lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Upstream version 1.0.8

Browse source
This commit is contained in:
Guus Sliepen 2019-08-26 13:44:38 +02:00
parent 77e8278660
commit 6276954b04
21 changed files with 390 additions and 245 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
doc/sample-config.tar.gz
View file

Binary file not shown.

160
doc/tinc.info
View file

@ -5,7 +5,7 @@ START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.7, a Virtual Private
This is the info manual for tinc version 1.0.8, a Virtual Private
Network daemon.
Copyright (C) 1998-2006 Ivo Timmermans, Guus Sliepen
@ -662,16 +662,15 @@ means that you call tincd with the -n argument, which will assign a
netname to this daemon.
The effect of this is that the daemon will set its configuration
root to `/usr/local/etc/tinc/NETNAME/', where NETNAME is your argument
to the -n option. You'll notice that it appears in syslog as
`tinc.NETNAME'.
root to `/etc/tinc/NETNAME/', where NETNAME is your argument to the -n
option. You'll notice that it appears in syslog as `tinc.NETNAME'.
However, it is not strictly necessary that you call tinc with the -n
option. In this case, the network name would just be empty, and it will
be used as such. tinc now looks for files in `/usr/local/etc/tinc/',
instead of `/usr/local/etc/tinc/NETNAME/'; the configuration file
should be `/usr/local/etc/tinc/tinc.conf', and the host configuration
files are now expected to be in `/usr/local/etc/tinc/hosts/'.
be used as such. tinc now looks for files in `/etc/tinc/', instead of
`/etc/tinc/NETNAME/'; the configuration file should be
`/etc/tinc/tinc.conf', and the host configuration files are now
expected to be in `/etc/tinc/hosts/'.
But it is highly recommended that you use this feature of tinc,
because it will be so much clearer whom your daemon talks to. Hence,
@ -708,8 +707,8 @@ File: tinc.info, Node: Configuration files, Next: Generating keypairs, Prev:
=======================
The actual configuration of the daemon is done in the file
`/usr/local/etc/tinc/NETNAME/tinc.conf' and at least one other file in
the directory `/usr/local/etc/tinc/NETNAME/hosts/'.
`/etc/tinc/NETNAME/tinc.conf' and at least one other file in the
directory `/etc/tinc/NETNAME/hosts/'.
These file consists of comments (lines started with a #) or
assignments in the form of
@ -867,7 +866,7 @@ PrivateKey = <KEY> [obsolete]
This prevents accidental eavesdropping if you are editting the
configuration file.
PrivateKeyFile = <PATH> (`/usr/local/etc/tinc/NETNAME/rsa_key.priv')
PrivateKeyFile = <PATH> (`/etc/tinc/NETNAME/rsa_key.priv')
This is the full path name of the RSA private key file that was
generated by `tincd --generate-keys'. It must be a full path, not
a relative directory.
@ -879,7 +878,7 @@ TunnelServer = <yes|no> (no) [experimental]
When this option is enabled tinc will no longer forward
information between other tinc daemons, and will only allow nodes
and subnets on the VPN which are present in the
`/usr/local/etc/tinc/NETNAME/hosts/' directory.
`/etc/tinc/NETNAME/hosts/' directory.

