Import Upstream version 1.0.14
This commit is contained in:
parent
3f0ae998e8
commit
d906f6f9b0
50 changed files with 1593 additions and 753 deletions
Binary file not shown.
|
|
@ -110,6 +110,13 @@ Note: it is not required that you put in the
|
|||
sign, but doing so improves readability.
|
||||
If you leave it out, remember to replace it with at least one space character.
|
||||
|
||||
.Pp
|
||||
The server configuration is complemented with host specific configuration (see the next section).
|
||||
Although all configuration options for the local host listed in this document can also be put in
|
||||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf ,
|
||||
it is recommended to put host specific configuration options in the host configuration file,
|
||||
as this makes it easy to exchange with other nodes.
|
||||
|
||||
.Pp
|
||||
Here are all valid variables, listed in alphabetical order.
|
||||
The default value is given between parentheses.
|
||||
|
|
@ -248,6 +255,9 @@ a lookup if your DNS server is not responding.
|
|||
This does not affect resolving hostnames to IP addresses from the
|
||||
host configuration files.
|
||||
|
||||
.It Va IffOneQueue Li = yes | no Po no Pc Bq experimental
|
||||
(Linux only) Set IFF_ONE_QUEUE flag on TUN/TAP devices.
|
||||
|
||||
.It Va Interface Li = Ar interface
|
||||
Defines the name of the interface corresponding to the virtual network device.
|
||||
Depending on the operating system and the type of device this may or may not actually set the name of the interface.
|
||||
|
|
@ -334,6 +344,16 @@ specified in the configuration file.
|
|||
When this option is used the priority of the tincd process will be adjusted.
|
||||
Increasing the priority may help to reduce latency and packet loss on the VPN.
|
||||
|
||||
.It Va ReplayWindow Li = Ar bytes Pq 16
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||
the default setting of 16 will track up to 128 packets in the window. In high
|
||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||
the interaction of replay tracking with underlying real packet loss and/or
|
||||
reordering. Setting this to zero will disable replay tracking completely and
|
||||
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
|
||||
traffic.
|
||||
|
||||
.It Va StrictSubnets Li = yes | no Po no Pc Bq experimental
|
||||
When this option is enabled tinc will only use Subnet statements which are
|
||||
present in the host config files in the local
|
||||
|
|
@ -346,6 +366,14 @@ and will only allow connections with nodes for which host config files are prese
|
|||
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
|
||||
directory.
|
||||
Setting this options also implicitly sets StrictSubnets.
|
||||
|
||||
.It Va UDPRcvBuf Li = Ar bytes Pq OS default
|
||||
Sets the socket receive buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
|
||||
.It Va UDPSndBuf Li = Ar bytes Pq OS default
|
||||
Sets the socket send buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
.El
|
||||
|
||||
.Sh HOST CONFIGURATION FILES
|
||||
|
|
|
|||
165
doc/tinc.info
165
doc/tinc.info
|
|
@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
|
|||
* tinc: (tinc). The tinc Manual.
|
||||
END-INFO-DIR-ENTRY
|
||||
|
||||
This is the info manual for tinc version 1.0.13, a Virtual Private
|
||||
This is the info manual for tinc version 1.0.14, a Virtual Private
|
||||
Network daemon.
|
||||
|
||||
Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen
|
||||
Copyright (C) 1998-2011 Ivo Timmermans, Guus Sliepen
|
||||
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
|
||||
|
||||
Permission is granted to make and distribute verbatim copies of this
|
||||
|
|
@ -84,7 +84,7 @@ trusted computers on the other end of the Internet.
|
|||
This problem can be solved by using _virtual_ networks. Virtual
|
||||
networks can live on top of other networks, but they use encapsulation
|
||||
to keep using their private address space so they do not interfere with
|
||||
the Internet. Mostly, virtual networks appear like a singe LAN, even
|
||||
the Internet. Mostly, virtual networks appear like a single LAN, even
|
||||
though they can span the entire world. But virtual networks can't be
|
||||
secured by using firewalls, because the traffic that flows through it
|
||||
has to go through the Internet, where other people can look at it.
|
||||
|
|
@ -654,6 +654,13 @@ that you put in the `=' sign, but doing so improves readability. If
|
|||
you leave it out, remember to replace it with at least one space
|
||||
character.
|
||||
|
||||
The server configuration is complemented with host specific
|
||||
configuration (see the next section). Although all host configuration
|
||||
options for the local node listed in this document can also be put in
|
||||
`/etc/tinc/NETNAME/tinc.conf', it is recommended to put host specific
|
||||
configuration options in the host configuration file, as this makes it
|
||||
easy to exchange with other nodes.
|
||||
|
||||
In this section all valid variables are listed in alphabetical order.
|
||||
The default value is given between parentheses, other comments are
|
||||
between square brackets.
|
||||
|
|
@ -869,6 +876,17 @@ ProcessPriority = <low|normal|high>
|
|||
adjusted. Increasing the priority may help to reduce latency and
|
||||
packet loss on the VPN.
|
||||
|
||||
ReplayWindow = <bytes> (16)
|
||||
This is the size of the replay tracking window for each remote
|
||||
node, in bytes. The window is a bitfield which tracks 1 packet
|
||||
per bit, so for example the default setting of 16 will track up to
|
||||
128 packets in the window. In high bandwidth scenarios, setting
|
||||
this to a higher value can reduce packet loss from the interaction
|
||||
of replay tracking with underlying real packet loss and/or
|
||||
reordering. Setting this to zero will disable replay tracking
|
||||
completely and pass all traffic, but leaves tinc vulnerable to
|
||||
replay-based attacks on your traffic.
|
||||
|
||||
StrictSubnets <yes|no> (no) [experimental]
|
||||
When this option is enabled tinc will only use Subnet statements
|
||||
which are present in the host config files in the local
|
||||
|
|
@ -881,6 +899,16 @@ TunnelServer = <yes|no> (no) [experimental]
|
|||
the local `/etc/tinc/NETNAME/hosts/' directory. Setting this
|
||||
options also implicitly sets StrictSubnets.
|
||||
|
||||
UDPRcvBuf = <bytes> (OS default)
|
||||
Sets the socket receive buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating
|
||||
system.
|
||||
|
||||
UDPSndBuf = <bytes> Pq OS default
|
||||
Sets the socket send buffer size for the UDP socket, in bytes. If
|
||||
unset, the default buffer size will be used by the operating
|
||||
system.
|
||||
|
||||
|
||||
|
||||
File: tinc.info, Node: Host configuration variables, Next: Scripts, Prev: Main configuration variables, Up: Configuration files
|
||||
|
|
@ -1403,7 +1431,10 @@ command line options.
|
|||
always be stopped and removed.
|
||||
|
||||
`-n, --net=NETNAME'
|
||||
Use configuration for net NETNAME. *Note Multiple networks::.
|
||||
Use configuration for net NETNAME. This will let tinc read all
|
||||
configuration files from `/etc/tinc/NETNAME/'. Specifying . for
|
||||
NETNAME is the same as not specifying any NETNAME. *Note Multiple
|
||||
networks::.
|
||||
|
||||
`-K, --generate-keys[=BITS]'
|
||||
Generate public/private keypair of BITS length. If BITS is not
|
||||
|
|
@ -2377,6 +2408,8 @@ Concept Index
|
|||
* release: Supported platforms. (line 14)
|
||||
* REMOTEADDRESS: Scripts. (line 67)
|
||||
* REMOTEPORT: Scripts. (line 70)
|
||||
* ReplayWindow: Main configuration variables.
|
||||
(line 204)
|
||||
* REQ_KEY: The meta-protocol. (line 64)
|
||||
* requirements: Libraries. (line 6)
|
||||
* router: Main configuration variables.
|
||||
|
|
@ -2388,7 +2421,7 @@ Concept Index
|
|||
(line 18)
|
||||
* signals: Signals. (line 6)
|
||||
* StrictSubnets: Main configuration variables.
|
||||
(line 204)
|
||||
(line 215)
|
||||
* SUBNET: Scripts. (line 74)
|
||||
* Subnet: Host configuration variables.
|
||||
(line 74)
|
||||
|
|
@ -2410,12 +2443,16 @@ Concept Index
|
|||
* tunifhead: Main configuration variables.
|
||||
(line 62)
|
||||
* TunnelServer: Main configuration variables.
|
||||
(line 209)
|
||||
(line 220)
|
||||
* tunnohead: Main configuration variables.
|
||||
(line 56)
|
||||
* UDP <1>: Encryption of network packets.
|
||||
(line 12)
|
||||
* UDP: The UDP tunnel. (line 30)
|
||||
* UDPRcvBuf: Main configuration variables.
|
||||
(line 227)
|
||||
* UDPSndBuf: Main configuration variables.
|
||||
(line 232)
|
||||
* Universal tun/tap: Configuration of Linux kernels.
|
||||
(line 6)
|
||||
* virtual: Virtual Private Networks.
|
||||
|
|
@ -2434,63 +2471,63 @@ Tag Table:
|
|||
Node: Top810
|
||||
Node: Introduction1109
|
||||
Node: Virtual Private Networks1919
|
||||
Node: tinc3644
|
||||
Node: Supported platforms5171
|
||||
Node: Preparations5869
|
||||
Node: Configuring the kernel6125
|
||||
Node: Configuration of Linux kernels6534
|
||||
Node: Configuration of FreeBSD kernels7389
|
||||
Node: Configuration of OpenBSD kernels7779
|
||||
Node: Configuration of NetBSD kernels8387
|
||||
Node: Configuration of Solaris kernels8792
|
||||
Node: Configuration of Darwin (MacOS/X) kernels9453
|
||||
Node: Configuration of Windows10142
|
||||
Node: Libraries10656
|
||||
Node: OpenSSL11044
|
||||
Node: zlib13320
|
||||
Node: lzo14149
|
||||
Node: Installation14936
|
||||
Node: Building and installing tinc15951
|
||||
Node: Darwin (MacOS/X) build environment16610
|
||||
Node: Cygwin (Windows) build environment17178
|
||||
Node: MinGW (Windows) build environment17766
|
||||
Node: System files18290
|
||||
Node: Device files18555
|
||||
Node: Other files18971
|
||||
Node: Configuration19584
|
||||
Node: Configuration introduction19895
|
||||
Node: Multiple networks21168
|
||||
Node: How connections work22594
|
||||
Node: Configuration files23816
|
||||
Node: Main configuration variables24823
|
||||
Node: Host configuration variables34334
|
||||
Node: Scripts39745
|
||||
Node: How to configure42515
|
||||
Node: Generating keypairs43778
|
||||
Node: Network interfaces44277
|
||||
Node: Example configuration46125
|
||||
Node: Running tinc51448
|
||||
Node: Runtime options52038
|
||||
Node: Signals54833
|
||||
Node: Debug levels55902
|
||||
Node: Solving problems56838
|
||||
Node: Error messages58390
|
||||
Node: Sending bug reports62403
|
||||
Node: Technical information63355
|
||||
Node: The connection63586
|
||||
Node: The UDP tunnel63898
|
||||
Node: The meta-connection66959
|
||||
Node: The meta-protocol68428
|
||||
Node: Security73437
|
||||
Node: Authentication protocol74567
|
||||
Node: Encryption of network packets79571
|
||||
Node: Security issues80944
|
||||
Node: Platform specific information82561
|
||||
Node: Interface configuration82789
|
||||
Node: Routes84688
|
||||
Node: About us86604
|
||||
Node: Contact information86779
|
||||
Node: Authors87183
|
||||
Node: Concept Index87588
|
||||
Node: tinc3645
|
||||
Node: Supported platforms5172
|
||||
Node: Preparations5870
|
||||
Node: Configuring the kernel6126
|
||||
Node: Configuration of Linux kernels6535
|
||||
Node: Configuration of FreeBSD kernels7390
|
||||
Node: Configuration of OpenBSD kernels7780
|
||||
Node: Configuration of NetBSD kernels8388
|
||||
Node: Configuration of Solaris kernels8793
|
||||
Node: Configuration of Darwin (MacOS/X) kernels9454
|
||||
Node: Configuration of Windows10143
|
||||
Node: Libraries10657
|
||||
Node: OpenSSL11045
|
||||
Node: zlib13321
|
||||
Node: lzo14150
|
||||
Node: Installation14937
|
||||
Node: Building and installing tinc15952
|
||||
Node: Darwin (MacOS/X) build environment16611
|
||||
Node: Cygwin (Windows) build environment17179
|
||||
Node: MinGW (Windows) build environment17767
|
||||
Node: System files18291
|
||||
Node: Device files18556
|
||||
Node: Other files18972
|
||||
Node: Configuration19585
|
||||
Node: Configuration introduction19896
|
||||
Node: Multiple networks21169
|
||||
Node: How connections work22595
|
||||
Node: Configuration files23817
|
||||
Node: Main configuration variables25204
|
||||
Node: Host configuration variables35709
|
||||
Node: Scripts41120
|
||||
Node: How to configure43890
|
||||
Node: Generating keypairs45153
|
||||
Node: Network interfaces45652
|
||||
Node: Example configuration47500
|
||||
Node: Running tinc52823
|
||||
Node: Runtime options53413
|
||||
Node: Signals56369
|
||||
Node: Debug levels57438
|
||||
Node: Solving problems58374
|
||||
Node: Error messages59926
|
||||
Node: Sending bug reports63939
|
||||
Node: Technical information64891
|
||||
Node: The connection65122
|
||||
Node: The UDP tunnel65434
|
||||
Node: The meta-connection68495
|
||||
Node: The meta-protocol69964
|
||||
Node: Security74973
|
||||
Node: Authentication protocol76103
|
||||
Node: Encryption of network packets81107
|
||||
Node: Security issues82480
|
||||
Node: Platform specific information84097
|
||||
Node: Interface configuration84325
|
||||
Node: Routes86224
|
||||
Node: About us88140
|
||||
Node: Contact information88315
|
||||
Node: Authors88719
|
||||
Node: Concept Index89124
|
||||
|
||||
End Tag Table
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2011 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ permission notice identical to this one.
|
|||
@vskip 0pt plus 1filll
|
||||
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
|
||||
|
||||
Copyright @copyright{} 1998-2010 Ivo Timmermans,
|
||||
Copyright @copyright{} 1998-2011 Ivo Timmermans,
|
||||
Guus Sliepen <guus@@tinc-vpn.org> and
|
||||
Wessel Dankers <wsl@@tinc-vpn.org>.
|
||||
|
||||
|
|
@ -119,7 +119,7 @@ computers on the other end of the Internet.
|
|||
This problem can be solved by using @emph{virtual} networks. Virtual
|
||||
networks can live on top of other networks, but they use encapsulation to
|
||||
keep using their private address space so they do not interfere with
|
||||
the Internet. Mostly, virtual networks appear like a singe LAN, even though
|
||||
the Internet. Mostly, virtual networks appear like a single LAN, even though
|
||||
they can span the entire world. But virtual networks can't be secured
|
||||
by using firewalls, because the traffic that flows through it has to go
|
||||
through the Internet, where other people can look at it.
|
||||
|
|
@ -725,6 +725,13 @@ and carriage returns are ignored. Note: it is not required that you put
|
|||
in the `=' sign, but doing so improves readability. If you leave it
|
||||
out, remember to replace it with at least one space character.
|
||||
|
||||
The server configuration is complemented with host specific configuration (see
|
||||
the next section). Although all host configuration options for the local node
|
||||
listed in this document can also be put in
|
||||
@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf}, it is recommended to
|
||||
put host specific configuration options in the host configuration file, as this
|
||||
makes it easy to exchange with other nodes.
|
||||
|
||||
In this section all valid variables are listed in alphabetical order.
|
||||
The default value is given between parentheses,
|
||||
other comments are between square brackets.
|
||||
|
|
@ -955,6 +962,18 @@ specified in the configuration file.
|
|||
When this option is used the priority of the tincd process will be adjusted.
|
||||
Increasing the priority may help to reduce latency and packet loss on the VPN.
|
||||
|
||||
@cindex ReplayWindow
|
||||
@item ReplayWindow = <bytes> (16)
|
||||
This is the size of the replay tracking window for each remote node, in bytes.
|
||||
The window is a bitfield which tracks 1 packet per bit, so for example
|
||||
the default setting of 16 will track up to 128 packets in the window. In high
|
||||
bandwidth scenarios, setting this to a higher value can reduce packet loss from
|
||||
the interaction of replay tracking with underlying real packet loss and/or
|
||||
reordering. Setting this to zero will disable replay tracking completely and
|
||||
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
|
||||
traffic.
|
||||
|
||||
|
||||
@cindex StrictSubnets
|
||||
@item StrictSubnets <yes|no> (no) [experimental]
|
||||
When this option is enabled tinc will only use Subnet statements which are
|
||||
|
|
@ -968,6 +987,16 @@ and will only allow connections with nodes for which host config files are prese
|
|||
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory.
|
||||
Setting this options also implicitly sets StrictSubnets.
|
||||
|
||||
@cindex UDPRcvBuf
|
||||
@item UDPRcvBuf = <bytes> (OS default)
|
||||
Sets the socket receive buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
|
||||
@cindex UDPSndBuf
|
||||
@item UDPSndBuf = <bytes> Pq OS default
|
||||
Sets the socket send buffer size for the UDP socket, in bytes.
|
||||
If unset, the default buffer size will be used by the operating system.
|
||||
|
||||
@end table
|
||||
|
||||
|
||||
|
|
@ -1536,7 +1565,11 @@ Under native Windows the optional argument is ignored,
|
|||
the service will always be stopped and removed.
|
||||
|
||||
@item -n, --net=@var{netname}
|
||||
Use configuration for net @var{netname}. @xref{Multiple networks}.
|
||||
Use configuration for net @var{netname}.
|
||||
This will let tinc read all configuration files from
|
||||
@file{@value{sysconfdir}/tinc/@var{netname}/}.
|
||||
Specifying . for @var{netname} is the same as not specifying any @var{netname}.
|
||||
@xref{Multiple networks}.
|
||||
|
||||
@item -K, --generate-keys[=@var{bits}]
|
||||
Generate public/private keypair of @var{bits} length. If @var{bits} is not specified,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
.Dd 2009-05-18
|
||||
.Dd 2011-01-02
|
||||
.Dt TINCD 8
|
||||
.\" Manual page created by:
|
||||
.\" Ivo Timmermans
|
||||
|
|
@ -64,6 +64,14 @@ the service will always be stopped and removed.
|
|||
.It Fl n, -net Ns = Ns Ar NETNAME
|
||||
Connect to net
|
||||
.Ar NETNAME .
|
||||
This will let tinc read all configuration files from
|
||||
.Pa @sysconfdir@/tinc/ Ar NETNAME .
|
||||
Specifying
|
||||
.Li .
|
||||
for
|
||||
.Ar NETNAME
|
||||
is the same as not specifying any
|
||||
.Ar NETNAME .
|
||||
.It Fl K, -generate-keys Ns Op = Ns Ar BITS
|
||||
Generate public/private RSA keypair and exit.
|
||||
If
|
||||
|
|
@ -89,11 +97,11 @@ Under Windows this option will be ignored.
|
|||
.It Fl -bypass-security
|
||||
Disables encryption and authentication of the meta protocol.
|
||||
Only useful for debugging.
|
||||
.It Fl -chroot
|
||||
.It Fl R, -chroot
|
||||
With this option tinc chroots into the directory where network
|
||||
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
|
||||
or to the directory specified with -c option) after initialization.
|
||||
.It Fl -user Ns = Ns Ar USER
|
||||
.It Fl U, -user Ns = Ns Ar USER
|
||||
setuid to the specified
|
||||
.Ar USER
|
||||
after initialization.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue