Import Upstream version 1.0.17

This commit is contained in:
Guus Sliepen 2019-08-26 13:44:41 +02:00
parent bb1aebd963
commit b9a1c8df12
61 changed files with 3238 additions and 1255 deletions

View file

@ -1,9 +1,9 @@
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# Makefile.in generated by automake 1.11.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -40,7 +40,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@ -81,6 +81,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
@ -408,9 +414,7 @@ uninstall-man5:
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
test -z "$$files" || { \
echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
install-man8: $(man_MANS)
@$(NORMAL_INSTALL)
test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
@ -446,9 +450,7 @@ uninstall-man8:
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
test -z "$$files" || { \
echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
tags: TAGS
TAGS:
@ -519,10 +521,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
@ -582,13 +589,14 @@ install-html-am: $(HTMLS)
for p in $$list; do \
if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \
$(am__strip_dir) \
if test -d "$$d$$p"; then \
d2=$$d$$p; \
if test -d "$$d2"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \
$(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \
echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \
$(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \
echo " $(INSTALL_DATA) '$$d2'/* '$(DESTDIR)$(htmldir)/$$f'"; \
$(INSTALL_DATA) "$$d2"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \
else \
list2="$$list2 $$d$$p"; \
list2="$$list2 $$d2"; \
fi; \
done; \
test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \
@ -620,8 +628,13 @@ install-info-am: $(INFO_DEPS)
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done
@$(POST_INSTALL)
@if (install-info --version && \
install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
@am__run_installinfo=yes; \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) am__run_installinfo=no;; \
*) (install-info --version) >/dev/null 2>&1 \
|| am__run_installinfo=no;; \
esac; \
if test $$am__run_installinfo = yes; then \
list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
for file in $$list; do \
relfile=`echo "$$file" | sed 's|^.*/||'`; \

Binary file not shown.

File diff suppressed because it is too large Load diff

View file

@ -133,7 +133,10 @@ IPv6 listening sockets will be created.
If your computer has more than one IPv4 or IPv6 address,
.Nm tinc
will by default listen on all of them for incoming connections.
It is possible to bind only to a single address with this variable.
Multiple
.Va BindToAddress
variables may be specified,
in which case listening sockets for each specified address are made.
.Pp
This option may not work on all platforms.
@ -147,6 +150,9 @@ It is possible to bind only to a single interface with this variable.
.Pp
This option may not work on all platforms.
.It Va Broadcast Li = yes | no Po yes Pc Bq experimental
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
.It Va ConnectTo Li = Ar name
Specifies which other tinc daemon to connect to on startup.
Multiple
@ -165,6 +171,14 @@ If you don't specify a host with
won't try to connect to other daemons at all,
and will instead just listen for incoming connections.
.It Va DecrementTTL Li = yes | no Po yes Pc
When enabled,
.Nm tinc
will decrement the Time To Live field in IPv4 packets, or the Hop Limit field in IPv6 packets,
before forwarding a received packet to the virtual network device or to another node,
and will drop packets that have a TTL value of zero,
in which case it will send an ICMP Time Exceeded packet back.
.It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc
The virtual network device to use.
.Nm tinc
@ -177,30 +191,65 @@ instead of
The info pages of the tinc package contain more information
about configuring the virtual network device.
.It Va DeviceType Li = tun | tunnohead | tunifhead | tap Po only supported on BSD platforms Pc
.It Va DeviceType Li = Ar type Pq platform dependent
The type of the virtual network device.
Tinc will normally automatically select the right type, and this option should not be used.
However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
using this option might help.
Tinc will normally automatically select the right type of tun/tap interface, and this option should not be used.
However, this option can be used to select one of the special interface types, if support for them is compiled in.
.Bl -tag -width indent
.It tun
.It dummy
Use a dummy interface.
No packets are ever read or written to a virtual network device.
Useful for testing, or when setting up a node that only forwards packets for other nodes.
.It raw_socket
Open a raw socket, and bind it to a pre-existing
.Va Interface
(eth0 by default).
All packets are read from this interface.
Packets received for the local node are written to the raw socket.
However, at least on Linux, the operating system does not process IP packets destined for the local host.
.It uml Pq not compiled in by default
Create a UNIX socket with the filename specified by
.Va Device ,
or
.Pa @localstatedir@/run/ Ns Ar NETNAME Ns Pa .umlsocket
if not specified.
.Nm tinc
will wait for a User Mode Linux instance to connect to this socket.
.It vde Pq not compiled in by default
Uses the libvdeplug library to connect to a Virtual Distributed Ethernet switch,
using the UNIX socket specified by
.Va Device ,
or
.Pa @localstatedir@/run/vde.ctl
if not specified.
.El
Also, in case tinc does not seem to correctly interpret packets received from the virtual network device,
it can be used to change the way packets are interpreted:
.Bl -tag -width indent
.It tun Pq BSD and Linux
Set type to tun.
Depending on the platform, this can either be with or without an address family header (see below).
.It tunnohead
.It tunnohead Pq BSD
Set type to tun without an address family header.
Tinc will expect packets read from the virtual network device to start with an IP header.
On some platforms IPv6 packets cannot be read from or written to the device in this mode.
.It tunifhead
.It tunifhead Pq BSD
Set type to tun with an address family header.
Tinc will expect packets read from the virtual network device
to start with a four byte header containing the address family,
followed by an IP header.
This mode should support both IPv4 and IPv6 packets.
.It tap
.It tap Pq BSD and Linux
Set type to tap.
Tinc will expect packets read from the virtual network device
to start with an Ethernet header.
@ -271,6 +320,18 @@ This option controls the period the encryption keys used to encrypt the data are
It is common practice to change keys at regular intervals to make it even harder for crackers,
even though it is thought to be nearly impossible to crack a single key.
.It Va LocalDiscovery Li = yes | no Po no Pc Bq experimental
When enabled,
.Nm tinc
will try to detect peers that are on the same local network.
This will allow direct communication using LAN addresses, even if both peers are behind a NAT
and they only ConnectTo a third node outside the NAT,
which normally would prevent the peers from learning each other's LAN address.
.Pp
Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
This feature may not work in all possible situations.
.It Va MACExpire Li = Ar seconds Pq 600
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when