@ -982,7 +981,7 @@ Apart from reading the server and host configuration files, tinc can
also run scripts at certain moments. Under Windows (not Cygwin), the
scripts should have the extension .bat.
`/usr/local/etc/tinc/NETNAME/tinc-up'
`/etc/tinc/NETNAME/tinc-up'
This is the most important script. If it is present it will be
executed right after the tinc daemon has been started and has
connected to the virtual network device. It should be used to set
@ -990,29 +989,29 @@ scripts should have the extension .bat.
start other things. Under Windows you can use the Network
Connections control panel instead of creating this script.
`/usr/local/etc/tinc/NETNAME/tinc-down'
`/etc/tinc/NETNAME/tinc-down'
This script is started right before the tinc daemon quits.
`/usr/local/etc/tinc/NETNAME/hosts/HOST-up'
`/etc/tinc/NETNAME/hosts/HOST-up'
This script is started when the tinc daemon with name HOST becomes
reachable.
`/usr/local/etc/tinc/NETNAME/hosts/HOST-down'
`/etc/tinc/NETNAME/hosts/HOST-down'
This script is started when the tinc daemon with name HOST becomes
unreachable.
`/usr/local/etc/tinc/NETNAME/host-up'
`/etc/tinc/NETNAME/host-up'
This script is started when any host becomes reachable.
`/usr/local/etc/tinc/NETNAME/host-down'
`/etc/tinc/NETNAME/host-down'
This script is started when any host becomes unreachable.
`/usr/local/etc/tinc/NETNAME/subnet-up'
`/etc/tinc/NETNAME/subnet-up'
This script is started when a Subnet becomes reachable. The
Subnet and the node it belongs to are passed in environment
variables.
`/usr/local/etc/tinc/NETNAME/subnet-down'
`/etc/tinc/NETNAME/subnet-down'
This script is started when a Subnet becomes unreachable.
The scripts are started without command line arguments, but can make
@ -1060,8 +1059,8 @@ Step 1. Creating the main configuration file
.............................................
The main configuration file will be called
`/usr/local/etc/tinc/NETNAME/tinc.conf'. Adapt the following example
to create a basic configuration file:
`/etc/tinc/NETNAME/tinc.conf'. Adapt the following example to create a
basic configuration file:
Name = YOURNAME
Device = `/dev/tap0'
@ -1074,8 +1073,8 @@ Step 2. Creating your host configuration file
If you added a line containing `Name = yourname' in the main
configuarion file, you will need to create a host configuration file
`/usr/local/etc/tinc/NETNAME/hosts/yourname'. Adapt the following
example to create a host configuration file:
`/etc/tinc/NETNAME/hosts/yourname'. Adapt the following example to
create a host configuration file:
Address = your.real.hostname.org
Subnet = 192.168.1.0/24
@ -1122,10 +1121,10 @@ Network Connections control panel.
You can configure the network interface by putting ordinary
ifconfig, route, and other commands to a script named
`/usr/local/etc/tinc/NETNAME/tinc-up'. When tinc starts, this script
will be executed. When tinc exits, it will execute the script named
`/usr/local/etc/tinc/NETNAME/tinc-down', but normally you don't need to
create that script.
`/etc/tinc/NETNAME/tinc-up'. When tinc starts, this script will be
executed. When tinc exits, it will execute the script named
`/etc/tinc/NETNAME/tinc-down', but normally you don't need to create
that script.
An example `tinc-up' script:
@ -1181,19 +1180,19 @@ For Branch A
_BranchA_ would be configured like this:
In `/usr/local/etc/tinc/company/tinc-up':
In `/etc/tinc/company/tinc-up':
# Real interface of internal network:
# ifconfig eth0 10.1.54.1 netmask 255.255.0.0
ifconfig $INTERFACE 10.1.54.1 netmask 255.0.0.0
and in `/usr/local/etc/tinc/company/tinc.conf':
and in `/etc/tinc/company/tinc.conf':
Name = BranchA
Device = /dev/tap0
On all hosts, `/usr/local/etc/tinc/company/hosts/BranchA' contains:
On all hosts, `/etc/tinc/company/hosts/BranchA' contains:
Subnet = 10.1.0.0/16
Address = 1.2.3.4
@ -1211,14 +1210,14 @@ since that will make things a lot easier to remember and set up.
For Branch B
............
In `/usr/local/etc/tinc/company/tinc-up':
In `/etc/tinc/company/tinc-up':
# Real interface of internal network:
# ifconfig eth0 10.2.43.8 netmask 255.255.0.0
ifconfig $INTERFACE 10.2.1.12 netmask 255.0.0.0
and in `/usr/local/etc/tinc/company/tinc.conf':
and in `/etc/tinc/company/tinc.conf':
Name = BranchB
ConnectTo = BranchA
@ -1227,7 +1226,7 @@ In `/usr/local/etc/tinc/company/tinc-up':
same as on the tap0 device. Also, ConnectTo is given so that no-one can
connect to this node.
On all hosts, in `/usr/local/etc/tinc/company/hosts/BranchB':
On all hosts, in `/etc/tinc/company/hosts/BranchB':
Subnet = 10.2.0.0/16
Address = 2.3.4.5
@ -1239,14 +1238,14 @@ connect to this node.
For Branch C
............
In `/usr/local/etc/tinc/company/tinc-up':
In `/etc/tinc/company/tinc-up':
# Real interface of internal network:
# ifconfig eth0 10.3.69.254 netmask 255.255.0.0
ifconfig $INTERFACE 10.3.69.254 netmask 255.0.0.0
