Import Upstream version 1.0.14

This commit is contained in:
Guus Sliepen 2019-08-26 13:44:40 +02:00
parent 3f0ae998e8
commit d906f6f9b0
50 changed files with 1593 additions and 753 deletions

Binary file not shown.

View file

@ -110,6 +110,13 @@ Note: it is not required that you put in the
sign, but doing so improves readability.
If you leave it out, remember to replace it with at least one space character.
.Pp
The server configuration is complemented with host specific configuration (see the next section).
Although all configuration options for the local host listed in this document can also be put in
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf ,
it is recommended to put host specific configuration options in the host configuration file,
as this makes it easy to exchange with other nodes.
.Pp
Here are all valid variables, listed in alphabetical order.
The default value is given between parentheses.
@ -248,6 +255,9 @@ a lookup if your DNS server is not responding.
This does not affect resolving hostnames to IP addresses from the
host configuration files.
.It Va IffOneQueue Li = yes | no Po no Pc Bq experimental
(Linux only) Set IFF_ONE_QUEUE flag on TUN/TAP devices.
.It Va Interface Li = Ar interface
Defines the name of the interface corresponding to the virtual network device.
Depending on the operating system and the type of device this may or may not actually set the name of the interface.
@ -334,6 +344,16 @@ specified in the configuration file.
When this option is used the priority of the tincd process will be adjusted.
Increasing the priority may help to reduce latency and packet loss on the VPN.
.It Va ReplayWindow Li = Ar bytes Pq 16
This is the size of the replay tracking window for each remote node, in bytes.
The window is a bitfield which tracks 1 packet per bit, so for example
the default setting of 16 will track up to 128 packets in the window. In high
bandwidth scenarios, setting this to a higher value can reduce packet loss from
the interaction of replay tracking with underlying real packet loss and/or
reordering. Setting this to zero will disable replay tracking completely and
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
traffic.
.It Va StrictSubnets Li = yes | no Po no Pc Bq experimental
When this option is enabled tinc will only use Subnet statements which are
present in the host config files in the local
@ -346,6 +366,14 @@ and will only allow connections with nodes for which host config files are prese
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/
directory.
Setting this options also implicitly sets StrictSubnets.
.It Va UDPRcvBuf Li = Ar bytes Pq OS default
Sets the socket receive buffer size for the UDP socket, in bytes.
If unset, the default buffer size will be used by the operating system.
.It Va UDPSndBuf Li = Ar bytes Pq OS default
Sets the socket send buffer size for the UDP socket, in bytes.
If unset, the default buffer size will be used by the operating system.
.El
.Sh HOST CONFIGURATION FILES

