Import Upstream version 1.0.17
This commit is contained in:
parent
bb1aebd963
commit
b9a1c8df12
61 changed files with 3238 additions and 1255 deletions
|
|
@ -1,9 +1,9 @@
|
|||
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.11.3 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
|
||||
# Inc.
|
||||
# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
|
||||
# Foundation, Inc.
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
# with or without modifications, as long as this notice is preserved.
|
||||
|
|
@ -40,7 +40,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
|||
$(top_srcdir)/m4/zlib.m4 $(top_srcdir)/configure.in
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
$(ACLOCAL_M4)
|
||||
mkinstalldirs = $(install_sh) -d
|
||||
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
|
||||
CONFIG_HEADER = $(top_builddir)/config.h
|
||||
CONFIG_CLEAN_FILES =
|
||||
CONFIG_CLEAN_VPATH_FILES =
|
||||
|
|
@ -81,6 +81,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
|
|||
am__base_list = \
|
||||
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
|
||||
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
|
||||
am__uninstall_files_from_dir = { \
|
||||
test -z "$$files" \
|
||||
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|
||||
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
|
||||
$(am__cd) "$$dir" && rm -f $$files; }; \
|
||||
}
|
||||
man5dir = $(mandir)/man5
|
||||
man8dir = $(mandir)/man8
|
||||
NROFF = nroff
|
||||
|
|
@ -408,9 +414,7 @@ uninstall-man5:
|
|||
sed -n '/\.5[a-z]*$$/p'; \
|
||||
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
|
||||
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
|
||||
test -z "$$files" || { \
|
||||
echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
|
||||
cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
|
||||
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
|
||||
install-man8: $(man_MANS)
|
||||
@$(NORMAL_INSTALL)
|
||||
test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
|
||||
|
|
@ -446,9 +450,7 @@ uninstall-man8:
|
|||
sed -n '/\.8[a-z]*$$/p'; \
|
||||
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
|
||||
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
|
||||
test -z "$$files" || { \
|
||||
echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
|
||||
cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
|
||||
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
|
||||
tags: TAGS
|
||||
TAGS:
|
||||
|
||||
|
|
@ -519,10 +521,15 @@ install-am: all-am
|
|||
|
||||
installcheck: installcheck-am
|
||||
install-strip:
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
`test -z '$(STRIP)' || \
|
||||
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
|
||||
if test -z '$(STRIP)'; then \
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
install; \
|
||||
else \
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
|
||||
fi
|
||||
mostlyclean-generic:
|
||||
|
||||
clean-generic:
|
||||
|
|
@ -582,13 +589,14 @@ install-html-am: $(HTMLS)
|
|||
for p in $$list; do \
|
||||
if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \
|
||||
$(am__strip_dir) \
|
||||
if test -d "$$d$$p"; then \
|
||||
d2=$$d$$p; \
|
||||
if test -d "$$d2"; then \
|
||||
echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \
|
||||
$(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \
|
||||
echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \
|
||||
$(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \
|
||||
echo " $(INSTALL_DATA) '$$d2'/* '$(DESTDIR)$(htmldir)/$$f'"; \
|
||||
$(INSTALL_DATA) "$$d2"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \
|
||||
else \
|
||||
list2="$$list2 $$d$$p"; \
|
||||
list2="$$list2 $$d2"; \
|
||||
fi; \
|
||||
done; \
|
||||
test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \
|
||||
|
|
@ -620,8 +628,13 @@ install-info-am: $(INFO_DEPS)
|
|||
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \
|
||||
$(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done
|
||||
@$(POST_INSTALL)
|
||||
@if (install-info --version && \
|
||||
install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
|
||||
@am__run_installinfo=yes; \
|
||||
case $$AM_UPDATE_INFO_DIR in \
|
||||
n|no|NO) am__run_installinfo=no;; \
|
||||
*) (install-info --version) >/dev/null 2>&1 \
|
||||
|| am__run_installinfo=no;; \
|
||||
esac; \
|
||||
if test $$am__run_installinfo = yes; then \
|
||||
list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
|
||||
for file in $$list; do \
|
||||
relfile=`echo "$$file" | sed 's|^.*/||'`; \
|
||||
|
|
|
|||
Binary file not shown.
1874
doc/texinfo.tex
1874
doc/texinfo.tex
File diff suppressed because it is too large
Load diff
|
|
@ -133,7 +133,10 @@ IPv6 listening sockets will be created.
|
|||
If your computer has more than one IPv4 or IPv6 address,
|
||||
.Nm tinc
|
||||
will by default listen on all of them for incoming connections.
|
||||
It is possible to bind only to a single address with this variable.
|
||||
Multiple
|
||||
.Va BindToAddress
|
||||
variables may be specified,
|
||||
in which case listening sockets for each specified address are made.
|
||||
|
||||
.Pp
|
||||
This option may not work on all platforms.
|
||||
|
|
@ -147,6 +150,9 @@ It is possible to bind only to a single interface with this variable.
|
|||
.Pp
|
||||
This option may not work on all platforms.
|
||||
|
||||
.It Va Broadcast Li = yes | no Po yes Pc Bq experimental
|
||||
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
|
||||
|
||||
.It Va ConnectTo Li = Ar name
|
||||
Specifies which other tinc daemon to connect to on startup.
|
||||
Multiple
|
||||
|
|
@ -165,6 +171,14 @@ If you don't specify a host with
|
|||
won't try to connect to other daemons at all,
|
||||
and will instead just listen for incoming connections.
|
||||
|
||||
.It Va DecrementTTL Li = yes | no Po yes Pc
|
||||
When enabled,
|
||||
.Nm tinc
|
||||
will decrement the Time To Live field in IPv4 packets, or the Hop Limit field in IPv6 packets,
|
||||
before forwarding a received packet to the virtual network device or to another node,
|
||||
and will drop packets that have a TTL value of zero,
|
||||
in which case it will send an ICMP Time Exceeded packet back.
|
||||
|
||||
.It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc
|
||||
The virtual network device to use.
|
||||
.Nm tinc
|
||||
|
|
@ -177,30 +191,65 @@ instead of
|
|||
The info pages of the tinc package contain more information
|
||||
about configuring the virtual network device.
|
||||
|
||||
.It Va DeviceType Li = tun | tunnohead | tunifhead | tap Po only supported on BSD platforms Pc
|
||||
.It Va DeviceType Li = Ar type Pq platform dependent
|
||||
The type of the virtual network device.
|
||||
Tinc will normally automatically select the right type, and this option should not be used.
|
||||
However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
|
||||
using this option might help.
|
||||
Tinc will normally automatically select the right type of tun/tap interface, and this option should not be used.
|
||||
However, this option can be used to select one of the special interface types, if support for them is compiled in.
|
||||
.Bl -tag -width indent
|
||||
|
||||
.It tun
|
||||
.It dummy
|
||||
Use a dummy interface.
|
||||
No packets are ever read or written to a virtual network device.
|
||||
Useful for testing, or when setting up a node that only forwards packets for other nodes.
|
||||
|
||||
.It raw_socket
|
||||
Open a raw socket, and bind it to a pre-existing
|
||||
.Va Interface
|
||||
(eth0 by default).
|
||||
All packets are read from this interface.
|
||||
Packets received for the local node are written to the raw socket.
|
||||
However, at least on Linux, the operating system does not process IP packets destined for the local host.
|
||||
|
||||
.It uml Pq not compiled in by default
|
||||
Create a UNIX socket with the filename specified by
|
||||
.Va Device ,
|
||||
or
|
||||
.Pa @localstatedir@/run/ Ns Ar NETNAME Ns Pa .umlsocket
|
||||
if not specified.
|
||||
.Nm tinc
|
||||
will wait for a User Mode Linux instance to connect to this socket.
|
||||
|
||||
.It vde Pq not compiled in by default
|
||||
Uses the libvdeplug library to connect to a Virtual Distributed Ethernet switch,
|
||||
using the UNIX socket specified by
|
||||
.Va Device ,
|
||||
or
|
||||
.Pa @localstatedir@/run/vde.ctl
|
||||
if not specified.
|
||||
.El
|
||||
|
||||
Also, in case tinc does not seem to correctly interpret packets received from the virtual network device,
|
||||
it can be used to change the way packets are interpreted:
|
||||
|
||||
.Bl -tag -width indent
|
||||
|
||||
.It tun Pq BSD and Linux
|
||||
Set type to tun.
|
||||
Depending on the platform, this can either be with or without an address family header (see below).
|
||||
|
||||
.It tunnohead
|
||||
.It tunnohead Pq BSD
|
||||
Set type to tun without an address family header.
|
||||
Tinc will expect packets read from the virtual network device to start with an IP header.
|
||||
On some platforms IPv6 packets cannot be read from or written to the device in this mode.
|
||||
|
||||
.It tunifhead
|
||||
.It tunifhead Pq BSD
|
||||
Set type to tun with an address family header.
|
||||
Tinc will expect packets read from the virtual network device
|
||||
to start with a four byte header containing the address family,
|
||||
followed by an IP header.
|
||||
This mode should support both IPv4 and IPv6 packets.
|
||||
|
||||
.It tap
|
||||
.It tap Pq BSD and Linux
|
||||
Set type to tap.
|
||||
Tinc will expect packets read from the virtual network device
|
||||
to start with an Ethernet header.