and in `/usr/local/etc/tinc/company/tinc.conf':
and in `/etc/tinc/company/tinc.conf':
Name = BranchC
ConnectTo = BranchA
@ -1256,7 +1255,7 @@ In `/usr/local/etc/tinc/company/tinc-up':
reserve another port for tinc. It knows the portnumber it has to listen
on from it's own host configuration file.
On all hosts, in `/usr/local/etc/tinc/company/hosts/BranchC':
On all hosts, in `/etc/tinc/company/hosts/BranchC':
Address = 3.4.5.6
Subnet = 10.3.0.0/16
@ -1269,14 +1268,14 @@ on from it's own host configuration file.
For Branch D
............
In `/usr/local/etc/tinc/company/tinc-up':
In `/etc/tinc/company/tinc-up':
# Real interface of internal network:
# ifconfig eth0 10.4.3.32 netmask 255.255.0.0
ifconfig $INTERFACE 10.4.3.32 netmask 255.0.0.0
and in `/usr/local/etc/tinc/company/tinc.conf':
and in `/etc/tinc/company/tinc.conf':
Name = BranchD
ConnectTo = BranchC
@ -1288,7 +1287,7 @@ configuration file. Also note that since D uses the tun/tap driver,
the network interface will not be called `tun' or `tap0' or something
like that, but will have the same name as netname.
On all hosts, in `/usr/local/etc/tinc/company/hosts/BranchD':
On all hosts, in `/etc/tinc/company/hosts/BranchD':
Subnet = 10.4.0.0/16
Address = 4.5.6.7
@ -1305,12 +1304,11 @@ following command:
tincd -n company -K
The private key is stored in
`/usr/local/etc/tinc/company/rsa_key.priv', the public key is put into
the host configuration file in the `/usr/local/etc/tinc/company/hosts/'
directory. During key generation, tinc automatically guesses the right
filenames based on the -n option and the Name directive in the
`tinc.conf' file (if it is available).
The private key is stored in `/etc/tinc/company/rsa_key.priv', the
public key is put into the host configuration file in the
`/etc/tinc/company/hosts/' directory. During key generation, tinc
automatically guesses the right filenames based on the -n option and
the Name directive in the `tinc.conf' file (if it is available).
Starting
........
@ -1357,7 +1355,7 @@ command line options.
`-c, --config=PATH'
Read configuration options from the directory PATH. The default is
`/usr/local/etc/tinc/NETNAME/'.
`/etc/tinc/NETNAME/'.
`-D, --no-detach'
Don't fork and detach. This will also disable the automatic
@ -1392,10 +1390,10 @@ command line options.
`--logfile[=FILE]'
Write log entries to a file instead of to the system logging
facility. If FILE is omitted, the default is
`/usr/local/var/log/tinc.NETNAME.log'.
`/var/log/tinc.NETNAME.log'.
`--pidfile=FILE'
Write PID to FILE instead of `/usr/local/var/run/tinc.NETNAME.pid'.
Write PID to FILE instead of `/var/run/tinc.NETNAME.pid'.
`--bypass-security'
Disables encryption and authentication. Only useful for debugging.
@ -2397,37 +2395,37 @@ Node: Other files21534
Node: Configuration22147
Node: Configuration introduction22458
Node: Multiple networks23731
Node: How connections work25207
Node: Configuration files26429
Node: Main configuration variables27456
Node: Host configuration variables33953
Node: Scripts38249
Node: How to configure41008
Node: Generating keypairs42291
Node: Network interfaces42790
Node: Example configuration44658
Node: Running tinc50110
Node: Runtime options50700
Node: Signals52737
Node: Debug levels53806
Node: Solving problems54742
Node: Error messages56172
Node: Sending bug reports60494
Node: Technical information61446
Node: The connection61677
Node: The UDP tunnel61989
Node: The meta-connection65050
Node: The meta-protocol66519
Node: Security71528
Node: Authentication protocol72658
Node: Encryption of network packets77662
Node: Security issues79035
Node: Platform specific information80652
Node: Interface configuration80880
Node: Routes82779
Node: About us84695
Node: Contact information84870
Node: Authors85274
Node: Concept Index85700
Node: How connections work25157
Node: Configuration files26379
Node: Main configuration variables27386
Node: Host configuration variables33863
Node: Scripts38159
Node: How to configure40838
Node: Generating keypairs42101
Node: Network interfaces42600
Node: Example configuration44448
Node: Running tinc49760
Node: Runtime options50350
Node: Signals52357
Node: Debug levels53426
Node: Solving problems54362
Node: Error messages55792
Node: Sending bug reports60114
Node: Technical information61066
Node: The connection61297
Node: The UDP tunnel61609
Node: The meta-connection64670
Node: The meta-protocol66139
Node: Security71148
Node: Authentication protocol72278
Node: Encryption of network packets77282
Node: Security issues78655
Node: Platform specific information80272
Node: Interface configuration80500
Node: Routes82399
Node: About us84315
Node: Contact information84490
Node: Authors84894
Node: Concept Index85320

End Tag Table