View file

@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.15, a Virtual Private
This is the info manual for tinc version 1.0.17, a Virtual Private
Network daemon.
Copyright (C) 1998-2011 Ivo Timmermans, Guus Sliepen
Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
Permission is granted to make and distribute verbatim copies of this
@ -686,8 +686,9 @@ AddressFamily = <ipv4|ipv6|any> (any)
BindToAddress = <ADDRESS> [experimental]
If your computer has more than one IPv4 or IPv6 address, tinc will
by default listen on all of them for incoming connections. It is
possible to bind only to a single address with this variable.
by default listen on all of them for incoming connections.
Multiple BindToAddress variables may be specified, in which case
listening sockets for each specified address are made.
This option may not work on all platforms.
@ -699,6 +700,10 @@ BindToInterface = <INTERFACE> [experimental]
This option may not work on all platforms.
Broadcast = <yes | no> (yes) [experimental]
When disabled, tinc will drop all broadcast and multicast packets,
in both router and switch mode.
ConnectTo = <NAME>
Specifies which other tinc daemon to connect to on startup.
Multiple ConnectTo variables may be specified, in which case
@ -710,6 +715,13 @@ ConnectTo = <NAME>
connect to other daemons at all, and will instead just listen for
incoming connections.
DecrementTTL = <yes | no> (yes)
When enabled, tinc will decrement the Time To Live field in IPv4
packets, or the Hop Limit field in IPv6 packets, before forwarding
a received packet to the virtual network device or to another node,
and will drop packets that have a TTL value of zero, in which case
it will send an ICMP Time Exceeded packet back.
Device = <DEVICE> (`/dev/tap0', `/dev/net/tun' or other depending on platform)
The virtual network device to use. Tinc will automatically detect
what kind of device it is. Note that you can only use one device
@ -717,31 +729,57 @@ Device = <DEVICE> (`/dev/tap0', `/dev/net/tun' or other depending on platform)
that you can only use one device per daemon. See also *note
Device files::.
DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms)
DeviceType = <TYPE> (platform dependent)
The type of the virtual network device. Tinc will normally
automatically select the right type, and this option should not be
used. However, in case tinc does not seem to correctly interpret
packets received from the virtual network device, using this
option might help.
automatically select the right type of tun/tap interface, and this
option should not be used. However, this option can be used to
select one of the special interface types, if support for them is
compiled in.
tun
dummy
Use a dummy interface. No packets are ever read or written
to a virtual network device. Useful for testing, or when
setting up a node that only forwards packets for other nodes.
raw_socket
Open a raw socket, and bind it to a pre-existing INTERFACE
(eth0 by default). All packets are read from this interface.
Packets received for the local node are written to the raw
socket. However, at least on Linux, the operating system
does not process IP packets destined for the local host.
uml (not compiled in by default)
Create a UNIX socket with the filename specified by DEVICE,
or `/var/run/NETNAME.umlsocket' if not specified. Tinc will
wait for a User Mode Linux instance to connect to this socket.
vde (not compiled in by default)
Uses the libvdeplug library to connect to a Virtual
Distributed Ethernet switch, using the UNIX socket specified
by DEVICE, or `/var/run/vde.ctl' if not specified.
Also, in case tinc does not seem to correctly interpret packets
received from the virtual network device, it can be used to change
the way packets are interpreted:
tun (BSD and Linux)
Set type to tun. Depending on the platform, this can either
be with or without an address family header (see below).
tunnohead
tunnohead (BSD)
Set type to tun without an address family header. Tinc will
expect packets read from the virtual network device to start
with an IP header. On some platforms IPv6 packets cannot be
read from or written to the device in this mode.
tunifhead
tunifhead (BSD)
Set type to tun with an address family header. Tinc will
expect packets read from the virtual network device to start
with a four byte header containing the address family,
followed by an IP header. This mode should support both IPv4
and IPv6 packets.
tap
tap (BSD and Linux)
Set type to tap. Tinc will expect packets read from the
virtual network device to start with an Ethernet header.
@ -798,6 +836,17 @@ Interface = <INTERFACE>
interface will be used. If you specified a Device, this variable
is almost always already correctly set.
LocalDiscovery = <yes | no> (no) [experimental]
When enabled, tinc will try to detect peers that are on the same
local network. This will allow direct communication using LAN
addresses, even if both peers are behind a NAT and they only
ConnectTo a third node outside the NAT, which normally would
prevent the peers from learning each other's LAN address.
Currently, local discovery is implemented by sending broadcast
packets to the LAN during path MTU discovery. This feature may
not work in all possible situations.
Mode = <router|switch|hub> (router)
This option selects the way packets are routed to other daemons.
@ -1443,6 +1492,13 @@ command line options.
(you can use the -c or -n option in combination with -K). After
that, tinc will quit.
`-o, --option=[HOST.]KEY=VALUE'
Without specifying a HOST, this will set server configuration
variable KEY to VALUE. If specified as HOST.KEY=VALUE, this will
set the host configuration variable KEY of the host named HOST to
VALUE. This option can be used more than once to specify multiple
configuration variables.
`-L, --mlock'
Lock tinc into main memory. This will prevent sensitive data like
shared private keys to be written to the system swap
@ -2290,7 +2346,9 @@ Concept Index
* BindToAddress: Main configuration variables.
(line 12)
* BindToInterface: Main configuration variables.
(line 19)
(line 20)
* Broadcast: Main configuration variables.
(line 28)
* Cabal: Security. (line 6)
* CHAL_REPLY: Authentication protocol.
(line 10)
@ -2309,23 +2367,27 @@ Concept Index
(line 24)
* connection: The connection. (line 6)
* ConnectTo: Main configuration variables.
(line 27)
(line 32)
* daemon: Running tinc. (line 11)
* data-protocol: The meta-connection. (line 18)
* debug level: Runtime options. (line 17)
* debug levels: Debug levels. (line 6)
* DecrementTTL: Main configuration variables.
(line 43)
* DEL_EDGE: The meta-protocol. (line 47)
* DEL_SUBNET: The meta-protocol. (line 47)
* DEVICE: Scripts. (line 55)
* Device: Main configuration variables.
(line 38)
(line 50)
* device files: Device files. (line 6)
* DeviceType: Main configuration variables.
(line 45)
(line 57)
* Digest: Host configuration variables.
(line 29)
* DirectOnly: Main configuration variables.
(line 73)
(line 111)
* dummy: Main configuration variables.
(line 64)
* encapsulating: The UDP tunnel. (line 30)
* encryption: Encryption of network packets.
(line 6)
@ -2333,42 +2395,44 @@ Concept Index
* example: Example configuration.
(line 6)
* Forwarding: Main configuration variables.
(line 80)
(line 118)
* frame type: The UDP tunnel. (line 6)
* GraphDumpFile: Main configuration variables.
(line 100)
(line 138)
* Hostnames: Main configuration variables.
(line 108)
(line 146)
* hub: Main configuration variables.
(line 149)
(line 198)
* ID: Authentication protocol.
(line 10)
* IndirectData: Host configuration variables.
(line 34)
* INTERFACE: Scripts. (line 58)
* Interface: Main configuration variables.
(line 118)
(line 156)
* IRC: Contact information. (line 9)
* key generation: Generating keypairs. (line 6)
* KEY_CHANGED: The meta-protocol. (line 64)
* KeyExpire: Main configuration variables.
(line 154)
(line 203)
* libraries: Libraries. (line 6)
* license: OpenSSL. (line 36)
* LocalDiscovery: Main configuration variables.
(line 164)
* lzo: lzo. (line 6)
* MACExpire: Main configuration variables.
(line 160)
(line 209)
* MACLength: Host configuration variables.
(line 42)
* meta-protocol: The meta-connection. (line 18)
* META_KEY: Authentication protocol.
(line 10)
* Mode: Main configuration variables.
(line 126)
(line 175)
* multiple networks: Multiple networks. (line 6)
* NAME: Scripts. (line 52)
* Name: Main configuration variables.
(line 165)
(line 214)
* netmask: Network interfaces. (line 34)
* NETNAME: Scripts. (line 49)
* netname: Multiple networks. (line 6)
@ -2381,9 +2445,9 @@ Concept Index
(line 67)
* PING: The meta-protocol. (line 89)
* PingInterval: Main configuration variables.
(line 170)
(line 219)
* PingTimeout: Main configuration variables.
(line 174)
(line 223)
* platforms: Supported platforms. (line 6)
* PMTU: Host configuration variables.
(line 47)
@ -2394,28 +2458,30 @@ Concept Index
(line 55)
* port numbers: Other files. (line 17)
* PriorityInheritance: Main configuration variables.
(line 180)
(line 229)
* private: Virtual Private Networks.
(line 10)
* PrivateKey: Main configuration variables.
(line 185)
(line 234)
* PrivateKeyFile: Main configuration variables.
(line 191)
(line 240)
* ProcessPriority: Main configuration variables.
(line 199)
(line 248)
* PublicKey: Host configuration variables.
(line 59)
* PublicKeyFile: Host configuration variables.
(line 62)
* raw_socket: Main configuration variables.
(line 69)
* release: Supported platforms. (line 14)
* REMOTEADDRESS: Scripts. (line 67)
* REMOTEPORT: Scripts. (line 70)
* ReplayWindow: Main configuration variables.
(line 204)
(line 253)
* REQ_KEY: The meta-protocol. (line 64)
* requirements: Libraries. (line 6)
* router: Main configuration variables.
(line 129)
(line 178)
* runtime options: Runtime options. (line 9)
* scalability: tinc. (line 19)
* scripts: Scripts. (line 6)
@ -2423,7 +2489,7 @@ Concept Index
(line 18)
* signals: Signals. (line 6)
* StrictSubnets: Main configuration variables.
(line 215)
(line 264)
* SUBNET: Scripts. (line 74)
* Subnet: Host configuration variables.
(line 74)
@ -2431,7 +2497,7 @@ Concept Index
(line 97)
* SVPN: Security. (line 11)
* switch: Main configuration variables.
(line 138)
(line 187)
* TCP: The meta-connection. (line 10)
* TCPonly: Host configuration variables.
(line 104)
@ -2443,20 +2509,24 @@ Concept Index
* tincd: tinc. (line 14)
* traditional VPNs: tinc. (line 19)
* tunifhead: Main configuration variables.
(line 62)
(line 100)
* TunnelServer: Main configuration variables.
(line 220)
(line 269)
* tunnohead: Main configuration variables.
(line 56)
(line 94)
* UDP <1>: Encryption of network packets.
(line 12)
* UDP: The UDP tunnel. (line 30)
* UDPRcvBuf: Main configuration variables.
(line 227)
(line 276)
* UDPSndBuf: Main configuration variables.
(line 232)
(line 281)
* UML: Main configuration variables.
(line 76)
* Universal tun/tap: Configuration of Linux kernels.
(line 6)
* VDE: Main configuration variables.
(line 81)
* virtual: Virtual Private Networks.
(line 18)
* virtual network device: The UDP tunnel. (line 6)
@ -2502,34 +2572,34 @@ Node: Multiple networks21169
Node: How connections work22595
Node: Configuration files23817
Node: Main configuration variables25204
Node: Host configuration variables35709
Node: Scripts41120
Node: How to configure43890
Node: Generating keypairs45153
Node: Network interfaces45652
Node: Example configuration47500
Node: Running tinc52823
Node: Runtime options53413
Node: Signals56369
Node: Debug levels57561
Node: Solving problems58497
Node: Error messages60049
Node: Sending bug reports64062
Node: Technical information65014
Node: The connection65245
Node: The UDP tunnel65557
Node: The meta-connection68618
Node: The meta-protocol70087
Node: Security75096
Node: Authentication protocol76226
Node: Encryption of network packets81230
Node: Security issues82603
Node: Platform specific information84220
Node: Interface configuration84448
Node: Routes86347
Node: About us88263
Node: Contact information88438
Node: Authors88842
Node: Concept Index89247
Node: Host configuration variables38105
Node: Scripts43516
Node: How to configure46286
Node: Generating keypairs47549
Node: Network interfaces48048
Node: Example configuration49896
Node: Running tinc55219
Node: Runtime options55809
Node: Signals59109
Node: Debug levels60301
Node: Solving problems61237
Node: Error messages62789
Node: Sending bug reports66802
Node: Technical information67754
Node: The connection67985
Node: The UDP tunnel68297
Node: The meta-connection71358
Node: The meta-protocol72827
Node: Security77836
Node: Authentication protocol78966
Node: Encryption of network packets83970
Node: Security issues85343
Node: Platform specific information86960
Node: Interface configuration87188
Node: Routes89087
Node: About us91003
Node: Contact information91178
Node: Authors91582
Node: Concept Index91987

End Tag Table

View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2011 Ivo Timmermans,
Copyright @copyright{} 1998-2012 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2011 Ivo Timmermans,
Copyright @copyright{} 1998-2012 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -759,7 +759,8 @@ both IPv4 and IPv6 or just IPv6 listening sockets will be created.
@item BindToAddress = <@var{address}> [experimental]
If your computer has more than one IPv4 or IPv6 address, tinc
will by default listen on all of them for incoming connections.
It is possible to bind only to a single address with this variable.
Multiple BindToAddress variables may be specified,
in which case listening sockets for each specified address are made.
This option may not work on all platforms.
@ -772,6 +773,10 @@ variable.
This option may not work on all platforms.
@cindex Broadcast
@item Broadcast = <yes | no> (yes) [experimental]
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
@cindex ConnectTo
@item ConnectTo = <@var{name}>
Specifies which other tinc daemon to connect to on startup.
@ -784,6 +789,13 @@ If you don't specify a host with ConnectTo,
tinc won't try to connect to other daemons at all,
and will instead just listen for incoming connections.
@cindex DecrementTTL
@item DecrementTTL = <yes | no> (yes)
When enabled, tinc will decrement the Time To Live field in IPv4 packets, or the Hop Limit field in IPv6 packets,
before forwarding a received packet to the virtual network device or to another node,
and will drop packets that have a TTL value of zero,
in which case it will send an ICMP Time Exceeded packet back.
@cindex Device
@item Device = <@var{device}> (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform)
The virtual network device to use.
@ -794,32 +806,64 @@ Note that you can only use one device per daemon.
See also @ref{Device files}.
@cindex DeviceType
@item DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms)
@item DeviceType = <@var{type}> (platform dependent)
The type of the virtual network device.
Tinc will normally automatically select the right type, and this option should not be used.
However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
using this option might help.
Tinc will normally automatically select the right type of tun/tap interface, and this option should not be used.
However, this option can be used to select one of the special interface types, if support for them is compiled in.
@table @asis
@item tun
@cindex dummy
@item dummy
Use a dummy interface.
No packets are ever read or written to a virtual network device.
Useful for testing, or when setting up a node that only forwards packets for other nodes.
@cindex raw_socket
@item raw_socket
Open a raw socket, and bind it to a pre-existing
@var{Interface} (eth0 by default).
All packets are read from this interface.
Packets received for the local node are written to the raw socket.
However, at least on Linux, the operating system does not process IP packets destined for the local host.
@cindex UML
@item uml (not compiled in by default)
Create a UNIX socket with the filename specified by
@var{Device}, or @file{@value{localstatedir}/run/@var{netname}.umlsocket}
if not specified.
Tinc will wait for a User Mode Linux instance to connect to this socket.
@cindex VDE
@item vde (not compiled in by default)
Uses the libvdeplug library to connect to a Virtual Distributed Ethernet switch,
using the UNIX socket specified by
@var{Device}, or @file{@value{localstatedir}/run/vde.ctl}
if not specified.
@end table
Also, in case tinc does not seem to correctly interpret packets received from the virtual network device,
it can be used to change the way packets are interpreted:
@table @asis
@item tun (BSD and Linux)
Set type to tun.
Depending on the platform, this can either be with or without an address family header (see below).
@cindex tunnohead
@item tunnohead
@item tunnohead (BSD)
Set type to tun without an address family header.
Tinc will expect packets read from the virtual network device to start with an IP header.
On some platforms IPv6 packets cannot be read from or written to the device in this mode.
@cindex tunifhead
@item tunifhead
@item tunifhead (BSD)
Set type to tun with an address family header.
Tinc will expect packets read from the virtual network device
to start with a four byte header containing the address family,
followed by an IP header.
This mode should support both IPv4 and IPv6 packets.
@item tap
@item tap (BSD and Linux)
Set type to tap.
Tinc will expect packets read from the virtual network device
to start with an Ethernet header.
@ -879,6 +923,16 @@ Depending on the operating system and the type of device this may or may not act
Under Windows, this variable is used to select which network interface will be used.
If you specified a Device, this variable is almost always already correctly set.
@cindex LocalDiscovery
@item LocalDiscovery = <yes | no> (no) [experimental]
When enabled, tinc will try to detect peers that are on the same local network.
This will allow direct communication using LAN addresses, even if both peers are behind a NAT
and they only ConnectTo a third node outside the NAT,
which normally would prevent the peers from learning each other's LAN address.
Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
This feature may not work in all possible situations.
@cindex Mode
@item Mode = <router|switch|hub> (router)
This option selects the way packets are routed to other daemons.
@ -1577,6 +1631,12 @@ Generate public/private keypair of @var{bits} length. If @var{bits} is not speci
but will default to the configuration directory (you can use the -c or -n option
in combination with -K). After that, tinc will quit.
@item -o, --option=[@var{HOST}.]@var{KEY}=@var{VALUE}
Without specifying a @var{HOST}, this will set server configuration variable @var{KEY} to @var{VALUE}.
If specified as @var{HOST}.@var{KEY}=@var{VALUE},
this will set the host configuration variable @var{KEY} of the host named @var{HOST} to @var{VALUE}.
This option can be used more than once to specify multiple configuration variables.
@item -L, --mlock
Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.

View file

@ -8,13 +8,14 @@
.Nd tinc VPN daemon
.Sh SYNOPSIS
.Nm
.Op Fl cdDkKnLRU
.Op Fl cdDkKnoLRU
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -no-detach
.Op Fl -debug Ns Op = Ns Ar LEVEL
.Op Fl -kill Ns Op = Ns Ar SIGNAL
.Op Fl -net Ns = Ns Ar NETNAME
.Op Fl -generate-keys Ns Op = Ns Ar BITS
.Op Fl -option Ns = Ns Ar [HOST.]KEY=VALUE
.Op Fl -mlock
.Op Fl -logfile Ns Op = Ns Ar FILE
.Op Fl -pidfile Ns = Ns Ar FILE
@ -79,6 +80,22 @@ If
is omitted, the default length will be 2048 bits.
When saving keys to existing files, tinc will not delete the old keys,
you have to remove them manually.
.It Fl o, -option Ns = Ns Ar [HOST.]KEY=VALUE
Without specifying a
.Ar HOST ,
this will set server configuration variable
.Ar KEY
to
.Ar VALUE .
If specified as
.Ar HOST.KEY=VALUE ,
this will set the host configuration variable
.Ar KEY
of the host named
.Ar HOST
to
.Ar VALUE .
This option can be used more than once to specify multiple configuration variables.
.It Fl L, -mlock
Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.