View file

@ -5,10 +5,10 @@ START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc version 1.0.13, a Virtual Private
This is the info manual for tinc version 1.0.14, a Virtual Private
Network daemon.
Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen
Copyright (C) 1998-2011 Ivo Timmermans, Guus Sliepen
<guus@tinc-vpn.org> and Wessel Dankers <wsl@tinc-vpn.org>.
Permission is granted to make and distribute verbatim copies of this
@ -84,7 +84,7 @@ trusted computers on the other end of the Internet.
This problem can be solved by using _virtual_ networks. Virtual
networks can live on top of other networks, but they use encapsulation
to keep using their private address space so they do not interfere with
the Internet. Mostly, virtual networks appear like a singe LAN, even
the Internet. Mostly, virtual networks appear like a single LAN, even
though they can span the entire world. But virtual networks can't be
secured by using firewalls, because the traffic that flows through it
has to go through the Internet, where other people can look at it.
@ -654,6 +654,13 @@ that you put in the `=' sign, but doing so improves readability. If
you leave it out, remember to replace it with at least one space
character.
The server configuration is complemented with host specific
configuration (see the next section). Although all host configuration
options for the local node listed in this document can also be put in
`/etc/tinc/NETNAME/tinc.conf', it is recommended to put host specific
configuration options in the host configuration file, as this makes it
easy to exchange with other nodes.
In this section all valid variables are listed in alphabetical order.
The default value is given between parentheses, other comments are
between square brackets.
@ -869,6 +876,17 @@ ProcessPriority = <low|normal|high>
adjusted. Increasing the priority may help to reduce latency and
packet loss on the VPN.
ReplayWindow = <bytes> (16)
This is the size of the replay tracking window for each remote
node, in bytes. The window is a bitfield which tracks 1 packet
per bit, so for example the default setting of 16 will track up to
128 packets in the window. In high bandwidth scenarios, setting
this to a higher value can reduce packet loss from the interaction
of replay tracking with underlying real packet loss and/or
reordering. Setting this to zero will disable replay tracking
completely and pass all traffic, but leaves tinc vulnerable to
replay-based attacks on your traffic.
StrictSubnets <yes|no> (no) [experimental]
When this option is enabled tinc will only use Subnet statements
which are present in the host config files in the local
@ -881,6 +899,16 @@ TunnelServer = <yes|no> (no) [experimental]
the local `/etc/tinc/NETNAME/hosts/' directory. Setting this
options also implicitly sets StrictSubnets.
UDPRcvBuf = <bytes> (OS default)
Sets the socket receive buffer size for the UDP socket, in bytes.
If unset, the default buffer size will be used by the operating
system.
UDPSndBuf = <bytes> Pq OS default
Sets the socket send buffer size for the UDP socket, in bytes. If
unset, the default buffer size will be used by the operating
system.

File: tinc.info, Node: Host configuration variables, Next: Scripts, Prev: Main configuration variables, Up: Configuration files
@ -1403,7 +1431,10 @@ command line options.
always be stopped and removed.
`-n, --net=NETNAME'
Use configuration for net NETNAME. *Note Multiple networks::.
Use configuration for net NETNAME. This will let tinc read all
configuration files from `/etc/tinc/NETNAME/'. Specifying . for
NETNAME is the same as not specifying any NETNAME. *Note Multiple
networks::.
`-K, --generate-keys[=BITS]'
Generate public/private keypair of BITS length. If BITS is not
@ -2377,6 +2408,8 @@ Concept Index
* release: Supported platforms. (line 14)
* REMOTEADDRESS: Scripts. (line 67)
* REMOTEPORT: Scripts. (line 70)
* ReplayWindow: Main configuration variables.
(line 204)
* REQ_KEY: The meta-protocol. (line 64)
* requirements: Libraries. (line 6)
* router: Main configuration variables.
@ -2388,7 +2421,7 @@ Concept Index
(line 18)
* signals: Signals. (line 6)
* StrictSubnets: Main configuration variables.
(line 204)
(line 215)
* SUBNET: Scripts. (line 74)
* Subnet: Host configuration variables.
(line 74)
@ -2410,12 +2443,16 @@ Concept Index
* tunifhead: Main configuration variables.
(line 62)
* TunnelServer: Main configuration variables.
(line 209)
(line 220)
* tunnohead: Main configuration variables.
(line 56)
* UDP <1>: Encryption of network packets.
(line 12)
* UDP: The UDP tunnel. (line 30)
* UDPRcvBuf: Main configuration variables.
(line 227)
* UDPSndBuf: Main configuration variables.
(line 232)
* Universal tun/tap: Configuration of Linux kernels.
(line 6)
* virtual: Virtual Private Networks.
@ -2434,63 +2471,63 @@ Tag Table:
Node: Top810
Node: Introduction1109
Node: Virtual Private Networks1919
Node: tinc3644
Node: Supported platforms5171
Node: Preparations5869
Node: Configuring the kernel6125
Node: Configuration of Linux kernels6534
Node: Configuration of FreeBSD kernels7389
Node: Configuration of OpenBSD kernels7779
Node: Configuration of NetBSD kernels8387
Node: Configuration of Solaris kernels8792
Node: Configuration of Darwin (MacOS/X) kernels9453
Node: Configuration of Windows10142
Node: Libraries10656
Node: OpenSSL11044
Node: zlib13320
Node: lzo14149
Node: Installation14936
Node: Building and installing tinc15951
Node: Darwin (MacOS/X) build environment16610
Node: Cygwin (Windows) build environment17178
Node: MinGW (Windows) build environment17766
Node: System files18290
Node: Device files18555
Node: Other files18971
Node: Configuration19584
Node: Configuration introduction19895
Node: Multiple networks21168
Node: How connections work22594
Node: Configuration files23816
Node: Main configuration variables24823
Node: Host configuration variables34334
Node: Scripts39745
Node: How to configure42515
Node: Generating keypairs43778
Node: Network interfaces44277
Node: Example configuration46125
Node: Running tinc51448
Node: Runtime options52038
Node: Signals54833
Node: Debug levels55902
Node: Solving problems56838
Node: Error messages58390
Node: Sending bug reports62403
Node: Technical information63355
Node: The connection63586
Node: The UDP tunnel63898
Node: The meta-connection66959
Node: The meta-protocol68428
Node: Security73437
Node: Authentication protocol74567
Node: Encryption of network packets79571
Node: Security issues80944
Node: Platform specific information82561
Node: Interface configuration82789
Node: Routes84688
Node: About us86604
Node: Contact information86779
Node: Authors87183
Node: Concept Index87588
Node: tinc3645
Node: Supported platforms5172
Node: Preparations5870
Node: Configuring the kernel6126
Node: Configuration of Linux kernels6535
Node: Configuration of FreeBSD kernels7390
Node: Configuration of OpenBSD kernels7780
Node: Configuration of NetBSD kernels8388
Node: Configuration of Solaris kernels8793
Node: Configuration of Darwin (MacOS/X) kernels9454
Node: Configuration of Windows10143
Node: Libraries10657
Node: OpenSSL11045
Node: zlib13321
Node: lzo14150
Node: Installation14937
Node: Building and installing tinc15952
Node: Darwin (MacOS/X) build environment16611
Node: Cygwin (Windows) build environment17179
Node: MinGW (Windows) build environment17767
Node: System files18291
Node: Device files18556
Node: Other files18972
Node: Configuration19585
Node: Configuration introduction19896
Node: Multiple networks21169
Node: How connections work22595
Node: Configuration files23817
Node: Main configuration variables25204
Node: Host configuration variables35709
Node: Scripts41120
Node: How to configure43890
Node: Generating keypairs45153
Node: Network interfaces45652
Node: Example configuration47500
Node: Running tinc52823
Node: Runtime options53413
Node: Signals56369
Node: Debug levels57438
Node: Solving problems58374
Node: Error messages59926
Node: Sending bug reports63939
Node: Technical information64891
Node: The connection65122
Node: The UDP tunnel65434
Node: The meta-connection68495
Node: The meta-protocol69964
Node: Security74973
Node: Authentication protocol76103
Node: Encryption of network packets81107
Node: Security issues82480
Node: Platform specific information84097
Node: Interface configuration84325
Node: Routes86224
Node: About us88140
Node: Contact information88315
Node: Authors88719
Node: Concept Index89124

End Tag Table

View file

@ -15,7 +15,7 @@
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2010 Ivo Timmermans,
Copyright @copyright{} 1998-2011 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -39,7 +39,7 @@ permission notice identical to this one.
@vskip 0pt plus 1filll
This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
Copyright @copyright{} 1998-2010 Ivo Timmermans,
Copyright @copyright{} 1998-2011 Ivo Timmermans,
Guus Sliepen <guus@@tinc-vpn.org> and
Wessel Dankers <wsl@@tinc-vpn.org>.
@ -119,7 +119,7 @@ computers on the other end of the Internet.
This problem can be solved by using @emph{virtual} networks. Virtual
networks can live on top of other networks, but they use encapsulation to
keep using their private address space so they do not interfere with
the Internet. Mostly, virtual networks appear like a singe LAN, even though
the Internet. Mostly, virtual networks appear like a single LAN, even though
they can span the entire world. But virtual networks can't be secured
by using firewalls, because the traffic that flows through it has to go
through the Internet, where other people can look at it.
@ -725,6 +725,13 @@ and carriage returns are ignored. Note: it is not required that you put
in the `=' sign, but doing so improves readability. If you leave it
out, remember to replace it with at least one space character.
The server configuration is complemented with host specific configuration (see
the next section). Although all host configuration options for the local node
listed in this document can also be put in
@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf}, it is recommended to
put host specific configuration options in the host configuration file, as this
makes it easy to exchange with other nodes.
In this section all valid variables are listed in alphabetical order.
The default value is given between parentheses,
other comments are between square brackets.
@ -955,6 +962,18 @@ specified in the configuration file.
When this option is used the priority of the tincd process will be adjusted.
Increasing the priority may help to reduce latency and packet loss on the VPN.
@cindex ReplayWindow
@item ReplayWindow = <bytes> (16)
This is the size of the replay tracking window for each remote node, in bytes.
The window is a bitfield which tracks 1 packet per bit, so for example
the default setting of 16 will track up to 128 packets in the window. In high
bandwidth scenarios, setting this to a higher value can reduce packet loss from
the interaction of replay tracking with underlying real packet loss and/or
reordering. Setting this to zero will disable replay tracking completely and
pass all traffic, but leaves tinc vulnerable to replay-based attacks on your
traffic.
@cindex StrictSubnets
@item StrictSubnets <yes|no> (no) [experimental]
When this option is enabled tinc will only use Subnet statements which are
@ -968,6 +987,16 @@ and will only allow connections with nodes for which host config files are prese
@file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory.
Setting this options also implicitly sets StrictSubnets.
@cindex UDPRcvBuf
@item UDPRcvBuf = <bytes> (OS default)
Sets the socket receive buffer size for the UDP socket, in bytes.
If unset, the default buffer size will be used by the operating system.
@cindex UDPSndBuf
@item UDPSndBuf = <bytes> Pq OS default
Sets the socket send buffer size for the UDP socket, in bytes.
If unset, the default buffer size will be used by the operating system.
@end table
@ -1536,7 +1565,11 @@ Under native Windows the optional argument is ignored,
the service will always be stopped and removed.
@item -n, --net=@var{netname}
Use configuration for net @var{netname}. @xref{Multiple networks}.
Use configuration for net @var{netname}.
This will let tinc read all configuration files from
@file{@value{sysconfdir}/tinc/@var{netname}/}.
Specifying . for @var{netname} is the same as not specifying any @var{netname}.
@xref{Multiple networks}.
@item -K, --generate-keys[=@var{bits}]
Generate public/private keypair of @var{bits} length. If @var{bits} is not specified,

View file

@ -1,4 +1,4 @@
.Dd 2009-05-18
.Dd 2011-01-02
.Dt TINCD 8
.\" Manual page created by:
.\" Ivo Timmermans
@ -64,6 +64,14 @@ the service will always be stopped and removed.
.It Fl n, -net Ns = Ns Ar NETNAME
Connect to net
.Ar NETNAME .
This will let tinc read all configuration files from
.Pa @sysconfdir@/tinc/ Ar NETNAME .
Specifying
.Li .
for
.Ar NETNAME
is the same as not specifying any
.Ar NETNAME .
.It Fl K, -generate-keys Ns Op = Ns Ar BITS
Generate public/private RSA keypair and exit.
If
@ -89,11 +97,11 @@ Under Windows this option will be ignored.
.It Fl -bypass-security
Disables encryption and authentication of the meta protocol.
Only useful for debugging.
.It Fl -chroot
.It Fl R, -chroot
With this option tinc chroots into the directory where network
config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
or to the directory specified with -c option) after initialization.
.It Fl -user Ns = Ns Ar USER
.It Fl U, -user Ns = Ns Ar USER
setuid to the specified
.Ar USER
after initialization.