|
||||
|
|
@ -271,6 +320,18 @@ This option controls the period the encryption keys used to encrypt the data are
|
|||
It is common practice to change keys at regular intervals to make it even harder for crackers,
|
||||
even though it is thought to be nearly impossible to crack a single key.
|
||||
|
||||
.It Va LocalDiscovery Li = yes | no Po no Pc Bq experimental
|
||||
When enabled,
|
||||
.Nm tinc
|
||||
will try to detect peers that are on the same local network.
|
||||
This will allow direct communication using LAN addresses, even if both peers are behind a NAT
|
||||
and they only ConnectTo a third node outside the NAT,
|
||||
which normally would prevent the peers from learning each other's LAN address.
|
||||
|
||||
.Pp
|
||||
Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
|
||||
This feature may not work in all possible situations.
|
||||
|
||||
.It Va MACExpire Li = Ar seconds Pq 600
|
||||
This option controls the amount of time MAC addresses are kept before they are removed.
|
||||
This only has effect when
|
||||
|
|
|
|||
212
doc/tinc.info
212
doc/tinc.info
|
|
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
|
|||
* tinc: (tinc). The tinc Manual.
|
||||
END-INFO-DIR-ENTRY
|
||||
|
||||
This is the info manual for tinc version 1.0.15, a Virtual Private
|
||||
This is the info manual for tinc version 1.0.17, a Virtual Private
|
||||
Network daemon.
|
||||
|
||||
Copyright (C) 1998-2011 Ivo Timmermans, Guus Sliepen
|
||||
Copyright (C) 1998-2012 Ivo Timmermans, Guus Sliepen
|
||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of this
|
||||
|
|
@ -686,8 +686,9 @@ AddressFamily = <ipv4|ipv6|any> (any)
|
|||
|
||||
BindToAddress = <ADDRESS> [experimental]
|
||||
If your computer has more than one IPv4 or IPv6 address, tinc will
|
||||
by default listen on all of them for incoming connections. It is
|
||||
possible to bind only to a single address with this variable.
|
||||
by default listen on all of them for incoming connections.
|
||||
Multiple BindToAddress variables may be specified, in which case
|
||||
listening sockets for each specified address are made.
|
||||
|
||||
This option may not work on all platforms.
|
||||
|
||||
|
|
@ -699,6 +700,10 @@ BindToInterface = <INTERFACE> [experimental]
|
|||
|
||||
This option may not work on all platforms.
|
||||
|
||||
Broadcast = <yes | no> (yes) [experimental]
|
||||
When disabled, tinc will drop all broadcast and multicast packets,
|
||||
in both router and switch mode.
|
||||
|
||||
ConnectTo = <NAME>
|
||||
Specifies which other tinc daemon to connect to on startup.
|
||||
Multiple ConnectTo variables may be specified, in which case
|
||||
|
|
@ -710,6 +715,13 @@ ConnectTo = <NAME>
|
|||
connect to other daemons at all, and will instead just listen for
|
||||
incoming connections.
|
||||
|
||||
DecrementTTL = <yes | no> (yes)
|
||||
When enabled, tinc will decrement the Time To Live field in IPv4
|
||||
packets, or the Hop Limit field in IPv6 packets, before forwarding
|
||||
a received packet to the virtual network device or to another node,
|
||||
and will drop packets that have a TTL value of zero, in which case
|
||||
it will send an ICMP Time Exceeded packet back.
|
||||
|
||||
Device = <DEVICE> (`/dev/tap0', `/dev/net/tun' or other depending on platform)
|
||||
The virtual network device to use. Tinc will automatically detect
|
||||
what kind of device it is. Note that you can only use one device
|
||||
|
|
@ -717,31 +729,57 @@ Device = <DEVICE> (`/dev/tap0', `/dev/net/tun' or other depending on platform)
|
|||
that you can only use one device per daemon. See also *note
|
||||
Device files::.
|
||||
|
||||
DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms)
|
||||
DeviceType = <TYPE> (platform dependent)
|
||||
The type of the virtual network device. Tinc will normally
|
||||
automatically select the right type, and this option should not be
|
||||
used. However, in case tinc does not seem to correctly interpret
|
||||
packets received from the virtual network device, using this
|
||||
option might help.
|
||||
automatically select the right type of tun/tap interface, and this
|
||||
option should not be used. However, this option can be used to
|
||||
select one of the special interface types, if support for them is
|
||||
compiled in.
|
||||
|
||||
tun
|
||||
dummy
|
||||
Use a dummy interface. No packets are ever read or written
|
||||
to a virtual network device. Useful for testing, or when
|
||||
setting up a node that only forwards packets for other nodes.
|
||||
|
||||
raw_socket
|
||||
Open a raw socket, and bind it to a pre-existing INTERFACE
|
||||
(eth0 by default). All packets are read from this interface.
|
||||
Packets received for the local node are written to the raw
|
||||
socket. However, at least on Linux, the operating system
|
||||
does not process IP packets destined for the local host.
|
||||
|
||||
uml (not compiled in by default)
|
||||
Create a UNIX socket with the filename specified by DEVICE,
|
||||
or `/var/run/NETNAME.umlsocket' if not specified. Tinc will
|
||||
wait for a User Mode Linux instance to connect to this socket.
|
||||
|
||||
vde (not compiled in by default)
|
||||
Uses the libvdeplug library to connect to a Virtual
|
||||
Distributed Ethernet switch, using the UNIX socket specified
|
||||
by DEVICE, or `/var/run/vde.ctl' if not specified.
|
||||
|
||||
Also, in case tinc does not seem to correctly interpret packets
|
||||
received from the virtual network device, it can be used to change
|
||||
the way packets are interpreted:
|
||||
|
||||
tun (BSD and Linux)
|
||||
Set type to tun. Depending on the platform, this can either
|
||||
be with or without an address family header (see below).
|
||||
|
||||
tunnohead
|
||||
tunnohead (BSD)
|
||||
Set type to tun without an address family header. Tinc will
|
||||
expect packets read from the virtual network device to start
|
||||
with an IP header. On some platforms IPv6 packets cannot be
|
||||
read from or written to the device in this mode.
|
||||
|
||||
tunifhead
|
||||
tunifhead (BSD)
|
||||
Set type to tun with an address family header. Tinc will
|
||||
expect packets read from the virtual network device to start
|
||||
with a four byte header containing the address family,
|
||||
followed by an IP header. This mode should support both IPv4
|
||||
and IPv6 packets.
|
||||
|
||||
tap
|
||||
tap (BSD and Linux)
|
||||
Set type to tap. Tinc will expect packets read from the
|
||||
virtual network device to start with an Ethernet header.
|
||||
|
||||
|
|
@ -798,6 +836,17 @@ Interface = <INTERFACE>
|
|||
interface will be used. If you specified a Device, this variable
|
||||
is almost always already correctly set.
|
||||
|
||||
LocalDiscovery = <yes | no> (no) [experimental]
|
||||
When enabled, tinc will try to detect peers that are on the same
|
||||
local network. This will allow direct communication using LAN
|
||||
addresses, even if both peers are behind a NAT and they only
|
||||
ConnectTo a third node outside the NAT, which normally would
|
||||
prevent the peers from learning each other's LAN address.
|
||||
|
||||
Currently, local discovery is implemented by sending broadcast
|
||||
packets to the LAN during path MTU discovery. This feature may
|
||||
not work in all possible situations.
|
||||
|
||||
Mode = <router|switch|hub> (router)
|
||||
This option selects the way packets are routed to other daemons.
|
||||
|
||||
|
|
@ -1443,6 +1492,13 @@ command line options.
|
|||
(you can use the -c or -n option in combination with -K). After
|
||||
that, tinc will quit.
|
||||
|
||||
`-o, --option=[HOST.]KEY=VALUE'
|
||||
Without specifying a HOST, this will set server configuration
|
||||
variable KEY to VALUE. If specified as HOST.KEY=VALUE, this will
|
||||
set the host configuration variable KEY of the host named HOST to
|
||||
VALUE. This option can be used more than once to specify multiple
|
||||
configuration variables.
|
||||
|
||||
`-L, --mlock'
|
||||
Lock tinc into main memory. This will prevent sensitive data like
|
||||
shared private keys to be written to the system swap
|
||||
|
|
@ -2290,7 +2346,9 @@ Concept Index
|
|||
* BindToAddress: Main configuration variables.
|
||||
(line 12)
|
||||
* BindToInterface: Main configuration variables.
|
||||
(line 19)
|
||||
(line 20)
|
||||
* Broadcast: Main configuration variables.
|
||||
(line 28)
|
||||
* Cabal: Security. (line 6)
|
||||
* CHAL_REPLY: Authentication protocol.
|
||||
(line 10)
|
||||
|
|
@ -2309,23 +2367,27 @@ Concept Index
|
|||
(line 24)
|
||||
* connection: The connection. (line 6)
|
||||
* ConnectTo: Main configuration variables.
|
||||
(line 27)
|
||||
(line 32)
|
||||
* daemon: Running tinc. (line 11)
|
||||
* data-protocol: The meta-connection. (line 18)
|
||||
* debug level: Runtime options. (line 17)
|
||||
* debug levels: Debug levels. (line 6)
|
||||
* DecrementTTL: Main configuration variables.
|
||||
(line 43)
|
||||
* DEL_EDGE: The meta-protocol. (line 47)
|
||||
* DEL_SUBNET: The meta-protocol. (line 47)
|
||||
* DEVICE: Scripts. (line 55)
|
||||
* Device: Main configuration variables.
|
||||
(line 38)
|
||||
(line 50)
|
||||
* device files: Device files. (line 6)
|
||||
* DeviceType: Main configuration variables.
|
||||
(line 45)
|
||||
(line 57)
|
||||
* Digest: Host configuration variables.
|
||||
(line 29)
|
||||
* DirectOnly: Main configuration variables.
|
||||
(line 73)
|
||||
(line 111)
|
||||
* dummy: Main configuration variables.
|
||||
(line 64)
|
||||
* encapsulating: The UDP tunnel. (line 30)
|
||||
* encryption: Encryption of network packets.
|
||||
(line 6)
|
||||
|
|
@ -2333,42 +2395,44 @@ Concept Index
|
|||
* example: Example configuration.
|
||||
(line 6)
|
||||
* Forwarding: Main configuration variables.
|
||||
(line 80)
|
||||
(line 118)
|
||||
* frame type: The UDP tunnel. (line 6)
|
||||
* GraphDumpFile: Main configuration variables.
|
||||
(line 100)
|
||||
(line 138)
|
||||
* Hostnames: Main configuration variables.
|
||||
(line 108)
|
||||
(line 146)
|
||||
* hub: Main configuration variables.
|
||||
(line 149)
|
||||
(line 198)
|
||||
* ID: Authentication protocol.
|
||||
(line 10)
|
||||
* IndirectData: Host configuration variables.
|
||||
(line 34)
|
||||
* INTERFACE: Scripts. (line 58)
|
||||
* Interface: Main configuration variables.
|
||||
(line 118)
|
||||
(line 156)
|
||||
* IRC: Contact information. (line 9)
|
||||
* key generation: Generating keypairs. (line 6)
|
||||
* KEY_CHANGED: The meta-protocol. (line 64)
|
||||
* KeyExpire: Main configuration variables.
|
||||
(line 154)
|
||||
(line 203)
|
||||
* libraries: Libraries. (line 6)
|
||||
* license: OpenSSL. (line 36)
|
||||
* LocalDiscovery: Main configuration variables.
|
||||
(line 164)
|
||||
* lzo: lzo. (line 6)
|
||||
* MACExpire: Main configuration variables.
|
||||
(line 160)
|
||||
(line 209)
|
||||
* MACLength: Host configuration variables.
|
||||
(line 42)
|
||||
* meta-protocol: The meta-connection. (line 18)
|
||||
* META_KEY: Authentication protocol.
|
||||
(line 10)
|
||||
* Mode: Main configuration variables.
|
||||
(line 126)
|
||||
(line 175)
|
||||
* multiple networks: Multiple networks. (line 6)
|
||||
* NAME: Scripts. (line 52)
|
||||
* Name: Main configuration variables.
|
||||
(line 165)
|
||||
(line 214)
|
||||
* netmask: Network interfaces. (line 34)
|
||||
* NETNAME: Scripts. (line 49)
|
||||
* netname: Multiple networks. (line 6)
|
||||
|
|
@ -2381,9 +2445,9 @@ Concept Index
|
|||
(line 67)
|
||||
* PING: The meta-protocol. (line 89)
|
||||
* PingInterval: Main configuration variables.
|
||||
(line 170)
|
||||
(line 219)
|
||||
* PingTimeout: Main configuration variables.
|
||||
(line 174)
|
||||
(line 223)
|
||||
* platforms: Supported platforms. (line 6)
|
||||
* PMTU: Host configuration variables.
|
||||
(line 47)
|
||||
|
|
@ -2394,28 +2458,30 @@ Concept Index
|
|||
(line 55)
|
||||
* port numbers: Other files. (line 17)
|
||||
* PriorityInheritance: Main configuration variables.
|
||||
(line 180)
|
||||
(line 229)
|
||||
* private: Virtual Private Networks.
|
||||
(line 10)
|
||||
* PrivateKey: Main configuration variables.
|
||||
(line 185)
|
||||
(line 234)
|
||||
* PrivateKeyFile: Main configuration variables.
|
||||
(line 191)
|
||||
(line 240)
|
||||
* ProcessPriority: Main configuration variables.
|
||||
(line 199)
|
||||
(line 248)
|
||||
* PublicKey: Host configuration variables.
|
||||
(line 59)
|
||||
* PublicKeyFile: Host configuration variables.
|
||||
(line 62)
|
||||
* raw_socket: Main configuration variables.
|
||||
(line 69)
|
||||
* release: Supported platforms. (line 14)
|
||||
* REMOTEADDRESS: Scripts. (line 67)
|
||||
* REMOTEPORT: Scripts. (line 70)
|
||||
* ReplayWindow: Main configuration variables.
|
||||
(line 204)
|
||||
(line 253)
|
||||
* REQ_KEY: The meta-protocol. (line 64)
|
||||
* requirements: Libraries. (line 6)
|
||||
* router: Main configuration variables.
|
||||
(line 129)
|
||||
(line 178)
|
||||
* runtime options: Runtime options. (line 9)
|
||||
* scalability: tinc. (line 19)
|
||||
* scripts: Scripts. (line 6)
|
||||
|
|
@ -2423,7 +2489,7 @@ Concept Index
|
|||
(line 18)
|
||||
* signals: Signals. (line 6)
|
||||
* StrictSubnets: Main configuration variables.
|
||||
(line 215)
|
||||
(line 264)
|
||||
* SUBNET: Scripts. (line 74)
|
||||
* Subnet: Host configuration variables.
|
||||
(line 74)
|
||||
|
|
@ -2431,7 +2497,7 @@ Concept Index
|
|||
(line 97)
|
||||
* SVPN: Security. (line 11)
|
||||
* switch: Main configuration variables.
|
||||
(line 138)
|
||||
(line 187)
|
||||
* TCP: The meta-connection. (line 10)
|
||||
* TCPonly: Host configuration variables.
|
||||
(line 104)
|
||||
|
|
@ -2443,20 +2509,24 @@ Concept Index
|
|||
* tincd: tinc. (line 14)
|
||||
* traditional VPNs: tinc. (line 19)
|
||||
* tunifhead: Main configuration variables.
|
||||
(line 62)
|
||||
(line 100)
|
||||
* TunnelServer: Main configuration variables.
|
||||
(line 220)
|
||||
(line 269)
|
||||
* tunnohead: Main configuration variables.
|
||||
(line 56)
|
||||
(line 94)
|
||||
* UDP <1>: Encryption of network packets.
|
||||
(line 12)
|
||||
* UDP: The UDP tunnel. (line 30)
|
||||
* UDPRcvBuf: Main configuration variables.
|
||||
(line 227)
|
||||
(line 276)
|
||||
* UDPSndBuf: Main configuration variables.
|
||||
(line 232)
|
||||
(line 281)
|
||||
* UML: Main configuration variables.
|
||||
(line 76)
|
||||
* Universal tun/tap: Configuration of Linux kernels.
|
||||
(line 6)
|
||||
* VDE: Main configuration variables.
|
||||
(line 81)
|
||||
* virtual: Virtual Private Networks.
|
||||
(line 18)
|
||||
* virtual network device: The UDP tunnel. (line 6)
|
||||
|
|
@ -2502,34 +2572,34 @@ Node: Multiple networks21169
|
|||
Node: How connections work22595
|
||||
Node: Configuration files23817
|
||||
Node: Main configuration variables25204
|
||||
Node: Host configuration variables35709
|
||||
Node: Scripts41120
|
||||
Node: How to configure43890
|
||||
Node: Generating keypairs45153
|
||||
Node: Network interfaces45652
|
||||
Node: Example configuration47500
|
||||
Node: Running tinc52823
|
||||
Node: Runtime options53413
|
||||
Node: Signals56369
|
||||
Node: Debug levels57561
|
||||
Node: Solving problems58497
|
||||
Node: Error messages60049
|
||||
Node: Sending bug reports64062
|
||||
Node: Technical information65014
|
||||
Node: The connection65245
|
||||
Node: The UDP tunnel65557
|
||||
Node: The meta-connection68618
|
||||
Node: The meta-protocol70087
|
||||
Node: Security75096
|
||||
Node: Authentication protocol76226
|
||||
Node: Encryption of network packets81230
|
||||
Node: Security issues82603
|
||||
Node: Platform specific information84220
|
||||
Node: Interface configuration84448
|
||||
Node: Routes86347
|
||||
Node: About us88263
|
||||
Node: Contact information88438
|
||||
Node: Authors88842
|
||||
Node: Concept Index89247
|
||||
Node: Host configuration variables38105
|
||||
Node: Scripts43516
|
||||
Node: How to configure46286
|
||||
Node: Generating keypairs47549
|
||||
Node: Network interfaces48048
|
||||
Node: Example configuration49896
|
||||
Node: Running tinc55219
|
||||
Node: Runtime options55809
|
||||
Node: Signals59109
|
||||
Node: Debug levels60301
|
||||
Node: Solving problems61237
|
||||
Node: Error messages62789
|
||||
Node: Sending bug reports66802
|
||||
Node: Technical information67754
|
||||
Node: The connection67985
|
||||
Node: The UDP tunnel68297
|
||||
Node: The meta-connection71358
|
||||
Node: The meta-protocol72827
|
||||
Node: Security77836
|
||||
Node: Authentication protocol78966
|
||||
Node: Encryption of network packets83970
|
||||
Node: Security issues85343
|
||||
Node: Platform specific information86960
|
||||
Node: Interface configuration87188
|
||||
Node: Routes89087
|
||||
Node: About us91003
|
||||
Node: Contact information91178
|
||||
Node: Authors91582
|
||||
Node: Concept Index91987
|
||||
|
||||
End Tag Table
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2011 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2012 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
|||
@vskip 0pt plus 1filll
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2011 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2012 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
|
@ -759,7 +759,8 @@ both IPv4 and IPv6 or just IPv6 listening sockets will be created.
|
|||
@item BindToAddress = <@var{address}> [experimental]
|
||||
If your computer has more than one IPv4 or IPv6 address, tinc
|
||||
will by default listen on all of them for incoming connections.
|
||||
It is possible to bind only to a single address with this variable.
|
||||
Multiple BindToAddress variables may be specified,
|
||||
in which case listening sockets for each specified address are made.
|
||||
|
||||
This option may not work on all platforms.
|
||||
|
||||
|
|
@ -772,6 +773,10 @@ variable.
|
|||
|
||||
This option may not work on all platforms.
|
||||
|
||||
@cindex Broadcast
|
||||
@item Broadcast = <yes | no> (yes) [experimental]
|
||||
When disabled, tinc will drop all broadcast and multicast packets, in both router and switch mode.
|
||||
|
||||
@cindex ConnectTo
|
||||
@item ConnectTo = <@var{name}>
|
||||
Specifies which other tinc daemon to connect to on startup.
|
||||
|
|
@ -784,6 +789,13 @@ If you don't specify a host with ConnectTo,
|
|||
tinc won't try to connect to other daemons at all,
|
||||
and will instead just listen for incoming connections.
|
||||
|
||||
@cindex DecrementTTL
|
||||
@item DecrementTTL = <yes | no> (yes)
|
||||
When enabled, tinc will decrement the Time To Live field in IPv4 packets, or the Hop Limit field in IPv6 packets,
|
||||
before forwarding a received packet to the virtual network device or to another node,
|
||||
and will drop packets that have a TTL value of zero,
|
||||
in which case it will send an ICMP Time Exceeded packet back.
|
||||
|
||||
@cindex Device
|
||||
@item Device = <@var{device}> (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform)
|
||||
The virtual network device to use.
|
||||
|
|
@ -794,32 +806,64 @@ Note that you can only use one device per daemon.
|
|||
See also @ref{Device files}.
|
||||
|
||||
@cindex DeviceType
|
||||
@item DeviceType = <tun|tunnohead|tunifhead|tap> (only supported on BSD platforms)
|
||||
@item DeviceType = <@var{type}> (platform dependent)
|
||||
The type of the virtual network device.
|
||||
Tinc will normally automatically select the right type, and this option should not be used.
|
||||
However, in case tinc does not seem to correctly interpret packets received from the virtual network device,
|
||||
using this option might help.
|
||||
Tinc will normally automatically select the right type of tun/tap interface, and this option should not be used.
|
||||
However, this option can be used to select one of the special interface types, if support for them is compiled in.
|
||||
|
||||
@table @asis
|
||||
@item tun
|
||||
@cindex dummy
|
||||
@item dummy
|
||||
Use a dummy interface.
|
||||
No packets are ever read or written to a virtual network device.
|
||||
Useful for testing, or when setting up a node that only forwards packets for other nodes.
|
||||
|
||||
@cindex raw_socket
|
||||
@item raw_socket
|
||||
Open a raw socket, and bind it to a pre-existing
|
||||
@var{Interface} (eth0 by default).
|
||||
All packets are read from this interface.
|
||||
Packets received for the local node are written to the raw socket.
|
||||
However, at least on Linux, the operating system does not process IP packets destined for the local host.
|
||||
|
||||
@cindex UML
|
||||
@item uml (not compiled in by default)
|
||||
Create a UNIX socket with the filename specified by
|
||||
@var{Device}, or @file{@value{localstatedir}/run/@var{netname}.umlsocket}
|
||||
if not specified.
|
||||
Tinc will wait for a User Mode Linux instance to connect to this socket.
|
||||
|
||||
@cindex VDE
|
||||
@item vde (not compiled in by default)
|
||||
Uses the libvdeplug library to connect to a Virtual Distributed Ethernet switch,
|
||||
using the UNIX socket specified by
|
||||
@var{Device}, or @file{@value{localstatedir}/run/vde.ctl}
|
||||
if not specified.
|
||||
@end table
|
||||
|
||||
Also, in case tinc does not seem to correctly interpret packets received from the virtual network device,
|
||||
it can be used to change the way packets are interpreted:
|
||||
|
||||
@table @asis
|
||||
@item tun (BSD and Linux)
|
||||
Set type to tun.
|
||||
Depending on the platform, this can either be with or without an address family header (see below).
|
||||
|
||||
@cindex tunnohead
|
||||
@item tunnohead
|
||||
@item tunnohead (BSD)
|
||||
Set type to tun without an address family header.
|
||||
Tinc will expect packets read from the virtual network device to start with an IP header.
|
||||
On some platforms IPv6 packets cannot be read from or written to the device in this mode.
|
||||
|
||||
@cindex tunifhead
|
||||
@item tunifhead
|
||||
@item tunifhead (BSD)
|
||||
Set type to tun with an address family header.
|
||||
Tinc will expect packets read from the virtual network device
|
||||
to start with a four byte header containing the address family,
|
||||
followed by an IP header.
|
||||
This mode should support both IPv4 and IPv6 packets.
|
||||
|
||||
@item tap
|
||||
@item tap (BSD and Linux)
|
||||
Set type to tap.
|
||||
Tinc will expect packets read from the virtual network device
|
||||
to start with an Ethernet header.
|
||||
|
|
@ -879,6 +923,16 @@ Depending on the operating system and the type of device this may or may not act
|
|||
Under Windows, this variable is used to select which network interface will be used.
|
||||
If you specified a Device, this variable is almost always already correctly set.
|
||||
|
||||
@cindex LocalDiscovery
|
||||
@item LocalDiscovery = <yes | no> (no) [experimental]
|
||||
When enabled, tinc will try to detect peers that are on the same local network.
|
||||
This will allow direct communication using LAN addresses, even if both peers are behind a NAT
|
||||
and they only ConnectTo a third node outside the NAT,
|
||||
which normally would prevent the peers from learning each other's LAN address.
|
||||
|
||||
Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery.
|
||||
This feature may not work in all possible situations.
|
||||
|
||||
@cindex Mode
|
||||
@item Mode = <router|switch|hub> (router)
|
||||
This option selects the way packets are routed to other daemons.
|
||||
|
|
@ -1577,6 +1631,12 @@ Generate public/private keypair of @var{bits} length. If @var{bits} is not speci
|
|||
but will default to the configuration directory (you can use the -c or -n option
|
||||
in combination with -K). After that, tinc will quit.
|
||||
|
||||
@item -o, --option=[@var{HOST}.]@var{KEY}=@var{VALUE}
|
||||
Without specifying a @var{HOST}, this will set server configuration variable @var{KEY} to @var{VALUE}.
|
||||
If specified as @var{HOST}.@var{KEY}=@var{VALUE},
|
||||
this will set the host configuration variable @var{KEY} of the host named @var{HOST} to @var{VALUE}.
|
||||
This option can be used more than once to specify multiple configuration variables.
|
||||
|
||||
@item -L, --mlock
|
||||
Lock tinc into main memory.
|
||||
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||
|
|
|
|||
|
|
@ -8,13 +8,14 @@
|
|||
.Nd tinc VPN daemon
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Fl cdDkKnLRU
|
||||
.Op Fl cdDkKnoLRU
|
||||
.Op Fl -config Ns = Ns Ar DIR
|
||||
.Op Fl -no-detach
|
||||
.Op Fl -debug Ns Op = Ns Ar LEVEL
|
||||
.Op Fl -kill Ns Op = Ns Ar SIGNAL
|
||||
.Op Fl -net Ns = Ns Ar NETNAME
|
||||
.Op Fl -generate-keys Ns Op = Ns Ar BITS
|
||||
.Op Fl -option Ns = Ns Ar [HOST.]KEY=VALUE
|
||||
.Op Fl -mlock
|
||||
.Op Fl -logfile Ns Op = Ns Ar FILE
|
||||
.Op Fl -pidfile Ns = Ns Ar FILE
|
||||
|
|
@ -79,6 +80,22 @@ If
|
|||
is omitted, the default length will be 2048 bits.
|
||||
When saving keys to existing files, tinc will not delete the old keys,
|
||||
you have to remove them manually.
|
||||
.It Fl o, -option Ns = Ns Ar [HOST.]KEY=VALUE
|
||||
Without specifying a
|
||||
.Ar HOST ,
|
||||
this will set server configuration variable
|
||||
.Ar KEY
|
||||
to
|
||||
.Ar VALUE .
|
||||
If specified as
|
||||
.Ar HOST.KEY=VALUE ,
|
||||
this will set the host configuration variable
|
||||
.Ar KEY
|
||||
of the host named
|
||||
.Ar HOST
|
||||
to
|
||||
.Ar VALUE .
|
||||
This option can be used more than once to specify multiple configuration variables.
|
||||
.It Fl L, -mlock
|
||||
Lock tinc into main memory.
|
||||
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue