lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Upstream version 1.1~pre15

Browse source
This commit is contained in:
Guus Sliepen 2019-08-26 13:44:52 +02:00
parent 87cef22421
commit bc8ca65653
85 changed files with 1687 additions and 971 deletions
Download patch file Download diff file Expand all files Collapse all files

4
doc/Makefile.in
View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

BIN
doc/sample-config.tar.gz
View file

Binary file not shown.

14
doc/tinc.conf.5.in
View file

@ -1,4 +1,4 @@
.Dd 2016-04-11
.Dd 2017-09-02
.Dt TINC.CONF 5
.\" Manual page created by:
.\" Ivo Timmermans
@ -234,6 +234,10 @@ Do NOT connect multiple
.Nm tinc
daemons to the same multicast address, this will very likely cause routing loops.
Also note that this can cause decrypted VPN packets to be sent out on a real network if misconfigured.
.It fd
Use a file descriptor.
All packets are read from this interface.
Packets received for the local node are written to it.
.It uml Pq not compiled in by default
Create a UNIX socket with the filename specified by
.Va Device ,
@ -323,6 +327,8 @@ Under Windows, this variable is used to select which network interface will be u
If you specified a
.Va Device ,
this variable is almost always already correctly set.
.It Va InvitationExpire Li = Ar seconds Pq 604800
This option controls the period invitations are valid.
.It Va KeyExpire Li = Ar seconds Pq 3600
This option controls the period the encryption keys used to encrypt the data are valid.
It is common practice to change keys at regular intervals to make it even harder for crackers,
@ -363,6 +369,8 @@ and they only ConnectTo a third node outside the NAT,
which normally would prevent the peers from learning each other's LAN address.
.Pp
Currently, local discovery is implemented by sending some packets to the local address of the node during UDP discovery. This will not work with old nodes that don't transmit their local address.
.It Va LogLevel Li = level Pq 0
This option controls the verbosity of the logging. The higher the debug level, the more messages it will log.
.It Va MACExpire Li = Ar seconds Pq 600
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when
@ -775,6 +783,10 @@ It can be used to set up the corresponding network interface.
If an executable file with this name exists,
it will be executed right before the tinc daemon is going to close
its connection to the virtual network device.
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /invitations/
This directory contains outstanding invitations.
.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /invitation-data
After a succesful join, this file contains a copy of the invitation data received.
.El
.Sh SEE ALSO
.Xr tincd 8 ,

266
doc/tinc.info
View file

@ -1,14 +1,14 @@
This is tinc.info, produced by makeinfo version 6.1 from tinc.texi.
This is tinc.info, produced by makeinfo version 6.4.90 from tinc.texi.
INFO-DIR-SECTION Networking tools
START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.1pre11-263-g51a0dc5, a
This is the info manual for tinc version 1.1pre14-62-g958a751e, a
Virtual Private Network daemon.
Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen
Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
Permission is granted to make and distribute verbatim copies of this
@ -888,6 +888,11 @@ DeviceType = <TYPE> (platform dependent)
that this can cause decrypted VPN packets to be sent out on a
real network if misconfigured.
fd
Use a file descriptor. All packets are read from this
interface. Packets received for the local node are written to
it.
uml (not compiled in by default)
Create a UNIX socket with the filename specified by DEVICE, or
'/var/run/NETNAME.umlsocket' if not specified. Tinc will wait
@ -1008,9 +1013,9 @@ LocalDiscovery = <yes | no> (no)
to the local address of the node during UDP discovery. This will
not work with old nodes that don't transmit their local address.
LocalDiscoveryAddress <ADDRESS>
If this variable is specified, local discovery packets are sent to
the given ADDRESS.
LogLevel = <LEVEL> (0)
This option controls the verbosity of the logging. See *note Debug
levels::.
Mode = <router|switch|hub> (router)
This option selects the way packets are routed to other daemons.
@ -1039,6 +1044,9 @@ Mode = <router|switch|hub> (router)
every packet will be broadcast to the other daemons while no
routing table is managed.
InvitationExpire = <SECONDS> (604800)
This option controls the time invitations are valid.
KeyExpire = <SECONDS> (3600)
This option controls the time the encryption keys used to encrypt
the data are valid. It is common practice to change keys at
@ -1098,7 +1106,7 @@ ProcessPriority = <low|normal|high>
adjusted. Increasing the priority may help to reduce latency and
packet loss on the VPN.
Proxy = socks4 | socks5 | http | exec ... [experimental]
Proxy = socks4 | socks5 | http | exec ... [experimental]
Use a proxy when making outgoing connections. The following proxy
types are currently supported:
@ -3397,13 +3405,13 @@ Concept Index
* Digest: Host configuration variables.
(line 33)
* DirectOnly: Main configuration variables.
(line 169)
(line 174)
* disconnect: tinc commands. (line 142)
* dummy: Main configuration variables.
(line 106)
* dump: tinc commands. (line 95)
* Ed25519PrivateKeyFile: Main configuration variables.
(line 176)
(line 181)
* edit: tinc commands. (line 32)
* encapsulating: The UDP tunnel. (line 30)
* encryption: Encryption of network packets.
@ -3414,13 +3422,15 @@ Concept Index
* exchange: tinc commands. (line 48)
* exchange-all: tinc commands. (line 51)
* exec: Main configuration variables.
(line 357)
(line 365)
* ExperimentalProtocol: Main configuration variables.
(line 180)
(line 185)
* export: tinc commands. (line 36)
* export-all: tinc commands. (line 40)
* fd: Main configuration variables.
(line 129)
* Forwarding: Main configuration variables.
(line 187)
(line 192)
* frame type: The UDP tunnel. (line 6)
* fsck: tinc commands. (line 160)
* generate-ed25519-keys: tinc commands. (line 86)
@ -3429,11 +3439,11 @@ Concept Index
* get: tinc commands. (line 11)
* graph: tinc commands. (line 108)
* Hostnames: Main configuration variables.
(line 207)
(line 212)
* http: Main configuration variables.
(line 354)
(line 362)
* hub: Main configuration variables.
(line 275)
(line 280)
* ID: Legacy authentication protocol.
(line 6)
* Ifconfig: Invitation file format.
@ -3444,15 +3454,17 @@ Concept Index
* info: tinc commands. (line 120)
* init: tinc commands. (line 6)
* Interface: Main configuration variables.
(line 218)
(line 223)
* INTERFACE: Scripts. (line 75)
* InvitationExpire: Main configuration variables.
(line 285)
* INVITATION_FILE: Scripts. (line 98)
* INVITATION_URL: Scripts. (line 102)
* invite: tinc commands. (line 54)
* IRC: Contact information. (line 9)
* join: tinc commands. (line 59)
* KeyExpire: Main configuration variables.
(line 280)
(line 288)
* KEY_CHANGED: The meta-protocol. (line 63)
* legacy authentication protocol: Legacy authentication protocol.
(line 6)
@ -3462,31 +3474,31 @@ Concept Index
* LibreSSL: LibreSSL/OpenSSL. (line 6)
* license: LibreSSL/OpenSSL. (line 38)
* ListenAddress: Main configuration variables.
(line 226)
(line 231)
* LocalDiscovery: Main configuration variables.
(line 238)
* LocalDiscoveryAddress: Main configuration variables.
(line 249)
(line 243)
* log: tinc commands. (line 130)
* LogLevel: Main configuration variables.
(line 254)
* lzo: lzo. (line 6)
* MACExpire: Main configuration variables.
(line 286)
(line 294)
* MACLength: Host configuration variables.
(line 45)
* MaxConnectionBurst: Main configuration variables.
(line 291)
(line 299)
* meta-protocol: The meta-connection. (line 18)
* META_KEY: Legacy authentication protocol.
(line 6)
* Mode: Main configuration variables.
(line 253)
(line 258)
* MTUInfoInterval: Host configuration variables.
(line 60)
* multicast: Main configuration variables.
(line 118)
* multiple networks: Multiple networks. (line 6)
* Name: Main configuration variables.
(line 297)
(line 305)
* NAME: Scripts. (line 69)
* netmask: Network interfaces. (line 39)
* netname: Multiple networks. (line 6)
@ -3505,9 +3517,9 @@ Concept Index
* pid: tinc commands. (line 78)
* PING: The meta-protocol. (line 88)
* PingInterval: Main configuration variables.
(line 308)
(line 316)
* PingTimeout: Main configuration variables.
(line 312)
(line 320)
* platforms: Supported platforms. (line 6)
* PMTU: Host configuration variables.
(line 52)
@ -3518,17 +3530,17 @@ Concept Index
(line 65)
* port numbers: Other files. (line 17)
* PriorityInheritance: Main configuration variables.
(line 318)
(line 326)
* private: Virtual Private Networks.
(line 10)
* PrivateKey: Main configuration variables.
(line 323)
(line 331)
* PrivateKeyFile: Main configuration variables.
(line 329)
(line 337)
* ProcessPriority: Main configuration variables.
(line 334)
(line 342)
* Proxy: Main configuration variables.
(line 339)
(line 347)
* PublicKey: Host configuration variables.
(line 69)
* PublicKeyFile: Host configuration variables.
@ -3541,7 +3553,7 @@ Concept Index
* REMOTEADDRESS: Scripts. (line 84)
* REMOTEPORT: Scripts. (line 87)
* ReplayWindow: Main configuration variables.
(line 362)
(line 370)
* requirements: Libraries. (line 6)
* REQ_KEY: The meta-protocol. (line 63)
* restart: tinc commands. (line 70)
@ -3549,7 +3561,7 @@ Concept Index
* Route: Invitation file format.
(line 51)
* router: Main configuration variables.
(line 256)
(line 261)
* runtime options: Runtime options. (line 9)
* scalability: tinc. (line 19)
* scripts: Scripts. (line 6)
@ -3560,21 +3572,21 @@ Concept Index
* sign: tinc commands. (line 172)
* signals: Signals. (line 6)
* socks4: Main configuration variables.
(line 343)
(line 351)
* socks5: Main configuration variables.
(line 348)
(line 356)
* SPTPS: Simple Peer-to-Peer Security.
(line 6)
* start: tinc commands. (line 64)
* stop: tinc commands. (line 67)
* StrictSubnets: Main configuration variables.
(line 373)
(line 381)
* Subnet: Host configuration variables.
(line 84)
* SUBNET: Scripts. (line 91)
* SVPN: Security. (line 11)
* switch: Main configuration variables.
(line 264)
(line 269)
* TCP: The meta-connection. (line 10)
* TCPonly: Host configuration variables.
(line 113)
@ -3588,42 +3600,42 @@ Concept Index
* top <1>: tinc top. (line 6)
* traditional VPNs: tinc. (line 19)
* tunifhead: Main configuration variables.
(line 153)
(line 158)
* TunnelServer: Main configuration variables.
(line 380)
(line 388)
* tunnohead: Main configuration variables.
(line 147)
(line 152)
* UDP: The UDP tunnel. (line 30)
* UDP <1>: Encryption of network packets.
(line 11)
* UDPDiscoveryInterval: Main configuration variables.
(line 400)
(line 408)
* UDPDiscoveryKeepaliveInterval: Main configuration variables.
(line 394)
(line 402)
* UDPDiscoveryTimeout: Main configuration variables.
(line 404)
(line 412)
* UDPDiscovey: Main configuration variables.
(line 387)
(line 395)
* UDPInfoInterval: Main configuration variables.
(line 409)
(line 417)
* UDPRcvBuf: Main configuration variables.
(line 413)
(line 421)
* UDPSndBuf: Main configuration variables.
(line 419)
(line 427)
* UML: Main configuration variables.
(line 129)
(line 134)
* Universal tun/tap: Configuration of Linux kernels.
(line 6)
* UPnP: Main configuration variables.
(line 425)
(line 433)
* UPnPDiscoverWait: Main configuration variables.
(line 436)
(line 444)
* UPnPRefreshPeriod: Main configuration variables.
(line 440)
(line 448)
* utun: Main configuration variables.
(line 160)
(line 165)
* VDE: Main configuration variables.
(line 134)
(line 139)
* verify: tinc commands. (line 177)
* virtual: Virtual Private Networks.
(line 18)
@ -3640,78 +3652,78 @@ Concept Index

Tag Table:
Node: Top821
Node: Introduction1157
Node: Virtual Private Networks1961
Node: tinc3673
Node: Supported platforms5185
Node: Preparations5882
Node: Configuring the kernel6138
Node: Configuration of Linux kernels6547
Node: Configuration of FreeBSD kernels7396
Node: Configuration of OpenBSD kernels7861
Node: Configuration of NetBSD kernels8218
Node: Configuration of Solaris kernels8620
Node: Configuration of Darwin (MacOS/X) kernels9282
Node: Configuration of Windows10095
Node: Libraries10634
Node: LibreSSL/OpenSSL11091
Node: zlib13617
Node: lzo14639
Node: libcurses15630
Node: libreadline16540
Node: Installation17477
Node: Building and installing tinc18381
Node: Darwin (MacOS/X) build environment19037
Node: Cygwin (Windows) build environment19596
Node: MinGW (Windows) build environment20181
Node: System files20769
Node: Device files21034
Node: Other files21447
Node: Configuration22060
Node: Configuration introduction22347
Node: Multiple networks23868
Node: How connections work25235
Node: Configuration files27796
Node: Main configuration variables29428
Node: Host configuration variables50169
Node: Scripts56239
Node: How to configure60139
Node: Network interfaces64623
Node: Example configuration67002
Node: Running tinc72101
Node: Runtime options72688
Node: Signals75548
Node: Debug levels76397
Node: Solving problems77333
Node: Error messages78759
Node: Sending bug reports83076
Node: Controlling tinc84023
Node: tinc runtime options84759
Node: tinc environment variables85508
Node: tinc commands85837
Node: tinc examples92695
Node: tinc top93257
Node: Invitations94842
Node: How invitations work95505
Node: Invitation file format97798
Node: Writing an invitation-created script100723
Node: Technical information101785
Node: The connection102015
Node: The UDP tunnel102327
Node: The meta-connection105372
Node: The meta-protocol106830
Node: Security111813
Node: Legacy authentication protocol113150
Node: Simple Peer-to-Peer Security117767
Node: Encryption of network packets123412
Node: Security issues126050
Node: Platform specific information127797
Node: Interface configuration128025
Node: Routes130466
Node: About us132377
Node: Contact information132554
Node: Authors132957
Node: Concept Index133361
Node: Top824
Node: Introduction1160
Node: Virtual Private Networks1964
Node: tinc3676
Node: Supported platforms5188
Node: Preparations5885
Node: Configuring the kernel6141
Node: Configuration of Linux kernels6550
Node: Configuration of FreeBSD kernels7399
Node: Configuration of OpenBSD kernels7864
Node: Configuration of NetBSD kernels8221
Node: Configuration of Solaris kernels8623
Node: Configuration of Darwin (MacOS/X) kernels9285
Node: Configuration of Windows10098
Node: Libraries10637
Node: LibreSSL/OpenSSL11094
Node: zlib13620
Node: lzo14642
Node: libcurses15633
Node: libreadline16543
Node: Installation17480
Node: Building and installing tinc18384
Node: Darwin (MacOS/X) build environment19040
Node: Cygwin (Windows) build environment19599
Node: MinGW (Windows) build environment20184
Node: System files20772
Node: Device files21037
Node: Other files21450
Node: Configuration22063
Node: Configuration introduction22350
Node: Multiple networks23871
Node: How connections work25238
Node: Configuration files27799
Node: Main configuration variables29431
Node: Host configuration variables50412
Node: Scripts56482
Node: How to configure60382
Node: Network interfaces64866
Node: Example configuration67245
Node: Running tinc72344
Node: Runtime options72931
Node: Signals75791
Node: Debug levels76640
Node: Solving problems77576
Node: Error messages79002
Node: Sending bug reports83319
Node: Controlling tinc84266
Node: tinc runtime options85002
Node: tinc environment variables85751
Node: tinc commands86080
Node: tinc examples92938
Node: tinc top93500
Node: Invitations95085
Node: How invitations work95748
Node: Invitation file format98041
Node: Writing an invitation-created script100966
Node: Technical information102028
Node: The connection102258
Node: The UDP tunnel102570
Node: The meta-connection105615
Node: The meta-protocol107073
Node: Security112056
Node: Legacy authentication protocol113393
Node: Simple Peer-to-Peer Security118010
Node: Encryption of network packets123655
Node: Security issues126293
Node: Platform specific information128040
Node: Interface configuration128268
Node: Routes130709
Node: About us132620
Node: Contact information132797
Node: Authors133200
Node: Concept Index133604

End Tag Table

21
doc/tinc.texi
View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2016 Ivo Timmermans,
Copyright @copyright{} 1998-2017 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -43,7 +43,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2016 Ivo Timmermans,
Copyright @copyright{} 1998-2017 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -958,6 +958,12 @@ This can be used to connect to UML, QEMU or KVM instances listening on the same
Do NOT connect multiple tinc daemons to the same multicast address, this will very likely cause routing loops.
Also note that this can cause decrypted VPN packets to be sent out on a real network if misconfigured.
@cindex fd
@item fd
Use a file descriptor.
All packets are read from this interface.
Packets received for the local node are written to it.
@cindex UML
@item uml (not compiled in by default)
Create a UNIX socket with the filename specified by
@ -1086,9 +1092,10 @@ which normally would prevent the peers from learning each other's LAN address.
Currently, local discovery is implemented by sending some packets to the local address of the node during UDP discovery.
This will not work with old nodes that don't transmit their local address.
@cindex LocalDiscoveryAddress
@item LocalDiscoveryAddress <@var{address}>
If this variable is specified, local discovery packets are sent to the given @var{address}.
@cindex LogLevel
@item LogLevel = <@var{level}> (0)
This option controls the verbosity of the logging.
See @ref{Debug levels}.
@cindex Mode
@item Mode = <router|switch|hub> (router)
@ -1119,6 +1126,10 @@ every packet will be broadcast to the other daemons
while no routing table is managed.
@end table
@cindex InvitationExpire
@item InvitationExpire = <@var{seconds}> (604800)
This option controls the time invitations are valid.
@cindex KeyExpire
@item KeyExpire = <@var{seconds}> (3600)
This option controls the time the encryption keys used to encrypt the data