||
m4_if(m4_PACKAGE_VERSION, [2.61],,
|
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||||
[m4_fatal([this file was generated for autoconf 2.61.
|
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||||
You have another version of autoconf. If you want to use that,
|
m4_if(AC_AUTOCONF_VERSION, [2.61],,
|
||||||
you should regenerate the build system entirely.], [63])])
|
[m4_warning([this file was generated for autoconf 2.61.
|
||||||
|
You have another version of autoconf. It may work, but is not guaranteed to.
|
||||||
|
If you have problems, you may need to regenerate the build system entirely.
|
||||||
|
To do so, use the procedure documented by the package, typically `autoreconf'.])])
|
||||||
|
|
||||||
# Copyright (C) 2002, 2003, 2005, 2006 Free Software Foundation, Inc.
|
# Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
@ -31,7 +34,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
|
||||||
[am__api_version='1.10'
|
[am__api_version='1.10'
|
||||||
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
|
||||||
dnl require some minimum version. Point them to the right macro.
|
dnl require some minimum version. Point them to the right macro.
|
||||||
m4_if([$1], [1.10], [],
|
m4_if([$1], [1.10.1], [],
|
||||||
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -47,8 +50,10 @@ m4_define([_AM_AUTOCONF_VERSION], [])
|
||||||
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
|
||||||
# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
|
# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
|
||||||
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
|
||||||
[AM_AUTOMAKE_VERSION([1.10])dnl
|
[AM_AUTOMAKE_VERSION([1.10.1])dnl
|
||||||
_AM_AUTOCONF_VERSION(m4_PACKAGE_VERSION)])
|
m4_ifndef([AC_AUTOCONF_VERSION],
|
||||||
|
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
|
||||||
|
_AM_AUTOCONF_VERSION(AC_AUTOCONF_VERSION)])
|
||||||
|
|
||||||
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
|
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
|
||||||
|
|
||||||
|
@ -320,7 +325,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
|
||||||
# each Makefile.in and add a new line on top of each file to say so.
|
# each Makefile.in and add a new line on top of each file to say so.
|
||||||
# Grep'ing the whole file is not good either: AIX grep has a line
|
# Grep'ing the whole file is not good either: AIX grep has a line
|
||||||
# limit of 2048, but all sed's we know have understand at least 4000.
|
# limit of 2048, but all sed's we know have understand at least 4000.
|
||||||
if sed 10q "$mf" | grep '^#.*generated by automake' > /dev/null 2>&1; then
|
if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
|
||||||
dirpart=`AS_DIRNAME("$mf")`
|
dirpart=`AS_DIRNAME("$mf")`
|
||||||
else
|
else
|
||||||
continue
|
continue
|
||||||
|
@ -368,13 +373,13 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
|
||||||
# Do all the work for Automake. -*- Autoconf -*-
|
# Do all the work for Automake. -*- Autoconf -*-
|
||||||
|
|
||||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
||||||
# 2005, 2006 Free Software Foundation, Inc.
|
# 2005, 2006, 2008 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
# This file is free software; the Free Software Foundation
|
# This file is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
# with or without modifications, as long as this notice is preserved.
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
|
||||||
# serial 12
|
# serial 13
|
||||||
|
|
||||||
# This macro actually does too much. Some checks are only needed if
|
# This macro actually does too much. Some checks are only needed if
|
||||||
# your package does certain things. But this isn't really a big deal.
|
# your package does certain things. But this isn't really a big deal.
|
||||||
|
@ -479,16 +484,17 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJC],
|
||||||
# our stamp files there.
|
# our stamp files there.
|
||||||
AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
|
AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
|
||||||
[# Compute $1's index in $config_headers.
|
[# Compute $1's index in $config_headers.
|
||||||
|
_am_arg=$1
|
||||||
_am_stamp_count=1
|
_am_stamp_count=1
|
||||||
for _am_header in $config_headers :; do
|
for _am_header in $config_headers :; do
|
||||||
case $_am_header in
|
case $_am_header in
|
||||||
$1 | $1:* )
|
$_am_arg | $_am_arg:* )
|
||||||
break ;;
|
break ;;
|
||||||
* )
|
* )
|
||||||
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
|
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
|
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
|
||||||
|
|
||||||
# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
|
# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
|
||||||
#
|
#
|
||||||
|
@ -789,7 +795,7 @@ AC_SUBST([INSTALL_STRIP_PROGRAM])])
|
||||||
|
|
||||||
# _AM_SUBST_NOTMAKE(VARIABLE)
|
# _AM_SUBST_NOTMAKE(VARIABLE)
|
||||||
# ---------------------------
|
# ---------------------------
|
||||||
# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in.
|
# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
|
||||||
# This macro is traced by Automake.
|
# This macro is traced by Automake.
|
||||||
AC_DEFUN([_AM_SUBST_NOTMAKE])
|
AC_DEFUN([_AM_SUBST_NOTMAKE])
|
||||||
|
|
||||||
|
|
36
config.guess
vendored
36
config.guess
vendored
|
@ -1,10 +1,10 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Attempt to guess a canonical system name.
|
# Attempt to guess a canonical system name.
|
||||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
|
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
|
||||||
# Inc.
|
# Free Software Foundation, Inc.
|
||||||
|
|
||||||
timestamp='2007-03-06'
|
timestamp='2008-01-23'
|
||||||
|
|
||||||
# This file is free software; you can redistribute it and/or modify it
|
# This file is free software; you can redistribute it and/or modify it
|
||||||
# under the terms of the GNU General Public License as published by
|
# under the terms of the GNU General Public License as published by
|
||||||
|
@ -56,8 +56,8 @@ version="\
|
||||||
GNU config.guess ($timestamp)
|
GNU config.guess ($timestamp)
|
||||||
|
|
||||||
Originally written by Per Bothner.
|
Originally written by Per Bothner.
|
||||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
|
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
|
||||||
Free Software Foundation, Inc.
|
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This is free software; see the source for copying conditions. There is NO
|
This is free software; see the source for copying conditions. There is NO
|
||||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||||
|
@ -330,7 +330,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||||
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
|
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
|
||||||
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||||
exit ;;
|
exit ;;
|
||||||
i86pc:SunOS:5.*:*)
|
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
|
||||||
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||||
exit ;;
|
exit ;;
|
||||||
sun4*:SunOS:6*:*)
|
sun4*:SunOS:6*:*)
|
||||||
|
@ -532,7 +532,7 @@ EOF
|
||||||
echo rs6000-ibm-aix3.2
|
echo rs6000-ibm-aix3.2
|
||||||
fi
|
fi
|
||||||
exit ;;
|
exit ;;
|
||||||
*:AIX:*:[45])
|
*:AIX:*:[456])
|
||||||
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
|
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
|
||||||
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
|
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
|
||||||
IBM_ARCH=rs6000
|
IBM_ARCH=rs6000
|
||||||
|
@ -793,12 +793,15 @@ EOF
|
||||||
exit ;;
|
exit ;;
|
||||||
*:Interix*:[3456]*)
|
*:Interix*:[3456]*)
|
||||||
case ${UNAME_MACHINE} in
|
case ${UNAME_MACHINE} in
|
||||||
x86)
|
x86)
|
||||||
echo i586-pc-interix${UNAME_RELEASE}
|
echo i586-pc-interix${UNAME_RELEASE}
|
||||||
exit ;;
|
exit ;;
|
||||||
EM64T | authenticamd)
|
EM64T | authenticamd)
|
||||||
echo x86_64-unknown-interix${UNAME_RELEASE}
|
echo x86_64-unknown-interix${UNAME_RELEASE}
|
||||||
exit ;;
|
exit ;;
|
||||||
|
IA64)
|
||||||
|
echo ia64-unknown-interix${UNAME_RELEASE}
|
||||||
|
exit ;;
|
||||||
esac ;;
|
esac ;;
|
||||||
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
|
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
|
||||||
echo i${UNAME_MACHINE}-pc-mks
|
echo i${UNAME_MACHINE}-pc-mks
|
||||||
|
@ -833,7 +836,14 @@ EOF
|
||||||
echo ${UNAME_MACHINE}-pc-minix
|
echo ${UNAME_MACHINE}-pc-minix
|
||||||
exit ;;
|
exit ;;
|
||||||
arm*:Linux:*:*)
|
arm*:Linux:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
eval $set_cc_for_build
|
||||||
|
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||||
|
| grep -q __ARM_EABI__
|
||||||
|
then
|
||||||
|
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||||
|
else
|
||||||
|
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
|
||||||
|
fi
|
||||||
exit ;;
|
exit ;;
|
||||||
avr32*:Linux:*:*)
|
avr32*:Linux:*:*)
|
||||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||||
|
@ -954,8 +964,8 @@ EOF
|
||||||
x86_64:Linux:*:*)
|
x86_64:Linux:*:*)
|
||||||
echo x86_64-unknown-linux-gnu
|
echo x86_64-unknown-linux-gnu
|
||||||
exit ;;
|
exit ;;
|
||||||
xtensa:Linux:*:*)
|
xtensa*:Linux:*:*)
|
||||||
echo xtensa-unknown-linux-gnu
|
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||||
exit ;;
|
exit ;;
|
||||||
i*86:Linux:*:*)
|
i*86:Linux:*:*)
|
||||||
# The BFD linker knows what the default object file format is, so
|
# The BFD linker knows what the default object file format is, so
|
||||||
|
@ -1474,9 +1484,9 @@ This script, last modified $timestamp, has failed to recognize
|
||||||
the operating system you are using. It is advised that you
|
the operating system you are using. It is advised that you
|
||||||
download the most up to date version of the config scripts from
|
download the most up to date version of the config scripts from
|
||||||
|
|
||||||
http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
|
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
|
||||||
and
|
and
|
||||||
http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
|
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
|
||||||
|
|
||||||
If the version you run ($0) is already up to date, please
|
If the version you run ($0) is already up to date, please
|
||||||
send the following data and any information you think might be
|
send the following data and any information you think might be
|
||||||
|
|
52
config.sub
vendored
52
config.sub
vendored
|
@ -1,10 +1,10 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Configuration validation subroutine script.
|
# Configuration validation subroutine script.
|
||||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
|
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
|
||||||
# Inc.
|
# Free Software Foundation, Inc.
|
||||||
|
|
||||||
timestamp='2007-01-18'
|
timestamp='2008-01-16'
|
||||||
|
|
||||||
# This file is (in principle) common to ALL GNU software.
|
# This file is (in principle) common to ALL GNU software.
|
||||||
# The presence of a machine in this file suggests that SOME GNU software
|
# The presence of a machine in this file suggests that SOME GNU software
|
||||||
|
@ -72,8 +72,8 @@ Report bugs and patches to <config-patches@gnu.org>."
|
||||||
version="\
|
version="\
|
||||||
GNU config.sub ($timestamp)
|
GNU config.sub ($timestamp)
|
||||||
|
|
||||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
|
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
|
||||||
Free Software Foundation, Inc.
|
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This is free software; see the source for copying conditions. There is NO
|
This is free software; see the source for copying conditions. There is NO
|
||||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||||
|
@ -369,10 +369,14 @@ case $basic_machine in
|
||||||
| v850-* | v850e-* | vax-* \
|
| v850-* | v850e-* | vax-* \
|
||||||
| we32k-* \
|
| we32k-* \
|
||||||
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
|
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
|
||||||
| xstormy16-* | xtensa-* \
|
| xstormy16-* | xtensa*-* \
|
||||||
| ymp-* \
|
| ymp-* \
|
||||||
| z8k-*)
|
| z8k-*)
|
||||||
;;
|
;;
|
||||||
|
# Recognize the basic CPU types without company name, with glob match.
|
||||||
|
xtensa*)
|
||||||
|
basic_machine=$basic_machine-unknown
|
||||||
|
;;
|
||||||
# Recognize the various machine names and aliases which stand
|
# Recognize the various machine names and aliases which stand
|
||||||
# for a CPU type and a company and sometimes even an OS.
|
# for a CPU type and a company and sometimes even an OS.
|
||||||
386bsd)
|
386bsd)
|
||||||
|
@ -443,6 +447,14 @@ case $basic_machine in
|
||||||
basic_machine=ns32k-sequent
|
basic_machine=ns32k-sequent
|
||||||
os=-dynix
|
os=-dynix
|
||||||
;;
|
;;
|
||||||
|
blackfin)
|
||||||
|
basic_machine=bfin-unknown
|
||||||
|
os=-linux
|
||||||
|
;;
|
||||||
|
blackfin-*)
|
||||||
|
basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||||
|
os=-linux
|
||||||
|
;;
|
||||||
c90)
|
c90)
|
||||||
basic_machine=c90-cray
|
basic_machine=c90-cray
|
||||||
os=-unicos
|
os=-unicos
|
||||||
|
@ -475,8 +487,8 @@ case $basic_machine in
|
||||||
basic_machine=craynv-cray
|
basic_machine=craynv-cray
|
||||||
os=-unicosmp
|
os=-unicosmp
|
||||||
;;
|
;;
|
||||||
cr16c)
|
cr16)
|
||||||
basic_machine=cr16c-unknown
|
basic_machine=cr16-unknown
|
||||||
os=-elf
|
os=-elf
|
||||||
;;
|
;;
|
||||||
crds | unos)
|
crds | unos)
|
||||||
|
@ -668,6 +680,14 @@ case $basic_machine in
|
||||||
basic_machine=m68k-isi
|
basic_machine=m68k-isi
|
||||||
os=-sysv
|
os=-sysv
|
||||||
;;
|
;;
|
||||||
|
m68knommu)
|
||||||
|
basic_machine=m68k-unknown
|
||||||
|
os=-linux
|
||||||
|
;;
|
||||||
|
m68knommu-*)
|
||||||
|
basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||||
|
os=-linux
|
||||||
|
;;
|
||||||
m88k-omron*)
|
m88k-omron*)
|
||||||
basic_machine=m88k-omron
|
basic_machine=m88k-omron
|
||||||
;;
|
;;
|
||||||
|
@ -683,6 +703,10 @@ case $basic_machine in
|
||||||
basic_machine=i386-pc
|
basic_machine=i386-pc
|
||||||
os=-mingw32
|
os=-mingw32
|
||||||
;;
|
;;
|
||||||
|
mingw32ce)
|
||||||
|
basic_machine=arm-unknown
|
||||||
|
os=-mingw32ce
|
||||||
|
;;
|
||||||
miniframe)
|
miniframe)
|
||||||
basic_machine=m68000-convergent
|
basic_machine=m68000-convergent
|
||||||
;;
|
;;
|
||||||
|
@ -809,6 +833,14 @@ case $basic_machine in
|
||||||
basic_machine=i860-intel
|
basic_machine=i860-intel
|
||||||
os=-osf
|
os=-osf
|
||||||
;;
|
;;
|
||||||
|
parisc)
|
||||||
|
basic_machine=hppa-unknown
|
||||||
|
os=-linux
|
||||||
|
;;
|
||||||
|
parisc-*)
|
||||||
|
basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||||
|
os=-linux
|
||||||
|
;;
|
||||||
pbd)
|
pbd)
|
||||||
basic_machine=sparc-tti
|
basic_machine=sparc-tti
|
||||||
;;
|
;;
|
||||||
|
@ -1017,6 +1049,10 @@ case $basic_machine in
|
||||||
basic_machine=tic6x-unknown
|
basic_machine=tic6x-unknown
|
||||||
os=-coff
|
os=-coff
|
||||||
;;
|
;;
|
||||||
|
tile*)
|
||||||
|
basic_machine=tile-unknown
|
||||||
|
os=-linux-gnu
|
||||||
|
;;
|
||||||
tx39)
|
tx39)
|
||||||
basic_machine=mipstx39-unknown
|
basic_machine=mipstx39-unknown
|
||||||
;;
|
;;
|
||||||
|
|
19
configure
vendored
19
configure
vendored
|
@ -2107,7 +2107,7 @@ fi
|
||||||
|
|
||||||
# Define the identity of the package.
|
# Define the identity of the package.
|
||||||
PACKAGE=tinc
|
PACKAGE=tinc
|
||||||
VERSION=1.0.8
|
VERSION=1.0.9
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
@ -12990,21 +12990,22 @@ echo "$as_me: $ac_file is unchanged" >&6;}
|
||||||
fi
|
fi
|
||||||
rm -f "$tmp/out12"
|
rm -f "$tmp/out12"
|
||||||
# Compute $ac_file's index in $config_headers.
|
# Compute $ac_file's index in $config_headers.
|
||||||
|
_am_arg=$ac_file
|
||||||
_am_stamp_count=1
|
_am_stamp_count=1
|
||||||
for _am_header in $config_headers :; do
|
for _am_header in $config_headers :; do
|
||||||
case $_am_header in
|
case $_am_header in
|
||||||
$ac_file | $ac_file:* )
|
$_am_arg | $_am_arg:* )
|
||||||
break ;;
|
break ;;
|
||||||
* )
|
* )
|
||||||
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
|
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
echo "timestamp for $ac_file" >`$as_dirname -- $ac_file ||
|
echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
|
||||||
$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
|
$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
|
||||||
X$ac_file : 'X\(//\)[^/]' \| \
|
X"$_am_arg" : 'X\(//\)[^/]' \| \
|
||||||
X$ac_file : 'X\(//\)$' \| \
|
X"$_am_arg" : 'X\(//\)$' \| \
|
||||||
X$ac_file : 'X\(/\)' \| . 2>/dev/null ||
|
X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
|
||||||
echo X$ac_file |
|
echo X"$_am_arg" |
|
||||||
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
|
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
|
||||||
s//\1/
|
s//\1/
|
||||||
q
|
q
|
||||||
|
@ -13150,7 +13151,7 @@ echo "$as_me: executing $ac_file commands" >&6;}
|
||||||
# each Makefile.in and add a new line on top of each file to say so.
|
# each Makefile.in and add a new line on top of each file to say so.
|
||||||
# Grep'ing the whole file is not good either: AIX grep has a line
|
# Grep'ing the whole file is not good either: AIX grep has a line
|
||||||
# limit of 2048, but all sed's we know have understand at least 4000.
|
# limit of 2048, but all sed's we know have understand at least 4000.
|
||||||
if sed 10q "$mf" | grep '^#.*generated by automake' > /dev/null 2>&1; then
|
if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
|
||||||
dirpart=`$as_dirname -- "$mf" ||
|
dirpart=`$as_dirname -- "$mf" ||
|
||||||
$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
|
$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
|
||||||
X"$mf" : 'X\(//\)[^/]' \| \
|
X"$mf" : 'X\(//\)[^/]' \| \
|
||||||
|
|
|
@ -5,7 +5,7 @@ dnl $Id: configure.in 1488 2006-12-16 16:53:58Z guus $
|
||||||
AC_PREREQ(2.61)
|
AC_PREREQ(2.61)
|
||||||
AC_INIT
|
AC_INIT
|
||||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||||
AM_INIT_AUTOMAKE(tinc, 1.0.8)
|
AM_INIT_AUTOMAKE(tinc, 1.0.9)
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
AM_MAINTAINER_MODE
|
AM_MAINTAINER_MODE
|
||||||
|
|
||||||
|
|
8
debian/changelog
vendored
8
debian/changelog
vendored
|
@ -1,3 +1,11 @@
|
||||||
|
tinc (1.0.9-1) unstable; urgency=low
|
||||||
|
|
||||||
|
* New upstream release.
|
||||||
|
- Binds IPv6 sockets only to IPv6. Closes: #440150
|
||||||
|
* Update copyright file. Closes: #482566
|
||||||
|
|
||||||
|
-- Guus Sliepen <guus@debian.org> Fri, 26 Dec 2008 13:25:05 +0100
|
||||||
|
|
||||||
tinc (1.0.8-2) unstable; urgency=low
|
tinc (1.0.8-2) unstable; urgency=low
|
||||||
|
|
||||||
* Include Portugese debconf translation. Closes: #434191
|
* Include Portugese debconf translation. Closes: #434191
|
||||||
|
|
7
debian/control
vendored
7
debian/control
vendored
|
@ -2,16 +2,15 @@ Source: tinc
|
||||||
Section: net
|
Section: net
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Guus Sliepen <guus@debian.org>
|
Maintainer: Guus Sliepen <guus@debian.org>
|
||||||
Standards-Version: 3.7.2
|
Standards-Version: 3.8.0
|
||||||
Build-Depends: libssl-dev, debhelper (>= 4.1.16), gettext, texi2html, texinfo, zlib1g-dev, cdbs, liblzo2-dev
|
Build-Depends: libssl-dev, debhelper (>= 4.1.16), gettext, texi2html, texinfo, zlib1g-dev, cdbs, liblzo2-dev
|
||||||
|
Homepage: http://www.tinc-vpn.org/
|
||||||
|
|
||||||
Package: tinc
|
Package: tinc
|
||||||
Architecture: any
|
Architecture: any
|
||||||
Depends: debconf | debconf-2.0, ${shlibs:Depends}
|
Depends: debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends}
|
||||||
Description: Virtual Private Network daemon
|
Description: Virtual Private Network daemon
|
||||||
tinc is a daemon with which you can create a virtual private network
|
tinc is a daemon with which you can create a virtual private network
|
||||||
(VPN). One daemon can handle multiple connections, so you can
|
(VPN). One daemon can handle multiple connections, so you can
|
||||||
create an entire (moderately sized) VPN with only one daemon per
|
create an entire (moderately sized) VPN with only one daemon per
|
||||||
participating computer.
|
participating computer.
|
||||||
.
|
|
||||||
Homepage: http://www.tinc-vpn.org/
|
|
||||||
|
|
12
debian/copyright
vendored
12
debian/copyright
vendored
|
@ -7,12 +7,16 @@ Upstream Authors:
|
||||||
Guus Sliepen <guus@tinc-vpn.org>
|
Guus Sliepen <guus@tinc-vpn.org>
|
||||||
Ivo Timmermans <ivo@tinc-vpn.org>
|
Ivo Timmermans <ivo@tinc-vpn.org>
|
||||||
|
|
||||||
Copyright: GPL version 2. On Debian GNU/Linux systems, the complete
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
text of the GNU General Public License can be found in
|
1998-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
/usr/share/common-licenses/GPL.
|
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
The following is the text from /usr/share/doc/tinc/COPYING.README:
|
On Debian GNU/Linux systems, the complete text of the GNU General Public
|
||||||
|
License version 2 can be found in /usr/share/common-licenses/GPL-2.
|
||||||
|
|
||||||
The following applies to tinc:
|
The following applies to tinc:
|
||||||
|
|
||||||
|
|
2
debian/doc-base.tinc
vendored
2
debian/doc-base.tinc
vendored
|
@ -3,7 +3,7 @@ Title: tinc Manual
|
||||||
Author: Ivo Timmermans, Guus Sliepen
|
Author: Ivo Timmermans, Guus Sliepen
|
||||||
Abstract: This manual describes how to set up a Virtual Private
|
Abstract: This manual describes how to set up a Virtual Private
|
||||||
Network with tinc.
|
Network with tinc.
|
||||||
Section: net
|
Section: System/Security
|
||||||
|
|
||||||
Format: HTML
|
Format: HTML
|
||||||
Files: /usr/share/doc/tinc/tinc*.html
|
Files: /usr/share/doc/tinc/tinc*.html
|
||||||
|
|
2
debian/prerm
vendored
2
debian/prerm
vendored
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
# Automatically added by dh_installinit, edited for use with debconf
|
# Automatically added by dh_installinit, edited for use with debconf
|
||||||
if [ -x "/etc/init.d/tinc" ]; then
|
if [ -x "/etc/init.d/tinc" ]; then
|
||||||
if [ -e /usr/share/debconf/confmodule ] ; then
|
if [ -e /usr/share/debconf/confmodule ] ; then
|
||||||
|
|
33
depcomp
33
depcomp
|
@ -1,9 +1,9 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# depcomp - compile a program generating dependencies as side-effects
|
# depcomp - compile a program generating dependencies as side-effects
|
||||||
|
|
||||||
scriptversion=2006-10-15.18
|
scriptversion=2007-03-29.01
|
||||||
|
|
||||||
# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006 Free Software
|
# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software
|
||||||
# Foundation, Inc.
|
# Foundation, Inc.
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -215,34 +215,39 @@ aix)
|
||||||
# current directory. Also, the AIX compiler puts `$object:' at the
|
# current directory. Also, the AIX compiler puts `$object:' at the
|
||||||
# start of each line; $object doesn't have directory information.
|
# start of each line; $object doesn't have directory information.
|
||||||
# Version 6 uses the directory in both cases.
|
# Version 6 uses the directory in both cases.
|
||||||
stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
|
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
|
||||||
tmpdepfile="$stripped.u"
|
test "x$dir" = "x$object" && dir=
|
||||||
|
base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
|
||||||
if test "$libtool" = yes; then
|
if test "$libtool" = yes; then
|
||||||
|
tmpdepfile1=$dir$base.u
|
||||||
|
tmpdepfile2=$base.u
|
||||||
|
tmpdepfile3=$dir.libs/$base.u
|
||||||
"$@" -Wc,-M
|
"$@" -Wc,-M
|
||||||
else
|
else
|
||||||
|
tmpdepfile1=$dir$base.u
|
||||||
|
tmpdepfile2=$dir$base.u
|
||||||
|
tmpdepfile3=$dir$base.u
|
||||||
"$@" -M
|
"$@" -M
|
||||||
fi
|
fi
|
||||||
stat=$?
|
stat=$?
|
||||||
|
|
||||||
if test -f "$tmpdepfile"; then :
|
|
||||||
else
|
|
||||||
stripped=`echo "$stripped" | sed 's,^.*/,,'`
|
|
||||||
tmpdepfile="$stripped.u"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test $stat -eq 0; then :
|
if test $stat -eq 0; then :
|
||||||
else
|
else
|
||||||
rm -f "$tmpdepfile"
|
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
|
||||||
exit $stat
|
exit $stat
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
|
||||||
|
do
|
||||||
|
test -f "$tmpdepfile" && break
|
||||||
|
done
|
||||||
if test -f "$tmpdepfile"; then
|
if test -f "$tmpdepfile"; then
|
||||||
outname="$stripped.o"
|
|
||||||
# Each line is of the form `foo.o: dependent.h'.
|
# Each line is of the form `foo.o: dependent.h'.
|
||||||
# Do two passes, one to just change these to
|
# Do two passes, one to just change these to
|
||||||
# `$object: dependent.h' and one to simply `dependent.h:'.
|
# `$object: dependent.h' and one to simply `dependent.h:'.
|
||||||
sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
|
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
|
||||||
sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
|
# That's a tab and a space in the [].
|
||||||
|
sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
|
||||||
else
|
else
|
||||||
# The sourcefile does not contain any dependencies, so just
|
# The sourcefile does not contain any dependencies, so just
|
||||||
# store a dummy comment line, to avoid errors with the Makefile
|
# store a dummy comment line, to avoid errors with the Makefile
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# Makefile.in generated by automake 1.10 from Makefile.am.
|
# Makefile.in generated by automake 1.10.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
|
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
# with or without modifications, as long as this notice is preserved.
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
|
Binary file not shown.
2016
doc/texinfo.tex
2016
doc/texinfo.tex
File diff suppressed because it is too large
Load diff
|
@ -1,21 +1,25 @@
|
||||||
.Dd 2002-04-09
|
.Dd 2008-12-22
|
||||||
.Dt TINC.CONF 5
|
.Dt TINC.CONF 5
|
||||||
.\" Manual page created by:
|
.\" Manual page created by:
|
||||||
.\" Ivo Timmermans
|
.\" Ivo Timmermans
|
||||||
.\" Guus Sliepen <guus@tinc-vpn.org>
|
.\" Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm tinc.conf
|
.Nm tinc.conf
|
||||||
.Nd tinc daemon configuration
|
.Nd tinc daemon configuration
|
||||||
|
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The files in the
|
The files in the
|
||||||
.Pa @sysconfdir@/tinc/
|
.Pa @sysconfdir@/tinc/
|
||||||
directory contain runtime and security information for the tinc daemon.
|
directory contain runtime and security information for the tinc daemon.
|
||||||
|
|
||||||
.Sh NETWORKS
|
.Sh NETWORKS
|
||||||
It is perfectly ok for you to run more than one tinc daemon.
|
It is perfectly ok for you to run more than one tinc daemon.
|
||||||
However, in its default form,
|
However, in its default form,
|
||||||
you will soon notice that you can't use two different configuration files without the
|
you will soon notice that you can't use two different configuration files without the
|
||||||
.Fl c
|
.Fl c
|
||||||
option.
|
option.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
We have thought of another way of dealing with this: network names.
|
We have thought of another way of dealing with this: network names.
|
||||||
This means that you call
|
This means that you call
|
||||||
|
@ -23,6 +27,7 @@ This means that you call
|
||||||
with the
|
with the
|
||||||
.Fl n
|
.Fl n
|
||||||
option, which will assign a name to this daemon.
|
option, which will assign a name to this daemon.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
The effect of this is that the daemon will set its configuration root to
|
The effect of this is that the daemon will set its configuration root to
|
||||||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / ,
|
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / ,
|
||||||
|
@ -33,6 +38,7 @@ is your argument to the
|
||||||
option.
|
option.
|
||||||
You'll notice that messages appear in syslog as coming from
|
You'll notice that messages appear in syslog as coming from
|
||||||
.Nm tincd. Ns Ar NETNAME .
|
.Nm tincd. Ns Ar NETNAME .
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
However, it is not strictly necessary that you call tinc with the
|
However, it is not strictly necessary that you call tinc with the
|
||||||
.Fl n
|
.Fl n
|
||||||
|
@ -48,21 +54,25 @@ the configuration file should be
|
||||||
.Pa @sysconfdir@/tinc/tinc.conf ,
|
.Pa @sysconfdir@/tinc/tinc.conf ,
|
||||||
and the host configuration files are now expected to be in
|
and the host configuration files are now expected to be in
|
||||||
.Pa @sysconfdir@/tinc/hosts/ .
|
.Pa @sysconfdir@/tinc/hosts/ .
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
But it is highly recommended that you use this feature of
|
But it is highly recommended that you use this feature of
|
||||||
.Nm tinc ,
|
.Nm tinc ,
|
||||||
because it will be so much clearer whom your daemon talks to.
|
because it will be so much clearer whom your daemon talks to.
|
||||||
Hence, we will assume that you use it.
|
Hence, we will assume that you use it.
|
||||||
|
|
||||||
.Sh NAMES
|
.Sh NAMES
|
||||||
Each tinc daemon should have a name that is unique in the network which it will be part of.
|
Each tinc daemon should have a name that is unique in the network which it will be part of.
|
||||||
The name will be used by other tinc daemons for identification.
|
The name will be used by other tinc daemons for identification.
|
||||||
The name has to be declared in the
|
The name has to be declared in the
|
||||||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
|
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
|
||||||
file.
|
file.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
To make things easy,
|
To make things easy,
|
||||||
choose something that will give unique and easy to remember names to your tinc daemon(s).
|
choose something that will give unique and easy to remember names to your tinc daemon(s).
|
||||||
You could try things like hostnames, owner surnames or location names.
|
You could try things like hostnames, owner surnames or location names.
|
||||||
|
|
||||||
.Sh PUBLIC/PRIVATE KEYS
|
.Sh PUBLIC/PRIVATE KEYS
|
||||||
You should use
|
You should use
|
||||||
.Ic tincd -K
|
.Ic tincd -K
|
||||||
|
@ -81,14 +91,17 @@ The public key should be stored in the host configuration file
|
||||||
.Va NAME
|
.Va NAME
|
||||||
stands for the name of the local tinc daemon (see
|
stands for the name of the local tinc daemon (see
|
||||||
.Sx NAMES ) .
|
.Sx NAMES ) .
|
||||||
|
|
||||||
.Sh SERVER CONFIGURATION
|
.Sh SERVER CONFIGURATION
|
||||||
The server configuration of the daemon is done in the file
|
The server configuration of the daemon is done in the file
|
||||||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf .
|
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf .
|
||||||
This file consists of comments (lines started with a
|
This file consists of comments (lines started with a
|
||||||
.Li # )
|
.Li # )
|
||||||
or assignments in the form of:
|
or assignments in the form of:
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
.Va Variable Li = Ar Value .
|
.Va Variable Li = Ar Value .
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
The variable names are case insensitive, and any spaces, tabs,
|
The variable names are case insensitive, and any spaces, tabs,
|
||||||
newlines and carriage returns are ignored.
|
newlines and carriage returns are ignored.
|
||||||
|
@ -96,30 +109,37 @@ Note: it is not required that you put in the
|
||||||
.Li =
|
.Li =
|
||||||
sign, but doing so improves readability.
|
sign, but doing so improves readability.
|
||||||
If you leave it out, remember to replace it with at least one space character.
|
If you leave it out, remember to replace it with at least one space character.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
Here are all valid variables, listed in alphabetical order.
|
Here are all valid variables, listed in alphabetical order.
|
||||||
The default value is given between parentheses.
|
The default value is given between parentheses.
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
||||||
.It Va AddressFamily Li = ipv4 | ipv6 | any Pq any
|
.It Va AddressFamily Li = ipv4 | ipv6 | any Pq any
|
||||||
This option affects the address family of listening and outgoing sockets.
|
This option affects the address family of listening and outgoing sockets.
|
||||||
If
|
If
|
||||||
.Qq any
|
.Qq any
|
||||||
is selected, then depending on the operating system both IPv4 and IPv6 or just
|
is selected, then depending on the operating system both IPv4 and IPv6 or just
|
||||||
IPv6 listening sockets will be created.
|
IPv6 listening sockets will be created.
|
||||||
|
|
||||||
.It Va BindToAddress Li = Ar address Bq experimental
|
.It Va BindToAddress Li = Ar address Bq experimental
|
||||||
If your computer has more than one IPv4 or IPv6 address,
|
If your computer has more than one IPv4 or IPv6 address,
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
will by default listen on all of them for incoming connections.
|
will by default listen on all of them for incoming connections.
|
||||||
It is possible to bind only to a single address with this variable.
|
It is possible to bind only to a single address with this variable.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
This option may not work on all platforms.
|
This option may not work on all platforms.
|
||||||
|
|
||||||
.It Va BindToInterface Li = Ar interface Bq experimental
|
.It Va BindToInterface Li = Ar interface Bq experimental
|
||||||
If your computer has more than one network interface,
|
If your computer has more than one network interface,
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
will by default listen on all of them for incoming connections.
|
will by default listen on all of them for incoming connections.
|
||||||
It is possible to bind only to a single interface with this variable.
|
It is possible to bind only to a single interface with this variable.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
This option may not work on all platforms.
|
This option may not work on all platforms.
|
||||||
|
|
||||||
.It Va ConnectTo Li = Ar name
|
.It Va ConnectTo Li = Ar name
|
||||||
Specifies which other tinc daemon to connect to on startup.
|
Specifies which other tinc daemon to connect to on startup.
|
||||||
Multiple
|
Multiple
|
||||||
|
@ -130,12 +150,14 @@ The names should be known to this tinc daemon
|
||||||
(i.e., there should be a host configuration file for the name on the
|
(i.e., there should be a host configuration file for the name on the
|
||||||
.Va ConnectTo
|
.Va ConnectTo
|
||||||
line).
|
line).
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
If you don't specify a host with
|
If you don't specify a host with
|
||||||
.Va ConnectTo ,
|
.Va ConnectTo ,
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
won't try to connect to other daemons at all,
|
won't try to connect to other daemons at all,
|
||||||
and will instead just listen for incoming connections.
|
and will instead just listen for incoming connections.
|
||||||
|
|
||||||
.It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc
|
.It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc
|
||||||
The virtual network device to use.
|
The virtual network device to use.
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
|
@ -147,6 +169,36 @@ instead of
|
||||||
.Va Device .
|
.Va Device .
|
||||||
The info pages of the tinc package contain more information
|
The info pages of the tinc package contain more information
|
||||||
about configuring the virtual network device.
|
about configuring the virtual network device.
|
||||||
|
|
||||||
|
.It Va DeviceType Li = tun | tunnohead | tunifhead | tap Po only supported on BSD platforms Pc
|
||||||
|
The type of the virtual network device.
|
||||||
|
Tinc will normally automatically select the right type, and this option should not be used.
|
||||||
|
However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
|
||||||
|
using this option might help.
|
||||||
|
.Bl -tag -width indent
|
||||||
|
|
||||||
|
.It tun
|
||||||
|
Set type to tun.
|
||||||
|
Depending on the platform, this can either be with or without an address family header (see below).
|
||||||
|
|
||||||
|
.It tunnohead
|
||||||
|
Set type to tun without an address family header.
|
||||||
|
Tinc will expect packets read from the virtual network device to start with an IP header.
|
||||||
|
On some platforms IPv6 packets cannot be read from or written to the device in this mode.
|
||||||
|
|
||||||
|
.It tunifhead
|
||||||
|
Set type to tun with an address family header.
|
||||||
|
Tinc will expect packets read from the virtual network device
|
||||||
|
to start with a four byte header containing the address family,
|
||||||
|
followed by an IP header.
|
||||||
|
This mode should support both IPv4 and IPv6 packets.
|
||||||
|
|
||||||
|
.It tap
|
||||||
|
Set type to tap.
|
||||||
|
Tinc will expect packets read from the virtual network device
|
||||||
|
to start with an Ethernet header.
|
||||||
|
.El
|
||||||
|
|
||||||
.It Va GraphDumpFile Li = Ar filename Bq experimental
|
.It Va GraphDumpFile Li = Ar filename Bq experimental
|
||||||
If this option is present,
|
If this option is present,
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
|
@ -159,14 +211,17 @@ If
|
||||||
starts with a pipe symbol |,
|
starts with a pipe symbol |,
|
||||||
then the rest of the filename is interpreted as a shell command
|
then the rest of the filename is interpreted as a shell command
|
||||||
that is executed, the graph is then sent to stdin.
|
that is executed, the graph is then sent to stdin.
|
||||||
|
|
||||||
.It Va Hostnames Li = yes | no Pq no
|
.It Va Hostnames Li = yes | no Pq no
|
||||||
This option selects whether IP addresses (both real and on the VPN) should
|
This option selects whether IP addresses (both real and on the VPN) should
|
||||||
be resolved. Since DNS lookups are blocking, it might affect tinc's
|
be resolved. Since DNS lookups are blocking, it might affect tinc's
|
||||||
efficiency, even stopping the daemon for a few seconds every time it does
|
efficiency, even stopping the daemon for a few seconds every time it does
|
||||||
a lookup if your DNS server is not responding.
|
a lookup if your DNS server is not responding.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
This does not affect resolving hostnames to IP addresses from the
|
This does not affect resolving hostnames to IP addresses from the
|
||||||
host configuration files.
|
host configuration files.
|
||||||
|
|
||||||
.It Va Interface Li = Ar interface
|
.It Va Interface Li = Ar interface
|
||||||
Defines the name of the interface corresponding to the virtual network device.
|
Defines the name of the interface corresponding to the virtual network device.
|
||||||
Depending on the operating system and the type of device this may or may not actually set the name of the interface.
|
Depending on the operating system and the type of device this may or may not actually set the name of the interface.
|
||||||
|
@ -174,58 +229,73 @@ Under Windows, this variable is used to select which network interface will be u
|
||||||
If you specified a
|
If you specified a
|
||||||
.Va Device ,
|
.Va Device ,
|
||||||
this variable is almost always already correctly set.
|
this variable is almost always already correctly set.
|
||||||
|
|
||||||
.It Va KeyExpire Li = Ar seconds Pq 3600
|
.It Va KeyExpire Li = Ar seconds Pq 3600
|
||||||
This option controls the period the encryption keys used to encrypt the data are valid.
|
This option controls the period the encryption keys used to encrypt the data are valid.
|
||||||
It is common practice to change keys at regular intervals to make it even harder for crackers,
|
It is common practice to change keys at regular intervals to make it even harder for crackers,
|
||||||
even though it is thought to be nearly impossible to crack a single key.
|
even though it is thought to be nearly impossible to crack a single key.
|
||||||
|
|
||||||
.It Va MACExpire Li = Ar seconds Pq 600
|
.It Va MACExpire Li = Ar seconds Pq 600
|
||||||
This option controls the amount of time MAC addresses are kept before they are removed.
|
This option controls the amount of time MAC addresses are kept before they are removed.
|
||||||
This only has effect when
|
This only has effect when
|
||||||
.Va Mode
|
.Va Mode
|
||||||
is set to
|
is set to
|
||||||
.Qq switch .
|
.Qq switch .
|
||||||
|
|
||||||
.It Va MaxTimeout Li = Ar seconds Pq 900
|
.It Va MaxTimeout Li = Ar seconds Pq 900
|
||||||
This is the maximum delay before trying to reconnect to other tinc daemons.
|
This is the maximum delay before trying to reconnect to other tinc daemons.
|
||||||
|
|
||||||
.It Va Mode Li = router | switch | hub Pq router
|
.It Va Mode Li = router | switch | hub Pq router
|
||||||
This option selects the way packets are routed to other daemons.
|
This option selects the way packets are routed to other daemons.
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
||||||
.It router
|
.It router
|
||||||
In this mode
|
In this mode
|
||||||
.Va Subnet
|
.Va Subnet
|
||||||
variables in the host configuration files will be used to form a routing table.
|
variables in the host configuration files will be used to form a routing table.
|
||||||
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
This is the default mode, and unless you really know you need another mode, don't change it.
|
This is the default mode, and unless you really know you need another mode, don't change it.
|
||||||
|
|
||||||
.It switch
|
.It switch
|
||||||
In this mode the MAC addresses of the packets on the VPN will be used to
|
In this mode the MAC addresses of the packets on the VPN will be used to
|
||||||
dynamically create a routing table just like an Ethernet switch does.
|
dynamically create a routing table just like an Ethernet switch does.
|
||||||
Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode
|
Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode
|
||||||
at the cost of frequent broadcast ARP requests and routing table updates.
|
at the cost of frequent broadcast ARP requests and routing table updates.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
This mode is primarily useful if you want to bridge Ethernet segments.
|
This mode is primarily useful if you want to bridge Ethernet segments.
|
||||||
|
|
||||||
.It hub
|
.It hub
|
||||||
This mode is almost the same as the switch mode, but instead
|
This mode is almost the same as the switch mode, but instead
|
||||||
every packet will be broadcast to the other daemons
|
every packet will be broadcast to the other daemons
|
||||||
while no routing table is managed.
|
while no routing table is managed.
|
||||||
.El
|
.El
|
||||||
|
|
||||||
.It Va Name Li = Ar name Bq required
|
.It Va Name Li = Ar name Bq required
|
||||||
This is the name which identifies this tinc daemon.
|
This is the name which identifies this tinc daemon.
|
||||||
It must be unique for the virtual private network this daemon will connect to.
|
It must be unique for the virtual private network this daemon will connect to.
|
||||||
|
|
||||||
.It Va PingInterval Li = Ar seconds Pq 60
|
.It Va PingInterval Li = Ar seconds Pq 60
|
||||||
The number of seconds of inactivity that
|
The number of seconds of inactivity that
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
will wait before sending a probe to the other end.
|
will wait before sending a probe to the other end.
|
||||||
|
|
||||||
.It Va PingTimeout Li = Ar seconds Pq 5
|
.It Va PingTimeout Li = Ar seconds Pq 5
|
||||||
The number of seconds to wait for a response to pings or to allow meta
|
The number of seconds to wait for a response to pings or to allow meta
|
||||||
connections to block. If the other end doesn't respond within this time,
|
connections to block. If the other end doesn't respond within this time,
|
||||||
the connection is terminated,
|
the connection is terminated,
|
||||||
and the others will be notified of this.
|
and the others will be notified of this.
|
||||||
|
|
||||||
.It Va PriorityInheritance Li = yes | no Po no Pc Bq experimental
|
.It Va PriorityInheritance Li = yes | no Po no Pc Bq experimental
|
||||||
When this option is enabled the value of the TOS field of tunneled IPv4 packets
|
When this option is enabled the value of the TOS field of tunneled IPv4 packets
|
||||||
will be inherited by the UDP packets that are sent out.
|
will be inherited by the UDP packets that are sent out.
|
||||||
|
|
||||||
.It Va PrivateKey Li = Ar key Bq obsolete
|
.It Va PrivateKey Li = Ar key Bq obsolete
|
||||||
The private RSA key of this tinc daemon.
|
The private RSA key of this tinc daemon.
|
||||||
It will allow this tinc daemon to authenticate itself to other daemons.
|
It will allow this tinc daemon to authenticate itself to other daemons.
|
||||||
|
|
||||||
.It Va PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv Pc
|
.It Va PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv Pc
|
||||||
The file in which the private RSA key of this tinc daemon resides.
|
The file in which the private RSA key of this tinc daemon resides.
|
||||||
Note that there must be exactly one of
|
Note that there must be exactly one of
|
||||||
|
@ -233,17 +303,20 @@ Note that there must be exactly one of
|
||||||
or
|
or
|
||||||
.Va PrivateKeyFile
|
.Va PrivateKeyFile
|
||||||
specified in the configuration file.
|
specified in the configuration file.
|
||||||
|
|
||||||
.It Va TunnelServer Li = yes | no Po no Pc Bq experimental
|
.It Va TunnelServer Li = yes | no Po no Pc Bq experimental
|
||||||
When this option is enabled tinc will no longer forward information between other tinc daemons,
|
When this option is enabled tinc will no longer forward information between other tinc daemons,
|
||||||
and will only allow nodes and subnets on the VPN which are present in the
|
and will only allow nodes and subnets on the VPN which are present in the
|
||||||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
||||||
directory.
|
directory.
|
||||||
.El
|
.El
|
||||||
|
|
||||||
.Sh HOST CONFIGURATION FILES
|
.Sh HOST CONFIGURATION FILES
|
||||||
The host configuration files contain all information needed
|
The host configuration files contain all information needed
|
||||||
to establish a connection to those hosts.
|
to establish a connection to those hosts.
|
||||||
A host configuration file is also required for the local tinc daemon,
|
A host configuration file is also required for the local tinc daemon,
|
||||||
it will use it to read in it's listen port, public key and subnets.
|
it will use it to read in it's listen port, public key and subnets.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
The idea is that these files are portable.
|
The idea is that these files are portable.
|
||||||
You can safely mail your own host configuration file to someone else.
|
You can safely mail your own host configuration file to someone else.
|
||||||
|
@ -252,6 +325,7 @@ and now his tinc daemon will be able to connect to your tinc daemon.
|
||||||
Since host configuration files only contain public keys,
|
Since host configuration files only contain public keys,
|
||||||
no secrets are revealed by sending out this information.
|
no secrets are revealed by sending out this information.
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
||||||
.It Va Address Li = Ar address Bq recommended
|
.It Va Address Li = Ar address Bq recommended
|
||||||
The IP address or hostname of this tinc daemon on the real network.
|
The IP address or hostname of this tinc daemon on the real network.
|
||||||
This will only be used when trying to make an outgoing connection to this tinc daemon.
|
This will only be used when trying to make an outgoing connection to this tinc daemon.
|
||||||
|
@ -259,6 +333,7 @@ Multiple
|
||||||
.Va Address
|
.Va Address
|
||||||
variables can be specified, in which case each address will be tried until a working
|
variables can be specified, in which case each address will be tried until a working
|
||||||
connection has been established.
|
connection has been established.
|
||||||
|
|
||||||
.It Va Cipher Li = Ar cipher Pq blowfish
|
.It Va Cipher Li = Ar cipher Pq blowfish
|
||||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
The symmetric cipher algorithm used to encrypt UDP packets.
|
||||||
Any cipher supported by OpenSSL is recognised.
|
Any cipher supported by OpenSSL is recognised.
|
||||||
|
@ -266,16 +341,19 @@ Furthermore, specifying
|
||||||
.Qq none
|
.Qq none
|
||||||
will turn off packet encryption.
|
will turn off packet encryption.
|
||||||
It is best to use only those ciphers which support CBC mode.
|
It is best to use only those ciphers which support CBC mode.
|
||||||
|
|
||||||
.It Va Compression Li = Ar level Pq 0
|
.It Va Compression Li = Ar level Pq 0
|
||||||
This option sets the level of compression used for UDP packets.
|
This option sets the level of compression used for UDP packets.
|
||||||
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
||||||
10 (fast lzo) and 11 (best lzo).
|
10 (fast lzo) and 11 (best lzo).
|
||||||
|
|
||||||
.It Va Digest Li = Ar digest Pq sha1
|
.It Va Digest Li = Ar digest Pq sha1
|
||||||
The digest algorithm used to authenticate UDP packets.
|
The digest algorithm used to authenticate UDP packets.
|
||||||
Any digest supported by OpenSSL is recognised.
|
Any digest supported by OpenSSL is recognised.
|
||||||
Furthermore, specifying
|
Furthermore, specifying
|
||||||
.Qq none
|
.Qq none
|
||||||
will turn off packet authentication.
|
will turn off packet authentication.
|
||||||
|
|
||||||
.It Va IndirectData Li = yes | no Pq no
|
.It Va IndirectData Li = yes | no Pq no
|
||||||
This option specifies whether other tinc daemons besides the one you specified with
|
This option specifies whether other tinc daemons besides the one you specified with
|
||||||
.Va ConnectTo
|
.Va ConnectTo
|
||||||
|
@ -283,23 +361,30 @@ can make a direct connection to you.
|
||||||
This is especially useful if you are behind a firewall
|
This is especially useful if you are behind a firewall
|
||||||
and it is impossible to make a connection from the outside to your tinc daemon.
|
and it is impossible to make a connection from the outside to your tinc daemon.
|
||||||
Otherwise, it is best to leave this option out or set it to no.
|
Otherwise, it is best to leave this option out or set it to no.
|
||||||
|
|
||||||
.It Va MACLength Li = Ar length Pq 4
|
.It Va MACLength Li = Ar length Pq 4
|
||||||
The length of the message authentication code used to authenticate UDP packets.
|
The length of the message authentication code used to authenticate UDP packets.
|
||||||
Can be anything from
|
Can be anything from
|
||||||
.Qq 0
|
.Qq 0
|
||||||
up to the length of the digest produced by the digest algorithm.
|
up to the length of the digest produced by the digest algorithm.
|
||||||
.It Va PMTU Li = Ar mtu Po 1514 Pc Bq experimental
|
|
||||||
|
.It Va PMTU Li = Ar mtu Po 1514 Pc
|
||||||
This option controls the initial path MTU to this node.
|
This option controls the initial path MTU to this node.
|
||||||
.It Va PMTUDiscovery Li = yes | no Po no Pc Bq experimental
|
|
||||||
|
.It Va PMTUDiscovery Li = yes | no Po yes Pc
|
||||||
When this option is enabled, tinc will try to discover the path MTU to this node.
|
When this option is enabled, tinc will try to discover the path MTU to this node.
|
||||||
After the path MTU has been discovered, it will be enforced on the VPN.
|
After the path MTU has been discovered, it will be enforced on the VPN.
|
||||||
|
|
||||||
.It Va Port Li = Ar port Pq 655
|
.It Va Port Li = Ar port Pq 655
|
||||||
The port number on which this tinc daemon is listening for incoming connections.
|
The port number on which this tinc daemon is listening for incoming connections.
|
||||||
|
|
||||||
.It Va PublicKey Li = Ar key Bq obsolete
|
.It Va PublicKey Li = Ar key Bq obsolete
|
||||||
The public RSA key of this tinc daemon.
|
The public RSA key of this tinc daemon.
|
||||||
It will be used to cryptographically verify it's identity and to set up a secure connection.
|
It will be used to cryptographically verify it's identity and to set up a secure connection.
|
||||||
|
|
||||||
.It Va PublicKeyFile Li = Ar filename Bq obsolete
|
.It Va PublicKeyFile Li = Ar filename Bq obsolete
|
||||||
The file in which the public RSA key of this tinc daemon resides.
|
The file in which the public RSA key of this tinc daemon resides.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
From version 1.0pre4 on
|
From version 1.0pre4 on
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
|
@ -308,6 +393,7 @@ the above two options then are not necessary.
|
||||||
Either the PEM format is used, or exactly one of the above two options must be specified
|
Either the PEM format is used, or exactly one of the above two options must be specified
|
||||||
in each host configuration file,
|
in each host configuration file,
|
||||||
if you want to be able to establish a connection with that host.
|
if you want to be able to establish a connection with that host.
|
||||||
|
|
||||||
.It Va Subnet Li = Ar address Ns Op Li / Ns Ar prefixlength
|
.It Va Subnet Li = Ar address Ns Op Li / Ns Ar prefixlength
|
||||||
The subnet which this tinc daemon will serve.
|
The subnet which this tinc daemon will serve.
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
|
@ -317,6 +403,7 @@ it will be sent to the daemon who has this subnet in his host configuration file
|
||||||
Multiple
|
Multiple
|
||||||
.Va Subnet
|
.Va Subnet
|
||||||
variables can be specified.
|
variables can be specified.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
Subnets can either be single MAC, IPv4 or IPv6 addresses,
|
Subnets can either be single MAC, IPv4 or IPv6 addresses,
|
||||||
in which case a subnet consisting of only that single address is assumed,
|
in which case a subnet consisting of only that single address is assumed,
|
||||||
|
@ -328,6 +415,7 @@ Note that subnets like 192.168.1.1/24 are invalid!
|
||||||
Read a networking HOWTO/FAQ/guide if you don't understand this.
|
Read a networking HOWTO/FAQ/guide if you don't understand this.
|
||||||
IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64.
|
IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64.
|
||||||
MAC addresses are notated like 0:1a:2b:3c:4d:5e.
|
MAC addresses are notated like 0:1a:2b:3c:4d:5e.
|
||||||
|
|
||||||
.It Va TCPOnly Li = yes | no Pq no
|
.It Va TCPOnly Li = yes | no Pq no
|
||||||
If this variable is set to yes,
|
If this variable is set to yes,
|
||||||
then the packets are tunnelled over the TCP connection instead of a UDP connection.
|
then the packets are tunnelled over the TCP connection instead of a UDP connection.
|
||||||
|
@ -336,38 +424,48 @@ from behind a masquerading firewall,
|
||||||
or if UDP packet routing is disabled somehow.
|
or if UDP packet routing is disabled somehow.
|
||||||
Setting this options also implicitly sets IndirectData.
|
Setting this options also implicitly sets IndirectData.
|
||||||
.El
|
.El
|
||||||
|
|
||||||
.Sh SCRIPTS
|
.Sh SCRIPTS
|
||||||
Apart from reading the server and host configuration files,
|
Apart from reading the server and host configuration files,
|
||||||
tinc can also run scripts at certain moments.
|
tinc can also run scripts at certain moments.
|
||||||
Under Windows (not Cygwin), the scripts should have the extension
|
Under Windows (not Cygwin), the scripts should have the extension
|
||||||
.Pa .bat .
|
.Pa .bat .
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
|
||||||
This is the most important script.
|
This is the most important script.
|
||||||
If it is present it will be executed right after the tinc daemon has been started and has connected to the virtual network device.
|
If it is present it will be executed right after the tinc daemon has been started and has connected to the virtual network device.
|
||||||
It should be used to set up the corresponding network interface,
|
It should be used to set up the corresponding network interface,
|
||||||
but can also be used to start other things.
|
but can also be used to start other things.
|
||||||
Under Windows you can use the Network Connections control panel instead of creating this script.
|
Under Windows you can use the Network Connections control panel instead of creating this script.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
|
||||||
This script is started right before the tinc daemon quits.
|
This script is started right before the tinc daemon quits.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -up
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -up
|
||||||
This script is started when the tinc daemon with name
|
This script is started when the tinc daemon with name
|
||||||
.Ar HOST
|
.Ar HOST
|
||||||
becomes reachable.
|
becomes reachable.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -down
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -down
|
||||||
This script is started when the tinc daemon with name
|
This script is started when the tinc daemon with name
|
||||||
.Ar HOST
|
.Ar HOST
|
||||||
becomes unreachable.
|
becomes unreachable.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /host-up
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /host-up
|
||||||
This script is started when any host becomes reachable.
|
This script is started when any host becomes reachable.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /host-down
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /host-down
|
||||||
This script is started when any host becomes unreachable.
|
This script is started when any host becomes unreachable.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /subnet-up
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /subnet-up
|
||||||
This script is started when a Subnet becomes reachable.
|
This script is started when a Subnet becomes reachable.
|
||||||
The Subnet and the node it belongs to are passed in environment variables.
|
The Subnet and the node it belongs to are passed in environment variables.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /subnet-down
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /subnet-down
|
||||||
This script is started when a Subnet becomes unreachable.
|
This script is started when a Subnet becomes unreachable.
|
||||||
.El
|
.El
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
The scripts are started without command line arguments, but can make use of certain environment variables.
|
The scripts are started without command line arguments, but can make use of certain environment variables.
|
||||||
Under UNIX like operating systems the names of environment variables must be preceded by a
|
Under UNIX like operating systems the names of environment variables must be preceded by a
|
||||||
|
@ -379,49 +477,65 @@ files, they have to be put between
|
||||||
.Li %
|
.Li %
|
||||||
signs.
|
signs.
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
||||||
.It Ev NETNAME
|
.It Ev NETNAME
|
||||||
If a netname was specified, this environment variable contains it.
|
If a netname was specified, this environment variable contains it.
|
||||||
|
|
||||||
.It Ev NAME
|
.It Ev NAME
|
||||||
Contains the name of this tinc daemon.
|
Contains the name of this tinc daemon.
|
||||||
|
|
||||||
.It Ev DEVICE
|
.It Ev DEVICE
|
||||||
Contains the name of the virtual network device that tinc uses.
|
Contains the name of the virtual network device that tinc uses.
|
||||||
|
|
||||||
.It Ev INTERFACE
|
.It Ev INTERFACE
|
||||||
Contains the name of the virtual network interface that tinc uses.
|
Contains the name of the virtual network interface that tinc uses.
|
||||||
This should be used for commands like
|
This should be used for commands like
|
||||||
.Pa ifconfig .
|
.Pa ifconfig .
|
||||||
|
|
||||||
.It Ev NODE
|
.It Ev NODE
|
||||||
When a host becomes (un)reachable, this is set to its name.
|
When a host becomes (un)reachable, this is set to its name.
|
||||||
If a subnet becomes (un)reachable, this is set to the owner of that subnet.
|
If a subnet becomes (un)reachable, this is set to the owner of that subnet.
|
||||||
|
|
||||||
.It Ev REMOTEADDRESS
|
.It Ev REMOTEADDRESS
|
||||||
When a host becomes (un)reachable, this is set to its real address.
|
When a host becomes (un)reachable, this is set to its real address.
|
||||||
|
|
||||||
.It Ev REMOTEPORT
|
.It Ev REMOTEPORT
|
||||||
When a host becomes (un)reachable, this is set to the port number it uses for communication with other tinc daemons.
|
When a host becomes (un)reachable, this is set to the port number it uses for communication with other tinc daemons.
|
||||||
|
|
||||||
.It Ev SUBNET
|
.It Ev SUBNET
|
||||||
When a subnet becomes (un)reachable, this is set to the subnet.
|
When a subnet becomes (un)reachable, this is set to the subnet.
|
||||||
.El
|
.El
|
||||||
|
|
||||||
.Sh FILES
|
.Sh FILES
|
||||||
The most important files are:
|
The most important files are:
|
||||||
.Bl -tag -width indent
|
.Bl -tag -width indent
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/
|
.It Pa @sysconfdir@/tinc/
|
||||||
The top directory for configuration files.
|
The top directory for configuration files.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
|
||||||
The default name of the server configuration file for net
|
The default name of the server configuration file for net
|
||||||
.Ar NETNAME .
|
.Ar NETNAME .
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
||||||
Host configuration files are kept in this directory.
|
Host configuration files are kept in this directory.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
|
||||||
If an executable file with this name exists,
|
If an executable file with this name exists,
|
||||||
it will be executed right after the tinc daemon has connected to the virtual network device.
|
it will be executed right after the tinc daemon has connected to the virtual network device.
|
||||||
It can be used to set up the corresponding network interface.
|
It can be used to set up the corresponding network interface.
|
||||||
|
|
||||||
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
|
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
|
||||||
If an executable file with this name exists,
|
If an executable file with this name exists,
|
||||||
it will be executed right before the tinc daemon is going to close
|
it will be executed right before the tinc daemon is going to close
|
||||||
its connection to the virtual network device.
|
its connection to the virtual network device.
|
||||||
.El
|
.El
|
||||||
|
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr tincd 8 ,
|
.Xr tincd 8 ,
|
||||||
.Pa http://www.tinc-vpn.org/ ,
|
.Pa http://www.tinc-vpn.org/ ,
|
||||||
.Pa http://www.linuxdoc.org/LDP/nag2/ .
|
.Pa http://www.linuxdoc.org/LDP/nag2/ .
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
The full documentation for
|
The full documentation for
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
|
@ -429,6 +543,7 @@ is maintained as a Texinfo manual.
|
||||||
If the info and tinc programs are properly installed at your site, the command
|
If the info and tinc programs are properly installed at your site, the command
|
||||||
.Ic info tinc
|
.Ic info tinc
|
||||||
should give you access to the complete manual.
|
should give you access to the complete manual.
|
||||||
|
|
||||||
.Pp
|
.Pp
|
||||||
.Nm tinc
|
.Nm tinc
|
||||||
comes with ABSOLUTELY NO WARRANTY.
|
comes with ABSOLUTELY NO WARRANTY.
|
||||||
|
|
348
doc/tinc.info
348
doc/tinc.info
|
@ -1,17 +1,17 @@
|
||||||
This is tinc.info, produced by makeinfo version 4.8 from tinc.texi.
|
This is tinc.info, produced by makeinfo version 4.11 from tinc.texi.
|
||||||
|
|
||||||
INFO-DIR-SECTION Networking tools
|
INFO-DIR-SECTION Networking tools
|
||||||
START-INFO-DIR-ENTRY
|
START-INFO-DIR-ENTRY
|
||||||
* tinc: (tinc). The tinc Manual.
|
* tinc: (tinc). The tinc Manual.
|
||||||
END-INFO-DIR-ENTRY
|
END-INFO-DIR-ENTRY
|
||||||
|
|
||||||
This is the info manual for tinc version 1.0.8, a Virtual Private
|
This is the info manual for tinc version 1.0.9, a Virtual Private
|
||||||
Network daemon.
|
Network daemon.
|
||||||
|
|
||||||
Copyright (C) 1998-2006 Ivo Timmermans, Guus Sliepen
|
Copyright (C) 1998-2008 Ivo Timmermans, Guus Sliepen
|
||||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||||
|
|
||||||
$Id: tinc.texi 1467 2006-11-11 20:37:58Z guus $
|
$Id: tinc.texi 1597 2008-12-22 21:29:21Z guus $
|
||||||
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
Permission is granted to make and distribute verbatim copies of this
|
||||||
manual provided the copyright notice and this permission notice are
|
manual provided the copyright notice and this permission notice are
|
||||||
|
@ -173,8 +173,7 @@ File: tinc.info, Node: Configuring the kernel, Next: Libraries, Up: Preparati
|
||||||
|
|
||||||
* Menu:
|
* Menu:
|
||||||
|
|
||||||
* Configuration of Linux kernels 2.1.60 up to 2.4.0::
|
* Configuration of Linux kernels::
|
||||||
* Configuration of Linux kernels 2.4.0 and higher::
|
|
||||||
* Configuration of FreeBSD kernels::
|
* Configuration of FreeBSD kernels::
|
||||||
* Configuration of OpenBSD kernels::
|
* Configuration of OpenBSD kernels::
|
||||||
* Configuration of NetBSD kernels::
|
* Configuration of NetBSD kernels::
|
||||||
|
@ -183,53 +182,14 @@ File: tinc.info, Node: Configuring the kernel, Next: Libraries, Up: Preparati
|
||||||
* Configuration of Windows::
|
* Configuration of Windows::
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Linux kernels 2.1.60 up to 2.4.0, Next: Configuration of Linux kernels 2.4.0 and higher, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of Linux kernels, Next: Configuration of FreeBSD kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.1 Configuration of Linux kernels 2.1.60 up to 2.4.0
|
2.1.1 Configuration of Linux kernels
|
||||||
-------------------------------------------------------
|
------------------------------------
|
||||||
|
|
||||||
For kernels up to 2.4.0, you need a kernel that supports the ethertap
|
For tinc to work, you need a kernel that supports the Universal tun/tap
|
||||||
device. Most distributions come with kernels that already support this.
|
device. Most distributions come with kernels that already support this.
|
||||||
If not, here are the options you have to turn on when configuring a new
|
Here are the options you have to turn on when configuring a new kernel:
|
||||||
kernel:
|
|
||||||
|
|
||||||
Code maturity level options
|
|
||||||
[*] Prompt for development and/or incomplete code/drivers
|
|
||||||
Networking options
|
|
||||||
[*] Kernel/User netlink socket
|
|
||||||
<M> Netlink device emulation
|
|
||||||
Network device support
|
|
||||||
<M> Ethertap network tap
|
|
||||||
|
|
||||||
If you want to run more than one instance of tinc or other programs
|
|
||||||
that use the ethertap, you have to compile the ethertap driver as a
|
|
||||||
module, otherwise you can also choose to compile it directly into the
|
|
||||||
kernel.
|
|
||||||
|
|
||||||
If you decide to build any of these as dynamic kernel modules, it's
|
|
||||||
a good idea to add these lines to `/etc/modules.conf':
|
|
||||||
|
|
||||||
alias char-major-36 netlink_dev
|
|
||||||
alias tap0 ethertap
|
|
||||||
options tap0 -o tap0 unit=0
|
|
||||||
alias tap1 ethertap
|
|
||||||
options tap1 -o tap1 unit=1
|
|
||||||
...
|
|
||||||
alias tap_N_ ethertap
|
|
||||||
options tap_N_ -o tap_N_ unit=_N_
|
|
||||||
|
|
||||||
Add as much alias/options lines as necessary.
|
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Linux kernels 2.4.0 and higher, Next: Configuration of FreeBSD kernels, Prev: Configuration of Linux kernels 2.1.60 up to 2.4.0, Up: Configuring the kernel
|
|
||||||
|
|
||||||
2.1.2 Configuration of Linux kernels 2.4.0 and higher
|
|
||||||
-----------------------------------------------------
|
|
||||||
|
|
||||||
For kernels 2.4.0 and higher, you need a kernel that supports the
|
|
||||||
Universal tun/tap device. Most distributions come with kernels that
|
|
||||||
already support this. Here are the options you have to turn on when
|
|
||||||
configuring a new kernel:
|
|
||||||
|
|
||||||
Code maturity level options
|
Code maturity level options
|
||||||
[*] Prompt for development and/or incomplete code/drivers
|
[*] Prompt for development and/or incomplete code/drivers
|
||||||
|
@ -239,20 +199,15 @@ configuring a new kernel:
|
||||||
It's not necessary to compile this driver as a module, even if you
|
It's not necessary to compile this driver as a module, even if you
|
||||||
are going to run more than one instance of tinc.
|
are going to run more than one instance of tinc.
|
||||||
|
|
||||||
If you have an early 2.4 kernel, you can choose both the tun/tap
|
|
||||||
driver and the `Ethertap network tap' device. This latter is marked
|
|
||||||
obsolete, and chances are that it won't even function correctly
|
|
||||||
anymore. Make sure you select the universal tun/tap driver.
|
|
||||||
|
|
||||||
If you decide to build the tun/tap driver as a kernel module, add
|
If you decide to build the tun/tap driver as a kernel module, add
|
||||||
these lines to `/etc/modules.conf':
|
these lines to `/etc/modules.conf':
|
||||||
|
|
||||||
alias char-major-10-200 tun
|
alias char-major-10-200 tun
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of FreeBSD kernels, Next: Configuration of OpenBSD kernels, Prev: Configuration of Linux kernels 2.4.0 and higher, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of FreeBSD kernels, Next: Configuration of OpenBSD kernels, Prev: Configuration of Linux kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.3 Configuration of FreeBSD kernels
|
2.1.2 Configuration of FreeBSD kernels
|
||||||
--------------------------------------
|
--------------------------------------
|
||||||
|
|
||||||
For FreeBSD version 4.1 and higher, tun and tap drivers are included in
|
For FreeBSD version 4.1 and higher, tun and tap drivers are included in
|
||||||
|
@ -261,18 +216,20 @@ the default kernel configuration. Using tap devices is recommended.
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of OpenBSD kernels, Next: Configuration of NetBSD kernels, Prev: Configuration of FreeBSD kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of OpenBSD kernels, Next: Configuration of NetBSD kernels, Prev: Configuration of FreeBSD kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.4 Configuration of OpenBSD kernels
|
2.1.3 Configuration of OpenBSD kernels
|
||||||
--------------------------------------
|
--------------------------------------
|
||||||
|
|
||||||
For OpenBSD version 2.9 and higher, the tun driver is included in the
|
For OpenBSD version 2.9 and higher, the tun driver is included in the
|
||||||
default kernel configuration. There is also a kernel patch from
|
default kernel configuration. There is also a kernel patch from
|
||||||
`http://diehard.n-r-g.com/stuff/openbsd/' which adds a tap device to
|
`http://diehard.n-r-g.com/stuff/openbsd/' which adds a tap device to
|
||||||
OpenBSD. This should work with tinc.
|
OpenBSD which should work with tinc, but with recent versions of
|
||||||
|
OpenBSD, a tun device can act as a tap device by setting the link0
|
||||||
|
option with ifconfig.
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of NetBSD kernels, Next: Configuration of Solaris kernels, Prev: Configuration of OpenBSD kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of NetBSD kernels, Next: Configuration of Solaris kernels, Prev: Configuration of OpenBSD kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.5 Configuration of NetBSD kernels
|
2.1.4 Configuration of NetBSD kernels
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
|
|
||||||
For NetBSD version 1.5.2 and higher, the tun driver is included in the
|
For NetBSD version 1.5.2 and higher, the tun driver is included in the
|
||||||
|
@ -283,7 +240,7 @@ default kernel configuration.
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Solaris kernels, Next: Configuration of Darwin (MacOS/X) kernels, Prev: Configuration of NetBSD kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of Solaris kernels, Next: Configuration of Darwin (MacOS/X) kernels, Prev: Configuration of NetBSD kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.6 Configuration of Solaris kernels
|
2.1.5 Configuration of Solaris kernels
|
||||||
--------------------------------------
|
--------------------------------------
|
||||||
|
|
||||||
For Solaris 8 (SunOS 5.8) and higher, the tun driver may or may not be
|
For Solaris 8 (SunOS 5.8) and higher, the tun driver may or may not be
|
||||||
|
@ -296,7 +253,7 @@ header file is missing, install it from the source package.
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Darwin (MacOS/X) kernels, Next: Configuration of Windows, Prev: Configuration of Solaris kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of Darwin (MacOS/X) kernels, Next: Configuration of Windows, Prev: Configuration of Solaris kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.7 Configuration of Darwin (MacOS/X) kernels
|
2.1.6 Configuration of Darwin (MacOS/X) kernels
|
||||||
-----------------------------------------------
|
-----------------------------------------------
|
||||||
|
|
||||||
Tinc on Darwin relies on a tunnel driver for its data acquisition from
|
Tinc on Darwin relies on a tunnel driver for its data acquisition from
|
||||||
|
@ -312,7 +269,7 @@ with the following command:
|
||||||
|
|
||||||
File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin (MacOS/X) kernels, Up: Configuring the kernel
|
File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin (MacOS/X) kernels, Up: Configuring the kernel
|
||||||
|
|
||||||
2.1.8 Configuration of Windows
|
2.1.7 Configuration of Windows
|
||||||
------------------------------
|
------------------------------
|
||||||
|
|
||||||
You will need to install the latest TAP-Win32 driver from OpenVPN. You
|
You will need to install the latest TAP-Win32 driver from OpenVPN. You
|
||||||
|
@ -550,35 +507,13 @@ File: tinc.info, Node: Device files, Next: Other files, Up: System files
|
||||||
3.2.1 Device files
|
3.2.1 Device files
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
First, you'll need the special device file(s) that form the interface
|
Most operating systems nowadays come with the necessary device files by
|
||||||
between the kernel and the daemon.
|
default, or they have a mechanism to create them on demand.
|
||||||
|
|
||||||
The permissions for these files have to be such that only the super
|
If you use Linux and do not have udev installed, you may need to
|
||||||
user may read/write to this file. You'd want this, because otherwise
|
create the following device file if it does not exist:
|
||||||
eavesdropping would become a bit too easy. This does, however, imply
|
|
||||||
that you'd have to run tincd as root.
|
|
||||||
|
|
||||||
If you use Linux and have a kernel version prior to 2.4.0, you have
|
mknod -m 600 /dev/net/tun c 10 200
|
||||||
to make the ethertap devices:
|
|
||||||
|
|
||||||
mknod -m 600 /dev/tap0 c 36 16
|
|
||||||
mknod -m 600 /dev/tap1 c 36 17
|
|
||||||
...
|
|
||||||
mknod -m 600 /dev/tap_N_ c 36 _N+16_
|
|
||||||
|
|
||||||
There is a maximum of 16 ethertap devices.
|
|
||||||
|
|
||||||
If you use the universal tun/tap driver, you have to create the
|
|
||||||
following device file (unless it already exist):
|
|
||||||
|
|
||||||
mknod -m 600 /dev/tun c 10 200
|
|
||||||
|
|
||||||
If you use Linux, and you run the new 2.4 kernel using the devfs
|
|
||||||
filesystem, then the tun/tap device will probably be automatically
|
|
||||||
generated as `/dev/net/tun'.
|
|
||||||
|
|
||||||
Unlike the ethertap device, you do not need multiple device files if
|
|
||||||
you are planning to run multiple tinc daemons.
|
|
||||||
|
|
||||||
|
|
||||||
File: tinc.info, Node: Other files, Prev: Device files, Up: System files
|
File: tinc.info, Node: Other files, Prev: Device files, Up: System files
|
||||||
|
@ -774,9 +709,37 @@ Device = <DEVICE> (`/dev/tap0', `/dev/net/tun' or other depending on platform)
|
||||||
The virtual network device to use. Tinc will automatically detect
|
The virtual network device to use. Tinc will automatically detect
|
||||||
what kind of device it is. Note that you can only use one device
|
what kind of device it is. Note that you can only use one device
|
||||||
per daemon. Under Windows, use INTERFACE instead of DEVICE. Note
|
per daemon. Under Windows, use INTERFACE instead of DEVICE. Note
|
||||||
that you can only use one device per daemon. See also *Note
|
that you can only use one device per daemon. See also *note
|
||||||
Device files::.
|
Device files::.
|
||||||
|
|
||||||
|
DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms)
|
||||||
|
The type of the virtual network device. Tinc will normally
|
||||||
|
automatically select the right type, and this option should not be
|
||||||
|
used. However, in case tinc does not seem to correctly interpret
|
||||||
|
packets received from the virtual network device, using this
|
||||||
|
option might help.
|
||||||
|
|
||||||
|
tun
|
||||||
|
Set type to tun. Depending on the platform, this can either
|
||||||
|
be with or without an address family header (see below).
|
||||||
|
|
||||||
|
tunnohead
|
||||||
|
Set type to tun without an address family header. Tinc will
|
||||||
|
expect packets read from the virtual network device to start
|
||||||
|
with an IP header. On some platforms IPv6 packets cannot be
|
||||||
|
read from or written to the device in this mode.
|
||||||
|
|
||||||
|
tunifhead
|
||||||
|
Set type to tun with an address family header. Tinc will
|
||||||
|
expect packets read from the virtual network device to start
|
||||||
|
with a four byte header containing the address family,
|
||||||
|
followed by an IP header. This mode should support both IPv4
|
||||||
|
and IPv6 packets.
|
||||||
|
|
||||||
|
tap
|
||||||
|
Set type to tap. Tinc will expect packets read from the
|
||||||
|
virtual network device to start with an Ethernet header.
|
||||||
|
|
||||||
GraphDumpFile = <FILENAME> [experimental]
|
GraphDumpFile = <FILENAME> [experimental]
|
||||||
If this option is present, tinc will dump the current network
|
If this option is present, tinc will dump the current network
|
||||||
graph to the file FILENAME every minute, unless there were no
|
graph to the file FILENAME every minute, unless there were no
|
||||||
|
@ -843,7 +806,9 @@ MACExpire = <SECONDS> (600)
|
||||||
"switch".
|
"switch".
|
||||||
|
|
||||||
Name = <NAME> [required]
|
Name = <NAME> [required]
|
||||||
This is a symbolic name for this connection. It can be anything
|
This is a symbolic name for this connection. The name should
|
||||||
|
consist only of alfanumeric and underscore characters (a-z, A-Z,
|
||||||
|
0-9 and _).
|
||||||
|
|
||||||
PingInterval = <SECONDS> (60)
|
PingInterval = <SECONDS> (60)
|
||||||
The number of seconds of inactivity that tinc will wait before
|
The number of seconds of inactivity that tinc will wait before
|
||||||
|
@ -921,6 +886,14 @@ MACLength = <BYTES> (4)
|
||||||
UDP packets. Can be anything from 0 up to the length of the
|
UDP packets. Can be anything from 0 up to the length of the
|
||||||
digest produced by the digest algorithm.
|
digest produced by the digest algorithm.
|
||||||
|
|
||||||
|
PMTU = <MTU> (1514)
|
||||||
|
This option controls the initial path MTU to this node.
|
||||||
|
|
||||||
|
PMTUDiscovery = <yes|no> (yes)
|
||||||
|
When this option is enabled, tinc will try to discover the path
|
||||||
|
MTU to this node. After the path MTU has been discovered, it will
|
||||||
|
be enforced on the VPN.
|
||||||
|
|
||||||
Port = <PORT> (655)
|
Port = <PORT> (655)
|
||||||
This is the port this tinc daemon listens on. You can use decimal
|
This is the port this tinc daemon listens on. You can use decimal
|
||||||
portnumbers or symbolic names (as listed in `/etc/services').
|
portnumbers or symbolic names (as listed in `/etc/services').
|
||||||
|
@ -963,7 +936,7 @@ Subnet = <ADDRESS[/PREFIXLENGTH]>
|
||||||
becomes /22. This conforms to standard CIDR notation as described
|
becomes /22. This conforms to standard CIDR notation as described
|
||||||
in RFC1519 (ftp://ftp.isi.edu/in-notes/rfc1519.txt)
|
in RFC1519 (ftp://ftp.isi.edu/in-notes/rfc1519.txt)
|
||||||
|
|
||||||
TCPonly = <yes|no> (no) [experimental]
|
TCPonly = <yes|no> (no)
|
||||||
If this variable is set to yes, then the packets are tunnelled
|
If this variable is set to yes, then the packets are tunnelled
|
||||||
over a TCP connection instead of a UDP connection. This is
|
over a TCP connection instead of a UDP connection. This is
|
||||||
especially useful for those who want to run a tinc daemon from
|
especially useful for those who want to run a tinc daemon from
|
||||||
|
@ -1140,7 +1113,7 @@ subnet.
|
||||||
|
|
||||||
The exact syntax of the ifconfig and route commands differs from
|
The exact syntax of the ifconfig and route commands differs from
|
||||||
platform to platform. You can look up the commands for setting
|
platform to platform. You can look up the commands for setting
|
||||||
addresses and adding routes in *Note Platform specific information::,
|
addresses and adding routes in *note Platform specific information::,
|
||||||
but it is best to consult the manpages of those utilities on your
|
but it is best to consult the manpages of those utilities on your
|
||||||
platform.
|
platform.
|
||||||
|
|
||||||
|
@ -1618,7 +1591,7 @@ File: tinc.info, Node: Sending bug reports, Prev: Error messages, Up: Running
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
If you really can't find the cause of a problem, or if you suspect tinc
|
If you really can't find the cause of a problem, or if you suspect tinc
|
||||||
is not working right, you can send us a bugreport, see *Note Contact
|
is not working right, you can send us a bugreport, see *note Contact
|
||||||
information::. Be sure to include the following information in your
|
information::. Be sure to include the following information in your
|
||||||
bugreport:
|
bugreport:
|
||||||
|
|
||||||
|
@ -1774,7 +1747,7 @@ possible to use tools such as telnet or netcat to connect to a tinc
|
||||||
daemon started with the -bypass-security option and to read and write
|
daemon started with the -bypass-security option and to read and write
|
||||||
requests by hand, provided that one understands the numeric codes sent.
|
requests by hand, provided that one understands the numeric codes sent.
|
||||||
|
|
||||||
The authentication scheme is described in *Note Authentication
|
The authentication scheme is described in *note Authentication
|
||||||
protocol::. After a successful authentication, the server and the
|
protocol::. After a successful authentication, the server and the
|
||||||
client will exchange all the information about other tinc daemons and
|
client will exchange all the information about other tinc daemons and
|
||||||
subnets they know of, so that both sides (and all the other tinc
|
subnets they know of, so that both sides (and all the other tinc
|
||||||
|
@ -2219,7 +2192,7 @@ Concept Index
|
||||||
* CHALLENGE: Authentication protocol.
|
* CHALLENGE: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* CIDR notation: Host configuration variables.
|
* CIDR notation: Host configuration variables.
|
||||||
(line 77)
|
(line 85)
|
||||||
* Cipher: Host configuration variables.
|
* Cipher: Host configuration variables.
|
||||||
(line 11)
|
(line 11)
|
||||||
* client: How connections work.
|
* client: How connections work.
|
||||||
|
@ -2240,51 +2213,51 @@ Concept Index
|
||||||
* Device: Main configuration variables.
|
* Device: Main configuration variables.
|
||||||
(line 38)
|
(line 38)
|
||||||
* device files: Device files. (line 6)
|
* device files: Device files. (line 6)
|
||||||
|
* DeviceType: Main configuration variables.
|
||||||
|
(line 45)
|
||||||
* Digest: Host configuration variables.
|
* Digest: Host configuration variables.
|
||||||
(line 22)
|
(line 22)
|
||||||
* encapsulating: The UDP tunnel. (line 30)
|
* encapsulating: The UDP tunnel. (line 30)
|
||||||
* encryption: Encryption of network packets.
|
* encryption: Encryption of network packets.
|
||||||
(line 6)
|
(line 6)
|
||||||
* environment variables: Scripts. (line 43)
|
* environment variables: Scripts. (line 43)
|
||||||
* ethertap: Configuration of Linux kernels 2.1.60 up to 2.4.0.
|
|
||||||
(line 6)
|
|
||||||
* example: Example configuration.
|
* example: Example configuration.
|
||||||
(line 6)
|
(line 6)
|
||||||
* frame type: The UDP tunnel. (line 6)
|
* frame type: The UDP tunnel. (line 6)
|
||||||
* GraphDumpFile: Main configuration variables.
|
* GraphDumpFile: Main configuration variables.
|
||||||
(line 45)
|
(line 73)
|
||||||
* Hostnames: Main configuration variables.
|
* Hostnames: Main configuration variables.
|
||||||
(line 53)
|
(line 81)
|
||||||
* hub: Main configuration variables.
|
* hub: Main configuration variables.
|
||||||
(line 94)
|
(line 122)
|
||||||
* ID: Authentication protocol.
|
* ID: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* IndirectData: Host configuration variables.
|
* IndirectData: Host configuration variables.
|
||||||
(line 27)
|
(line 27)
|
||||||
* INTERFACE: Scripts. (line 58)
|
* INTERFACE: Scripts. (line 58)
|
||||||
* Interface: Main configuration variables.
|
* Interface: Main configuration variables.
|
||||||
(line 63)
|
(line 91)
|
||||||
* IRC: Contact information. (line 9)
|
* IRC: Contact information. (line 9)
|
||||||
* key generation: Generating keypairs. (line 6)
|
* key generation: Generating keypairs. (line 6)
|
||||||
* KEY_CHANGED: The meta-protocol. (line 64)
|
* KEY_CHANGED: The meta-protocol. (line 64)
|
||||||
* KeyExpire: Main configuration variables.
|
* KeyExpire: Main configuration variables.
|
||||||
(line 99)
|
(line 127)
|
||||||
* libraries: Libraries. (line 6)
|
* libraries: Libraries. (line 6)
|
||||||
* license: OpenSSL. (line 36)
|
* license: OpenSSL. (line 36)
|
||||||
* lzo: lzo. (line 6)
|
* lzo: lzo. (line 6)
|
||||||
* MACExpire: Main configuration variables.
|
* MACExpire: Main configuration variables.
|
||||||
(line 105)
|
(line 133)
|
||||||
* MACLength: Host configuration variables.
|
* MACLength: Host configuration variables.
|
||||||
(line 35)
|
(line 35)
|
||||||
* meta-protocol: The meta-connection. (line 18)
|
* meta-protocol: The meta-connection. (line 18)
|
||||||
* META_KEY: Authentication protocol.
|
* META_KEY: Authentication protocol.
|
||||||
(line 10)
|
(line 10)
|
||||||
* Mode: Main configuration variables.
|
* Mode: Main configuration variables.
|
||||||
(line 71)
|
(line 99)
|
||||||
* multiple networks: Multiple networks. (line 6)
|
* multiple networks: Multiple networks. (line 6)
|
||||||
* NAME: Scripts. (line 52)
|
* NAME: Scripts. (line 52)
|
||||||
* Name: Main configuration variables.
|
* Name: Main configuration variables.
|
||||||
(line 110)
|
(line 138)
|
||||||
* netmask: Network interfaces. (line 34)
|
* netmask: Network interfaces. (line 34)
|
||||||
* NETNAME: Scripts. (line 49)
|
* NETNAME: Scripts. (line 49)
|
||||||
* netname: Multiple networks. (line 6)
|
* netname: Multiple networks. (line 6)
|
||||||
|
@ -2294,36 +2267,40 @@ Concept Index
|
||||||
* OpenSSL: OpenSSL. (line 6)
|
* OpenSSL: OpenSSL. (line 6)
|
||||||
* options: Runtime options. (line 9)
|
* options: Runtime options. (line 9)
|
||||||
* PEM format: Host configuration variables.
|
* PEM format: Host configuration variables.
|
||||||
(line 52)
|
(line 60)
|
||||||
* PING: The meta-protocol. (line 89)
|
* PING: The meta-protocol. (line 89)
|
||||||
* PingInterval: Main configuration variables.
|
* PingInterval: Main configuration variables.
|
||||||
(line 113)
|
(line 143)
|
||||||
* PingTimeout: Main configuration variables.
|
* PingTimeout: Main configuration variables.
|
||||||
(line 117)
|
(line 147)
|
||||||
* platforms: Supported platforms. (line 6)
|
* platforms: Supported platforms. (line 6)
|
||||||
|
* PMTU: Host configuration variables.
|
||||||
|
(line 40)
|
||||||
|
* PMTUDiscovery: Host configuration variables.
|
||||||
|
(line 43)
|
||||||
* PONG: The meta-protocol. (line 89)
|
* PONG: The meta-protocol. (line 89)
|
||||||
* Port: Host configuration variables.
|
* Port: Host configuration variables.
|
||||||
(line 40)
|
(line 48)
|
||||||
* port numbers: Other files. (line 17)
|
* port numbers: Other files. (line 17)
|
||||||
* PriorityInheritance: Main configuration variables.
|
* PriorityInheritance: Main configuration variables.
|
||||||
(line 123)
|
(line 153)
|
||||||
* private: Virtual Private Networks.
|
* private: Virtual Private Networks.
|
||||||
(line 10)
|
(line 10)
|
||||||
* PrivateKey: Main configuration variables.
|
* PrivateKey: Main configuration variables.
|
||||||
(line 128)
|
(line 158)
|
||||||
* PrivateKeyFile: Main configuration variables.
|
* PrivateKeyFile: Main configuration variables.
|
||||||
(line 134)
|
(line 164)
|
||||||
* PublicKey: Host configuration variables.
|
* PublicKey: Host configuration variables.
|
||||||
(line 44)
|
(line 52)
|
||||||
* PublicKeyFile: Host configuration variables.
|
* PublicKeyFile: Host configuration variables.
|
||||||
(line 47)
|
(line 55)
|
||||||
* release: Supported platforms. (line 14)
|
* release: Supported platforms. (line 14)
|
||||||
* REMOTEADDRESS: Scripts. (line 67)
|
* REMOTEADDRESS: Scripts. (line 67)
|
||||||
* REMOTEPORT: Scripts. (line 70)
|
* REMOTEPORT: Scripts. (line 70)
|
||||||
* REQ_KEY: The meta-protocol. (line 64)
|
* REQ_KEY: The meta-protocol. (line 64)
|
||||||
* requirements: Libraries. (line 6)
|
* requirements: Libraries. (line 6)
|
||||||
* router: Main configuration variables.
|
* router: Main configuration variables.
|
||||||
(line 74)
|
(line 102)
|
||||||
* runtime options: Runtime options. (line 9)
|
* runtime options: Runtime options. (line 9)
|
||||||
* scalability: tinc. (line 19)
|
* scalability: tinc. (line 19)
|
||||||
* scripts: Scripts. (line 6)
|
* scripts: Scripts. (line 6)
|
||||||
|
@ -2332,13 +2309,13 @@ Concept Index
|
||||||
* signals: Signals. (line 6)
|
* signals: Signals. (line 6)
|
||||||
* SUBNET: Scripts. (line 74)
|
* SUBNET: Scripts. (line 74)
|
||||||
* Subnet: Host configuration variables.
|
* Subnet: Host configuration variables.
|
||||||
(line 59)
|
(line 67)
|
||||||
* SVPN: Security. (line 11)
|
* SVPN: Security. (line 11)
|
||||||
* switch: Main configuration variables.
|
* switch: Main configuration variables.
|
||||||
(line 83)
|
(line 111)
|
||||||
* TCP: The meta-connection. (line 10)
|
* TCP: The meta-connection. (line 10)
|
||||||
* TCPonly: Host configuration variables.
|
* TCPonly: Host configuration variables.
|
||||||
(line 82)
|
(line 90)
|
||||||
* TINC: Security. (line 6)
|
* TINC: Security. (line 6)
|
||||||
* tinc: Introduction. (line 6)
|
* tinc: Introduction. (line 6)
|
||||||
* tinc-down: Scripts. (line 18)
|
* tinc-down: Scripts. (line 18)
|
||||||
|
@ -2346,12 +2323,16 @@ Concept Index
|
||||||
* tinc-up: Scripts. (line 10)
|
* tinc-up: Scripts. (line 10)
|
||||||
* tincd: tinc. (line 14)
|
* tincd: tinc. (line 14)
|
||||||
* traditional VPNs: tinc. (line 19)
|
* traditional VPNs: tinc. (line 19)
|
||||||
|
* tunifhead: Main configuration variables.
|
||||||
|
(line 62)
|
||||||
* TunnelServer: Main configuration variables.
|
* TunnelServer: Main configuration variables.
|
||||||
(line 142)
|
(line 172)
|
||||||
|
* tunnohead: Main configuration variables.
|
||||||
|
(line 56)
|
||||||
* UDP <1>: Encryption of network packets.
|
* UDP <1>: Encryption of network packets.
|
||||||
(line 12)
|
(line 12)
|
||||||
* UDP: The UDP tunnel. (line 30)
|
* UDP: The UDP tunnel. (line 30)
|
||||||
* Universal tun/tap: Configuration of Linux kernels 2.4.0 and higher.
|
* Universal tun/tap: Configuration of Linux kernels.
|
||||||
(line 6)
|
(line 6)
|
||||||
* virtual: Virtual Private Networks.
|
* virtual: Virtual Private Networks.
|
||||||
(line 18)
|
(line 18)
|
||||||
|
@ -2365,67 +2346,66 @@ Concept Index
|
||||||
|
|
||||||
|
|
||||||
Tag Table:
|
Tag Table:
|
||||||
Node: Top860
|
Node: Top861
|
||||||
Node: Introduction1159
|
Node: Introduction1160
|
||||||
Node: Virtual Private Networks1969
|
Node: Virtual Private Networks1970
|
||||||
Node: tinc3694
|
Node: tinc3695
|
||||||
Node: Supported platforms5221
|
Node: Supported platforms5222
|
||||||
Node: Preparations5919
|
Node: Preparations5920
|
||||||
Node: Configuring the kernel6175
|
Node: Configuring the kernel6176
|
||||||
Node: Configuration of Linux kernels 2.1.60 up to 2.4.06655
|
Node: Configuration of Linux kernels6585
|
||||||
Node: Configuration of Linux kernels 2.4.0 and higher8027
|
Node: Configuration of FreeBSD kernels7440
|
||||||
Node: Configuration of FreeBSD kernels9267
|
Node: Configuration of OpenBSD kernels7830
|
||||||
Node: Configuration of OpenBSD kernels9674
|
Node: Configuration of NetBSD kernels8438
|
||||||
Node: Configuration of NetBSD kernels10166
|
Node: Configuration of Solaris kernels8843
|
||||||
Node: Configuration of Solaris kernels10571
|
Node: Configuration of Darwin (MacOS/X) kernels9504
|
||||||
Node: Configuration of Darwin (MacOS/X) kernels11232
|
Node: Configuration of Windows10207
|
||||||
Node: Configuration of Windows11935
|
Node: Libraries10721
|
||||||
Node: Libraries12449
|
Node: OpenSSL11109
|
||||||
Node: OpenSSL12837
|
Node: zlib13385
|
||||||
Node: zlib15113
|
Node: lzo14214
|
||||||
Node: lzo15942
|
Node: Installation15001
|
||||||
Node: Installation16729
|
Node: Building and installing tinc16016
|
||||||
Node: Building and installing tinc17744
|
Node: Darwin (MacOS/X) build environment16675
|
||||||
Node: Darwin (MacOS/X) build environment18403
|
Node: Cygwin (Windows) build environment17243
|
||||||
Node: Cygwin (Windows) build environment18971
|
Node: MinGW (Windows) build environment17831
|
||||||
Node: MinGW (Windows) build environment19559
|
Node: System files18355
|
||||||
Node: System files20083
|
Node: Device files18620
|
||||||
Node: Device files20348
|
Node: Other files19036
|
||||||
Node: Other files21534
|
Node: Configuration19649
|
||||||
Node: Configuration22147
|
Node: Configuration introduction19960
|
||||||
Node: Configuration introduction22458
|
Node: Multiple networks21233
|
||||||
Node: Multiple networks23731
|
Node: How connections work22659
|
||||||
Node: How connections work25157
|
Node: Configuration files23881
|
||||||
Node: Configuration files26379
|
Node: Main configuration variables24888
|
||||||
Node: Main configuration variables27386
|
Node: Host configuration variables32721
|
||||||
Node: Host configuration variables33863
|
Node: Scripts37286
|
||||||
Node: Scripts38159
|
Node: How to configure39965
|
||||||
Node: How to configure40838
|
Node: Generating keypairs41228
|
||||||
Node: Generating keypairs42101
|
Node: Network interfaces41727
|
||||||
Node: Network interfaces42600
|
Node: Example configuration43575
|
||||||
Node: Example configuration44448
|
Node: Running tinc48887
|
||||||
Node: Running tinc49760
|
Node: Runtime options49477
|
||||||
Node: Runtime options50350
|
Node: Signals51484
|
||||||
Node: Signals52357
|
Node: Debug levels52553
|
||||||
Node: Debug levels53426
|
Node: Solving problems53489
|
||||||
Node: Solving problems54362
|
Node: Error messages54919
|
||||||
Node: Error messages55792
|
Node: Sending bug reports59241
|
||||||
Node: Sending bug reports60114
|
Node: Technical information60193
|
||||||
Node: Technical information61066
|
Node: The connection60424
|
||||||
Node: The connection61297
|
Node: The UDP tunnel60736
|
||||||
Node: The UDP tunnel61609
|
Node: The meta-connection63797
|
||||||
Node: The meta-connection64670
|
Node: The meta-protocol65266
|
||||||
Node: The meta-protocol66139
|
Node: Security70275
|
||||||
Node: Security71148
|
Node: Authentication protocol71405
|
||||||
Node: Authentication protocol72278
|
Node: Encryption of network packets76409
|
||||||
Node: Encryption of network packets77282
|
Node: Security issues77782
|
||||||
Node: Security issues78655
|
Node: Platform specific information79399
|
||||||
Node: Platform specific information80272
|
Node: Interface configuration79627
|
||||||
Node: Interface configuration80500
|
Node: Routes81526
|
||||||
Node: Routes82399
|
Node: About us83442
|
||||||
Node: About us84315
|
Node: Contact information83617
|
||||||
Node: Contact information84490
|
Node: Authors84021
|
||||||
Node: Authors84894
|
Node: Concept Index84447
|
||||||
Node: Concept Index85320
|
|
||||||
|
|
||||||
End Tag Table
|
End Tag Table
|
||||||
|
|
148
doc/tinc.texi
148
doc/tinc.texi
|
@ -1,5 +1,5 @@
|
||||||
\input texinfo @c -*-texinfo-*-
|
\input texinfo @c -*-texinfo-*-
|
||||||
@c $Id: tinc.texi 1467 2006-11-11 20:37:58Z guus $
|
@c $Id: tinc.texi 1597 2008-12-22 21:29:21Z guus $
|
||||||
@c %**start of header
|
@c %**start of header
|
||||||
@setfilename tinc.info
|
@setfilename tinc.info
|
||||||
@settitle tinc Manual
|
@settitle tinc Manual
|
||||||
|
@ -16,11 +16,11 @@
|
||||||
|
|
||||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||||
|
|
||||||
Copyright @copyright{} 1998-2006 Ivo Timmermans,
|
Copyright @copyright{} 1998-2008 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
$Id: tinc.texi 1467 2006-11-11 20:37:58Z guus $
|
$Id: tinc.texi 1597 2008-12-22 21:29:21Z guus $
|
||||||
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
Permission is granted to make and distribute verbatim copies of this
|
||||||
manual provided the copyright notice and this permission notice are
|
manual provided the copyright notice and this permission notice are
|
||||||
|
@ -47,7 +47,7 @@ Copyright @copyright{} 1998-2006 Ivo Timmermans,
|
||||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||||
|
|
||||||
$Id: tinc.texi 1467 2006-11-11 20:37:58Z guus $
|
$Id: tinc.texi 1597 2008-12-22 21:29:21Z guus $
|
||||||
|
|
||||||
Permission is granted to make and distribute verbatim copies of this
|
Permission is granted to make and distribute verbatim copies of this
|
||||||
manual provided the copyright notice and this permission notice are
|
manual provided the copyright notice and this permission notice are
|
||||||
|
@ -225,8 +225,7 @@ support tinc.
|
||||||
@section Configuring the kernel
|
@section Configuring the kernel
|
||||||
|
|
||||||
@menu
|
@menu
|
||||||
* Configuration of Linux kernels 2.1.60 up to 2.4.0::
|
* Configuration of Linux kernels::
|
||||||
* Configuration of Linux kernels 2.4.0 and higher::
|
|
||||||
* Configuration of FreeBSD kernels::
|
* Configuration of FreeBSD kernels::
|
||||||
* Configuration of OpenBSD kernels::
|
* Configuration of OpenBSD kernels::
|
||||||
* Configuration of NetBSD kernels::
|
* Configuration of NetBSD kernels::
|
||||||
|
@ -237,51 +236,11 @@ support tinc.
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
@node Configuration of Linux kernels 2.1.60 up to 2.4.0
|
@node Configuration of Linux kernels
|
||||||
@subsection Configuration of Linux kernels 2.1.60 up to 2.4.0
|
@subsection Configuration of Linux kernels
|
||||||
|
|
||||||
@cindex ethertap
|
|
||||||
For kernels up to 2.4.0, you need a kernel that supports the ethertap device.
|
|
||||||
Most distributions come with kernels that already support this.
|
|
||||||
If not, here are the options you have to turn on when configuring a new kernel:
|
|
||||||
|
|
||||||
@example
|
|
||||||
Code maturity level options
|
|
||||||
[*] Prompt for development and/or incomplete code/drivers
|
|
||||||
Networking options
|
|
||||||
[*] Kernel/User netlink socket
|
|
||||||
<M> Netlink device emulation
|
|
||||||
Network device support
|
|
||||||
<M> Ethertap network tap
|
|
||||||
@end example
|
|
||||||
|
|
||||||
If you want to run more than one instance of tinc or other programs that use
|
|
||||||
the ethertap, you have to compile the ethertap driver as a module, otherwise
|
|
||||||
you can also choose to compile it directly into the kernel.
|
|
||||||
|
|
||||||
If you decide to build any of these as dynamic kernel modules, it's a good idea
|
|
||||||
to add these lines to @file{/etc/modules.conf}:
|
|
||||||
|
|
||||||
@example
|
|
||||||
alias char-major-36 netlink_dev
|
|
||||||
alias tap0 ethertap
|
|
||||||
options tap0 -o tap0 unit=0
|
|
||||||
alias tap1 ethertap
|
|
||||||
options tap1 -o tap1 unit=1
|
|
||||||
...
|
|
||||||
alias tap@emph{N} ethertap
|
|
||||||
options tap@emph{N} -o tap@emph{N} unit=@emph{N}
|
|
||||||
@end example
|
|
||||||
|
|
||||||
Add as much alias/options lines as necessary.
|
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
|
||||||
@node Configuration of Linux kernels 2.4.0 and higher
|
|
||||||
@subsection Configuration of Linux kernels 2.4.0 and higher
|
|
||||||
|
|
||||||
@cindex Universal tun/tap
|
@cindex Universal tun/tap
|
||||||
For kernels 2.4.0 and higher, you need a kernel that supports the Universal tun/tap device.
|
For tinc to work, you need a kernel that supports the Universal tun/tap device.
|
||||||
Most distributions come with kernels that already support this.
|
Most distributions come with kernels that already support this.
|
||||||
Here are the options you have to turn on when configuring a new kernel:
|
Here are the options you have to turn on when configuring a new kernel:
|
||||||
|
|
||||||
|
@ -295,11 +254,6 @@ Network device support
|
||||||
It's not necessary to compile this driver as a module, even if you are going to
|
It's not necessary to compile this driver as a module, even if you are going to
|
||||||
run more than one instance of tinc.
|
run more than one instance of tinc.
|
||||||
|
|
||||||
If you have an early 2.4 kernel, you can choose both the tun/tap driver and the
|
|
||||||
`Ethertap network tap' device. This latter is marked obsolete, and chances are
|
|
||||||
that it won't even function correctly anymore. Make sure you select the
|
|
||||||
universal tun/tap driver.
|
|
||||||
|
|
||||||
If you decide to build the tun/tap driver as a kernel module, add these lines
|
If you decide to build the tun/tap driver as a kernel module, add these lines
|
||||||
to @file{/etc/modules.conf}:
|
to @file{/etc/modules.conf}:
|
||||||
|
|
||||||
|
@ -323,9 +277,9 @@ Using tap devices is recommended.
|
||||||
For OpenBSD version 2.9 and higher,
|
For OpenBSD version 2.9 and higher,
|
||||||
the tun driver is included in the default kernel configuration.
|
the tun driver is included in the default kernel configuration.
|
||||||
There is also a kernel patch from @uref{http://diehard.n-r-g.com/stuff/openbsd/}
|
There is also a kernel patch from @uref{http://diehard.n-r-g.com/stuff/openbsd/}
|
||||||
which adds a tap device to OpenBSD.
|
which adds a tap device to OpenBSD which should work with tinc,
|
||||||
This should work with tinc.
|
but with recent versions of OpenBSD,
|
||||||
|
a tun device can act as a tap device by setting the link0 option with ifconfig.
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
@node Configuration of NetBSD kernels
|
@node Configuration of NetBSD kernels
|
||||||
|
@ -609,40 +563,16 @@ files on your system.
|
||||||
@subsection Device files
|
@subsection Device files
|
||||||
|
|
||||||
@cindex device files
|
@cindex device files
|
||||||
First, you'll need the special device file(s) that form the interface
|
Most operating systems nowadays come with the necessary device files by default,
|
||||||
between the kernel and the daemon.
|
or they have a mechanism to create them on demand.
|
||||||
|
|
||||||
The permissions for these files have to be such that only the super user
|
If you use Linux and do not have udev installed,
|
||||||
may read/write to this file. You'd want this, because otherwise
|
you may need to create the following device file if it does not exist:
|
||||||
eavesdropping would become a bit too easy. This does, however, imply
|
|
||||||
that you'd have to run tincd as root.
|
|
||||||
|
|
||||||
If you use Linux and have a kernel version prior to 2.4.0, you have to make the
|
|
||||||
ethertap devices:
|
|
||||||
|
|
||||||
@example
|
@example
|
||||||
mknod -m 600 /dev/tap0 c 36 16
|
mknod -m 600 /dev/net/tun c 10 200
|
||||||
mknod -m 600 /dev/tap1 c 36 17
|
|
||||||
...
|
|
||||||
mknod -m 600 /dev/tap@emph{N} c 36 @emph{N+16}
|
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
There is a maximum of 16 ethertap devices.
|
|
||||||
|
|
||||||
If you use the universal tun/tap driver, you have to create the
|
|
||||||
following device file (unless it already exist):
|
|
||||||
|
|
||||||
@example
|
|
||||||
mknod -m 600 /dev/tun c 10 200
|
|
||||||
@end example
|
|
||||||
|
|
||||||
If you use Linux, and you run the new 2.4 kernel using the devfs filesystem,
|
|
||||||
then the tun/tap device will probably be automatically generated as
|
|
||||||
@file{/dev/net/tun}.
|
|
||||||
|
|
||||||
Unlike the ethertap device, you do not need multiple device files if
|
|
||||||
you are planning to run multiple tinc daemons.
|
|
||||||
|
|
||||||
|
|
||||||
@c ==================================================================
|
@c ==================================================================
|
||||||
@node Other files
|
@node Other files
|
||||||
|
@ -862,6 +792,38 @@ Under Windows, use @var{Interface} instead of @var{Device}.
|
||||||
Note that you can only use one device per daemon.
|
Note that you can only use one device per daemon.
|
||||||
See also @ref{Device files}.
|
See also @ref{Device files}.
|
||||||
|
|
||||||
|
@cindex DeviceType
|
||||||
|
@item DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms)
|
||||||
|
The type of the virtual network device.
|
||||||
|
Tinc will normally automatically select the right type, and this option should not be used.
|
||||||
|
However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
|
||||||
|
using this option might help.
|
||||||
|
|
||||||
|
@table @asis
|
||||||
|
@item tun
|
||||||
|
Set type to tun.
|
||||||
|
Depending on the platform, this can either be with or without an address family header (see below).
|
||||||
|
|
||||||
|
@cindex tunnohead
|
||||||
|
@item tunnohead
|
||||||
|
Set type to tun without an address family header.
|
||||||
|
Tinc will expect packets read from the virtual network device to start with an IP header.
|
||||||
|
On some platforms IPv6 packets cannot be read from or written to the device in this mode.
|
||||||
|
|
||||||
|
@cindex tunifhead
|
||||||
|
@item tunifhead
|
||||||
|
Set type to tun with an address family header.
|
||||||
|
Tinc will expect packets read from the virtual network device
|
||||||
|
to start with a four byte header containing the address family,
|
||||||
|
followed by an IP header.
|
||||||
|
This mode should support both IPv4 and IPv6 packets.
|
||||||
|
|
||||||
|
@item tap
|
||||||
|
Set type to tap.
|
||||||
|
Tinc will expect packets read from the virtual network device
|
||||||
|
to start with an Ethernet header.
|
||||||
|
@end table
|
||||||
|
|
||||||
@cindex GraphDumpFile
|
@cindex GraphDumpFile
|
||||||
@item GraphDumpFile = <@var{filename}> [experimental]
|
@item GraphDumpFile = <@var{filename}> [experimental]
|
||||||
If this option is present,
|
If this option is present,
|
||||||
|
@ -932,7 +894,8 @@ This only has effect when Mode is set to "switch".
|
||||||
|
|
||||||
@cindex Name
|
@cindex Name
|
||||||
@item Name = <@var{name}> [required]
|
@item Name = <@var{name}> [required]
|
||||||
This is a symbolic name for this connection. It can be anything
|
This is a symbolic name for this connection.
|
||||||
|
The name should consist only of alfanumeric and underscore characters (a-z, A-Z, 0-9 and _).
|
||||||
|
|
||||||
@cindex PingInterval
|
@cindex PingInterval
|
||||||
@item PingInterval = <@var{seconds}> (60)
|
@item PingInterval = <@var{seconds}> (60)
|
||||||
|
@ -1019,6 +982,15 @@ The length of the message authentication code used to authenticate UDP packets.
|
||||||
Can be anything from 0
|
Can be anything from 0
|
||||||
up to the length of the digest produced by the digest algorithm.
|
up to the length of the digest produced by the digest algorithm.
|
||||||
|
|
||||||
|
@cindex PMTU
|
||||||
|
@item PMTU = <@var{mtu}> (1514)
|
||||||
|
This option controls the initial path MTU to this node.
|
||||||
|
|
||||||
|
@cindex PMTUDiscovery
|
||||||
|
@item PMTUDiscovery = <yes|no> (yes)
|
||||||
|
When this option is enabled, tinc will try to discover the path MTU to this node.
|
||||||
|
After the path MTU has been discovered, it will be enforced on the VPN.
|
||||||
|
|
||||||
@cindex Port
|
@cindex Port
|
||||||
@item Port = <@var{port}> (655)
|
@item Port = <@var{port}> (655)
|
||||||
This is the port this tinc daemon listens on.
|
This is the port this tinc daemon listens on.
|
||||||
|
@ -1068,7 +1040,7 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes
|
||||||
@uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519}
|
@uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519}
|
||||||
|
|
||||||
@cindex TCPonly
|
@cindex TCPonly
|
||||||
@item TCPonly = <yes|no> (no) [experimental]
|
@item TCPonly = <yes|no> (no)
|
||||||
If this variable is set to yes, then the packets are tunnelled over a
|
If this variable is set to yes, then the packets are tunnelled over a
|
||||||
TCP connection instead of a UDP connection. This is especially useful
|
TCP connection instead of a UDP connection. This is especially useful
|
||||||
for those who want to run a tinc daemon from behind a masquerading
|
for those who want to run a tinc daemon from behind a masquerading
|
||||||
|
|
249
doc/tinc/tinc_0.html
Normal file
249
doc/tinc/tinc_0.html
Normal file
|
@ -0,0 +1,249 @@
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||||
|
<html>
|
||||||
|
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||||
|
<!--
|
||||||
|
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||||
|
Karl Berry <karl@freefriends.org>
|
||||||
|
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||||
|
and many others.
|
||||||
|
Maintained by: Many creative people.
|
||||||
|
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||||
|
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<title>tinc Manual: 1. Introduction</title>
|
||||||
|
|
||||||
|
<meta name="description" content="tinc Manual: 1. Introduction">
|
||||||
|
<meta name="keywords" content="tinc Manual: 1. Introduction">
|
||||||
|
<meta name="resource-type" content="document">
|
||||||
|
<meta name="distribution" content="global">
|
||||||
|
<meta name="Generator" content="texi2html 1.78">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
a.summary-letter {text-decoration: none}
|
||||||
|
pre.display {font-family: serif}
|
||||||
|
pre.format {font-family: serif}
|
||||||
|
pre.menu-comment {font-family: serif}
|
||||||
|
pre.menu-preformatted {font-family: serif}
|
||||||
|
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||||
|
pre.smallexample {font-size: smaller}
|
||||||
|
pre.smallformat {font-family: serif; font-size: smaller}
|
||||||
|
pre.smalllisp {font-size: smaller}
|
||||||
|
span.roman {font-family:serif; font-weight:normal;}
|
||||||
|
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||||
|
ul.toc {list-style: none}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||||
|
|
||||||
|
<a name="Introduction"></a>
|
||||||
|
<a name="SEC1"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[ < ]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC2" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[ << ]</td>
|
||||||
|
<td valign="middle" align="left">[ Up ]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h1 class="chapter"> 1. Introduction </h1>
|
||||||
|
|
||||||
|
<p>Tinc is a Virtual Private Network (VPN) daemon that uses tunneling and
|
||||||
|
encryption to create a secure private network between hosts on the
|
||||||
|
Internet.
|
||||||
|
</p>
|
||||||
|
<p>Because the tunnel appears to the IP level network code as a normal
|
||||||
|
network device, there is no need to adapt any existing software.
|
||||||
|
The encrypted tunnels allows VPN sites to share information with each other
|
||||||
|
over the Internet without exposing any information to others.
|
||||||
|
</p>
|
||||||
|
<p>This document is the manual for tinc. Included are chapters on how to
|
||||||
|
configure your computer to use tinc, as well as the configuration
|
||||||
|
process of tinc itself.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC2">1.1 Virtual Private Networks</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC3">1.2 tinc</a></td><td> </td><td align="left" valign="top"> About tinc
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC4">1.3 Supported platforms</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Virtual-Private-Networks"></a>
|
||||||
|
<a name="SEC2"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC1" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC3" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 1.1 Virtual Private Networks </h2>
|
||||||
|
|
||||||
|
<a name="IDX1"></a>
|
||||||
|
<p>A Virtual Private Network or VPN is a network that can only be accessed
|
||||||
|
by a few elected computers that participate. This goal is achievable in
|
||||||
|
more than just one way.
|
||||||
|
</p>
|
||||||
|
<a name="IDX2"></a>
|
||||||
|
<p>Private networks can consist of a single stand-alone Ethernet LAN. Or
|
||||||
|
even two computers hooked up using a null-modem cable. In these cases,
|
||||||
|
it is
|
||||||
|
obvious that the network is <em>private</em>, no one can access it from the
|
||||||
|
outside. But if your computers are linked to the Internet, the network
|
||||||
|
is not private anymore, unless one uses firewalls to block all private
|
||||||
|
traffic. But then, there is no way to send private data to trusted
|
||||||
|
computers on the other end of the Internet.
|
||||||
|
</p>
|
||||||
|
<p>This problem can be solved by using <em>virtual</em> networks. Virtual
|
||||||
|
networks can live on top of other networks, but they use encapsulation to
|
||||||
|
keep using their private address space so they do not interfere with
|
||||||
|
the Internet. Mostly, virtual networks appear like a singe LAN, even though
|
||||||
|
they can span the entire world. But virtual networks can't be secured
|
||||||
|
by using firewalls, because the traffic that flows through it has to go
|
||||||
|
through the Internet, where other people can look at it.
|
||||||
|
</p>
|
||||||
|
<p>As is the case with either type of VPN, anybody could eavesdrop. Or
|
||||||
|
worse, alter data. Hence it's probably advisable to encrypt the data
|
||||||
|
that flows over the network.
|
||||||
|
</p>
|
||||||
|
<p>When one introduces encryption, we can form a true VPN. Other people may
|
||||||
|
see encrypted traffic, but if they don't know how to decipher it (they
|
||||||
|
need to know the key for that), they cannot read the information that flows
|
||||||
|
through the VPN. This is what tinc was made for.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="tinc"></a>
|
||||||
|
<a name="SEC3"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC2" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC4" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 1.2 tinc </h2>
|
||||||
|
|
||||||
|
<a name="IDX3"></a>
|
||||||
|
<p>I really don't quite remember what got us started, but it must have been
|
||||||
|
Guus' idea. He wrote a simple implementation (about 50 lines of C) that
|
||||||
|
used the ethertap device that Linux knows of since somewhere
|
||||||
|
about kernel 2.1.60. It didn't work immediately and he improved it a
|
||||||
|
bit. At this stage, the project was still simply called "vpnd".
|
||||||
|
</p>
|
||||||
|
<p>Since then, a lot has changed—to say the least.
|
||||||
|
</p>
|
||||||
|
<a name="IDX4"></a>
|
||||||
|
<p>Tinc now supports encryption, it consists of a single daemon (tincd) for
|
||||||
|
both the receiving and sending end, it has become largely
|
||||||
|
runtime-configurable—in short, it has become a full-fledged
|
||||||
|
professional package.
|
||||||
|
</p>
|
||||||
|
<a name="IDX5"></a>
|
||||||
|
<p>Tinc also allows more than two sites to connect to eachother and form a single VPN.
|
||||||
|
Traditionally VPNs are created by making tunnels, which only have two endpoints.
|
||||||
|
Larger VPNs with more sites are created by adding more tunnels.
|
||||||
|
Tinc takes another approach: only endpoints are specified,
|
||||||
|
the software itself will take care of creating the tunnels.
|
||||||
|
This allows for easier configuration and improved scalability.
|
||||||
|
</p>
|
||||||
|
<p>A lot can—and will be—changed. We have a number of things that we would like to
|
||||||
|
see in the future releases of tinc. Not everything will be available in
|
||||||
|
the near future. Our first objective is to make tinc work perfectly as
|
||||||
|
it stands, and then add more advanced features.
|
||||||
|
</p>
|
||||||
|
<p>Meanwhile, we're always open-minded towards new ideas. And we're
|
||||||
|
available too.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Supported-platforms"></a>
|
||||||
|
<a name="SEC4"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC3" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 1.3 Supported platforms </h2>
|
||||||
|
|
||||||
|
<a name="IDX6"></a>
|
||||||
|
<p>Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment),
|
||||||
|
with various hardware architectures. These are some of the platforms
|
||||||
|
that are supported by the universal tun/tap device driver or other virtual network device drivers.
|
||||||
|
Without such a driver, tinc will most
|
||||||
|
likely compile and run, but it will not be able to send or receive data
|
||||||
|
packets.
|
||||||
|
</p>
|
||||||
|
<p>For an up to date list of supported platforms, please check the list on
|
||||||
|
our website:
|
||||||
|
<a href="http://www.tinc-vpn.org/platforms">http://www.tinc-vpn.org/platforms</a>.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<p>
|
||||||
|
<font size="-1">
|
||||||
|
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||||
|
</font>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
536
doc/tinc/tinc_1.html
Normal file
536
doc/tinc/tinc_1.html
Normal file
|
@ -0,0 +1,536 @@
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||||
|
<html>
|
||||||
|
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||||
|
<!--
|
||||||
|
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||||
|
Karl Berry <karl@freefriends.org>
|
||||||
|
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||||
|
and many others.
|
||||||
|
Maintained by: Many creative people.
|
||||||
|
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||||
|
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<title>tinc Manual: 2. Preparations</title>
|
||||||
|
|
||||||
|
<meta name="description" content="tinc Manual: 2. Preparations">
|
||||||
|
<meta name="keywords" content="tinc Manual: 2. Preparations">
|
||||||
|
<meta name="resource-type" content="document">
|
||||||
|
<meta name="distribution" content="global">
|
||||||
|
<meta name="Generator" content="texi2html 1.78">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
a.summary-letter {text-decoration: none}
|
||||||
|
pre.display {font-family: serif}
|
||||||
|
pre.format {font-family: serif}
|
||||||
|
pre.menu-comment {font-family: serif}
|
||||||
|
pre.menu-preformatted {font-family: serif}
|
||||||
|
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||||
|
pre.smallexample {font-size: smaller}
|
||||||
|
pre.smallformat {font-family: serif; font-size: smaller}
|
||||||
|
pre.smalllisp {font-size: smaller}
|
||||||
|
span.roman {font-family:serif; font-weight:normal;}
|
||||||
|
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||||
|
ul.toc {list-style: none}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||||
|
|
||||||
|
<a name="Preparations"></a>
|
||||||
|
<a name="SEC5"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="tinc_0.html#SEC4" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h1 class="chapter"> 2. Preparations </h1>
|
||||||
|
|
||||||
|
<p>This chapter contains information on how to prepare your system to
|
||||||
|
support tinc.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC6">2.1 Configuring the kernel</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC14">2.2 Libraries</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Configuring-the-kernel"></a>
|
||||||
|
<a name="SEC6"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC5" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC7" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 2.1 Configuring the kernel </h2>
|
||||||
|
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC7">2.1.1 Configuration of Linux kernels</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC8">2.1.2 Configuration of FreeBSD kernels</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC9">2.1.3 Configuration of OpenBSD kernels</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC10">2.1.4 Configuration of NetBSD kernels</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC11">2.1.5 Configuration of Solaris kernels</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC12">2.1.6 Configuration of Darwin (MacOS/X) kernels</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC13">2.1.7 Configuration of Windows</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Configuration-of-Linux-kernels"></a>
|
||||||
|
<a name="SEC7"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC6" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC8" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.1.1 Configuration of Linux kernels </h3>
|
||||||
|
|
||||||
|
<p>For tinc to work, you need a kernel that supports the Universal tun/tap device.
|
||||||
|
Most distributions come with kernels that already support this.
|
||||||
|
Here are the options you have to turn on when configuring a new kernel:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">Code maturity level options
|
||||||
|
[*] Prompt for development and/or incomplete code/drivers
|
||||||
|
Network device support
|
||||||
|
<M> Universal tun/tap device driver support
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>It's not necessary to compile this driver as a module, even if you are going to
|
||||||
|
run more than one instance of tinc.
|
||||||
|
</p>
|
||||||
|
<p>If you decide to build the tun/tap driver as a kernel module, add these lines
|
||||||
|
to ‘<tt>/etc/modules.conf</tt>’:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">alias char-major-10-200 tun
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Configuration-of-FreeBSD-kernels"></a>
|
||||||
|
<a name="SEC8"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC7" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC9" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.1.2 Configuration of FreeBSD kernels </h3>
|
||||||
|
|
||||||
|
<p>For FreeBSD version 4.1 and higher, tun and tap drivers are included in the default kernel configuration.
|
||||||
|
Using tap devices is recommended.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Configuration-of-OpenBSD-kernels"></a>
|
||||||
|
<a name="SEC9"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC8" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC10" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.1.3 Configuration of OpenBSD kernels </h3>
|
||||||
|
|
||||||
|
<p>For OpenBSD version 2.9 and higher,
|
||||||
|
the tun driver is included in the default kernel configuration.
|
||||||
|
There is also a kernel patch from <a href="http://diehard.n-r-g.com/stuff/openbsd/">http://diehard.n-r-g.com/stuff/openbsd/</a>
|
||||||
|
which adds a tap device to OpenBSD which should work with tinc,
|
||||||
|
but with recent versions of OpenBSD,
|
||||||
|
a tun device can act as a tap device by setting the link0 option with ifconfig.
|
||||||
|
</p>
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Configuration-of-NetBSD-kernels"></a>
|
||||||
|
<a name="SEC10"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC9" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC11" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.1.4 Configuration of NetBSD kernels </h3>
|
||||||
|
|
||||||
|
<p>For NetBSD version 1.5.2 and higher,
|
||||||
|
the tun driver is included in the default kernel configuration.
|
||||||
|
</p>
|
||||||
|
<p>Tunneling IPv6 may not work on NetBSD's tun device.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Configuration-of-Solaris-kernels"></a>
|
||||||
|
<a name="SEC11"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC10" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC12" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.1.5 Configuration of Solaris kernels </h3>
|
||||||
|
|
||||||
|
<p>For Solaris 8 (SunOS 5.8) and higher,
|
||||||
|
the tun driver may or may not be included in the default kernel configuration.
|
||||||
|
If it isn't, the source can be downloaded from <a href="http://vtun.sourceforge.net/tun/">http://vtun.sourceforge.net/tun/</a>.
|
||||||
|
For x86 and sparc64 architectures, precompiled versions can be found at <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a>.
|
||||||
|
If the ‘<tt>net/if_tun.h</tt>’ header file is missing, install it from the source package.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="NOD12"></a>
|
||||||
|
<a name="SEC12"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC11" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC13" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.1.6 Configuration of Darwin (MacOS/X) kernels </h3>
|
||||||
|
|
||||||
|
<p>Tinc on Darwin relies on a tunnel driver for its data acquisition from the kernel.
|
||||||
|
Tinc supports either the driver from <a href="http://www-user.rhrk.uni-kl.de/~nissler/tuntap/">http://www-user.rhrk.uni-kl.de/~nissler/tuntap/</a>,
|
||||||
|
which supports both tun and tap style devices,
|
||||||
|
and also the driver from from <a href="http://chrisp.de/en/projects/tunnel.html">http://chrisp.de/en/projects/tunnel.html</a>.
|
||||||
|
The former driver is recommended.
|
||||||
|
The tunnel driver must be loaded before starting tinc with the following command:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">kmodload tunnel
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Configuration-of-Windows"></a>
|
||||||
|
<a name="SEC13"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC12" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC14" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC6" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.1.7 Configuration of Windows </h3>
|
||||||
|
|
||||||
|
<p>You will need to install the latest TAP-Win32 driver from OpenVPN.
|
||||||
|
You can download it from <a href="http://openvpn.sourceforge.net">http://openvpn.sourceforge.net</a>.
|
||||||
|
Using the Network Connections control panel,
|
||||||
|
configure the TAP-Win32 network interface in the same way as you would do from the tinc-up script,
|
||||||
|
as explained in the rest of the documentation.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Libraries"></a>
|
||||||
|
<a name="SEC14"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC13" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC15" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 2.2 Libraries </h2>
|
||||||
|
|
||||||
|
<p>Before you can configure or build tinc, you need to have the OpenSSL,
|
||||||
|
zlib and lzo libraries installed on your system. If you try to configure tinc without
|
||||||
|
having them installed, configure will give you an error message, and stop.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC15">2.2.1 OpenSSL</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC17">2.2.2 zlib</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC18">2.2.3 lzo</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="OpenSSL"></a>
|
||||||
|
<a name="SEC15"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC14" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC17" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC14" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.2.1 OpenSSL </h3>
|
||||||
|
|
||||||
|
<p>For all cryptography-related functions, tinc uses the functions provided
|
||||||
|
by the OpenSSL library.
|
||||||
|
</p>
|
||||||
|
<p>If this library is not installed, you wil get an error when configuring
|
||||||
|
tinc for build. Support for running tinc without having OpenSSL
|
||||||
|
installed <em>may</em> be added in the future.
|
||||||
|
</p>
|
||||||
|
<p>You can use your operating system's package manager to install this if
|
||||||
|
available. Make sure you install the development AND runtime versions
|
||||||
|
of this package.
|
||||||
|
</p>
|
||||||
|
<p>If you have to install OpenSSL manually, you can get the source code
|
||||||
|
from <a href="http://www.openssl.org/">http://www.openssl.org/</a>. Instructions on how to configure,
|
||||||
|
build and install this package are included within the package. Please
|
||||||
|
make sure you build development and runtime libraries (which is the
|
||||||
|
default).
|
||||||
|
</p>
|
||||||
|
<p>If you installed the OpenSSL libraries from source, it may be necessary
|
||||||
|
to let configure know where they are, by passing configure one of the
|
||||||
|
–with-openssl-* parameters.
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">--with-openssl=DIR OpenSSL library and headers prefix
|
||||||
|
--with-openssl-include=DIR OpenSSL headers directory
|
||||||
|
(Default is OPENSSL_DIR/include)
|
||||||
|
--with-openssl-lib=DIR OpenSSL library directory
|
||||||
|
(Default is OPENSSL_DIR/lib)
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
|
||||||
|
<a name="SEC16"></a>
|
||||||
|
<h4 class="subsubheading"> License </h4>
|
||||||
|
|
||||||
|
<p>The complete source code of tinc is covered by the GNU GPL version 2.
|
||||||
|
Since the license under which OpenSSL is distributed is not directly
|
||||||
|
compatible with the terms of the GNU GPL
|
||||||
|
<a href="http://www.openssl.org/support/faq.html#LEGAL2">http://www.openssl.org/support/faq.html#LEGAL2</a>, we
|
||||||
|
include an exemption to the GPL (see also the file COPYING.README) to allow
|
||||||
|
everyone to create a statically or dynamically linked executable:
|
||||||
|
</p>
|
||||||
|
<blockquote><p>This program is released under the GPL with the additional exemption
|
||||||
|
that compiling, linking, and/or using OpenSSL is allowed. You may
|
||||||
|
provide binary packages linked to the OpenSSL libraries, provided that
|
||||||
|
all other requirements of the GPL are met.
|
||||||
|
</p></blockquote>
|
||||||
|
|
||||||
|
<p>Since the LZO library used by tinc is also covered by the GPL,
|
||||||
|
we also present the following exemption:
|
||||||
|
</p>
|
||||||
|
<blockquote><p>Hereby I grant a special exception to the tinc VPN project
|
||||||
|
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
|
||||||
|
(http://www.openssl.org).
|
||||||
|
</p>
|
||||||
|
<p>Markus F.X.J. Oberhumer
|
||||||
|
</p></blockquote>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="zlib"></a>
|
||||||
|
<a name="SEC17"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC15" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC18" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC14" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.2.2 zlib </h3>
|
||||||
|
|
||||||
|
<p>For the optional compression of UDP packets, tinc uses the functions provided
|
||||||
|
by the zlib library.
|
||||||
|
</p>
|
||||||
|
<p>If this library is not installed, you wil get an error when configuring
|
||||||
|
tinc for build. Support for running tinc without having zlib
|
||||||
|
installed <em>may</em> be added in the future.
|
||||||
|
</p>
|
||||||
|
<p>You can use your operating system's package manager to install this if
|
||||||
|
available. Make sure you install the development AND runtime versions
|
||||||
|
of this package.
|
||||||
|
</p>
|
||||||
|
<p>If you have to install zlib manually, you can get the source code
|
||||||
|
from <a href="http://www.gzip.org/zlib/">http://www.gzip.org/zlib/</a>. Instructions on how to configure,
|
||||||
|
build and install this package are included within the package. Please
|
||||||
|
make sure you build development and runtime libraries (which is the
|
||||||
|
default).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="lzo"></a>
|
||||||
|
<a name="SEC18"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC17" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC14" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 2.2.3 lzo </h3>
|
||||||
|
|
||||||
|
<a name="IDX7"></a>
|
||||||
|
<p>Another form of compression is offered using the lzo library.
|
||||||
|
</p>
|
||||||
|
<p>If this library is not installed, you wil get an error when configuring
|
||||||
|
tinc for build. Support for running tinc without having lzo
|
||||||
|
installed <em>may</em> be added in the future.
|
||||||
|
</p>
|
||||||
|
<p>You can use your operating system's package manager to install this if
|
||||||
|
available. Make sure you install the development AND runtime versions
|
||||||
|
of this package.
|
||||||
|
</p>
|
||||||
|
<p>If you have to install lzo manually, you can get the source code
|
||||||
|
from <a href="http://www.oberhumer.com/opensource/lzo/">http://www.oberhumer.com/opensource/lzo/</a>. Instructions on how to configure,
|
||||||
|
build and install this package are included within the package. Please
|
||||||
|
make sure you build development and runtime libraries (which is the
|
||||||
|
default).
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_2.html#SEC19" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<p>
|
||||||
|
<font size="-1">
|
||||||
|
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||||
|
</font>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
344
doc/tinc/tinc_2.html
Normal file
344
doc/tinc/tinc_2.html
Normal file
|
@ -0,0 +1,344 @@
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||||
|
<html>
|
||||||
|
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||||
|
<!--
|
||||||
|
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||||
|
Karl Berry <karl@freefriends.org>
|
||||||
|
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||||
|
and many others.
|
||||||
|
Maintained by: Many creative people.
|
||||||
|
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||||
|
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<title>tinc Manual: 3. Installation</title>
|
||||||
|
|
||||||
|
<meta name="description" content="tinc Manual: 3. Installation">
|
||||||
|
<meta name="keywords" content="tinc Manual: 3. Installation">
|
||||||
|
<meta name="resource-type" content="document">
|
||||||
|
<meta name="distribution" content="global">
|
||||||
|
<meta name="Generator" content="texi2html 1.78">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
a.summary-letter {text-decoration: none}
|
||||||
|
pre.display {font-family: serif}
|
||||||
|
pre.format {font-family: serif}
|
||||||
|
pre.menu-comment {font-family: serif}
|
||||||
|
pre.menu-preformatted {font-family: serif}
|
||||||
|
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||||
|
pre.smallexample {font-size: smaller}
|
||||||
|
pre.smallformat {font-family: serif; font-size: smaller}
|
||||||
|
pre.smalllisp {font-size: smaller}
|
||||||
|
span.roman {font-family:serif; font-weight:normal;}
|
||||||
|
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||||
|
ul.toc {list-style: none}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||||
|
|
||||||
|
<a name="Installation"></a>
|
||||||
|
<a name="SEC19"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="tinc_1.html#SEC18" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC20" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_1.html#SEC5" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h1 class="chapter"> 3. Installation </h1>
|
||||||
|
|
||||||
|
<p>If you use Debian, you may want to install one of the
|
||||||
|
precompiled packages for your system. These packages are equipped with
|
||||||
|
system startup scripts and sample configurations.
|
||||||
|
</p>
|
||||||
|
<p>If you cannot use one of the precompiled packages, or you want to compile tinc
|
||||||
|
for yourself, you can use the source. The source is distributed under
|
||||||
|
the GNU General Public License (GPL). Download the source from the
|
||||||
|
<a href="http://www.tinc-vpn.org/download">download page</a>, which has
|
||||||
|
the checksums of these files listed; you may wish to check these with
|
||||||
|
md5sum before continuing.
|
||||||
|
</p>
|
||||||
|
<p>Tinc comes in a convenient autoconf/automake package, which you can just
|
||||||
|
treat the same as any other package. Which is just untar it, type
|
||||||
|
`./configure' and then `make'.
|
||||||
|
More detailed instructions are in the file ‘<tt>INSTALL</tt>’, which is
|
||||||
|
included in the source distribution.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC20">3.1 Building and installing tinc</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC24">3.2 System files</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Building-and-installing-tinc"></a>
|
||||||
|
<a name="SEC20"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC19" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC21" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 3.1 Building and installing tinc </h2>
|
||||||
|
|
||||||
|
<p>Detailed instructions on configuring the source, building tinc and installing tinc
|
||||||
|
can be found in the file called ‘<tt>INSTALL</tt>’.
|
||||||
|
</p>
|
||||||
|
<p>If you happen to have a binary package for tinc for your distribution,
|
||||||
|
you can use the package management tools of that distribution to install tinc.
|
||||||
|
The documentation that comes along with your distribution will tell you how to do that.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC21">3.1.1 Darwin (MacOS/X) build environment</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC22">3.1.2 Cygwin (Windows) build environment</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC23">3.1.3 MinGW (Windows) build environment</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="NOD20"></a>
|
||||||
|
<a name="SEC21"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC20" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC22" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC20" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 3.1.1 Darwin (MacOS/X) build environment </h3>
|
||||||
|
|
||||||
|
<p>In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools
|
||||||
|
from <a href="http://developer.apple.com/tools/macosxtools.html">http://developer.apple.com/tools/macosxtools.html</a> and
|
||||||
|
a recent version of Fink from <a href="http://fink.sourceforge.net/">http://fink.sourceforge.net/</a>.
|
||||||
|
</p>
|
||||||
|
<p>After installation use fink to download and install the following packages:
|
||||||
|
autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
||||||
|
</p>
|
||||||
|
<hr size="6">
|
||||||
|
<a name="NOD21"></a>
|
||||||
|
<a name="SEC22"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC21" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC23" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC20" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 3.1.2 Cygwin (Windows) build environment </h3>
|
||||||
|
|
||||||
|
<p>If Cygwin hasn't already been installed, install it directly from
|
||||||
|
<a href="http://www.cygwin.com/">http://www.cygwin.com/</a>.
|
||||||
|
</p>
|
||||||
|
<p>When tinc is compiled in a Cygwin environment, it can only be run in this environment,
|
||||||
|
but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
|
||||||
|
It will also support all features.
|
||||||
|
</p>
|
||||||
|
<hr size="6">
|
||||||
|
<a name="NOD22"></a>
|
||||||
|
<a name="SEC23"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC22" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC24" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC20" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 3.1.3 MinGW (Windows) build environment </h3>
|
||||||
|
|
||||||
|
<p>You will need to install the MinGW environment from <a href="http://www.mingw.org">http://www.mingw.org</a>.
|
||||||
|
</p>
|
||||||
|
<p>When tinc is compiled using MinGW it runs natively under Windows,
|
||||||
|
it is not necessary to keep MinGW installed.
|
||||||
|
</p>
|
||||||
|
<p>When detaching, tinc will install itself as a service,
|
||||||
|
which will be restarted automatically after reboots.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="System-files"></a>
|
||||||
|
<a name="SEC24"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC23" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC25" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 3.2 System files </h2>
|
||||||
|
|
||||||
|
<p>Before you can run tinc, you must make sure you have all the needed
|
||||||
|
files on your system.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC25">3.2.1 Device files</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC26">3.2.2 Other files</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Device-files"></a>
|
||||||
|
<a name="SEC25"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC24" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC26" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC24" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 3.2.1 Device files </h3>
|
||||||
|
|
||||||
|
<p>Most operating systems nowadays come with the necessary device files by default,
|
||||||
|
or they have a mechanism to create them on demand.
|
||||||
|
</p>
|
||||||
|
<p>If you use Linux and do not have udev installed,
|
||||||
|
you may need to create the following device file if it does not exist:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">mknod -m 600 /dev/net/tun c 10 200
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Other-files"></a>
|
||||||
|
<a name="SEC26"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC25" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC24" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 3.2.2 Other files </h3>
|
||||||
|
|
||||||
|
<a name="SEC27"></a>
|
||||||
|
<h4 class="subsubheading"> ‘<tt>/etc/networks</tt>’ </h4>
|
||||||
|
|
||||||
|
<p>You may add a line to ‘<tt>/etc/networks</tt>’ so that your VPN will get a
|
||||||
|
symbolic name. For example:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">myvpn 10.0.0.0
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<a name="SEC28"></a>
|
||||||
|
<h4 class="subsubheading"> ‘<tt>/etc/services</tt>’ </h4>
|
||||||
|
|
||||||
|
<a name="IDX8"></a>
|
||||||
|
<p>You may add this line to ‘<tt>/etc/services</tt>’. The effect is that you
|
||||||
|
may supply a ‘<samp>tinc</samp>’ as a valid port number to some programs. The
|
||||||
|
number 655 is registered with the IANA.
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">tinc 655/tcp TINC
|
||||||
|
tinc 655/udp TINC
|
||||||
|
# Ivo Timmermans <ivo@tinc-vpn.org>
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC19" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<p>
|
||||||
|
<font size="-1">
|
||||||
|
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||||
|
</font>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
1137
doc/tinc/tinc_3.html
Normal file
1137
doc/tinc/tinc_3.html
Normal file
File diff suppressed because it is too large
Load diff
533
doc/tinc/tinc_4.html
Normal file
533
doc/tinc/tinc_4.html
Normal file
|
@ -0,0 +1,533 @@
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||||
|
<html>
|
||||||
|
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||||
|
<!--
|
||||||
|
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||||
|
Karl Berry <karl@freefriends.org>
|
||||||
|
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||||
|
and many others.
|
||||||
|
Maintained by: Many creative people.
|
||||||
|
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||||
|
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<title>tinc Manual: 5. Running tinc</title>
|
||||||
|
|
||||||
|
<meta name="description" content="tinc Manual: 5. Running tinc">
|
||||||
|
<meta name="keywords" content="tinc Manual: 5. Running tinc">
|
||||||
|
<meta name="resource-type" content="document">
|
||||||
|
<meta name="distribution" content="global">
|
||||||
|
<meta name="Generator" content="texi2html 1.78">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
a.summary-letter {text-decoration: none}
|
||||||
|
pre.display {font-family: serif}
|
||||||
|
pre.format {font-family: serif}
|
||||||
|
pre.menu-comment {font-family: serif}
|
||||||
|
pre.menu-preformatted {font-family: serif}
|
||||||
|
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||||
|
pre.smallexample {font-size: smaller}
|
||||||
|
pre.smallformat {font-family: serif; font-size: smaller}
|
||||||
|
pre.smalllisp {font-size: smaller}
|
||||||
|
span.roman {font-family:serif; font-weight:normal;}
|
||||||
|
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||||
|
ul.toc {list-style: none}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||||
|
|
||||||
|
<a name="Running-tinc"></a>
|
||||||
|
<a name="SEC49"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="tinc_3.html#SEC42" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC50" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_3.html#SEC29" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h1 class="chapter"> 5. Running tinc </h1>
|
||||||
|
|
||||||
|
<p>If everything else is done, you can start tinc by typing the following command:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">tincd -n <var>netname</var>
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<a name="IDX64"></a>
|
||||||
|
<p>Tinc will detach from the terminal and continue to run in the background like a good daemon.
|
||||||
|
If there are any problems however you can try to increase the debug level
|
||||||
|
and look in the syslog to find out what the problems are.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC50">5.1 Runtime options</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC51">5.2 Signals</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC52">5.3 Debug levels</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC53">5.4 Solving problems</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC54">5.5 Error messages</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC55">5.6 Sending bug reports</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Runtime-options"></a>
|
||||||
|
<a name="SEC50"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC49" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC51" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 5.1 Runtime options </h2>
|
||||||
|
|
||||||
|
<p>Besides the settings in the configuration file, tinc also accepts some
|
||||||
|
command line options.
|
||||||
|
</p>
|
||||||
|
<a name="IDX65"></a>
|
||||||
|
<a name="IDX66"></a>
|
||||||
|
<a name="IDX67"></a>
|
||||||
|
<dl compact="compact">
|
||||||
|
<dt> ‘<samp>-c, --config=<var>path</var></samp>’</dt>
|
||||||
|
<dd><p>Read configuration options from the directory <var>path</var>. The default is
|
||||||
|
‘<tt>/etc/tinc/<var>netname</var>/</tt>’.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>-D, --no-detach</samp>’</dt>
|
||||||
|
<dd><p>Don't fork and detach.
|
||||||
|
This will also disable the automatic restart mechanism for fatal errors.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>-d, --debug=<var>level</var></samp>’</dt>
|
||||||
|
<dd><p>Set debug level to <var>level</var>. The higher the debug level, the more gets
|
||||||
|
logged. Everything goes via syslog.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>-k, --kill[=<var>signal</var>]</samp>’</dt>
|
||||||
|
<dd><p>Attempt to kill a running tincd (optionally with the specified <var>signal</var> instead of SIGTERM) and exit.
|
||||||
|
Use it in conjunction with the -n option to make sure you kill the right tinc daemon.
|
||||||
|
Under native Windows the optional argument is ignored,
|
||||||
|
the service will always be stopped and removed.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>-n, --net=<var>netname</var></samp>’</dt>
|
||||||
|
<dd><p>Use configuration for net <var>netname</var>. See section <a href="tinc_3.html#SEC31">Multiple networks</a>.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>-K, --generate-keys[=<var>bits</var>]</samp>’</dt>
|
||||||
|
<dd><p>Generate public/private keypair of <var>bits</var> length. If <var>bits</var> is not specified,
|
||||||
|
1024 is the default. tinc will ask where you want to store the files,
|
||||||
|
but will default to the configuration directory (you can use the -c or -n option
|
||||||
|
in combination with -K). After that, tinc will quit.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>-L, --mlock</samp>’</dt>
|
||||||
|
<dd><p>Lock tinc into main memory.
|
||||||
|
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>--logfile[=<var>file</var>]</samp>’</dt>
|
||||||
|
<dd><p>Write log entries to a file instead of to the system logging facility.
|
||||||
|
If <var>file</var> is omitted, the default is ‘<tt>/var/log/tinc.<var>netname</var>.log</tt>’.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>--pidfile=<var>file</var></samp>’</dt>
|
||||||
|
<dd><p>Write PID to <var>file</var> instead of ‘<tt>/var/run/tinc.<var>netname</var>.pid</tt>’.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>--bypass-security</samp>’</dt>
|
||||||
|
<dd><p>Disables encryption and authentication.
|
||||||
|
Only useful for debugging.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>--help</samp>’</dt>
|
||||||
|
<dd><p>Display a short reminder of these runtime options and terminate.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>--version</samp>’</dt>
|
||||||
|
<dd><p>Output version information and exit.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Signals"></a>
|
||||||
|
<a name="SEC51"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC50" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC52" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 5.2 Signals </h2>
|
||||||
|
|
||||||
|
<p>You can also send the following signals to a running tincd process:
|
||||||
|
</p>
|
||||||
|
<dl compact="compact">
|
||||||
|
<dt> ‘<samp>ALRM</samp>’</dt>
|
||||||
|
<dd><p>Forces tinc to try to connect to all uplinks immediately.
|
||||||
|
Usually tinc attempts to do this itself,
|
||||||
|
but increases the time it waits between the attempts each time it failed,
|
||||||
|
and if tinc didn't succeed to connect to an uplink the first time after it started,
|
||||||
|
it defaults to the maximum time of 15 minutes.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>HUP</samp>’</dt>
|
||||||
|
<dd><p>Partially rereads configuration files.
|
||||||
|
Connections to hosts whose host config file are removed are closed.
|
||||||
|
New outgoing connections specified in ‘<tt>tinc.conf</tt>’ will be made.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>INT</samp>’</dt>
|
||||||
|
<dd><p>Temporarily increases debug level to 5.
|
||||||
|
Send this signal again to revert to the original level.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>USR1</samp>’</dt>
|
||||||
|
<dd><p>Dumps the connection list to syslog.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>USR2</samp>’</dt>
|
||||||
|
<dd><p>Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>WINCH</samp>’</dt>
|
||||||
|
<dd><p>Purges all information remembered about unreachable nodes.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Debug-levels"></a>
|
||||||
|
<a name="SEC52"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC51" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC53" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 5.3 Debug levels </h2>
|
||||||
|
|
||||||
|
<p>The tinc daemon can send a lot of messages to the syslog.
|
||||||
|
The higher the debug level, the more messages it will log.
|
||||||
|
Each level inherits all messages of the previous level:
|
||||||
|
</p>
|
||||||
|
<dl compact="compact">
|
||||||
|
<dt> ‘<samp>0</samp>’</dt>
|
||||||
|
<dd><p>This will log a message indicating tinc has started along with a version number.
|
||||||
|
It will also log any serious error.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>1</samp>’</dt>
|
||||||
|
<dd><p>This will log all connections that are made with other tinc daemons.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>2</samp>’</dt>
|
||||||
|
<dd><p>This will log status and error messages from scripts and other tinc daemons.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>3</samp>’</dt>
|
||||||
|
<dd><p>This will log all requests that are exchanged with other tinc daemons. These include
|
||||||
|
authentication, key exchange and connection list updates.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>4</samp>’</dt>
|
||||||
|
<dd><p>This will log a copy of everything received on the meta socket.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>5</samp>’</dt>
|
||||||
|
<dd><p>This will log all network traffic over the virtual private network.
|
||||||
|
</p>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Solving-problems"></a>
|
||||||
|
<a name="SEC53"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC52" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC54" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 5.4 Solving problems </h2>
|
||||||
|
|
||||||
|
<p>If tinc starts without problems, but if the VPN doesn't work, you will have to find the cause of the problem.
|
||||||
|
The first thing to do is to start tinc with a high debug level in the foreground,
|
||||||
|
so you can directly see everything tinc logs:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">tincd -n <var>netname</var> -d5 -D
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>If tinc does not log any error messages, then you might want to check the following things:
|
||||||
|
</p>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> ‘<tt>tinc-up</tt>’ script
|
||||||
|
Does this script contain the right commands?
|
||||||
|
Normally you must give the interface the address of this host on the VPN, and the netmask must be big enough so that the entire VPN is covered.
|
||||||
|
|
||||||
|
</li><li> Subnet
|
||||||
|
Does the Subnet (or Subnets) in the host configuration file of this host match the portion of the VPN that belongs to this host?
|
||||||
|
|
||||||
|
</li><li> Firewalls and NATs
|
||||||
|
Do you have a firewall or a NAT device (a masquerading firewall or perhaps an ADSL router that performs masquerading)?
|
||||||
|
If so, check that it allows TCP and UDP traffic on port 655.
|
||||||
|
If it masquerades and the host running tinc is behind it, make sure that it forwards TCP and UDP traffic to port 655 to the host running tinc.
|
||||||
|
You can add ‘<samp>TCPOnly = yes</samp>’ to your host config file to force tinc to only use a single TCP connection,
|
||||||
|
this works through most firewalls and NATs.
|
||||||
|
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Error-messages"></a>
|
||||||
|
<a name="SEC54"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC53" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC55" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 5.5 Error messages </h2>
|
||||||
|
|
||||||
|
<p>What follows is a list of the most common error messages you might find in the logs.
|
||||||
|
Some of them will only be visible if the debug level is high enough.
|
||||||
|
</p>
|
||||||
|
<dl compact="compact">
|
||||||
|
<dt> ‘<samp>Could not open /dev/tap0: No such device</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> You forgot to `modprobe netlink_dev' or `modprobe ethertap'.
|
||||||
|
</li><li> You forgot to compile `Netlink device emulation' in the kernel.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Can't write to /dev/net/tun: No such device</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> You forgot to `modprobe tun'.
|
||||||
|
</li><li> You forgot to compile `Universal TUN/TAP driver' in the kernel.
|
||||||
|
</li><li> The tun device is located somewhere else in ‘<tt>/dev/</tt>’.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Network address and prefix length do not match!</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> The Subnet field must contain a <em>network</em> address, trailing bits should be 0.
|
||||||
|
</li><li> If you only want to use one IP address, set the netmask to /32.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Error reading RSA key file `rsa_key.priv': No such file or directory</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> You forgot to create a public/private keypair.
|
||||||
|
</li><li> Specify the complete pathname to the private key file with the ‘<samp>PrivateKeyFile</samp>’ option.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Warning: insecure file permissions for RSA private key file `rsa_key.priv'!</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> The private key file is readable by users other than root.
|
||||||
|
Use chmod to correct the file permissions.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Creating metasocket failed: Address family not supported</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> By default tinc tries to create both IPv4 and IPv6 sockets.
|
||||||
|
On some platforms this might not be implemented.
|
||||||
|
If the logs show ‘<samp>Ready</samp>’ later on, then at least one metasocket was created,
|
||||||
|
and you can ignore this message.
|
||||||
|
You can add ‘<samp>AddressFamily = ipv4</samp>’ to ‘<tt>tinc.conf</tt>’ to prevent this from happening.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Cannot route packet: unknown IPv4 destination 1.2.3.4</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> You try to send traffic to a host on the VPN for which no Subnet is known.
|
||||||
|
</li><li> If it is a broadcast address (ending in .255), it probably is a samba server or a Windows host sending broadcast packets.
|
||||||
|
You can ignore it.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Cannot route packet: ARP request for unknown address 1.2.3.4</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> You try to send traffic to a host on the VPN for which no Subnet is known.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Packet with destination 1.2.3.4 is looping back to us!</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> Something is not configured right. Packets are being sent out to the
|
||||||
|
virtual network device, but according to the Subnet directives in your host configuration
|
||||||
|
file, those packets should go to your own host. Most common mistake is that
|
||||||
|
you have a Subnet line in your host configuration file with a prefix length which is
|
||||||
|
just as large as the prefix of the virtual network interface. The latter should in almost all
|
||||||
|
cases be larger. Rethink your configuration.
|
||||||
|
Note that you will only see this message if you specified a debug
|
||||||
|
level of 5 or higher!
|
||||||
|
</li><li> Chances are that a ‘<samp>Subnet = ...</samp>’ line in the host configuration file of this tinc daemon is wrong.
|
||||||
|
Change it to a subnet that is accepted locally by another interface,
|
||||||
|
or if that is not the case, try changing the prefix length into /32.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Node foo (1.2.3.4) is not reachable</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> Node foo does not have a connection anymore, its tinc daemon is not running or its connection to the Internet is broken.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Received UDP packet from unknown source 1.2.3.4 (port 12345)</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> If you see this only sporadically, it is harmless and caused by a node sending packets using an old key.
|
||||||
|
</li><li> If you see this often and another node is not reachable anymore, then a NAT (masquerading firewall) is changing the source address of UDP packets.
|
||||||
|
You can add ‘<samp>TCPOnly = yes</samp>’ to host configuration files to force all VPN traffic to go over a TCP connection.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
<dt> ‘<samp>Got bad/bogus/unauthorized REQUEST from foo (1.2.3.4 port 12345)</samp>’</dt>
|
||||||
|
<dd>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> Node foo does not have the right public/private keypair.
|
||||||
|
Generate new keypairs and distribute them again.
|
||||||
|
</li><li> An attacker tries to gain access to your VPN.
|
||||||
|
</li><li> A network error caused corruption of metadata sent from foo.
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Sending-bug-reports"></a>
|
||||||
|
<a name="SEC55"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC54" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC49" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 5.6 Sending bug reports </h2>
|
||||||
|
|
||||||
|
<p>If you really can't find the cause of a problem, or if you suspect tinc is not working right,
|
||||||
|
you can send us a bugreport, see <a href="tinc_7.html#SEC69">Contact information</a>.
|
||||||
|
Be sure to include the following information in your bugreport:
|
||||||
|
</p>
|
||||||
|
<ul class="toc">
|
||||||
|
<li> A clear description of what you are trying to achieve and what the problem is.
|
||||||
|
</li><li> What platform (operating system, version, hardware architecture) and which version of tinc you use.
|
||||||
|
</li><li> If compiling tinc fails, a copy of ‘<tt>config.log</tt>’ and the error messages you get.
|
||||||
|
</li><li> Otherwise, a copy of ‘<tt>tinc.conf</tt>’, ‘<tt>tinc-up</tt>’ and all files in the ‘<tt>hosts/</tt>’ directory.
|
||||||
|
</li><li> The output of the commands ‘<samp>ifconfig -a</samp>’ and ‘<samp>route -n</samp>’ (or ‘<samp>netstat -rn</samp>’ if that doesn't work).
|
||||||
|
</li><li> The output of any command that fails to work as it should (like ping or traceroute).
|
||||||
|
</li></ul>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<p>
|
||||||
|
<font size="-1">
|
||||||
|
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||||
|
</font>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
655
doc/tinc/tinc_5.html
Normal file
655
doc/tinc/tinc_5.html
Normal file
|
@ -0,0 +1,655 @@
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||||
|
<html>
|
||||||
|
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||||
|
<!--
|
||||||
|
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||||
|
Karl Berry <karl@freefriends.org>
|
||||||
|
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||||
|
and many others.
|
||||||
|
Maintained by: Many creative people.
|
||||||
|
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||||
|
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<title>tinc Manual: 6. Technical information</title>
|
||||||
|
|
||||||
|
<meta name="description" content="tinc Manual: 6. Technical information">
|
||||||
|
<meta name="keywords" content="tinc Manual: 6. Technical information">
|
||||||
|
<meta name="resource-type" content="document">
|
||||||
|
<meta name="distribution" content="global">
|
||||||
|
<meta name="Generator" content="texi2html 1.78">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
a.summary-letter {text-decoration: none}
|
||||||
|
pre.display {font-family: serif}
|
||||||
|
pre.format {font-family: serif}
|
||||||
|
pre.menu-comment {font-family: serif}
|
||||||
|
pre.menu-preformatted {font-family: serif}
|
||||||
|
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||||
|
pre.smallexample {font-size: smaller}
|
||||||
|
pre.smallformat {font-family: serif; font-size: smaller}
|
||||||
|
pre.smalllisp {font-size: smaller}
|
||||||
|
span.roman {font-family:serif; font-weight:normal;}
|
||||||
|
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||||
|
ul.toc {list-style: none}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||||
|
|
||||||
|
<a name="Technical-information"></a>
|
||||||
|
<a name="SEC56"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="tinc_4.html#SEC55" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC57" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_4.html#SEC49" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h1 class="chapter"> 6. Technical information </h1>
|
||||||
|
|
||||||
|
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC57">6.1 The connection</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC60">6.2 The meta-protocol</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC61">6.3 Security</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="The-connection"></a>
|
||||||
|
<a name="SEC57"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC56" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC58" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 6.1 The connection </h2>
|
||||||
|
|
||||||
|
<p>Tinc is a daemon that takes VPN data and transmit that to another host
|
||||||
|
computer over the existing Internet infrastructure.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC58">6.1.1 The UDP tunnel</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC59">6.1.2 The meta-connection</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="The-UDP-tunnel"></a>
|
||||||
|
<a name="SEC58"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC57" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC59" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC57" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 6.1.1 The UDP tunnel </h3>
|
||||||
|
|
||||||
|
<a name="IDX68"></a>
|
||||||
|
<p>The data itself is read from a character device file, the so-called
|
||||||
|
<em>virtual network device</em>. This device is associated with a network
|
||||||
|
interface. Any data sent to this interface can be read from the device,
|
||||||
|
and any data written to the device gets sent from the interface.
|
||||||
|
There are two possible types of virtual network devices:
|
||||||
|
`tun' style, which are point-to-point devices which can only handle IPv4 and/or IPv6 packets,
|
||||||
|
and `tap' style, which are Ethernet devices and handle complete Ethernet frames.
|
||||||
|
</p>
|
||||||
|
<p>So when tinc reads an Ethernet frame from the device, it determines its
|
||||||
|
type. When tinc is in it's default routing mode, it can handle IPv4 and IPv6
|
||||||
|
packets. Depending on the Subnet lines, it will send the packets off to their destination IP address.
|
||||||
|
In the `switch' and `hub' mode, tinc will use broadcasts and MAC address discovery
|
||||||
|
to deduce the destination of the packets.
|
||||||
|
Since the latter modes only depend on the link layer information,
|
||||||
|
any protocol that runs over Ethernet is supported (for instance IPX and Appletalk).
|
||||||
|
However, only `tap' style devices provide this information.
|
||||||
|
</p>
|
||||||
|
<p>After the destination has been determined,
|
||||||
|
the packet will be compressed (optionally),
|
||||||
|
a sequence number will be added to the packet,
|
||||||
|
the packet will then be encrypted
|
||||||
|
and a message authentication code will be appended.
|
||||||
|
</p>
|
||||||
|
<a name="IDX69"></a>
|
||||||
|
<a name="IDX70"></a>
|
||||||
|
<p>When that is done, time has come to actually transport the
|
||||||
|
packet to the destination computer. We do this by sending the packet
|
||||||
|
over an UDP connection to the destination host. This is called
|
||||||
|
<em>encapsulating</em>, the VPN packet (though now encrypted) is
|
||||||
|
encapsulated in another IP datagram.
|
||||||
|
</p>
|
||||||
|
<p>When the destination receives this packet, the same thing happens, only
|
||||||
|
in reverse. So it checks the message authentication code, decrypts the contents of the UDP datagram,
|
||||||
|
checks the sequence number
|
||||||
|
and writes the decrypted information to its own virtual network device.
|
||||||
|
</p>
|
||||||
|
<p>If the virtual network device is a `tun' device (a point-to-point tunnel),
|
||||||
|
there is no problem for the kernel to accept a packet.
|
||||||
|
However, if it is a `tap' device (this is the only available type on FreeBSD),
|
||||||
|
the destination MAC address must match that of the virtual network interface.
|
||||||
|
If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC
|
||||||
|
can not be known by the sending host.
|
||||||
|
Tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface
|
||||||
|
and overwriting the destination MAC address of the received packet.
|
||||||
|
</p>
|
||||||
|
<p>In switch or hub modes ARP does work so the sender already knows the correct destination MAC address.
|
||||||
|
In those modes every interface should have a unique MAC address, so make sure they are not the same.
|
||||||
|
Because switch and hub modes rely on MAC addresses to function correctly,
|
||||||
|
these modes cannot be used on the following operating systems which don't have a `tap' style virtual network device:
|
||||||
|
OpenBSD, NetBSD, Darwin and Solaris.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="The-meta_002dconnection"></a>
|
||||||
|
<a name="SEC59"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC58" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC60" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC57" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 6.1.2 The meta-connection </h3>
|
||||||
|
|
||||||
|
<p>Having only a UDP connection available is not enough. Though suitable
|
||||||
|
for transmitting data, we want to be able to reliably send other
|
||||||
|
information, such as routing and session key information to somebody.
|
||||||
|
</p>
|
||||||
|
<a name="IDX71"></a>
|
||||||
|
<p>TCP is a better alternative, because it already contains protection
|
||||||
|
against information being lost, unlike UDP.
|
||||||
|
</p>
|
||||||
|
<p>So we establish two connections. One for the encrypted VPN data, and one
|
||||||
|
for other information, the meta-data. Hence, we call the second
|
||||||
|
connection the meta-connection. We can now be sure that the
|
||||||
|
meta-information doesn't get lost on the way to another computer.
|
||||||
|
</p>
|
||||||
|
<a name="IDX72"></a>
|
||||||
|
<a name="IDX73"></a>
|
||||||
|
<p>Like with any communication, we must have a protocol, so that everybody
|
||||||
|
knows what everything stands for, and how she should react. Because we
|
||||||
|
have two connections, we also have two protocols. The protocol used for
|
||||||
|
the UDP data is the “data-protocol,” the other one is the
|
||||||
|
“meta-protocol.”
|
||||||
|
</p>
|
||||||
|
<p>The reason we don't use TCP for both protocols is that UDP is much
|
||||||
|
better for encapsulation, even while it is less reliable. The real
|
||||||
|
problem is that when TCP would be used to encapsulate a TCP stream
|
||||||
|
that's on the private network, for every packet sent there would be
|
||||||
|
three ACKs sent instead of just one. Furthermore, if there would be
|
||||||
|
a timeout, both TCP streams would sense the timeout, and both would
|
||||||
|
start re-sending packets.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="The-meta_002dprotocol"></a>
|
||||||
|
<a name="SEC60"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC59" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC61" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 6.2 The meta-protocol </h2>
|
||||||
|
|
||||||
|
<p>The meta protocol is used to tie all tinc daemons together, and
|
||||||
|
exchange information about which tinc daemon serves which virtual
|
||||||
|
subnet.
|
||||||
|
</p>
|
||||||
|
<p>The meta protocol consists of requests that can be sent to the other
|
||||||
|
side. Each request has a unique number and several parameters. All
|
||||||
|
requests are represented in the standard ASCII character set. It is
|
||||||
|
possible to use tools such as telnet or netcat to connect to a tinc
|
||||||
|
daemon started with the –bypass-security option
|
||||||
|
and to read and write requests by hand, provided that one
|
||||||
|
understands the numeric codes sent.
|
||||||
|
</p>
|
||||||
|
<p>The authentication scheme is described in <a href="#SEC62">Authentication protocol</a>. After a
|
||||||
|
successful authentication, the server and the client will exchange all the
|
||||||
|
information about other tinc daemons and subnets they know of, so that both
|
||||||
|
sides (and all the other tinc daemons behind them) have their information
|
||||||
|
synchronised.
|
||||||
|
</p>
|
||||||
|
<a name="IDX74"></a>
|
||||||
|
<a name="IDX75"></a>
|
||||||
|
<table><tr><td> </td><td><pre class="example">message
|
||||||
|
------------------------------------------------------------------
|
||||||
|
ADD_EDGE node1 node2 21.32.43.54 655 222 0
|
||||||
|
| | | | | +-> options
|
||||||
|
| | | | +----> weight
|
||||||
|
| | | +--------> UDP port of node2
|
||||||
|
| | +----------------> real address of node2
|
||||||
|
| +-------------------------> name of destination node
|
||||||
|
+-------------------------------> name of source node
|
||||||
|
|
||||||
|
ADD_SUBNET node 192.168.1.0/24
|
||||||
|
| | +--> prefixlength
|
||||||
|
| +--------> network address
|
||||||
|
+------------------> owner of this subnet
|
||||||
|
------------------------------------------------------------------
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>The ADD_EDGE messages are to inform other tinc daemons that a connection between
|
||||||
|
two nodes exist. The address of the destination node is available so that
|
||||||
|
VPN packets can be sent directly to that node.
|
||||||
|
</p>
|
||||||
|
<p>The ADD_SUBNET messages inform other tinc daemons that certain subnets belong
|
||||||
|
to certain nodes. tinc will use it to determine to which node a VPN packet has
|
||||||
|
to be sent.
|
||||||
|
</p>
|
||||||
|
<a name="IDX76"></a>
|
||||||
|
<a name="IDX77"></a>
|
||||||
|
<table><tr><td> </td><td><pre class="example">message
|
||||||
|
------------------------------------------------------------------
|
||||||
|
DEL_EDGE node1 node2
|
||||||
|
| +----> name of destination node
|
||||||
|
+----------> name of source node
|
||||||
|
|
||||||
|
DEL_SUBNET node 192.168.1.0/24
|
||||||
|
| | +--> prefixlength
|
||||||
|
| +--------> network address
|
||||||
|
+------------------> owner of this subnet
|
||||||
|
------------------------------------------------------------------
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>In case a connection between two daemons is closed or broken, DEL_EDGE messages
|
||||||
|
are sent to inform the other daemons of that fact. Each daemon will calculate a
|
||||||
|
new route to the the daemons, or mark them unreachable if there isn't any.
|
||||||
|
</p>
|
||||||
|
<a name="IDX78"></a>
|
||||||
|
<a name="IDX79"></a>
|
||||||
|
<a name="IDX80"></a>
|
||||||
|
<table><tr><td> </td><td><pre class="example">message
|
||||||
|
------------------------------------------------------------------
|
||||||
|
REQ_KEY origin destination
|
||||||
|
| +--> name of the tinc daemon it wants the key from
|
||||||
|
+----------> name of the daemon that wants the key
|
||||||
|
|
||||||
|
ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4
|
||||||
|
| | \______________/ | | +--> MAC length
|
||||||
|
| | | | +-----> digest algorithm
|
||||||
|
| | | +--------> cipher algorithm
|
||||||
|
| | +--> 128 bits key
|
||||||
|
| +--> name of the daemon that wants the key
|
||||||
|
+----------> name of the daemon that uses this key
|
||||||
|
|
||||||
|
KEY_CHANGED origin
|
||||||
|
+--> daemon that has changed it's packet key
|
||||||
|
------------------------------------------------------------------
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>The keys used to encrypt VPN packets are not sent out directly. This is
|
||||||
|
because it would generate a lot of traffic on VPNs with many daemons, and
|
||||||
|
chances are that not every tinc daemon will ever send a packet to every
|
||||||
|
other daemon. Instead, if a daemon needs a key it sends a request for it
|
||||||
|
via the meta connection of the nearest hop in the direction of the
|
||||||
|
destination.
|
||||||
|
</p>
|
||||||
|
<a name="IDX81"></a>
|
||||||
|
<table><tr><td> </td><td><pre class="example">daemon message
|
||||||
|
------------------------------------------------------------------
|
||||||
|
origin PING
|
||||||
|
dest. PONG
|
||||||
|
------------------------------------------------------------------
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>There is also a mechanism to check if hosts are still alive. Since network
|
||||||
|
failures or a crash can cause a daemon to be killed without properly
|
||||||
|
shutting down the TCP connection, this is necessary to keep an up to date
|
||||||
|
connection list. PINGs are sent at regular intervals, except when there
|
||||||
|
is also some other traffic. A little bit of salt (random data) is added
|
||||||
|
with each PING and PONG message, to make sure that long sequences of PING/PONG
|
||||||
|
messages without any other traffic won't result in known plaintext.
|
||||||
|
</p>
|
||||||
|
<p>This basically covers what is sent over the meta connection by tinc.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Security"></a>
|
||||||
|
<a name="SEC61"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC60" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC62" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h2 class="section"> 6.3 Security </h2>
|
||||||
|
|
||||||
|
<a name="IDX82"></a>
|
||||||
|
<p>Tinc got its name from “TINC,” short for <em>There Is No Cabal</em>; the
|
||||||
|
alleged Cabal was/is an organisation that was said to keep an eye on the
|
||||||
|
entire Internet. As this is exactly what you <em>don't</em> want, we named
|
||||||
|
the tinc project after TINC.
|
||||||
|
</p>
|
||||||
|
<p>But in order to be “immune” to eavesdropping, you'll have to encrypt
|
||||||
|
your data. Because tinc is a <em>Secure</em> VPN (SVPN) daemon, it does
|
||||||
|
exactly that: encrypt.
|
||||||
|
Tinc by default uses blowfish encryption with 128 bit keys in CBC mode, 32 bit
|
||||||
|
sequence numbers and 4 byte long message authentication codes to make sure
|
||||||
|
eavesdroppers cannot get and cannot change any information at all from the
|
||||||
|
packets they can intercept. The encryption algorithm and message authentication
|
||||||
|
algorithm can be changed in the configuration. The length of the message
|
||||||
|
authentication codes is also adjustable. The length of the key for the
|
||||||
|
encryption algorithm is always the default length used by OpenSSL.
|
||||||
|
</p>
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC62">6.3.1 Authentication protocol</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC63">6.3.2 Encryption of network packets</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC64">6.3.3 Security issues</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Authentication-protocol"></a>
|
||||||
|
<a name="SEC62"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC61" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC63" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC61" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 6.3.1 Authentication protocol </h3>
|
||||||
|
|
||||||
|
<a name="IDX83"></a>
|
||||||
|
<p>A new scheme for authentication in tinc has been devised, which offers some
|
||||||
|
improvements over the protocol used in 1.0pre2 and 1.0pre3. Explanation is
|
||||||
|
below.
|
||||||
|
</p>
|
||||||
|
<a name="IDX84"></a>
|
||||||
|
<a name="IDX85"></a>
|
||||||
|
<a name="IDX86"></a>
|
||||||
|
<a name="IDX87"></a>
|
||||||
|
<table><tr><td> </td><td><pre class="example">daemon message
|
||||||
|
--------------------------------------------------------------------------
|
||||||
|
client <attempts connection>
|
||||||
|
|
||||||
|
server <accepts connection>
|
||||||
|
|
||||||
|
client ID client 12
|
||||||
|
| +---> version
|
||||||
|
+-------> name of tinc daemon
|
||||||
|
|
||||||
|
server ID server 12
|
||||||
|
| +---> version
|
||||||
|
+-------> name of tinc daemon
|
||||||
|
|
||||||
|
client META_KEY 5f0823a93e35b69e...7086ec7866ce582b
|
||||||
|
\_________________________________/
|
||||||
|
+-> RSAKEYLEN bits totally random string S1,
|
||||||
|
encrypted with server's public RSA key
|
||||||
|
|
||||||
|
server META_KEY 6ab9c1640388f8f0...45d1a07f8a672630
|
||||||
|
\_________________________________/
|
||||||
|
+-> RSAKEYLEN bits totally random string S2,
|
||||||
|
encrypted with client's public RSA key
|
||||||
|
|
||||||
|
From now on:
|
||||||
|
- the client will symmetrically encrypt outgoing traffic using S1
|
||||||
|
- the server will symmetrically encrypt outgoing traffic using S2
|
||||||
|
|
||||||
|
client CHALLENGE da02add1817c1920989ba6ae2a49cecbda0
|
||||||
|
\_________________________________/
|
||||||
|
+-> CHALLEN bits totally random string H1
|
||||||
|
|
||||||
|
server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d57f
|
||||||
|
\_________________________________/
|
||||||
|
+-> CHALLEN bits totally random string H2
|
||||||
|
|
||||||
|
client CHAL_REPLY 816a86
|
||||||
|
+-> 160 bits SHA1 of H2
|
||||||
|
|
||||||
|
server CHAL_REPLY 928ffe
|
||||||
|
+-> 160 bits SHA1 of H1
|
||||||
|
|
||||||
|
After the correct challenge replies are received, both ends have proved
|
||||||
|
their identity. Further information is exchanged.
|
||||||
|
|
||||||
|
client ACK 655 123 0
|
||||||
|
| | +-> options
|
||||||
|
| +----> estimated weight
|
||||||
|
+--------> listening port of client
|
||||||
|
|
||||||
|
server ACK 655 321 0
|
||||||
|
| | +-> options
|
||||||
|
| +----> estimated weight
|
||||||
|
+--------> listening port of server
|
||||||
|
--------------------------------------------------------------------------
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>This new scheme has several improvements, both in efficiency and security.
|
||||||
|
</p>
|
||||||
|
<p>First of all, the server sends exactly the same kind of messages over the wire
|
||||||
|
as the client. The previous versions of tinc first authenticated the client,
|
||||||
|
and then the server. This scheme even allows both sides to send their messages
|
||||||
|
simultaneously, there is no need to wait for the other to send something first.
|
||||||
|
This means that any calculations that need to be done upon sending or receiving
|
||||||
|
a message can also be done in parallel. This is especially important when doing
|
||||||
|
RSA encryption/decryption. Given that these calculations are the main part of
|
||||||
|
the CPU time spent for the authentication, speed is improved by a factor 2.
|
||||||
|
</p>
|
||||||
|
<p>Second, only one RSA encrypted message is sent instead of two. This reduces the
|
||||||
|
amount of information attackers can see (and thus use for a cryptographic
|
||||||
|
attack). It also improves speed by a factor two, making the total speedup a
|
||||||
|
factor 4.
|
||||||
|
</p>
|
||||||
|
<p>Third, and most important:
|
||||||
|
The symmetric cipher keys are exchanged first, the challenge is done
|
||||||
|
afterwards. In the previous authentication scheme, because a man-in-the-middle
|
||||||
|
could pass the challenge/chal_reply phase (by just copying the messages between
|
||||||
|
the two real tinc daemons), but no information was exchanged that was really
|
||||||
|
needed to read the rest of the messages, the challenge/chal_reply phase was of
|
||||||
|
no real use. The man-in-the-middle was only stopped by the fact that only after
|
||||||
|
the ACK messages were encrypted with the symmetric cipher. Potentially, it
|
||||||
|
could even send it's own symmetric key to the server (if it knew the server's
|
||||||
|
public key) and read some of the metadata the server would send it (it was
|
||||||
|
impossible for the mitm to read actual network packets though). The new scheme
|
||||||
|
however prevents this.
|
||||||
|
</p>
|
||||||
|
<p>This new scheme makes sure that first of all, symmetric keys are exchanged. The
|
||||||
|
rest of the messages are then encrypted with the symmetric cipher. Then, each
|
||||||
|
side can only read received messages if they have their private key. The
|
||||||
|
challenge is there to let the other side know that the private key is really
|
||||||
|
known, because a challenge reply can only be sent back if the challenge is
|
||||||
|
decrypted correctly, and that can only be done with knowledge of the private
|
||||||
|
key.
|
||||||
|
</p>
|
||||||
|
<p>Fourth: the first thing that is sent via the symmetric cipher encrypted
|
||||||
|
connection is a totally random string, so that there is no known plaintext (for
|
||||||
|
an attacker) in the beginning of the encrypted stream.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Encryption-of-network-packets"></a>
|
||||||
|
<a name="SEC63"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC62" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC64" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC61" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 6.3.2 Encryption of network packets </h3>
|
||||||
|
<a name="IDX88"></a>
|
||||||
|
|
||||||
|
<p>A data packet can only be sent if the encryption key is known to both
|
||||||
|
parties, and the connection is activated. If the encryption key is not
|
||||||
|
known, a request is sent to the destination using the meta connection
|
||||||
|
to retrieve it. The packet is stored in a queue while waiting for the
|
||||||
|
key to arrive.
|
||||||
|
</p>
|
||||||
|
<p>The UDP packet containing the network packet from the VPN has the following layout:
|
||||||
|
</p>
|
||||||
|
<table><tr><td> </td><td><pre class="example">... | IP header | UDP header | seqno | VPN packet | MAC | UDP trailer
|
||||||
|
\___________________/\_____/
|
||||||
|
| |
|
||||||
|
V +---> digest algorithm
|
||||||
|
Encrypted with symmetric cipher
|
||||||
|
</pre></td></tr></table>
|
||||||
|
|
||||||
|
<p>So, the entire VPN packet is encrypted using a symmetric cipher, including a 32 bits
|
||||||
|
sequence number that is added in front of the actual VPN packet, to act as a unique
|
||||||
|
IV for each packet and to prevent replay attacks. A message authentication code
|
||||||
|
is added to the UDP packet to prevent alteration of packets. By default the
|
||||||
|
first 4 bytes of the digest are used for this, but this can be changed using
|
||||||
|
the MACLength configuration variable.
|
||||||
|
</p>
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Security-issues"></a>
|
||||||
|
<a name="SEC64"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC63" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC61" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h3 class="subsection"> 6.3.3 Security issues </h3>
|
||||||
|
|
||||||
|
<p>In August 2000, we discovered the existence of a security hole in all versions
|
||||||
|
of tinc up to and including 1.0pre2. This had to do with the way we exchanged
|
||||||
|
keys. Since then, we have been working on a new authentication scheme to make
|
||||||
|
tinc as secure as possible. The current version uses the OpenSSL library and
|
||||||
|
uses strong authentication with RSA keys.
|
||||||
|
</p>
|
||||||
|
<p>On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
|
||||||
|
1.0pre4. Due to a lack of sequence numbers and a message authentication code
|
||||||
|
for each packet, an attacker could possibly disrupt certain network services or
|
||||||
|
launch a denial of service attack by replaying intercepted packets. The current
|
||||||
|
version adds sequence numbers and message authentication codes to prevent such
|
||||||
|
attacks.
|
||||||
|
</p>
|
||||||
|
<p>On the 15th of September 2003, Peter Gutmann posted a security analysis of tinc
|
||||||
|
1.0.1. He argues that the 32 bit sequence number used by tinc is not a good IV,
|
||||||
|
that tinc's default length of 4 bytes for the MAC is too short, and he doesn't
|
||||||
|
like tinc's use of RSA during authentication. We do not know of a security hole
|
||||||
|
in this version of tinc, but tinc's security is not as strong as TLS or IPsec.
|
||||||
|
We will address these issues in tinc 2.0.
|
||||||
|
</p>
|
||||||
|
<p>Cryptography is a hard thing to get right. We cannot make any
|
||||||
|
guarantees. Time, review and feedback are the only things that can
|
||||||
|
prove the security of any cryptographic product. If you wish to review
|
||||||
|
tinc or give us feedback, you are stronly encouraged to do so.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_6.html#SEC65" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<p>
|
||||||
|
<font size="-1">
|
||||||
|
This document was generated by <em>Guus Sliepen</em> on <em>December, 26 2008</em> using <a href="http://www.nongnu.org/texi2html/"><em>texi2html 1.78</em></a>.
|
||||||
|
</font>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
82
doc/tinc/tinc_6.html
Normal file
82
doc/tinc/tinc_6.html
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
|
||||||
|
<html>
|
||||||
|
<!-- Created on December, 26 2008 by texi2html 1.78 -->
|
||||||
|
<!--
|
||||||
|
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
|
||||||
|
Karl Berry <karl@freefriends.org>
|
||||||
|
Olaf Bachmann <obachman@mathematik.uni-kl.de>
|
||||||
|
and many others.
|
||||||
|
Maintained by: Many creative people.
|
||||||
|
Send bugs and suggestions to <texi2html-bug@nongnu.org>
|
||||||
|
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<title>tinc Manual: 7. Platform specific information</title>
|
||||||
|
|
||||||
|
<meta name="description" content="tinc Manual: 7. Platform specific information">
|
||||||
|
<meta name="keywords" content="tinc Manual: 7. Platform specific information">
|
||||||
|
<meta name="resource-type" content="document">
|
||||||
|
<meta name="distribution" content="global">
|
||||||
|
<meta name="Generator" content="texi2html 1.78">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
<style type="text/css">
|
||||||
|
<!--
|
||||||
|
a.summary-letter {text-decoration: none}
|
||||||
|
pre.display {font-family: serif}
|
||||||
|
pre.format {font-family: serif}
|
||||||
|
pre.menu-comment {font-family: serif}
|
||||||
|
pre.menu-preformatted {font-family: serif}
|
||||||
|
pre.smalldisplay {font-family: serif; font-size: smaller}
|
||||||
|
pre.smallexample {font-size: smaller}
|
||||||
|
pre.smallformat {font-family: serif; font-size: smaller}
|
||||||
|
pre.smalllisp {font-size: smaller}
|
||||||
|
span.roman {font-family:serif; font-weight:normal;}
|
||||||
|
span.sansserif {font-family:sans-serif; font-weight:normal;}
|
||||||
|
ul.toc {list-style: none}
|
||||||
|
-->
|
||||||
|
</style>
|
||||||
|
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
|
||||||
|
|
||||||
|
<a name="Platform-specific-information"></a>
|
||||||
|
<a name="SEC65"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="tinc_5.html#SEC64" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC66" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_5.html#SEC56" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_7.html#SEC68" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_0.html#SEC1" title="Cover (top) of document">Top</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_toc.html#SEC_Contents" title="Table of contents">Contents</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_8.html#SEC71" title="Index">Index</a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
|
||||||
|
</tr></table>
|
||||||
|
<h1 class="chapter"> 7. Platform specific information </h1>
|
||||||
|
|
||||||
|
<table class="menu" border="0" cellspacing="0">
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC66">7.1 Interface configuration</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
<tr><td align="left" valign="top"><a href="#SEC67">7.2 Routes</a></td><td> </td><td align="left" valign="top">
|
||||||
|
</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<hr size="6">
|
||||||
|
<a name="Interface-configuration"></a>
|
||||||
|
<a name="SEC66"></a>
|
||||||
|
<table cellpadding="1" cellspacing="1" border="0">
|
||||||
|
<tr><td valign="middle" align="left">[<a href="#SEC65" title="Previous section in reading order"> < </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC67" title="Next section in reading order"> > </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC65" title="Beginning of this chapter or previous chapter"> << </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="#SEC65" title="Up section"> Up </a>]</td>
|
||||||
|
<td valign="middle" align="left">[<a href="tinc_7.html#SEC68" title="Next chapter"> >> </a>]</td>
|
||||||
|
<td valign="middle" align="left"> </td>
|
||||||
|
<td valign="middl
|
222
install-sh
222
install-sh
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# install - install a program, script, or datafile
|
# install - install a program, script, or datafile
|
||||||
|
|
||||||
scriptversion=2006-10-14.15
|
scriptversion=2006-12-25.00
|
||||||
|
|
||||||
# This originates from X11R5 (mit/util/scripts/install.sh), which was
|
# This originates from X11R5 (mit/util/scripts/install.sh), which was
|
||||||
# later released in X11R6 (xc/config/util/install.sh) with the
|
# later released in X11R6 (xc/config/util/install.sh) with the
|
||||||
|
@ -48,7 +48,7 @@ IFS=" "" $nl"
|
||||||
# set DOITPROG to echo to test this script
|
# set DOITPROG to echo to test this script
|
||||||
|
|
||||||
# Don't use :- since 4.3BSD and earlier shells don't like it.
|
# Don't use :- since 4.3BSD and earlier shells don't like it.
|
||||||
doit="${DOITPROG-}"
|
doit=${DOITPROG-}
|
||||||
if test -z "$doit"; then
|
if test -z "$doit"; then
|
||||||
doit_exec=exec
|
doit_exec=exec
|
||||||
else
|
else
|
||||||
|
@ -58,34 +58,49 @@ fi
|
||||||
# Put in absolute file names if you don't have them in your path;
|
# Put in absolute file names if you don't have them in your path;
|
||||||
# or use environment vars.
|
# or use environment vars.
|
||||||
|
|
||||||
mvprog="${MVPROG-mv}"
|
chgrpprog=${CHGRPPROG-chgrp}
|
||||||
cpprog="${CPPROG-cp}"
|
chmodprog=${CHMODPROG-chmod}
|
||||||
chmodprog="${CHMODPROG-chmod}"
|
chownprog=${CHOWNPROG-chown}
|
||||||
chownprog="${CHOWNPROG-chown}"
|
cmpprog=${CMPPROG-cmp}
|
||||||
chgrpprog="${CHGRPPROG-chgrp}"
|
cpprog=${CPPROG-cp}
|
||||||
stripprog="${STRIPPROG-strip}"
|
mkdirprog=${MKDIRPROG-mkdir}
|
||||||
rmprog="${RMPROG-rm}"
|
mvprog=${MVPROG-mv}
|
||||||
mkdirprog="${MKDIRPROG-mkdir}"
|
rmprog=${RMPROG-rm}
|
||||||
|
stripprog=${STRIPPROG-strip}
|
||||||
|
|
||||||
|
posix_glob='?'
|
||||||
|
initialize_posix_glob='
|
||||||
|
test "$posix_glob" != "?" || {
|
||||||
|
if (set -f) 2>/dev/null; then
|
||||||
|
posix_glob=
|
||||||
|
else
|
||||||
|
posix_glob=:
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
'
|
||||||
|
|
||||||
posix_glob=
|
|
||||||
posix_mkdir=
|
posix_mkdir=
|
||||||
|
|
||||||
# Desired mode of installed file.
|
# Desired mode of installed file.
|
||||||
mode=0755
|
mode=0755
|
||||||
|
|
||||||
|
chgrpcmd=
|
||||||
chmodcmd=$chmodprog
|
chmodcmd=$chmodprog
|
||||||
chowncmd=
|
chowncmd=
|
||||||
chgrpcmd=
|
mvcmd=$mvprog
|
||||||
stripcmd=
|
|
||||||
rmcmd="$rmprog -f"
|
rmcmd="$rmprog -f"
|
||||||
mvcmd="$mvprog"
|
stripcmd=
|
||||||
|
|
||||||
src=
|
src=
|
||||||
dst=
|
dst=
|
||||||
dir_arg=
|
dir_arg=
|
||||||
dstarg=
|
dst_arg=
|
||||||
|
|
||||||
|
copy_on_change=false
|
||||||
no_target_directory=
|
no_target_directory=
|
||||||
|
|
||||||
usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
|
usage="\
|
||||||
|
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
|
||||||
or: $0 [OPTION]... SRCFILES... DIRECTORY
|
or: $0 [OPTION]... SRCFILES... DIRECTORY
|
||||||
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
|
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
|
||||||
or: $0 [OPTION]... -d DIRECTORIES...
|
or: $0 [OPTION]... -d DIRECTORIES...
|
||||||
|
@ -95,65 +110,55 @@ In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
|
||||||
In the 4th, create DIRECTORIES.
|
In the 4th, create DIRECTORIES.
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
-c (ignored)
|
--help display this help and exit.
|
||||||
-d create directories instead of installing files.
|
--version display version info and exit.
|
||||||
-g GROUP $chgrpprog installed files to GROUP.
|
|
||||||
-m MODE $chmodprog installed files to MODE.
|
-c (ignored)
|
||||||
-o USER $chownprog installed files to USER.
|
-C install only if different (preserve the last data modification time)
|
||||||
-s $stripprog installed files.
|
-d create directories instead of installing files.
|
||||||
-t DIRECTORY install into DIRECTORY.
|
-g GROUP $chgrpprog installed files to GROUP.
|
||||||
-T report an error if DSTFILE is a directory.
|
-m MODE $chmodprog installed files to MODE.
|
||||||
--help display this help and exit.
|
-o USER $chownprog installed files to USER.
|
||||||
--version display version info and exit.
|
-s $stripprog installed files.
|
||||||
|
-t DIRECTORY install into DIRECTORY.
|
||||||
|
-T report an error if DSTFILE is a directory.
|
||||||
|
|
||||||
Environment variables override the default commands:
|
Environment variables override the default commands:
|
||||||
CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
|
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
|
||||||
|
RMPROG STRIPPROG
|
||||||
"
|
"
|
||||||
|
|
||||||
while test $# -ne 0; do
|
while test $# -ne 0; do
|
||||||
case $1 in
|
case $1 in
|
||||||
-c) shift
|
-c) ;;
|
||||||
continue;;
|
|
||||||
|
|
||||||
-d) dir_arg=true
|
-C) copy_on_change=true;;
|
||||||
shift
|
|
||||||
continue;;
|
-d) dir_arg=true;;
|
||||||
|
|
||||||
-g) chgrpcmd="$chgrpprog $2"
|
-g) chgrpcmd="$chgrpprog $2"
|
||||||
shift
|
shift;;
|
||||||
shift
|
|
||||||
continue;;
|
|
||||||
|
|
||||||
--help) echo "$usage"; exit $?;;
|
--help) echo "$usage"; exit $?;;
|
||||||
|
|
||||||
-m) mode=$2
|
-m) mode=$2
|
||||||
shift
|
|
||||||
shift
|
|
||||||
case $mode in
|
case $mode in
|
||||||
*' '* | *' '* | *'
|
*' '* | *' '* | *'
|
||||||
'* | *'*'* | *'?'* | *'['*)
|
'* | *'*'* | *'?'* | *'['*)
|
||||||
echo "$0: invalid mode: $mode" >&2
|
echo "$0: invalid mode: $mode" >&2
|
||||||
exit 1;;
|
exit 1;;
|
||||||
esac
|
esac
|
||||||
continue;;
|
shift;;
|
||||||
|
|
||||||
-o) chowncmd="$chownprog $2"
|
-o) chowncmd="$chownprog $2"
|
||||||
shift
|
shift;;
|
||||||
shift
|
|
||||||
continue;;
|
|
||||||
|
|
||||||
-s) stripcmd=$stripprog
|
-s) stripcmd=$stripprog;;
|
||||||
shift
|
|
||||||
continue;;
|
|
||||||
|
|
||||||
-t) dstarg=$2
|
-t) dst_arg=$2
|
||||||
shift
|
shift;;
|
||||||
shift
|
|
||||||
continue;;
|
|
||||||
|
|
||||||
-T) no_target_directory=true
|
-T) no_target_directory=true;;
|
||||||
shift
|
|
||||||
continue;;
|
|
||||||
|
|
||||||
--version) echo "$0 $scriptversion"; exit $?;;
|
--version) echo "$0 $scriptversion"; exit $?;;
|
||||||
|
|
||||||
|
@ -165,21 +170,22 @@ while test $# -ne 0; do
|
||||||
|
|
||||||
*) break;;
|
*) break;;
|
||||||
esac
|
esac
|
||||||
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
if test $# -ne 0 && test -z "$dir_arg$dstarg"; then
|
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
|
||||||
# When -d is used, all remaining arguments are directories to create.
|
# When -d is used, all remaining arguments are directories to create.
|
||||||
# When -t is used, the destination is already specified.
|
# When -t is used, the destination is already specified.
|
||||||
# Otherwise, the last argument is the destination. Remove it from $@.
|
# Otherwise, the last argument is the destination. Remove it from $@.
|
||||||
for arg
|
for arg
|
||||||
do
|
do
|
||||||
if test -n "$dstarg"; then
|
if test -n "$dst_arg"; then
|
||||||
# $@ is not empty: it contains at least $arg.
|
# $@ is not empty: it contains at least $arg.
|
||||||
set fnord "$@" "$dstarg"
|
set fnord "$@" "$dst_arg"
|
||||||
shift # fnord
|
shift # fnord
|
||||||
fi
|
fi
|
||||||
shift # arg
|
shift # arg
|
||||||
dstarg=$arg
|
dst_arg=$arg
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -224,7 +230,7 @@ for src
|
||||||
do
|
do
|
||||||
# Protect names starting with `-'.
|
# Protect names starting with `-'.
|
||||||
case $src in
|
case $src in
|
||||||
-*) src=./$src ;;
|
-*) src=./$src;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if test -n "$dir_arg"; then
|
if test -n "$dir_arg"; then
|
||||||
|
@ -242,22 +248,22 @@ do
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test -z "$dstarg"; then
|
if test -z "$dst_arg"; then
|
||||||
echo "$0: no destination specified." >&2
|
echo "$0: no destination specified." >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
dst=$dstarg
|
dst=$dst_arg
|
||||||
# Protect names starting with `-'.
|
# Protect names starting with `-'.
|
||||||
case $dst in
|
case $dst in
|
||||||
-*) dst=./$dst ;;
|
-*) dst=./$dst;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# If destination is a directory, append the input filename; won't work
|
# If destination is a directory, append the input filename; won't work
|
||||||
# if double slashes aren't ignored.
|
# if double slashes aren't ignored.
|
||||||
if test -d "$dst"; then
|
if test -d "$dst"; then
|
||||||
if test -n "$no_target_directory"; then
|
if test -n "$no_target_directory"; then
|
||||||
echo "$0: $dstarg: Is a directory" >&2
|
echo "$0: $dst_arg: Is a directory" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
dstdir=$dst
|
dstdir=$dst
|
||||||
|
@ -378,26 +384,19 @@ do
|
||||||
# directory the slow way, step by step, checking for races as we go.
|
# directory the slow way, step by step, checking for races as we go.
|
||||||
|
|
||||||
case $dstdir in
|
case $dstdir in
|
||||||
/*) prefix=/ ;;
|
/*) prefix='/';;
|
||||||
-*) prefix=./ ;;
|
-*) prefix='./';;
|
||||||
*) prefix= ;;
|
*) prefix='';;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
case $posix_glob in
|
eval "$initialize_posix_glob"
|
||||||
'')
|
|
||||||
if (set -f) 2>/dev/null; then
|
|
||||||
posix_glob=true
|
|
||||||
else
|
|
||||||
posix_glob=false
|
|
||||||
fi ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
oIFS=$IFS
|
oIFS=$IFS
|
||||||
IFS=/
|
IFS=/
|
||||||
$posix_glob && set -f
|
$posix_glob set -f
|
||||||
set fnord $dstdir
|
set fnord $dstdir
|
||||||
shift
|
shift
|
||||||
$posix_glob && set +f
|
$posix_glob set +f
|
||||||
IFS=$oIFS
|
IFS=$oIFS
|
||||||
|
|
||||||
prefixes=
|
prefixes=
|
||||||
|
@ -459,41 +458,54 @@ do
|
||||||
# ignore errors from any of these, just make sure not to ignore
|
# ignore errors from any of these, just make sure not to ignore
|
||||||
# errors from the above "$doit $cpprog $src $dsttmp" command.
|
# errors from the above "$doit $cpprog $src $dsttmp" command.
|
||||||
#
|
#
|
||||||
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
|
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
|
||||||
&& { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
|
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
|
||||||
&& { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
|
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
|
||||||
&& { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
|
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
|
||||||
|
|
||||||
# Now rename the file to the real destination.
|
# If -C, don't bother to copy if it wouldn't change the file.
|
||||||
{ $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \
|
if $copy_on_change &&
|
||||||
|| {
|
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
|
||||||
# The rename failed, perhaps because mv can't rename something else
|
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
|
||||||
# to itself, or perhaps because mv is so ancient that it does not
|
|
||||||
# support -f.
|
|
||||||
|
|
||||||
# Now remove or move aside any old file at destination location.
|
eval "$initialize_posix_glob" &&
|
||||||
# We try this two ways since rm can't unlink itself on some
|
$posix_glob set -f &&
|
||||||
# systems and the destination file might be busy for other
|
set X $old && old=:$2:$4:$5:$6 &&
|
||||||
# reasons. In this case, the final cleanup might fail but the new
|
set X $new && new=:$2:$4:$5:$6 &&
|
||||||
# file should still install successfully.
|
$posix_glob set +f &&
|
||||||
{
|
|
||||||
if test -f "$dst"; then
|
|
||||||
$doit $rmcmd -f "$dst" 2>/dev/null \
|
|
||||||
|| { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \
|
|
||||||
&& { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\
|
|
||||||
|| {
|
|
||||||
echo "$0: cannot unlink or rename $dst" >&2
|
|
||||||
(exit 1); exit 1
|
|
||||||
}
|
|
||||||
else
|
|
||||||
:
|
|
||||||
fi
|
|
||||||
} &&
|
|
||||||
|
|
||||||
# Now rename the file to the real destination.
|
test "$old" = "$new" &&
|
||||||
$doit $mvcmd "$dsttmp" "$dst"
|
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
|
||||||
}
|
then
|
||||||
} || exit 1
|
rm -f "$dsttmp"
|
||||||
|
else
|
||||||
|
# Rename the file to the real destination.
|
||||||
|
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
|
||||||
|
|
||||||
|
# The rename failed, perhaps because mv can't rename something else
|
||||||
|
# to itself, or perhaps because mv is so ancient that it does not
|
||||||
|
# support -f.
|
||||||
|
{
|
||||||
|
# Now remove or move aside any old file at destination location.
|
||||||
|
# We try this two ways since rm can't unlink itself on some
|
||||||
|
# systems and the destination file might be busy for other
|
||||||
|
# reasons. In this case, the final cleanup might fail but the new
|
||||||
|
# file should still install successfully.
|
||||||
|
{
|
||||||
|
test ! -f "$dst" ||
|
||||||
|
$doit $rmcmd -f "$dst" 2>/dev/null ||
|
||||||
|
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
|
||||||
|
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
|
||||||
|
} ||
|
||||||
|
{ echo "$0: cannot unlink or rename $dst" >&2
|
||||||
|
(exit 1); exit 1
|
||||||
|
}
|
||||||
|
} &&
|
||||||
|
|
||||||
|
# Now rename the file to the real destination.
|
||||||
|
$doit $mvcmd "$dsttmp" "$dst"
|
||||||
|
}
|
||||||
|
fi || exit 1
|
||||||
|
|
||||||
trap '' 0
|
trap '' 0
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# Makefile.in generated by automake 1.10 from Makefile.am.
|
# Makefile.in generated by automake 1.10.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
|
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
# with or without modifications, as long as this notice is preserved.
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
@ -60,7 +60,7 @@ am_libvpn_a_OBJECTS = xmalloc.$(OBJEXT) pidfile.$(OBJEXT) \
|
||||||
list.$(OBJEXT) avl_tree.$(OBJEXT) dropin.$(OBJEXT) \
|
list.$(OBJEXT) avl_tree.$(OBJEXT) dropin.$(OBJEXT) \
|
||||||
fake-getaddrinfo.$(OBJEXT) fake-getnameinfo.$(OBJEXT)
|
fake-getaddrinfo.$(OBJEXT) fake-getnameinfo.$(OBJEXT)
|
||||||
libvpn_a_OBJECTS = $(am_libvpn_a_OBJECTS)
|
libvpn_a_OBJECTS = $(am_libvpn_a_OBJECTS)
|
||||||
DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@
|
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
|
||||||
depcomp = $(SHELL) $(top_srcdir)/depcomp
|
depcomp = $(SHELL) $(top_srcdir)/depcomp
|
||||||
am__depfiles_maybe = depfiles
|
am__depfiles_maybe = depfiles
|
||||||
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
||||||
|
@ -269,8 +269,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
mkid -fID $$unique
|
mkid -fID $$unique
|
||||||
tags: TAGS
|
tags: TAGS
|
||||||
|
|
||||||
|
@ -282,8 +282,8 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
|
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
|
||||||
test -n "$$unique" || unique=$$empty_fix; \
|
test -n "$$unique" || unique=$$empty_fix; \
|
||||||
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
||||||
|
@ -293,13 +293,12 @@ ctags: CTAGS
|
||||||
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
|
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
|
||||||
$(TAGS_FILES) $(LISP)
|
$(TAGS_FILES) $(LISP)
|
||||||
tags=; \
|
tags=; \
|
||||||
here=`pwd`; \
|
|
||||||
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|
||||||
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
||||||
$$tags $$unique
|
$$tags $$unique
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# Makefile.in generated by automake 1.10 from Makefile.am.
|
# Makefile.in generated by automake 1.10.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
|
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
# with or without modifications, as long as this notice is preserved.
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
|
BIN
po/nl.gmo
BIN
po/nl.gmo
Binary file not shown.
176
po/nl.po
176
po/nl.po
|
@ -1,13 +1,13 @@
|
||||||
# Dutch messages for tinc
|
# Dutch messages for tinc
|
||||||
# Copyright (C) 1999-2007 Ivo Timmermans, Guus Sliepen.
|
# Copyright (C) 1999-2008 Ivo Timmermans, Guus Sliepen.
|
||||||
# Ivo Timmermans <ivo@tinc-vpn.org>, 1999-2006.
|
# Ivo Timmermans <ivo@tinc-vpn.org>, 1999-2006.
|
||||||
# Guus Sliepen <guus@tinc-vpn.org>, 2000-2007.
|
# Guus Sliepen <guus@tinc-vpn.org>, 2000-2008.
|
||||||
msgid ""
|
msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: tinc 1.0-svn\n"
|
"Project-Id-Version: tinc 1.0-svn\n"
|
||||||
"Report-Msgid-Bugs-To: tinc-devel@tinc-vpn.org\n"
|
"Report-Msgid-Bugs-To: tinc-devel@tinc-vpn.org\n"
|
||||||
"POT-Creation-Date: 2007-05-16 16:50+0200\n"
|
"POT-Creation-Date: 2008-12-24 11:43+0100\n"
|
||||||
"PO-Revision-Date: 2007-05-16 16:40+0200\n"
|
"PO-Revision-Date: 2008-12-24 11:45+0100\n"
|
||||||
"Last-Translator: Guus Sliepen <guus@tinc-vpn.org>\n"
|
"Last-Translator: Guus Sliepen <guus@tinc-vpn.org>\n"
|
||||||
"Language-Team: Dutch\n"
|
"Language-Team: Dutch\n"
|
||||||
"MIME-Version: 1.0\n"
|
"MIME-Version: 1.0\n"
|
||||||
|
@ -90,16 +90,16 @@ msgstr "iedereen"
|
||||||
msgid "BROADCAST"
|
msgid "BROADCAST"
|
||||||
msgstr "BROADCAST"
|
msgstr "BROADCAST"
|
||||||
|
|
||||||
#: src/connection.c:123
|
#: src/connection.c:142
|
||||||
msgid "Connections:"
|
msgid "Connections:"
|
||||||
msgstr "Verbindingen:"
|
msgstr "Verbindingen:"
|
||||||
|
|
||||||
#: src/connection.c:127
|
#: src/connection.c:146
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid " %s at %s options %lx socket %d status %04x outbuf %d/%d/%d"
|
msgid " %s at %s options %lx socket %d status %04x outbuf %d/%d/%d"
|
||||||
msgstr " %s op %s opties %lx socket %d status %04x outbuf %d/%d/%d"
|
msgstr " %s op %s opties %lx socket %d status %04x outbuf %d/%d/%d"
|
||||||
|
|
||||||
#: src/connection.c:132
|
#: src/connection.c:151
|
||||||
msgid "End of connections."
|
msgid "End of connections."
|
||||||
msgstr "Einde van verbindingen."
|
msgstr "Einde van verbindingen."
|
||||||
|
|
||||||
|
@ -287,9 +287,9 @@ msgstr "Fout tijdens versleutelen pakket naar %s (%s): %s"
|
||||||
msgid "Setting outgoing packet priority to %d"
|
msgid "Setting outgoing packet priority to %d"
|
||||||
msgstr "Instellen prioriteit uitgaand pakket op %d"
|
msgstr "Instellen prioriteit uitgaand pakket op %d"
|
||||||
|
|
||||||
#: src/net_packet.c:393 src/net_setup.c:478 src/net_socket.c:135
|
#: src/net_packet.c:393 src/net_setup.c:478 src/net_socket.c:140
|
||||||
#: src/net_socket.c:164 src/tincd.c:435 src/tincd.c:472 src/process.c:198
|
#: src/net_socket.c:169 src/tincd.c:435 src/tincd.c:472 src/process.c:201
|
||||||
#: src/process.c:231 src/process.c:430 src/bsd/device.c:93
|
#: src/process.c:234 src/process.c:433 src/bsd/device.c:93
|
||||||
#: src/bsd/device.c:112 src/cygwin/device.c:140 src/cygwin/device.c:171
|
#: src/bsd/device.c:112 src/cygwin/device.c:140 src/cygwin/device.c:171
|
||||||
#: src/mingw/device.c:73 src/mingw/device.c:80 src/mingw/device.c:86
|
#: src/mingw/device.c:73 src/mingw/device.c:80 src/mingw/device.c:86
|
||||||
#: src/mingw/device.c:258 src/mingw/device.c:265 src/mingw/device.c:270
|
#: src/mingw/device.c:258 src/mingw/device.c:265 src/mingw/device.c:270
|
||||||
|
@ -465,86 +465,86 @@ msgstr "ioctlsocket voor %s: WSA fout %d"
|
||||||
msgid "Creating metasocket failed: %s"
|
msgid "Creating metasocket failed: %s"
|
||||||
msgstr "Aanmaak van metasocket mislukt: %s"
|
msgstr "Aanmaak van metasocket mislukt: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:115 src/net_socket.c:217
|
#: src/net_socket.c:120 src/net_socket.c:227
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Can't bind to interface %s: %s"
|
msgid "Can't bind to interface %s: %s"
|
||||||
msgstr "Kan niet aan interface %s binden: %s"
|
msgstr "Kan niet aan interface %s binden: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:120
|
#: src/net_socket.c:125
|
||||||
msgid "BindToInterface not supported on this platform"
|
msgid "BindToInterface not supported on this platform"
|
||||||
msgstr "BindToInterface wordt niet ondersteund op dit platform"
|
msgstr "BindToInterface wordt niet ondersteund op dit platform"
|
||||||
|
|
||||||
#: src/net_socket.c:127
|
#: src/net_socket.c:132
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Can't bind to %s/tcp: %s"
|
msgid "Can't bind to %s/tcp: %s"
|
||||||
msgstr "Kan niet aan %s/tcp binden: %s"
|
msgstr "Kan niet aan %s/tcp binden: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:154
|
#: src/net_socket.c:159
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Creating UDP socket failed: %s"
|
msgid "Creating UDP socket failed: %s"
|
||||||
msgstr "Aanmaak UDP socket mislukte: %s"
|
msgstr "Aanmaak UDP socket mislukte: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:174
|
#: src/net_socket.c:179
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Call to `%s' failed: WSA error %d"
|
msgid "Call to `%s' failed: WSA error %d"
|
||||||
msgstr "Systeemaanroep `%s' mislukte: WSA fout %d"
|
msgstr "Systeemaanroep `%s' mislukte: WSA fout %d"
|
||||||
|
|
||||||
#: src/net_socket.c:228
|
#: src/net_socket.c:238
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Can't bind to %s/udp: %s"
|
msgid "Can't bind to %s/udp: %s"
|
||||||
msgstr "Kan niet aan %s/udp binden: %s"
|
msgstr "Kan niet aan %s/udp binden: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:255
|
#: src/net_socket.c:265
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Trying to re-establish outgoing connection in %d seconds"
|
msgid "Trying to re-establish outgoing connection in %d seconds"
|
||||||
msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden"
|
msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden"
|
||||||
|
|
||||||
#: src/net_socket.c:263
|
#: src/net_socket.c:273
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Connected to %s (%s)"
|
msgid "Connected to %s (%s)"
|
||||||
msgstr "Verbonden met %s (%s)"
|
msgstr "Verbonden met %s (%s)"
|
||||||
|
|
||||||
#: src/net_socket.c:282
|
#: src/net_socket.c:292
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Could not set up a meta connection to %s"
|
msgid "Could not set up a meta connection to %s"
|
||||||
msgstr "Kon geen metaverbinding aangaan met %s"
|
msgstr "Kon geen metaverbinding aangaan met %s"
|
||||||
|
|
||||||
#: src/net_socket.c:316
|
#: src/net_socket.c:327
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Trying to connect to %s (%s)"
|
msgid "Trying to connect to %s (%s)"
|
||||||
msgstr "Poging tot verbinden met %s (%s)"
|
msgstr "Poging tot verbinden met %s (%s)"
|
||||||
|
|
||||||
#: src/net_socket.c:322
|
#: src/net_socket.c:333
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Creating socket for %s failed: %s"
|
msgid "Creating socket for %s failed: %s"
|
||||||
msgstr "Aanmaken socket voor %s mislukt: %s"
|
msgstr "Aanmaken socket voor %s mislukt: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:348
|
#: src/net_socket.c:365
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "%s: %s"
|
msgid "%s: %s"
|
||||||
msgstr "%s: %s"
|
msgstr "%s: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:369
|
#: src/net_socket.c:386
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Already connected to %s"
|
msgid "Already connected to %s"
|
||||||
msgstr "Reeds verbonden met %s"
|
msgstr "Reeds verbonden met %s"
|
||||||
|
|
||||||
#: src/net_socket.c:388
|
#: src/net_socket.c:405
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "No address specified for %s"
|
msgid "No address specified for %s"
|
||||||
msgstr "Geen adres gespecificeerd voor %s"
|
msgstr "Geen adres gespecificeerd voor %s"
|
||||||
|
|
||||||
#: src/net_socket.c:419
|
#: src/net_socket.c:436
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Accepting a new connection failed: %s"
|
msgid "Accepting a new connection failed: %s"
|
||||||
msgstr "Aanname van nieuwe verbinding is mislukt: %s"
|
msgstr "Aanname van nieuwe verbinding is mislukt: %s"
|
||||||
|
|
||||||
#: src/net_socket.c:438
|
#: src/net_socket.c:455
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Connection from %s"
|
msgid "Connection from %s"
|
||||||
msgstr "Verbinding van %s"
|
msgstr "Verbinding van %s"
|
||||||
|
|
||||||
#: src/net_socket.c:463
|
#: src/net_socket.c:480
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Invalid name for outgoing connection in %s line %d"
|
msgid "Invalid name for outgoing connection in %s line %d"
|
||||||
msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d"
|
msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d"
|
||||||
|
@ -647,7 +647,7 @@ msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven"
|
||||||
#: src/protocol_auth.c:58 src/protocol_auth.c:214 src/protocol_auth.c:345
|
#: src/protocol_auth.c:58 src/protocol_auth.c:214 src/protocol_auth.c:345
|
||||||
#: src/protocol_auth.c:412 src/protocol_auth.c:538 src/protocol_edge.c:73
|
#: src/protocol_auth.c:412 src/protocol_auth.c:538 src/protocol_edge.c:73
|
||||||
#: src/protocol_edge.c:188 src/protocol_key.c:62 src/protocol_key.c:105
|
#: src/protocol_edge.c:188 src/protocol_key.c:62 src/protocol_key.c:105
|
||||||
#: src/protocol_key.c:173 src/protocol_misc.c:56 src/protocol_misc.c:85
|
#: src/protocol_key.c:179 src/protocol_misc.c:56 src/protocol_misc.c:85
|
||||||
#: src/protocol_misc.c:176 src/protocol_subnet.c:58 src/protocol_subnet.c:170
|
#: src/protocol_misc.c:176 src/protocol_subnet.c:58 src/protocol_subnet.c:170
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got bad %s from %s (%s)"
|
msgid "Got bad %s from %s (%s)"
|
||||||
|
@ -681,7 +681,7 @@ msgstr "Ander %s heeft onbekende identiteit (%s)"
|
||||||
msgid "Generated random meta key (unencrypted): %s"
|
msgid "Generated random meta key (unencrypted): %s"
|
||||||
msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s"
|
msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s"
|
||||||
|
|
||||||
#: src/protocol_auth.c:170 src/protocol_auth.c:243
|
#: src/protocol_auth.c:170
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Error during encryption of meta key for %s (%s)"
|
msgid "Error during encryption of meta key for %s (%s)"
|
||||||
msgstr "Fout tijdens versleutelen van meta key voor %s (%s)"
|
msgstr "Fout tijdens versleutelen van meta key voor %s (%s)"
|
||||||
|
@ -692,6 +692,11 @@ msgstr "Fout tijdens versleutelen van meta key voor %s (%s)"
|
||||||
msgid "Possible intruder %s (%s): %s"
|
msgid "Possible intruder %s (%s): %s"
|
||||||
msgstr "Mogelijke indringer %s (%s): %s"
|
msgstr "Mogelijke indringer %s (%s): %s"
|
||||||
|
|
||||||
|
#: src/protocol_auth.c:243
|
||||||
|
#, c-format
|
||||||
|
msgid "Error during decryption of meta key for %s (%s)"
|
||||||
|
msgstr "Fout tijdens ontsleutelen van meta key voor %s (%s)"
|
||||||
|
|
||||||
#: src/protocol_auth.c:251
|
#: src/protocol_auth.c:251
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Received random meta key (unencrypted): %s"
|
msgid "Received random meta key (unencrypted): %s"
|
||||||
|
@ -707,7 +712,7 @@ msgstr "%s (%s) gebruikt onbekende cipher!"
|
||||||
msgid "Error during initialisation of cipher from %s (%s): %s"
|
msgid "Error during initialisation of cipher from %s (%s): %s"
|
||||||
msgstr "Fout tijdens initalisatie van cipher van %s (%s): %s"
|
msgstr "Fout tijdens initalisatie van cipher van %s (%s): %s"
|
||||||
|
|
||||||
#: src/protocol_auth.c:286 src/protocol_key.c:243
|
#: src/protocol_auth.c:286 src/protocol_key.c:255
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses unknown digest!"
|
msgid "Node %s (%s) uses unknown digest!"
|
||||||
msgstr "Node %s (%s) gebruikt onbekende digest!"
|
msgstr "Node %s (%s) gebruikt onbekende digest!"
|
||||||
|
@ -786,14 +791,14 @@ msgstr "Kreeg %s van %s (%s) voor onszelf"
|
||||||
msgid "Got %s from %s (%s) origin %s which does not exist"
|
msgid "Got %s from %s (%s) origin %s which does not exist"
|
||||||
msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat"
|
msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat"
|
||||||
|
|
||||||
#: src/protocol_key.c:113 src/protocol_key.c:181
|
#: src/protocol_key.c:113 src/protocol_key.c:187
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Got %s from %s (%s) origin %s which does not exist in our connection list"
|
"Got %s from %s (%s) origin %s which does not exist in our connection list"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst"
|
"Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst"
|
||||||
|
|
||||||
#: src/protocol_key.c:121 src/protocol_key.c:189
|
#: src/protocol_key.c:121 src/protocol_key.c:195
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Got %s from %s (%s) destination %s which does not exist in our connection "
|
"Got %s from %s (%s) destination %s which does not exist in our connection "
|
||||||
|
@ -801,27 +806,32 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst"
|
"Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst"
|
||||||
|
|
||||||
#: src/protocol_key.c:223
|
#: src/protocol_key.c:138 src/protocol_key.c:207
|
||||||
|
#, c-format
|
||||||
|
msgid "Got %s from %s (%s) destination %s which is not reachable"
|
||||||
|
msgstr "Kreeg %s van %s (%s) doel %s welke niet bereikbaar is"
|
||||||
|
|
||||||
|
#: src/protocol_key.c:235
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses unknown cipher!"
|
msgid "Node %s (%s) uses unknown cipher!"
|
||||||
msgstr "Node %s (%s) gebruikt onbekende cipher!"
|
msgstr "Node %s (%s) gebruikt onbekende cipher!"
|
||||||
|
|
||||||
#: src/protocol_key.c:229
|
#: src/protocol_key.c:241
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses wrong keylength!"
|
msgid "Node %s (%s) uses wrong keylength!"
|
||||||
msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!"
|
msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!"
|
||||||
|
|
||||||
#: src/protocol_key.c:249
|
#: src/protocol_key.c:261
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses bogus MAC length!"
|
msgid "Node %s (%s) uses bogus MAC length!"
|
||||||
msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!"
|
msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!"
|
||||||
|
|
||||||
#: src/protocol_key.c:258
|
#: src/protocol_key.c:270
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses bogus compression level!"
|
msgid "Node %s (%s) uses bogus compression level!"
|
||||||
msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!"
|
msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!"
|
||||||
|
|
||||||
#: src/protocol_key.c:266
|
#: src/protocol_key.c:278
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Error during initialisation of key from %s (%s): %s"
|
msgid "Error during initialisation of key from %s (%s): %s"
|
||||||
msgstr "Fout tijdens initialisatie van sleutel van %s (%s): %s"
|
msgstr "Fout tijdens initialisatie van sleutel van %s (%s): %s"
|
||||||
|
@ -856,26 +866,26 @@ msgid "subnet_compare() was called with unknown subnet type %d, exitting!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!"
|
"subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!"
|
||||||
|
|
||||||
#: src/subnet.c:251
|
#: src/subnet.c:263
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "net2str() was called with netstr=%p, subnet=%p!\n"
|
msgid "net2str() was called with netstr=%p, subnet=%p!\n"
|
||||||
msgstr "net2str() werd aangeroepen met netstr=%p, subnet=%p!\n"
|
msgstr "net2str() werd aangeroepen met netstr=%p, subnet=%p!\n"
|
||||||
|
|
||||||
#: src/subnet.c:288
|
#: src/subnet.c:300
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "net2str() was called with unknown subnet type %d, exiting!"
|
msgid "net2str() was called with unknown subnet type %d, exiting!"
|
||||||
msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!"
|
msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!"
|
||||||
|
|
||||||
#: src/subnet.c:449
|
#: src/subnet.c:465
|
||||||
msgid "Subnet list:"
|
msgid "Subnet list:"
|
||||||
msgstr "Subnet lijst:"
|
msgstr "Subnet lijst:"
|
||||||
|
|
||||||
#: src/subnet.c:455
|
#: src/subnet.c:471
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid " %s owner %s"
|
msgid " %s owner %s"
|
||||||
msgstr " %s eigenaar %s"
|
msgstr " %s eigenaar %s"
|
||||||
|
|
||||||
#: src/subnet.c:458
|
#: src/subnet.c:474
|
||||||
msgid "End of subnet list."
|
msgid "End of subnet list."
|
||||||
msgstr "Einde van subnet lijst."
|
msgstr "Einde van subnet lijst."
|
||||||
|
|
||||||
|
@ -992,14 +1002,14 @@ msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n"
|
||||||
#: src/tincd.c:411
|
#: src/tincd.c:411
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Copyright (C) 1998-2007 Ivo Timmermans, Guus Sliepen and others.\n"
|
"Copyright (C) 1998-2008 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||||
"See the AUTHORS file for a complete list.\n"
|
"See the AUTHORS file for a complete list.\n"
|
||||||
"\n"
|
"\n"
|
||||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||||
"and you are welcome to redistribute it under certain conditions;\n"
|
"and you are welcome to redistribute it under certain conditions;\n"
|
||||||
"see the file COPYING for details.\n"
|
"see the file COPYING for details.\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Copyright (C) 1998-2007 Ivo Timmermans, Guus Sliepen en anderen.\n"
|
"Copyright (C) 1998-2008 Ivo Timmermans, Guus Sliepen en anderen.\n"
|
||||||
"Zie het bestand AUTHORS voor een volledige lijst.\n"
|
"Zie het bestand AUTHORS voor een volledige lijst.\n"
|
||||||
"\n"
|
"\n"
|
||||||
"tinc wordt gedistribueerd ZONDER ENIGE GARANTIE. Dit is vrije "
|
"tinc wordt gedistribueerd ZONDER ENIGE GARANTIE. Dit is vrije "
|
||||||
|
@ -1074,121 +1084,121 @@ msgstr "Kon %s service niet verwijderen: %s"
|
||||||
msgid "%s service removed"
|
msgid "%s service removed"
|
||||||
msgstr "%s service verwijderd"
|
msgstr "%s service verwijderd"
|
||||||
|
|
||||||
#: src/process.c:158 src/process.c:161
|
#: src/process.c:161 src/process.c:164
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got %s request"
|
msgid "Got %s request"
|
||||||
msgstr "Kreeg %s verzoek"
|
msgstr "Kreeg %s verzoek"
|
||||||
|
|
||||||
#: src/process.c:164
|
#: src/process.c:167
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got unexpected request %d"
|
msgid "Got unexpected request %d"
|
||||||
msgstr "Kreeg onverwacht verzoek %d"
|
msgstr "Kreeg onverwacht verzoek %d"
|
||||||
|
|
||||||
#: src/process.c:252
|
#: src/process.c:255
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "A tincd is already running for net `%s' with pid %ld.\n"
|
msgid "A tincd is already running for net `%s' with pid %ld.\n"
|
||||||
msgstr "Een tincd draait al voor net `%s' met pid %ld.\n"
|
msgstr "Een tincd draait al voor net `%s' met pid %ld.\n"
|
||||||
|
|
||||||
#: src/process.c:255
|
#: src/process.c:258
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "A tincd is already running with pid %ld.\n"
|
msgid "A tincd is already running with pid %ld.\n"
|
||||||
msgstr "Een tincd draait al met pid %ld.\n"
|
msgstr "Een tincd draait al met pid %ld.\n"
|
||||||
|
|
||||||
#: src/process.c:261
|
#: src/process.c:264
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Could write pid file %s: %s\n"
|
msgid "Could write pid file %s: %s\n"
|
||||||
msgstr "Kon pid bestand %s niet openen: %s\n"
|
msgstr "Kon pid bestand %s niet openen: %s\n"
|
||||||
|
|
||||||
#: src/process.c:283
|
#: src/process.c:286
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "No other tincd is running for net `%s'.\n"
|
msgid "No other tincd is running for net `%s'.\n"
|
||||||
msgstr "Geen andere tincd draait voor net `%s'.\n"
|
msgstr "Geen andere tincd draait voor net `%s'.\n"
|
||||||
|
|
||||||
#: src/process.c:286
|
#: src/process.c:289
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "No other tincd is running.\n"
|
msgid "No other tincd is running.\n"
|
||||||
msgstr "Geen andere tincd draait.\n"
|
msgstr "Geen andere tincd draait.\n"
|
||||||
|
|
||||||
#: src/process.c:295
|
#: src/process.c:298
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "The tincd for net `%s' is no longer running. "
|
msgid "The tincd for net `%s' is no longer running. "
|
||||||
msgstr "De tincd voor net `%s' draait niet meer. "
|
msgstr "De tincd voor net `%s' draait niet meer. "
|
||||||
|
|
||||||
#: src/process.c:298
|
#: src/process.c:301
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "The tincd is no longer running. "
|
msgid "The tincd is no longer running. "
|
||||||
msgstr "De tincd draait niet meer. "
|
msgstr "De tincd draait niet meer. "
|
||||||
|
|
||||||
#: src/process.c:300
|
#: src/process.c:303
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Removing stale lock file.\n"
|
msgid "Removing stale lock file.\n"
|
||||||
msgstr "Verwijdering oud vergrendelingsbestand.\n"
|
msgstr "Verwijdering oud vergrendelingsbestand.\n"
|
||||||
|
|
||||||
#: src/process.c:333
|
#: src/process.c:336
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Couldn't detach from terminal: %s"
|
msgid "Couldn't detach from terminal: %s"
|
||||||
msgstr "Kon niet ontkoppelen van terminal: %s"
|
msgstr "Kon niet ontkoppelen van terminal: %s"
|
||||||
|
|
||||||
#: src/process.c:341
|
#: src/process.c:344
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Could not write pid file %s: %s\n"
|
msgid "Could not write pid file %s: %s\n"
|
||||||
msgstr "Kon pid bestand %s niet schrijven: %s\n"
|
msgstr "Kon pid bestand %s niet schrijven: %s\n"
|
||||||
|
|
||||||
#: src/process.c:352
|
#: src/process.c:355
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "tincd %s (%s %s) starting, debug level %d"
|
msgid "tincd %s (%s %s) starting, debug level %d"
|
||||||
msgstr "tincd %s (%s %s) start, debug niveau %d"
|
msgstr "tincd %s (%s %s) start, debug niveau %d"
|
||||||
|
|
||||||
#: src/process.c:387
|
#: src/process.c:390
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Executing script %s"
|
msgid "Executing script %s"
|
||||||
msgstr "Uitvoeren script %s"
|
msgstr "Uitvoeren script %s"
|
||||||
|
|
||||||
#: src/process.c:417
|
#: src/process.c:420
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Script %s exited with non-zero status %d"
|
msgid "Script %s exited with non-zero status %d"
|
||||||
msgstr "Script %s beëindigde met status %d"
|
msgstr "Script %s beëindigde met status %d"
|
||||||
|
|
||||||
#: src/process.c:422
|
#: src/process.c:425
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Script %s was killed by signal %d (%s)"
|
msgid "Script %s was killed by signal %d (%s)"
|
||||||
msgstr "Script %s was gestopt door signaal %d (%s)"
|
msgstr "Script %s was gestopt door signaal %d (%s)"
|
||||||
|
|
||||||
#: src/process.c:426
|
#: src/process.c:429
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Script %s terminated abnormally"
|
msgid "Script %s terminated abnormally"
|
||||||
msgstr "Script %s abnormaal beëindigd"
|
msgstr "Script %s abnormaal beëindigd"
|
||||||
|
|
||||||
#: src/process.c:446 src/process.c:455 src/process.c:496 src/process.c:502
|
#: src/process.c:449 src/process.c:458 src/process.c:499 src/process.c:505
|
||||||
#: src/process.c:520
|
#: src/process.c:523
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got %s signal"
|
msgid "Got %s signal"
|
||||||
msgstr "Kreeg %s signaal"
|
msgstr "Kreeg %s signaal"
|
||||||
|
|
||||||
#: src/process.c:464
|
#: src/process.c:467
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got another fatal signal %d (%s): not restarting."
|
msgid "Got another fatal signal %d (%s): not restarting."
|
||||||
msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart."
|
msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart."
|
||||||
|
|
||||||
#: src/process.c:473
|
#: src/process.c:476
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got fatal signal %d (%s)"
|
msgid "Got fatal signal %d (%s)"
|
||||||
msgstr "Kreeg fataal signaal %d (%s)"
|
msgstr "Kreeg fataal signaal %d (%s)"
|
||||||
|
|
||||||
#: src/process.c:477
|
#: src/process.c:480
|
||||||
msgid "Trying to re-execute in 5 seconds..."
|
msgid "Trying to re-execute in 5 seconds..."
|
||||||
msgstr "Poging tot herstarten over 5 seconden..."
|
msgstr "Poging tot herstarten over 5 seconden..."
|
||||||
|
|
||||||
#: src/process.c:489
|
#: src/process.c:492
|
||||||
msgid "Not restarting."
|
msgid "Not restarting."
|
||||||
msgstr "Geen herstart."
|
msgstr "Geen herstart."
|
||||||
|
|
||||||
#: src/process.c:505
|
#: src/process.c:508
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Reverting to old debug level (%d)"
|
msgid "Reverting to old debug level (%d)"
|
||||||
msgstr "Herstellen van oud debug niveau (%d)"
|
msgstr "Herstellen van oud debug niveau (%d)"
|
||||||
|
|
||||||
#: src/process.c:511
|
#: src/process.c:514
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Temporarily setting debug level to 5. Kill me with SIGINT again to go back "
|
"Temporarily setting debug level to 5. Kill me with SIGINT again to go back "
|
||||||
|
@ -1197,17 +1207,17 @@ msgstr ""
|
||||||
"Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau "
|
"Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau "
|
||||||
"%d te herstellen."
|
"%d te herstellen."
|
||||||
|
|
||||||
#: src/process.c:544
|
#: src/process.c:547
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got unexpected signal %d (%s)"
|
msgid "Got unexpected signal %d (%s)"
|
||||||
msgstr "Kreeg onverwacht signaal %d (%s)"
|
msgstr "Kreeg onverwacht signaal %d (%s)"
|
||||||
|
|
||||||
#: src/process.c:550
|
#: src/process.c:553
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Ignored signal %d (%s)"
|
msgid "Ignored signal %d (%s)"
|
||||||
msgstr "Signaal %d (%s) genegeerd"
|
msgstr "Signaal %d (%s) genegeerd"
|
||||||
|
|
||||||
#: src/process.c:604
|
#: src/process.c:607
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Installing signal handler for signal %d (%s) failed: %s\n"
|
msgid "Installing signal handler for signal %d (%s) failed: %s\n"
|
||||||
msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n"
|
msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n"
|
||||||
|
@ -1222,7 +1232,7 @@ msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd"
|
||||||
msgid "Subnet %s expired"
|
msgid "Subnet %s expired"
|
||||||
msgstr "Subnet %s is verlopen"
|
msgstr "Subnet %s is verlopen"
|
||||||
|
|
||||||
#: src/route.c:190 src/route.c:345 src/route.c:489
|
#: src/route.c:190 src/route.c:345 src/route.c:496
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Packet looping back to %s (%s)!"
|
msgid "Packet looping back to %s (%s)!"
|
||||||
msgstr "Pakket komt terug naar %s (%s)!"
|
msgstr "Pakket komt terug naar %s (%s)!"
|
||||||
|
@ -1246,12 +1256,12 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Kan pakket van %s (%s) niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d"
|
"Kan pakket van %s (%s) niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d"
|
||||||
|
|
||||||
#: src/route.c:358 src/route.c:499
|
#: src/route.c:358 src/route.c:506
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Packet for %s (%s) length %d larger than MTU %d"
|
msgid "Packet for %s (%s) length %d larger than MTU %d"
|
||||||
msgstr "Packet voor %s (%s) lengte %d groter dan MTU %d"
|
msgstr "Packet voor %s (%s) lengte %d groter dan MTU %d"
|
||||||
|
|
||||||
#: src/route.c:473
|
#: src/route.c:480
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%"
|
"Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%"
|
||||||
|
@ -1260,26 +1270,26 @@ msgstr ""
|
||||||
"Kan pakket van %s (%s) niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%"
|
"Kan pakket van %s (%s) niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%"
|
||||||
"hx:%hx:%hx:%hx:%hx"
|
"hx:%hx:%hx:%hx:%hx"
|
||||||
|
|
||||||
#: src/route.c:531
|
#: src/route.c:538
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got neighbor solicitation request from %s (%s) while in router mode!"
|
msgid "Got neighbor solicitation request from %s (%s) while in router mode!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Kreeg neighbor solicitation request van %s (%s) terwijl we in router mode "
|
"Kreeg neighbor solicitation request van %s (%s) terwijl we in router mode "
|
||||||
"werken!"
|
"werken!"
|
||||||
|
|
||||||
#: src/route.c:550
|
#: src/route.c:557
|
||||||
msgid ""
|
msgid ""
|
||||||
"Cannot route packet: received unknown type neighbor solicitation request"
|
"Cannot route packet: received unknown type neighbor solicitation request"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation "
|
"Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation "
|
||||||
"verzoek"
|
"verzoek"
|
||||||
|
|
||||||
#: src/route.c:569
|
#: src/route.c:576
|
||||||
msgid "Cannot route packet: checksum error for neighbor solicitation request"
|
msgid "Cannot route packet: checksum error for neighbor solicitation request"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek"
|
"Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek"
|
||||||
|
|
||||||
#: src/route.c:578
|
#: src/route.c:585
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Cannot route packet: neighbor solicitation request for unknown address %hx:%"
|
"Cannot route packet: neighbor solicitation request for unknown address %hx:%"
|
||||||
|
@ -1288,21 +1298,21 @@ msgstr ""
|
||||||
"Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %"
|
"Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %"
|
||||||
"hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"
|
"hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"
|
||||||
|
|
||||||
#: src/route.c:665
|
#: src/route.c:675
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got ARP request from %s (%s) while in router mode!"
|
msgid "Got ARP request from %s (%s) while in router mode!"
|
||||||
msgstr "Kreeg ARP request van %s (%s) terwijl we in router mode werken!"
|
msgstr "Kreeg ARP request van %s (%s) terwijl we in router mode werken!"
|
||||||
|
|
||||||
#: src/route.c:682
|
#: src/route.c:692
|
||||||
msgid "Cannot route packet: received unknown type ARP request"
|
msgid "Cannot route packet: received unknown type ARP request"
|
||||||
msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek"
|
msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek"
|
||||||
|
|
||||||
#: src/route.c:691
|
#: src/route.c:701
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d"
|
msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d"
|
||||||
msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d"
|
msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d"
|
||||||
|
|
||||||
#: src/route.c:747
|
#: src/route.c:757
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Cannot route packet from %s (%s): unknown type %hx"
|
msgid "Cannot route packet from %s (%s): unknown type %hx"
|
||||||
msgstr "Kan pakket van %s (%s) niet routeren: onbekend type %hx"
|
msgstr "Kan pakket van %s (%s) niet routeren: onbekend type %hx"
|
||||||
|
|
168
po/tinc.pot
168
po/tinc.pot
|
@ -8,7 +8,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: PACKAGE VERSION\n"
|
"Project-Id-Version: PACKAGE VERSION\n"
|
||||||
"Report-Msgid-Bugs-To: tinc-devel@tinc-vpn.org\n"
|
"Report-Msgid-Bugs-To: tinc-devel@tinc-vpn.org\n"
|
||||||
"POT-Creation-Date: 2007-05-16 16:50+0200\n"
|
"POT-Creation-Date: 2008-12-24 11:43+0100\n"
|
||||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||||
|
@ -86,16 +86,16 @@ msgstr ""
|
||||||
msgid "BROADCAST"
|
msgid "BROADCAST"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/connection.c:123
|
#: src/connection.c:142
|
||||||
msgid "Connections:"
|
msgid "Connections:"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/connection.c:127
|
#: src/connection.c:146
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid " %s at %s options %lx socket %d status %04x outbuf %d/%d/%d"
|
msgid " %s at %s options %lx socket %d status %04x outbuf %d/%d/%d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/connection.c:132
|
#: src/connection.c:151
|
||||||
msgid "End of connections."
|
msgid "End of connections."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -279,9 +279,9 @@ msgstr ""
|
||||||
msgid "Setting outgoing packet priority to %d"
|
msgid "Setting outgoing packet priority to %d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_packet.c:393 src/net_setup.c:478 src/net_socket.c:135
|
#: src/net_packet.c:393 src/net_setup.c:478 src/net_socket.c:140
|
||||||
#: src/net_socket.c:164 src/tincd.c:435 src/tincd.c:472 src/process.c:198
|
#: src/net_socket.c:169 src/tincd.c:435 src/tincd.c:472 src/process.c:201
|
||||||
#: src/process.c:231 src/process.c:430 src/bsd/device.c:93
|
#: src/process.c:234 src/process.c:433 src/bsd/device.c:93
|
||||||
#: src/bsd/device.c:112 src/cygwin/device.c:140 src/cygwin/device.c:171
|
#: src/bsd/device.c:112 src/cygwin/device.c:140 src/cygwin/device.c:171
|
||||||
#: src/mingw/device.c:73 src/mingw/device.c:80 src/mingw/device.c:86
|
#: src/mingw/device.c:73 src/mingw/device.c:80 src/mingw/device.c:86
|
||||||
#: src/mingw/device.c:258 src/mingw/device.c:265 src/mingw/device.c:270
|
#: src/mingw/device.c:258 src/mingw/device.c:265 src/mingw/device.c:270
|
||||||
|
@ -456,86 +456,86 @@ msgstr ""
|
||||||
msgid "Creating metasocket failed: %s"
|
msgid "Creating metasocket failed: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:115 src/net_socket.c:217
|
#: src/net_socket.c:120 src/net_socket.c:227
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Can't bind to interface %s: %s"
|
msgid "Can't bind to interface %s: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:120
|
#: src/net_socket.c:125
|
||||||
msgid "BindToInterface not supported on this platform"
|
msgid "BindToInterface not supported on this platform"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:127
|
#: src/net_socket.c:132
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Can't bind to %s/tcp: %s"
|
msgid "Can't bind to %s/tcp: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:154
|
#: src/net_socket.c:159
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Creating UDP socket failed: %s"
|
msgid "Creating UDP socket failed: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:174
|
#: src/net_socket.c:179
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Call to `%s' failed: WSA error %d"
|
msgid "Call to `%s' failed: WSA error %d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:228
|
#: src/net_socket.c:238
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Can't bind to %s/udp: %s"
|
msgid "Can't bind to %s/udp: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:255
|
#: src/net_socket.c:265
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Trying to re-establish outgoing connection in %d seconds"
|
msgid "Trying to re-establish outgoing connection in %d seconds"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:263
|
#: src/net_socket.c:273
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Connected to %s (%s)"
|
msgid "Connected to %s (%s)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:282
|
#: src/net_socket.c:292
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Could not set up a meta connection to %s"
|
msgid "Could not set up a meta connection to %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:316
|
#: src/net_socket.c:327
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Trying to connect to %s (%s)"
|
msgid "Trying to connect to %s (%s)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:322
|
#: src/net_socket.c:333
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Creating socket for %s failed: %s"
|
msgid "Creating socket for %s failed: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:348
|
#: src/net_socket.c:365
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "%s: %s"
|
msgid "%s: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:369
|
#: src/net_socket.c:386
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Already connected to %s"
|
msgid "Already connected to %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:388
|
#: src/net_socket.c:405
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "No address specified for %s"
|
msgid "No address specified for %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:419
|
#: src/net_socket.c:436
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Accepting a new connection failed: %s"
|
msgid "Accepting a new connection failed: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:438
|
#: src/net_socket.c:455
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Connection from %s"
|
msgid "Connection from %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/net_socket.c:463
|
#: src/net_socket.c:480
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Invalid name for outgoing connection in %s line %d"
|
msgid "Invalid name for outgoing connection in %s line %d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -637,7 +637,7 @@ msgstr ""
|
||||||
#: src/protocol_auth.c:58 src/protocol_auth.c:214 src/protocol_auth.c:345
|
#: src/protocol_auth.c:58 src/protocol_auth.c:214 src/protocol_auth.c:345
|
||||||
#: src/protocol_auth.c:412 src/protocol_auth.c:538 src/protocol_edge.c:73
|
#: src/protocol_auth.c:412 src/protocol_auth.c:538 src/protocol_edge.c:73
|
||||||
#: src/protocol_edge.c:188 src/protocol_key.c:62 src/protocol_key.c:105
|
#: src/protocol_edge.c:188 src/protocol_key.c:62 src/protocol_key.c:105
|
||||||
#: src/protocol_key.c:173 src/protocol_misc.c:56 src/protocol_misc.c:85
|
#: src/protocol_key.c:179 src/protocol_misc.c:56 src/protocol_misc.c:85
|
||||||
#: src/protocol_misc.c:176 src/protocol_subnet.c:58 src/protocol_subnet.c:170
|
#: src/protocol_misc.c:176 src/protocol_subnet.c:58 src/protocol_subnet.c:170
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got bad %s from %s (%s)"
|
msgid "Got bad %s from %s (%s)"
|
||||||
|
@ -671,7 +671,7 @@ msgstr ""
|
||||||
msgid "Generated random meta key (unencrypted): %s"
|
msgid "Generated random meta key (unencrypted): %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_auth.c:170 src/protocol_auth.c:243
|
#: src/protocol_auth.c:170
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Error during encryption of meta key for %s (%s)"
|
msgid "Error during encryption of meta key for %s (%s)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -682,6 +682,11 @@ msgstr ""
|
||||||
msgid "Possible intruder %s (%s): %s"
|
msgid "Possible intruder %s (%s): %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/protocol_auth.c:243
|
||||||
|
#, c-format
|
||||||
|
msgid "Error during decryption of meta key for %s (%s)"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_auth.c:251
|
#: src/protocol_auth.c:251
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Received random meta key (unencrypted): %s"
|
msgid "Received random meta key (unencrypted): %s"
|
||||||
|
@ -697,7 +702,7 @@ msgstr ""
|
||||||
msgid "Error during initialisation of cipher from %s (%s): %s"
|
msgid "Error during initialisation of cipher from %s (%s): %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_auth.c:286 src/protocol_key.c:243
|
#: src/protocol_auth.c:286 src/protocol_key.c:255
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses unknown digest!"
|
msgid "Node %s (%s) uses unknown digest!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -775,40 +780,45 @@ msgstr ""
|
||||||
msgid "Got %s from %s (%s) origin %s which does not exist"
|
msgid "Got %s from %s (%s) origin %s which does not exist"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_key.c:113 src/protocol_key.c:181
|
#: src/protocol_key.c:113 src/protocol_key.c:187
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Got %s from %s (%s) origin %s which does not exist in our connection list"
|
"Got %s from %s (%s) origin %s which does not exist in our connection list"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_key.c:121 src/protocol_key.c:189
|
#: src/protocol_key.c:121 src/protocol_key.c:195
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Got %s from %s (%s) destination %s which does not exist in our connection "
|
"Got %s from %s (%s) destination %s which does not exist in our connection "
|
||||||
"list"
|
"list"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_key.c:223
|
#: src/protocol_key.c:138 src/protocol_key.c:207
|
||||||
|
#, c-format
|
||||||
|
msgid "Got %s from %s (%s) destination %s which is not reachable"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: src/protocol_key.c:235
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses unknown cipher!"
|
msgid "Node %s (%s) uses unknown cipher!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_key.c:229
|
#: src/protocol_key.c:241
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses wrong keylength!"
|
msgid "Node %s (%s) uses wrong keylength!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_key.c:249
|
#: src/protocol_key.c:261
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses bogus MAC length!"
|
msgid "Node %s (%s) uses bogus MAC length!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_key.c:258
|
#: src/protocol_key.c:270
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Node %s (%s) uses bogus compression level!"
|
msgid "Node %s (%s) uses bogus compression level!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/protocol_key.c:266
|
#: src/protocol_key.c:278
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Error during initialisation of key from %s (%s): %s"
|
msgid "Error during initialisation of key from %s (%s): %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -842,26 +852,26 @@ msgstr ""
|
||||||
msgid "subnet_compare() was called with unknown subnet type %d, exitting!"
|
msgid "subnet_compare() was called with unknown subnet type %d, exitting!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/subnet.c:251
|
#: src/subnet.c:263
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "net2str() was called with netstr=%p, subnet=%p!\n"
|
msgid "net2str() was called with netstr=%p, subnet=%p!\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/subnet.c:288
|
#: src/subnet.c:300
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "net2str() was called with unknown subnet type %d, exiting!"
|
msgid "net2str() was called with unknown subnet type %d, exiting!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/subnet.c:449
|
#: src/subnet.c:465
|
||||||
msgid "Subnet list:"
|
msgid "Subnet list:"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/subnet.c:455
|
#: src/subnet.c:471
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid " %s owner %s"
|
msgid " %s owner %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/subnet.c:458
|
#: src/subnet.c:474
|
||||||
msgid "End of subnet list."
|
msgid "End of subnet list."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -954,7 +964,7 @@ msgstr ""
|
||||||
#: src/tincd.c:411
|
#: src/tincd.c:411
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Copyright (C) 1998-2007 Ivo Timmermans, Guus Sliepen and others.\n"
|
"Copyright (C) 1998-2008 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||||
"See the AUTHORS file for a complete list.\n"
|
"See the AUTHORS file for a complete list.\n"
|
||||||
"\n"
|
"\n"
|
||||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||||
|
@ -1029,138 +1039,138 @@ msgstr ""
|
||||||
msgid "%s service removed"
|
msgid "%s service removed"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:158 src/process.c:161
|
#: src/process.c:161 src/process.c:164
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got %s request"
|
msgid "Got %s request"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:164
|
#: src/process.c:167
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got unexpected request %d"
|
msgid "Got unexpected request %d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:252
|
#: src/process.c:255
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "A tincd is already running for net `%s' with pid %ld.\n"
|
msgid "A tincd is already running for net `%s' with pid %ld.\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:255
|
#: src/process.c:258
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "A tincd is already running with pid %ld.\n"
|
msgid "A tincd is already running with pid %ld.\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:261
|
#: src/process.c:264
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Could write pid file %s: %s\n"
|
msgid "Could write pid file %s: %s\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:283
|
#: src/process.c:286
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "No other tincd is running for net `%s'.\n"
|
msgid "No other tincd is running for net `%s'.\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:286
|
#: src/process.c:289
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "No other tincd is running.\n"
|
msgid "No other tincd is running.\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:295
|
#: src/process.c:298
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "The tincd for net `%s' is no longer running. "
|
msgid "The tincd for net `%s' is no longer running. "
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:298
|
#: src/process.c:301
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "The tincd is no longer running. "
|
msgid "The tincd is no longer running. "
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:300
|
#: src/process.c:303
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Removing stale lock file.\n"
|
msgid "Removing stale lock file.\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:333
|
#: src/process.c:336
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Couldn't detach from terminal: %s"
|
msgid "Couldn't detach from terminal: %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:341
|
#: src/process.c:344
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Could not write pid file %s: %s\n"
|
msgid "Could not write pid file %s: %s\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:352
|
#: src/process.c:355
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "tincd %s (%s %s) starting, debug level %d"
|
msgid "tincd %s (%s %s) starting, debug level %d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:387
|
#: src/process.c:390
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Executing script %s"
|
msgid "Executing script %s"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:417
|
#: src/process.c:420
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Script %s exited with non-zero status %d"
|
msgid "Script %s exited with non-zero status %d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:422
|
#: src/process.c:425
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Script %s was killed by signal %d (%s)"
|
msgid "Script %s was killed by signal %d (%s)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:426
|
#: src/process.c:429
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Script %s terminated abnormally"
|
msgid "Script %s terminated abnormally"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:446 src/process.c:455 src/process.c:496 src/process.c:502
|
#: src/process.c:449 src/process.c:458 src/process.c:499 src/process.c:505
|
||||||
#: src/process.c:520
|
#: src/process.c:523
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got %s signal"
|
msgid "Got %s signal"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:464
|
#: src/process.c:467
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got another fatal signal %d (%s): not restarting."
|
msgid "Got another fatal signal %d (%s): not restarting."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:473
|
#: src/process.c:476
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got fatal signal %d (%s)"
|
msgid "Got fatal signal %d (%s)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:477
|
#: src/process.c:480
|
||||||
msgid "Trying to re-execute in 5 seconds..."
|
msgid "Trying to re-execute in 5 seconds..."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:489
|
#: src/process.c:492
|
||||||
msgid "Not restarting."
|
msgid "Not restarting."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:505
|
#: src/process.c:508
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Reverting to old debug level (%d)"
|
msgid "Reverting to old debug level (%d)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:511
|
#: src/process.c:514
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Temporarily setting debug level to 5. Kill me with SIGINT again to go back "
|
"Temporarily setting debug level to 5. Kill me with SIGINT again to go back "
|
||||||
"to level %d."
|
"to level %d."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:544
|
#: src/process.c:547
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got unexpected signal %d (%s)"
|
msgid "Got unexpected signal %d (%s)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:550
|
#: src/process.c:553
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Ignored signal %d (%s)"
|
msgid "Ignored signal %d (%s)"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/process.c:604
|
#: src/process.c:607
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Installing signal handler for signal %d (%s) failed: %s\n"
|
msgid "Installing signal handler for signal %d (%s) failed: %s\n"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -1175,7 +1185,7 @@ msgstr ""
|
||||||
msgid "Subnet %s expired"
|
msgid "Subnet %s expired"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:190 src/route.c:345 src/route.c:489
|
#: src/route.c:190 src/route.c:345 src/route.c:496
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Packet looping back to %s (%s)!"
|
msgid "Packet looping back to %s (%s)!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
@ -1197,54 +1207,54 @@ msgid ""
|
||||||
"d"
|
"d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:358 src/route.c:499
|
#: src/route.c:358 src/route.c:506
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Packet for %s (%s) length %d larger than MTU %d"
|
msgid "Packet for %s (%s) length %d larger than MTU %d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:473
|
#: src/route.c:480
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%"
|
"Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%"
|
||||||
"hx:%hx:%hx:%hx:%hx:%hx"
|
"hx:%hx:%hx:%hx:%hx:%hx"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:531
|
#: src/route.c:538
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got neighbor solicitation request from %s (%s) while in router mode!"
|
msgid "Got neighbor solicitation request from %s (%s) while in router mode!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:550
|
#: src/route.c:557
|
||||||
msgid ""
|
msgid ""
|
||||||
"Cannot route packet: received unknown type neighbor solicitation request"
|
"Cannot route packet: received unknown type neighbor solicitation request"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:569
|
#: src/route.c:576
|
||||||
msgid "Cannot route packet: checksum error for neighbor solicitation request"
|
msgid "Cannot route packet: checksum error for neighbor solicitation request"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:578
|
#: src/route.c:585
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Cannot route packet: neighbor solicitation request for unknown address %hx:%"
|
"Cannot route packet: neighbor solicitation request for unknown address %hx:%"
|
||||||
"hx:%hx:%hx:%hx:%hx:%hx:%hx"
|
"hx:%hx:%hx:%hx:%hx:%hx:%hx"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:665
|
#: src/route.c:675
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Got ARP request from %s (%s) while in router mode!"
|
msgid "Got ARP request from %s (%s) while in router mode!"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:682
|
#: src/route.c:692
|
||||||
msgid "Cannot route packet: received unknown type ARP request"
|
msgid "Cannot route packet: received unknown type ARP request"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:691
|
#: src/route.c:701
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d"
|
msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/route.c:747
|
#: src/route.c:757
|
||||||
#, c-format
|
#, c-format
|
||||||
msgid "Cannot route packet from %s (%s): unknown type %hx"
|
msgid "Cannot route packet from %s (%s): unknown type %hx"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# Makefile.in generated by automake 1.10 from Makefile.am.
|
# Makefile.in generated by automake 1.10.1 from Makefile.am.
|
||||||
# @configure_input@
|
# @configure_input@
|
||||||
|
|
||||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||||
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
|
# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||||
# This Makefile.in is free software; the Free Software Foundation
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
# gives unlimited permission to copy and/or distribute it,
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
# with or without modifications, as long as this notice is preserved.
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
@ -312,8 +312,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
mkid -fID $$unique
|
mkid -fID $$unique
|
||||||
tags: TAGS
|
tags: TAGS
|
||||||
|
|
||||||
|
@ -325,8 +325,8 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
|
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
|
||||||
test -n "$$unique" || unique=$$empty_fix; \
|
test -n "$$unique" || unique=$$empty_fix; \
|
||||||
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
||||||
|
@ -336,13 +336,12 @@ ctags: CTAGS
|
||||||
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
|
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
|
||||||
$(TAGS_FILES) $(LISP)
|
$(TAGS_FILES) $(LISP)
|
||||||
tags=; \
|
tags=; \
|
||||||
here=`pwd`; \
|
|
||||||
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
||||||
unique=`for i in $$list; do \
|
unique=`for i in $$list; do \
|
||||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
done | \
|
done | \
|
||||||
$(AWK) ' { files[$$0] = 1; } \
|
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||||
END { for (i in files) print i; }'`; \
|
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||||
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|
||||||
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
||||||
$$tags $$unique
|
$$tags $$unique
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
device.c -- Interaction BSD tun/tap device
|
device.c -- Interaction BSD tun/tap device
|
||||||
Copyright (C) 2001-2005 Ivo Timmermans,
|
Copyright (C) 2001-2005 Ivo Timmermans,
|
||||||
2001-2007 Guus Sliepen <guus@tinc-vpn.org>
|
2001-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -42,7 +42,7 @@ char *iface;
|
||||||
char *device_info;
|
char *device_info;
|
||||||
static int device_total_in = 0;
|
static int device_total_in = 0;
|
||||||
static int device_total_out = 0;
|
static int device_total_out = 0;
|
||||||
#ifdef HAVE_OPENBSD
|
#if defined(HAVE_OPENBSD) || defined(HAVE_FREEBSD)
|
||||||
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
|
||||||
#else
|
#else
|
||||||
static device_type_t device_type = DEVICE_TYPE_TUN;
|
static device_type_t device_type = DEVICE_TYPE_TUN;
|
||||||
|
@ -78,7 +78,7 @@ bool setup_device(void) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if(strstr(device, "tap"))
|
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER)
|
||||||
device_type = DEVICE_TYPE_TAP;
|
device_type = DEVICE_TYPE_TAP;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
14
src/conf.c
14
src/conf.c
|
@ -2,7 +2,7 @@
|
||||||
conf.c -- configuration code
|
conf.c -- configuration code
|
||||||
Copyright (C) 1998 Robert van der Meulen
|
Copyright (C) 1998 Robert van der Meulen
|
||||||
1998-2005 Ivo Timmermans
|
1998-2005 Ivo Timmermans
|
||||||
2000-2006 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
2000 Cris van Pelt
|
2000 Cris van Pelt
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: conf.c 1452 2006-04-26 13:52:58Z guus $
|
$Id: conf.c 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -343,6 +343,11 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
|
||||||
buffer = xmalloc(bufsize);
|
buffer = xmalloc(bufsize);
|
||||||
|
|
||||||
for(;;) {
|
for(;;) {
|
||||||
|
if(feof(fp)) {
|
||||||
|
err = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
line = readline(fp, &buffer, &bufsize);
|
line = readline(fp, &buffer, &bufsize);
|
||||||
|
|
||||||
if(!line) {
|
if(!line) {
|
||||||
|
@ -350,11 +355,6 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(feof(fp)) {
|
|
||||||
err = 0;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
lineno++;
|
lineno++;
|
||||||
|
|
||||||
if(!*line || *line == '#')
|
if(!*line || *line == '#')
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: connection.c 1508 2007-05-16 14:42:08Z guus $
|
$Id: connection.c 1600 2008-12-23 23:14:37Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -90,12 +90,31 @@ void free_connection(connection_t *c)
|
||||||
if(c->outkey)
|
if(c->outkey)
|
||||||
free(c->outkey);
|
free(c->outkey);
|
||||||
|
|
||||||
|
if(c->inctx) {
|
||||||
|
EVP_CIPHER_CTX_cleanup(c->inctx);
|
||||||
|
free(c->inctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(c->outctx) {
|
||||||
|
EVP_CIPHER_CTX_cleanup(c->outctx);
|
||||||
|
free(c->outctx);
|
||||||
|
}
|
||||||
|
|
||||||
if(c->mychallenge)
|
if(c->mychallenge)
|
||||||
free(c->mychallenge);
|
free(c->mychallenge);
|
||||||
|
|
||||||
if(c->hischallenge)
|
if(c->hischallenge)
|
||||||
free(c->hischallenge);
|
free(c->hischallenge);
|
||||||
|
|
||||||
|
if(c->config_tree)
|
||||||
|
exit_configuration(&c->config_tree);
|
||||||
|
|
||||||
|
if(c->outbuf)
|
||||||
|
free(c->outbuf);
|
||||||
|
|
||||||
|
if(c->rsa_key)
|
||||||
|
RSA_free(c->rsa_key);
|
||||||
|
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
event.c -- event queue
|
event.c -- event queue
|
||||||
Copyright (C) 2002-2006 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2002-2007 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2002-2005 Ivo Timmermans
|
2002-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: event.c 1498 2007-02-14 09:20:20Z guus $
|
$Id: event.c 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
event.h -- header for event.c
|
event.h -- header for event.c
|
||||||
Copyright (C) 2002-2006 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2002-2007 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2002-2005 Ivo Timmermans
|
2002-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: event.h 1498 2007-02-14 09:20:20Z guus $
|
$Id: event.h 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef __TINC_EVENT_H__
|
#ifndef __TINC_EVENT_H__
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
graph.c -- graph algorithms
|
graph.c -- graph algorithms
|
||||||
Copyright (C) 2001-2006 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2001-2007 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2001-2005 Ivo Timmermans
|
2001-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: graph.c 1494 2007-01-05 05:44:01Z guus $
|
$Id: graph.c 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* We need to generate two trees from the graph:
|
/* We need to generate two trees from the graph:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net.c -- most of the network code
|
net.c -- most of the network code
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2006 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: net.c 1498 2007-02-14 09:20:20Z guus $
|
$Id: net.c 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_setup.c -- Setup.
|
net_setup.c -- Setup.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2006 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: net_setup.c 1473 2006-11-29 16:57:46Z guus $
|
$Id: net_setup.c 1596 2008-12-22 20:35:45Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -286,7 +286,7 @@ bool setup_myself(void)
|
||||||
if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice)
|
if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice)
|
||||||
myself->options |= OPTION_TCPONLY;
|
myself->options |= OPTION_TCPONLY;
|
||||||
|
|
||||||
if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice)
|
if(!get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) || choice)
|
||||||
myself->options |= OPTION_PMTU_DISCOVERY;
|
myself->options |= OPTION_PMTU_DISCOVERY;
|
||||||
|
|
||||||
if(myself->options & OPTION_TCPONLY)
|
if(myself->options & OPTION_TCPONLY)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
net_socket.c -- Handle various kinds of sockets.
|
net_socket.c -- Handle various kinds of sockets.
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||||
2000-2007 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: net_socket.c 1508 2007-05-16 14:42:08Z guus $
|
$Id: net_socket.c 1596 2008-12-22 20:35:45Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -102,6 +102,11 @@ int setup_listen_socket(const sockaddr_t *sa)
|
||||||
option = 1;
|
option = 1;
|
||||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
||||||
|
|
||||||
|
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
|
||||||
|
if(sa->sa.sa_family == AF_INET6)
|
||||||
|
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||||
|
#endif
|
||||||
|
|
||||||
if(get_config_string
|
if(get_config_string
|
||||||
(lookup_config(config_tree, "BindToInterface"), &iface)) {
|
(lookup_config(config_tree, "BindToInterface"), &iface)) {
|
||||||
#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
|
#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
|
||||||
|
@ -181,11 +186,16 @@ int setup_vpn_in_socket(const sockaddr_t *sa)
|
||||||
option = 1;
|
option = 1;
|
||||||
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option));
|
||||||
|
|
||||||
|
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
|
||||||
|
if(sa->sa.sa_family == AF_INET6)
|
||||||
|
setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
|
#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
|
||||||
{
|
{
|
||||||
bool choice;
|
bool choice;
|
||||||
|
|
||||||
if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) {
|
if(!get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) || choice) {
|
||||||
option = IP_PMTUDISC_DO;
|
option = IP_PMTUDISC_DO;
|
||||||
setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, &option, sizeof(option));
|
setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, &option, sizeof(option));
|
||||||
}
|
}
|
||||||
|
@ -196,7 +206,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa)
|
||||||
{
|
{
|
||||||
bool choice;
|
bool choice;
|
||||||
|
|
||||||
if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) {
|
if(!get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) || choice) {
|
||||||
option = IPV6_PMTUDISC_DO;
|
option = IPV6_PMTUDISC_DO;
|
||||||
setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option));
|
setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option));
|
||||||
}
|
}
|
||||||
|
@ -300,7 +310,8 @@ begin:
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!c->outgoing->aip) {
|
if(!c->outgoing->aip) {
|
||||||
freeaddrinfo(c->outgoing->ai);
|
if(c->outgoing->ai)
|
||||||
|
freeaddrinfo(c->outgoing->ai);
|
||||||
c->outgoing->ai = NULL;
|
c->outgoing->ai = NULL;
|
||||||
goto begin;
|
goto begin;
|
||||||
}
|
}
|
||||||
|
@ -325,6 +336,12 @@ begin:
|
||||||
goto begin;
|
goto begin;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
|
||||||
|
int option = 1;
|
||||||
|
if(c->address.sa.sa_family == AF_INET6)
|
||||||
|
setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, &option, sizeof option);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Optimize TCP settings */
|
/* Optimize TCP settings */
|
||||||
|
|
||||||
configure_tcp(c);
|
configure_tcp(c);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
process.c -- process management functions
|
process.c -- process management functions
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2006 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: process.c 1499 2007-02-14 09:21:34Z guus $
|
$Id: process.c 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -154,6 +154,9 @@ bool remove_service(void) {
|
||||||
|
|
||||||
DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) {
|
DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) {
|
||||||
switch(request) {
|
switch(request) {
|
||||||
|
case SERVICE_CONTROL_INTERROGATE:
|
||||||
|
SetServiceStatus(statushandle, &status);
|
||||||
|
return NO_ERROR;
|
||||||
case SERVICE_CONTROL_STOP:
|
case SERVICE_CONTROL_STOP:
|
||||||
logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_STOP");
|
logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_STOP");
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_auth.c -- handle the meta-protocol, authentication
|
protocol_auth.c -- handle the meta-protocol, authentication
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2007 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: protocol_auth.c 1508 2007-05-16 14:42:08Z guus $
|
$Id: protocol_auth.c 1596 2008-12-22 20:35:45Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -240,7 +240,7 @@ bool metakey_h(connection_t *c)
|
||||||
/* Decrypt the meta key */
|
/* Decrypt the meta key */
|
||||||
|
|
||||||
if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */
|
if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */
|
||||||
logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"),
|
logger(LOG_ERR, _("Error during decryption of meta key for %s (%s)"),
|
||||||
c->name, c->hostname);
|
c->name, c->hostname);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -483,7 +483,7 @@ bool send_ack(connection_t *c)
|
||||||
if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY)
|
if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY)
|
||||||
c->options |= OPTION_TCPONLY | OPTION_INDIRECT;
|
c->options |= OPTION_TCPONLY | OPTION_INDIRECT;
|
||||||
|
|
||||||
if((get_config_bool(lookup_config(c->config_tree, "PMTUDiscovery"), &choice) && choice) || myself->options & OPTION_PMTU_DISCOVERY)
|
if((!get_config_bool(lookup_config(c->config_tree, "PMTUDiscovery"), &choice) || choice) || myself->options & OPTION_PMTU_DISCOVERY)
|
||||||
c->options |= OPTION_PMTU_DISCOVERY;
|
c->options |= OPTION_PMTU_DISCOVERY;
|
||||||
|
|
||||||
get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
|
get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
protocol_key.c -- handle the meta-protocol, key exchange
|
protocol_key.c -- handle the meta-protocol, key exchange
|
||||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||||
2000-2006 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: protocol_key.c 1452 2006-04-26 13:52:58Z guus $
|
$Id: protocol_key.c 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -134,6 +134,12 @@ bool req_key_h(connection_t *c)
|
||||||
if(tunnelserver)
|
if(tunnelserver)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if(!to->status.reachable) {
|
||||||
|
logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"),
|
||||||
|
"REQ_KEY", c->name, c->hostname, to_name);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
send_req_key(to->nexthop->connection, from, to);
|
send_req_key(to->nexthop->connection, from, to);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -197,6 +203,12 @@ bool ans_key_h(connection_t *c)
|
||||||
if(tunnelserver)
|
if(tunnelserver)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if(!to->status.reachable) {
|
||||||
|
logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"),
|
||||||
|
"ANS_KEY", c->name, c->hostname, to_name);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
return send_request(to->nexthop->connection, "%s", c->buffer);
|
return send_request(to->nexthop->connection, "%s", c->buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
16
src/route.c
16
src/route.c
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: route.c 1461 2006-08-09 22:31:10Z guus $
|
$Id: route.c 1601 2008-12-26 12:46:45Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -376,7 +376,14 @@ static void route_ipv4(node_t *source, vpn_packet_t *packet)
|
||||||
if(!checklength(source, packet, ether_size + ip_size))
|
if(!checklength(source, packet, ether_size + ip_size))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
route_ipv4_unicast(source, packet);
|
if(((packet->data[30] & 0xf0) == 0xe0) ||
|
||||||
|
packet->data[30] == 255 &&
|
||||||
|
packet->data[31] == 255 &&
|
||||||
|
packet->data[32] == 255 &&
|
||||||
|
packet->data[33] == 255)
|
||||||
|
broadcast_packet(source, packet);
|
||||||
|
else
|
||||||
|
route_ipv4_unicast(source, packet);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* RFC 2463 */
|
/* RFC 2463 */
|
||||||
|
@ -645,7 +652,10 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
route_ipv6_unicast(source, packet);
|
if(packet->data[38] == 255)
|
||||||
|
broadcast_packet(source, packet);
|
||||||
|
else
|
||||||
|
route_ipv6_unicast(source, packet);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* RFC 826 */
|
/* RFC 826 */
|
||||||
|
|
24
src/subnet.c
24
src/subnet.c
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
subnet.c -- handle subnet lookups and lists
|
subnet.c -- handle subnet lookups and lists
|
||||||
Copyright (C) 2000-2006 Guus Sliepen <guus@tinc-vpn.org>,
|
Copyright (C) 2000-2007 Guus Sliepen <guus@tinc-vpn.org>,
|
||||||
2000-2005 Ivo Timmermans
|
2000-2005 Ivo Timmermans
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: subnet.c 1459 2006-08-08 13:44:37Z guus $
|
$Id: subnet.c 1595 2008-12-22 20:27:52Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -188,11 +188,17 @@ bool str2net(subnet_t *subnet, const char *subnetstr)
|
||||||
|
|
||||||
if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d",
|
if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d",
|
||||||
&x[0], &x[1], &x[2], &x[3], &l) == 5) {
|
&x[0], &x[1], &x[2], &x[3], &l) == 5) {
|
||||||
|
if(l < 0 || l > 32)
|
||||||
|
return false;
|
||||||
|
|
||||||
subnet->type = SUBNET_IPV4;
|
subnet->type = SUBNET_IPV4;
|
||||||
subnet->net.ipv4.prefixlength = l;
|
subnet->net.ipv4.prefixlength = l;
|
||||||
|
|
||||||
for(i = 0; i < 4; i++)
|
for(i = 0; i < 4; i++) {
|
||||||
|
if(x[i] > 255)
|
||||||
|
return false;
|
||||||
subnet->net.ipv4.address.x[i] = x[i];
|
subnet->net.ipv4.address.x[i] = x[i];
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -200,6 +206,9 @@ bool str2net(subnet_t *subnet, const char *subnetstr)
|
||||||
if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d",
|
if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d",
|
||||||
&x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7],
|
&x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7],
|
||||||
&l) == 9) {
|
&l) == 9) {
|
||||||
|
if(l < 0 || l > 128)
|
||||||
|
return false;
|
||||||
|
|
||||||
subnet->type = SUBNET_IPV6;
|
subnet->type = SUBNET_IPV6;
|
||||||
subnet->net.ipv6.prefixlength = l;
|
subnet->net.ipv6.prefixlength = l;
|
||||||
|
|
||||||
|
@ -213,8 +222,11 @@ bool str2net(subnet_t *subnet, const char *subnetstr)
|
||||||
subnet->type = SUBNET_IPV4;
|
subnet->type = SUBNET_IPV4;
|
||||||
subnet->net.ipv4.prefixlength = 32;
|
subnet->net.ipv4.prefixlength = 32;
|
||||||
|
|
||||||
for(i = 0; i < 4; i++)
|
for(i = 0; i < 4; i++) {
|
||||||
|
if(x[i] > 255)
|
||||||
|
return false;
|
||||||
subnet->net.ipv4.address.x[i] = x[i];
|
subnet->net.ipv4.address.x[i] = x[i];
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -348,6 +360,8 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address)
|
||||||
/* Otherwise, see if there is a bigger enclosing subnet */
|
/* Otherwise, see if there is a bigger enclosing subnet */
|
||||||
|
|
||||||
subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1;
|
subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1;
|
||||||
|
if(subnet.net.ipv4.prefixlength < 0 || subnet.net.ipv4.prefixlength > 32)
|
||||||
|
return NULL;
|
||||||
maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t));
|
maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -384,6 +398,8 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address)
|
||||||
/* Otherwise, see if there is a bigger enclosing subnet */
|
/* Otherwise, see if there is a bigger enclosing subnet */
|
||||||
|
|
||||||
subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1;
|
subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1;
|
||||||
|
if(subnet.net.ipv6.prefixlength < 0 || subnet.net.ipv6.prefixlength > 128)
|
||||||
|
return NULL;
|
||||||
maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t));
|
maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
18
src/tincd.c
18
src/tincd.c
|
@ -1,7 +1,7 @@
|
||||||
/*
|
/*
|
||||||
tincd.c -- the main file for tincd
|
tincd.c -- the main file for tincd
|
||||||
Copyright (C) 1998-2005 Ivo Timmermans
|
Copyright (C) 1998-2005 Ivo Timmermans
|
||||||
2000-2007 Guus Sliepen <guus@tinc-vpn.org>
|
2000-2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: tincd.c 1496 2007-01-05 13:18:36Z guus $
|
$Id: tincd.c 1600 2008-12-23 23:14:37Z guus $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "system.h"
|
#include "system.h"
|
||||||
|
@ -408,7 +408,7 @@ int main(int argc, char **argv)
|
||||||
if(show_version) {
|
if(show_version) {
|
||||||
printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE,
|
printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE,
|
||||||
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
VERSION, __DATE__, __TIME__, PROT_CURRENT);
|
||||||
printf(_("Copyright (C) 1998-2007 Ivo Timmermans, Guus Sliepen and others.\n"
|
printf(_("Copyright (C) 1998-2008 Ivo Timmermans, Guus Sliepen and others.\n"
|
||||||
"See the AUTHORS file for a complete list.\n\n"
|
"See the AUTHORS file for a complete list.\n\n"
|
||||||
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
|
||||||
"and you are welcome to redistribute it under certain conditions;\n"
|
"and you are welcome to redistribute it under certain conditions;\n"
|
||||||
|
@ -510,7 +510,19 @@ end:
|
||||||
remove_pid(pidfilename);
|
remove_pid(pidfilename);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (identname) free(identname);
|
||||||
|
if (netname) free(netname);
|
||||||
|
if (pidfilename) free(pidfilename);
|
||||||
|
if (logfilename) free(logfilename);
|
||||||
|
if (myport) free(myport);
|
||||||
|
if (device) free(device);
|
||||||
|
if (confbase) free(confbase);
|
||||||
|
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
|
ENGINE_cleanup();
|
||||||
|
CRYPTO_cleanup_all_ex_data();
|
||||||
|
ERR_remove_state(0);
|
||||||
|
ERR_free_strings();
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue