lagertonne/tinc
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Wiki Activity

Import Upstream version 1.0pre7

Browse source
This commit is contained in:
Guus Sliepen 2019-08-26 13:44:36 +02:00
commit ed8d36a434
154 changed files with 53905 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

23
doc/GNUmakefile Normal file
View file

@ -0,0 +1,23 @@
# Having a separate GNUmakefile lets me use features of GNU make
# to generate the man pages.
# This makefile is used only if you run GNU Make.
# It is necessary if you want to build targets usually of interest
# only to the maintainer.
have-Makefile := $(shell test -f Makefile && echo yes)
# If the user runs GNU make but has not yet run ./configure,
# give them a diagnostic.
ifeq ($(have-Makefile),yes)
include Makefile
include $(srcdir)/Makefile.maint
else
all:
@echo There seems to be no Makefile in this directory.
@echo "You must run ./configure before running \`make'."
@exit 1
endif

25
doc/Makefile.am Normal file
View file

@ -0,0 +1,25 @@
## Process this file with automake to get Makefile.in
SUBDIRS = es
info_TEXINFOS = tinc.texi
dyn_MANS =
man_aux = $(dyn_MANS:.8=.x)
man_MANS = tincd.8 tinc.conf.5 $(dyn_MANS)
PERL = @PERL@
HELP2MAN = help2man
MAINTAINERCLEANFILES = $(dyn_MANS)
EXTRA_DIST = $(man_MANS) $(HELP2MAN) $(man_aux) \
Makefile.maint GNUmakefile Makefile.summ sample-config.tar.gz
# Use `ginstall' in the definition of man_MANS to avoid
# confusion with the `install' target. The install rule transforms `ginstall'
# to install before applying any user-specified name transformations.
transform = s/ginstall/install/; @program_transform_name@
# For additional rules usually of interest only to the maintainer,
# see GNUmakefile and Makefile.maint.

539
doc/Makefile.in Normal file
View file

@ -0,0 +1,539 @@
# Makefile.in generated automatically by automake 1.5 from Makefile.am.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_HEADER = $(INSTALL_DATA)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
host_alias = @host_alias@
host_triplet = @host@
AMTAR = @AMTAR@
AWK = @AWK@
BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
CATALOGS = @CATALOGS@
CATOBJEXT = @CATOBJEXT@
CC = @CC@
CPP = @CPP@
DATADIRNAME = @DATADIRNAME@
DEPDIR = @DEPDIR@
EXEEXT = @EXEEXT@
GENCAT = @GENCAT@
GLIBC21 = @GLIBC21@
GMOFILES = @GMOFILES@
GMSGFMT = @GMSGFMT@
HAVE_TUNTAP = @HAVE_TUNTAP@
INCLUDES = @INCLUDES@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INSTOBJEXT = @INSTOBJEXT@
INTLBISON = @INTLBISON@
INTLLIBS = @INTLLIBS@
INTLOBJS = @INTLOBJS@
INTL_LIBTOOL_SUFFIX_PREFIX = @INTL_LIBTOOL_SUFFIX_PREFIX@
LIBICONV = @LIBICONV@
LINUX_IF_TUN_H = @LINUX_IF_TUN_H@
LN_S = @LN_S@
MKINSTALLDIRS = @MKINSTALLDIRS@
MSGFMT = @MSGFMT@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
POFILES = @POFILES@
POSUB = @POSUB@
RANLIB = @RANLIB@
USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
am__include = @am__include@
am__quote = @am__quote@
install_sh = @install_sh@
# Use `ginstall' in the definition of man_MANS to avoid
# confusion with the `install' target. The install rule transforms `ginstall'
# to install before applying any user-specified name transformations.
transform = s/ginstall/install/; @program_transform_name@
PERL = @PERL@
SUBDIRS = es
info_TEXINFOS = tinc.texi
dyn_MANS =
man_aux = $(dyn_MANS:.8=.x)
man_MANS = tincd.8 tinc.conf.5 $(dyn_MANS)
HELP2MAN = help2man
MAINTAINERCLEANFILES = $(dyn_MANS)
EXTRA_DIST = $(man_MANS) $(HELP2MAN) $(man_aux) \
Makefile.maint GNUmakefile Makefile.summ sample-config.tar.gz
subdir = doc
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
DIST_SOURCES =
INFO_DEPS = tinc.info
DVIS = tinc.dvi
TEXINFOS = tinc.texi
NROFF = nroff
MANS = $(man_MANS)
RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
uninstall-info-recursive all-recursive install-data-recursive \
install-exec-recursive installdirs-recursive install-recursive \
uninstall-recursive check-recursive installcheck-recursive
DIST_COMMON = Makefile.am Makefile.in texinfo.tex
DIST_SUBDIRS = $(SUBDIRS)
all: all-recursive
.SUFFIXES:
.SUFFIXES: .dvi .info .ps .texi
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && \
CONFIG_HEADERS= CONFIG_LINKS= \
CONFIG_FILES=$(subdir)/$@ $(SHELL) ./config.status
tinc.info: tinc.texi
tinc.dvi: tinc.texi
.texi.info:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) \
`echo $< | sed 's,.*/,,'`
.texi.dvi:
TEXINPUTS=$(srcdir):$$TEXINPUTS \
MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
$(TEXI2DVI) $<
.texi:
@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
cd $(srcdir) \
&& $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) \
`echo $< | sed 's,.*/,,'`
MAKEINFO = @MAKEINFO@
TEXI2DVI = texi2dvi
DVIPS = dvips
.dvi.ps:
$(DVIPS) $< -o $@
uninstall-info-am:
$(PRE_UNINSTALL)
@if (install-info --version && \
install-info --version | fgrep -i -v debian) >/dev/null 2>&1; then \
list='$(INFO_DEPS)'; \
for file in $$list; do \
echo " install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$file"; \
install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$file; \
done; \
else :; fi
@$(NORMAL_UNINSTALL)
@list='$(INFO_DEPS)'; \
for file in $$list; do \
(if cd $(DESTDIR)$(infodir); then \
echo " rm -f $$file $$file-[0-9] $$file-[0-9][0-9])"; \
rm -f $$file $$file-[0-9] $$file-[0-9][0-9]; \
else :; fi); \
done
dist-info: $(INFO_DEPS)
list='$(INFO_DEPS)'; \
for base in $$list; do \
d=$(srcdir); \
for file in `CDPATH=: && cd $$d && eval echo $$base*`; do \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file; \
done; \
done
mostlyclean-aminfo:
-rm -f tinc.aux tinc.cp tinc.cps tinc.dvi tinc.fn tinc.ky tinc.log tinc.pg \
tinc.ps tinc.toc tinc.tp tinc.vr
maintainer-clean-aminfo:
cd $(srcdir) && \
for i in $(INFO_DEPS); do \
rm -f $$i; \
if test "`echo $$i-[0-9]*`" != "$$i-[0-9]*"; then \
rm -f $$i-[0-9]*; \
fi; \
done
man5dir = $(mandir)/man5
install-man5: $(man5_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(man5dir)
@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.5*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
done
uninstall-man5:
@$(NORMAL_UNINSTALL)
@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.5*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
rm -f $(DESTDIR)$(man5dir)/$$inst; \
done
man8dir = $(mandir)/man8
install-man8: $(man8_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(man8dir)
@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
done
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
rm -f $(DESTDIR)$(man8dir)/$$inst; \
done
# This directory's subdirectories are mostly independent; you can cd
# into them and run `make' without going through this Makefile.
# To change the values of `make' variables: instead of editing Makefiles,
# (1) if the variable is set in `config.status', edit `config.status'
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
list='$(SUBDIRS)'; for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
mostlyclean-recursive clean-recursive distclean-recursive \
maintainer-clean-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
rev=''; for subdir in $$list; do \
if test "$$subdir" = "."; then :; else \
rev="$$subdir $$rev"; \
fi; \
done; \
rev="$$rev ."; \
target=`echo $@ | sed s/-recursive//`; \
for subdir in $$rev; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
(cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
done && test -z "$$fail"
tags-recursive:
list='$(SUBDIRS)'; for subdir in $$list; do \
test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
done
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique $(LISP)
TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
fi; \
done; \
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
top_distdir = ..
distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
if test -f $$file; then d=.; else d=$(srcdir); fi; \
dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
if test "$$dir" != "$$file" && test "$$dir" != "."; then \
$(mkinstalldirs) "$(distdir)/$$dir"; \
fi; \
if test -d $$d/$$file; then \
cp -pR $$d/$$file $(distdir) \
|| exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
for subdir in $(SUBDIRS); do \
if test "$$subdir" = .; then :; else \
test -d $(distdir)/$$subdir \
|| mkdir $(distdir)/$$subdir \
|| exit 1; \
(cd $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" \
distdir=../$(distdir)/$$subdir \
distdir) \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="${top_distdir}" distdir="$(distdir)" \
dist-info
check-am: all-am
check: check-recursive
all-am: Makefile $(INFO_DEPS) $(MANS)
installdirs: installdirs-recursive
installdirs-am:
$(mkinstalldirs) $(DESTDIR)$(infodir) $(DESTDIR)$(man5dir) $(DESTDIR)$(man8dir)
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-recursive
clean-am: clean-generic mostlyclean-am
distclean: distclean-recursive
distclean-am: clean-am distclean-generic distclean-tags
dvi: dvi-recursive
dvi-am: $(DVIS)
info: info-recursive
info-am: $(INFO_DEPS)
install-data-am: install-info-am install-man
install-exec-am:
install-info: install-info-recursive
install-info-am: $(INFO_DEPS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(infodir)
@list='$(INFO_DEPS)'; \
for file in $$list; do \
d=$(srcdir); \
for ifile in `CDPATH=: && cd $$d && echo $$file $$file-[0-9] $$file-[0-9][0-9]`; do \
if test -f $$d/$$ifile; then \
echo " $(INSTALL_DATA) $$d/$$ifile $(DESTDIR)$(infodir)/$$ifile"; \
$(INSTALL_DATA) $$d/$$ifile $(DESTDIR)$(infodir)/$$ifile; \
else : ; fi; \
done; \
done
@$(POST_INSTALL)
@if (install-info --version && \
install-info --version | fgrep -i -v debian) >/dev/null 2>&1; then \
list='$(INFO_DEPS)'; \
for file in $$list; do \
echo " install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file";\
install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file || :;\
done; \
else : ; fi
install-man: install-man5 install-man8
installcheck-am:
maintainer-clean: maintainer-clean-recursive
maintainer-clean-am: distclean-am maintainer-clean-aminfo \
maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-aminfo mostlyclean-generic
uninstall-am: uninstall-info-am uninstall-man
uninstall-info: uninstall-info-recursive
uninstall-man: uninstall-man5 uninstall-man8
.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am check check-am clean \
clean-generic clean-recursive dist-info distclean \
distclean-generic distclean-recursive distclean-tags distdir \
dvi dvi-am dvi-recursive info info-am info-recursive install \
install-am install-data install-data-am install-data-recursive \
install-exec install-exec-am install-exec-recursive \
install-info install-info-am install-info-recursive install-man \
install-man5 install-man8 install-recursive install-strip \
installcheck installcheck-am installdirs installdirs-am \
installdirs-recursive maintainer-clean maintainer-clean-aminfo \
maintainer-clean-generic maintainer-clean-recursive mostlyclean \
mostlyclean-aminfo mostlyclean-generic mostlyclean-recursive \
tags tags-recursive uninstall uninstall-am uninstall-info-am \
uninstall-info-recursive uninstall-man uninstall-man5 \
uninstall-man8 uninstall-recursive
# For additional rules usually of interest only to the maintainer,
# see GNUmakefile and Makefile.maint.
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

38
doc/Makefile.maint Normal file
View file

@ -0,0 +1,38 @@
# This -*- Makefile -*- uses features of GNU make.
# It is included via GNUmakefile.
# The following one line summaries were extracted from the
# original man pages using this bit of sh code:
# for i in *.1; do echo "$i: "|tr -d '\012'; \
# grep -A1 SH.NAME $i|sed '/SH NAME/d;s/^[^ ][^ ]* .- //'; done
include Makefile.summ
HELP2MAN-run = $(PERL) -w -- $(srcdir)/$(HELP2MAN)
# Depend on configure.in to get version number changes.
$(dyn_MANS): $(top_srcdir)/configure.in
# Depend on the source file containing the --help text.
# Filter out irregular cases.
regular-men = $(filter-out $(irregular-men),$(dyn_MANS))
$(regular-men): %.8: $(top_srcdir)/src/%.c
executable = $(patsubst %/install,%/ginstall, ../src/$(basename $@))
$(dyn_MANS): %.8: %.x $(HELP2MAN)
@if test -f $(executable); then \
echo "Updating man page $@"; \
rm -f $@-t $@; \
$(HELP2MAN-run) \
--name="$($(basename $@)-summary)" \
--include=$(basename $@).x \
$(executable) > $@-t; \
chmod -w $@-t; \
mv $@-t $@; \
else \
echo "WARNING: The man page $@ cannot be updated yet."; \
echo " Retry once the corresponding executable is built."; \
fi
sample-config.tar.gz:
GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz sample-config

2
doc/Makefile.summ Normal file
View file

@ -0,0 +1,2 @@
# -*- makefile -*-
tincd-summary = tinc VPN daemon

3
doc/es/Makefile.am Normal file
View file

@ -0,0 +1,3 @@
## Process this file with automake to get Makefile.in
# Nothing to see here, go away!

218
doc/es/Makefile.in Normal file
View file

@ -0,0 +1,218 @@
# Makefile.in generated automatically by automake 1.5 from Makefile.am.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
# Nothing to see here, go away!
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ../..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_HEADER = $(INSTALL_DATA)
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
host_alias = @host_alias@
host_triplet = @host@
AMTAR = @AMTAR@
AWK = @AWK@
BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
CATALOGS = @CATALOGS@
CATOBJEXT = @CATOBJEXT@
CC = @CC@
CPP = @CPP@
DATADIRNAME = @DATADIRNAME@
DEPDIR = @DEPDIR@
EXEEXT = @EXEEXT@
GENCAT = @GENCAT@
GLIBC21 = @GLIBC21@
GMOFILES = @GMOFILES@
GMSGFMT = @GMSGFMT@
HAVE_TUNTAP = @HAVE_TUNTAP@
INCLUDES = @INCLUDES@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INSTOBJEXT = @INSTOBJEXT@
INTLBISON = @INTLBISON@
INTLLIBS = @INTLLIBS@
INTLOBJS = @INTLOBJS@
INTL_LIBTOOL_SUFFIX_PREFIX = @INTL_LIBTOOL_SUFFIX_PREFIX@
LIBICONV = @LIBICONV@
LINUX_IF_TUN_H = @LINUX_IF_TUN_H@
LN_S = @LN_S@
MKINSTALLDIRS = @MKINSTALLDIRS@
MSGFMT = @MSGFMT@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PERL = @PERL@
POFILES = @POFILES@
POSUB = @POSUB@
RANLIB = @RANLIB@
USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
am__include = @am__include@
am__quote = @am__quote@
install_sh = @install_sh@
subdir = doc/es
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
DIST_SOURCES =
DIST_COMMON = Makefile.am Makefile.in
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/es/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && \
CONFIG_HEADERS= CONFIG_LINKS= \
CONFIG_FILES=$(subdir)/$@ $(SHELL) ./config.status
uninstall-info-am:
tags: TAGS
TAGS:
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
top_distdir = ../..
distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
if test -f $$file; then d=.; else d=$(srcdir); fi; \
dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
if test "$$dir" != "$$file" && test "$$dir" != "."; then \
$(mkinstalldirs) "$(distdir)/$$dir"; \
fi; \
if test -d $$d/$$file; then \
cp -pR $$d/$$file $(distdir) \
|| exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic mostlyclean-am
distclean: distclean-am
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
info: info-am
info-am:
install-data-am:
install-exec-am:
install-info: install-info-am
install-man:
installcheck-am:
maintainer-clean: maintainer-clean-am
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic
uninstall-am: uninstall-info-am
.PHONY: all all-am check check-am clean clean-generic distclean \
distclean-generic distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am install-man \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic uninstall uninstall-am uninstall-info-am
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

375
doc/help2man Executable file
View file

@ -0,0 +1,375 @@
#!/usr/bin/perl -w
# Generate a short man page from --help and --version output.
# Copyright © 1997, 98 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# Written by Brendan O'Dea <bod@compusol.com.au>
use 5.004;
use strict;
use Getopt::Long;
use POSIX qw(strftime setlocale LC_TIME);
my $this_program = 'help2man';
my $this_version = '1.006';
my $version_info = <<EOT;
$this_program $this_version
Copyright (C) 1997, 98 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Brendan O'Dea <bod\@compusol.com.au>
EOT
my $help_info = <<EOT;
`$this_program' generates a man page out of `--help' and `--version' output.
Usage: $this_program [OPTION]... EXECUTABLE
--name=STRING use `STRING' as the description for the NAME paragraph
--include=FILE include material from `FILE'
--opt-include=FILE include material from `FILE' if it exists
--output=FILE send output to `FILE'
--no-info suppress pointer to Texinfo manual
--help print this help, then exit
--version print $this_program program version number, then exit
EXECUTABLE should accept `--help' and `version' options.
EOT
my ($include, $opt_name, $opt_include, $opt_output, $opt_no_info);
# Parse options.
GetOptions (
'name=s' => \$opt_name,
'include=s' => \$include,
'opt-include=s' => \$opt_include,
'output=s' => \$opt_output,
'no-info' => \$opt_no_info,
help => sub { print $help_info; exit },
version => sub { print $version_info; exit },
) or die $help_info;
die $help_info unless @ARGV == 1;
my %include = ();
my @include = (); # to retain order
# Process include file (if given). Format is:
#
# [section name]
# verbatim text
if ($include or $opt_include)
{
if (open INC, $include || $opt_include)
{
my $sect;
while (<INC>)
{
if (/^\[([^]]+)\]/)
{
$sect = uc $1;
$sect =~ s/^\s+//;
$sect =~ s/\s+$//;
next;
}
# Silently ignore anything before the first
# section--allows for comments and revision info.
next unless $sect;
push @include, $sect unless $include{$sect};
$include{$sect} ||= '';
$include{$sect} .= $_;
}
close INC;
die "$this_program: no valid information found in `$include'\n"
unless %include;
# Compress trailing blank lines.
for (keys %include)
{
$include{$_} =~ s/\n+$//;
$include{$_} .= "\n" unless /^NAME$/;
}
}
else
{
die "$this_program: can't open `$include' ($!)\n" if $include;
}
}
# Turn off localisation of executable's ouput.
@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
# Turn off localisation of date (for strftime)
setlocale LC_TIME, 'C';
# Grab help and version paragraphs from executable
my @help = split /\n\n+/, `$ARGV[0] --help 2>/dev/null`
or die "$this_program: can't get `--help' info from $ARGV[0]\n";
my @version = split /\n\n+/, `$ARGV[0] --version 2>/dev/null`
or die "$this_program: can't get `--version' info from $ARGV[0]\n";
my $date = strftime "%B %Y", localtime;
my $program = $ARGV[0]; $program =~ s!.*/!!;
my $package = $program;
my $version;
if ($opt_output)
{
unlink $opt_output
or die "$this_program: can't unlink $opt_output ($!)\n"
if -e $opt_output;
open STDOUT, ">$opt_output"
or die "$this_program: can't create $opt_output ($!)\n";
}
# The first line of the --version information is assumed to be in one
# of the following formats:
#
# <version>
# <program> <version>
# GNU <program> <version>
# <program> (GNU <package>) <version>
# <program> - GNU <package> <version>
#
# and seperated from any copyright/author details by a blank line.
$_ = shift @version;
if (/^(\S+)\s+\((GNU\s+[^)]+)\)\s+(.*)/ or
/^(\S+)\s+-\s*(GNU\s+\S+)\s+(.*)/)
{
$program = $1;
$package = $2;
$version = $3;
}
elsif (/^(GNU\s+)?(\S+)\s+(.*)/)
{
$program = $2;
$package = $1 ? "$1$2" : $2;
$version = $3;
}
else
{
$version = $_;
}
$program =~ s!.*/!!;
# no info for `info' itself
$opt_no_info = 1 if $program eq 'info';
# --name overrides --include contents
$include{NAME} = "$program \\- $opt_name" if $opt_name;
# Default (useless) NAME paragraph
$include{NAME} ||= "$program \\- manual page for $program $version";
# Man pages traditionally have the page title in caps.
my $PROGRAM = uc $program;
# Header.
print <<EOT;
.\" DO NOT MODIFY THIS FILE! It was generated by $this_program $this_version.
.TH $PROGRAM 1 "$date" "$package $version" "FSF"
.SH NAME
$include{NAME}
EOT
my $accumulate = 1;
my @description = ();
sub convert_option;
# Output converted --help information.
for (@help)
{
chomp;
if (s/^Usage:\s+\S+\s+(.*)\n?//)
{
# Turn the usage clause into a synopsis.
my $synopsis = '';
do {
my $syn = $1;
$syn =~ s/(([][]|\.\.+)+)/\\fR$1\\fI/g;
$syn =~ s/^/\\fI/ unless $syn =~ s/^\\fR//;
$syn .= '\fR';
$syn =~ s/\\fI(\s*)\\fR/$1/g;
$synopsis .= ".br\n" unless $accumulate;
$synopsis .= ".B $program\n";
$synopsis .= "$syn\n";
$accumulate = 0;
} while s/^(?:Usage|\s*or):\s+\S+\s+(.*)\n?//;
# Include file overrides SYNOPSIS.
print ".SH SYNOPSIS\n", $include{SYNOPSIS} || $synopsis;
# Dump any accumulated description text.
print ".SH DESCRIPTION\n";
print @description;
# Add additional description text from include file.
if ($include{DESCRIPTION})
{
print ".PP\n" unless $include{DESCRIPTION} =~ /^\..P/;
print $include{DESCRIPTION};
}
next unless $_;
}
# Accumulate text if the synopsis has not been produced yet.
if ($accumulate)
{
push @description, ".PP\n" if @description;
push @description, "$_\n";
next;
}
# Catch start of options.
if (/^Options:/)
{
print qq(.SH OPTIONS\n);
s/Options://;
}
# Catch bug report text.
if (/^Report bugs |^Email bug reports to /)
{
print qq(.SH "REPORTING BUGS"\n$_\n);
next;
}
# Special case for tar 1.12: --label=NAME\nPATTERN.
s{(\n[ \t]*)(-V,[ \t]+--label=NAME.*)\n[ \t]+PATTERN[ \t]+}
{$1$2$1\\&...=PATTERN };
# Convert options.
s/(\s)(-[][\w=-]+|\\&\S+)/$1 . convert_option $2/ge;
# Option subsections have second line indented.
print qq(.SS "$1"\n) if s/^(\S.*)\n(\s)/$2/;
# Lines indented more than about 10 spaces may be assumed to be
# continuations of the previous line.
s/\n {10,}/ /g;
# Lines following dotted (*) or numbered points may also be
# continued if indented to the same level as the text following
# the point.
1 while s{((?:^|\n)(\s+)(?:[1-9][.)]|\*)(\s+)(?:[^\n]+))\n\2 \3(\S)}
{$1 $4}g;
# Indented paragraph.
if (/^\s/)
{
for (split /\n/)
{
s/^\s+//;
s/([^,])\s+/$1\n/;
print ".TP\n$_\n" if $_;
}
}
# Anything else.
else
{
print ".PP\n$_\n";
}
}
# Print any include items other than the ones we have already dealt
# with.
for (@include)
{
print qq(.SH "$_"\n$include{$_})
unless /^(NAME|SYNOPSIS|DESCRIPTION|SEE ALSO)$/;
}
# Refer to the real documentation.
if ($include{'SEE ALSO'} or !$opt_no_info)
{
print qq(.SH "SEE ALSO"\n);
print $include{'SEE ALSO'}, ".PP\n" if $include{'SEE ALSO'};
print <<EOT unless $opt_no_info;
The full documentation for
.B $program
is maintained as a Texinfo manual. If the
.B info
and
.B $program
programs are properly installed at your site, the command
.IP
.B info $program
.PP
should give you access to the complete manual.
EOT
}
# Output converted --version information.
for (@version)
{
chomp;
# Join hyphenated lines.
s/([A-Za-z])-\n */$1/g;
# Convert copyright symbol or (c) to nroff character.
s/Copyright\s+(?:\xa9|\([Cc]\))/Copyright \\(co/g;
# Insert appropriate headings for copyright and author.
if (/^Copyright\s\\/) { print ".SH COPYRIGHT\n" }
elsif (/^Written\s+by/) { print ".SH AUTHOR\n" }
else { print ".PP\n"; }
# Insert line breaks before additional copyright messages and the
# disclaimer.
s/(.)\n(Copyright\s|This is free software)/$1\n.br\n$2/g;
print "$_\n";
}
exit;
# Convert option dashes to \- to stop nroff from hyphenating 'em, and
# embolden. Option arguments get italicised.
sub convert_option
{
my $option = '\fB' . shift;
$option =~ s/-/\\-/g;
unless ($option =~ s/\[=(.*)\]$/\\fR[=\\fI$1\\fR]/)
{
$option =~ s/=(.)/\\fR=\\fI$1/;
$option =~ s/ (.)/ \\fI$1/;
$option .= '\fR';
}
$option;
}

BIN
doc/sample-config.tar.gz Normal file
View file

Binary file not shown.

5484
doc/texinfo.tex Normal file
View file

File diff suppressed because it is too large Load diff

340
doc/tinc.conf.5 Normal file
View file

@ -0,0 +1,340 @@
.Dd 2002-04-09
.Dt TINC.CONF 5
.\" Manual page created by:
.\" Ivo Timmermans <itimmermans@bigfoot.com>
.\" Guus Sliepen <guus@sliepen.warande.net>
.Sh NAME
.Nm tinc.conf
.Nd tinc daemon configuration
.Sh DESCRIPTION
The files in the
.Pa /etc/tinc/
directory contain runtime and security information for the tinc daemon.
.Sh NETWORKS
It is perfectly ok for you to run more than one tinc daemon.
However, in its default form,
you will soon notice that you can't use two different configuration files without the
.Fl c
option.
.Pp
We have thought of another way of dealing with this: network names.
This means that you call
.Nm
with the
.Fl n
option, which will assign a name to this daemon.
.Pp
The effect of this is that the daemon will set its configuration root to
.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa / ,
where
.Ar NETNAME
is your argument to the
.Fl n
option.
You'll notice that messages appear in syslog as coming from
.Nm tincd. Ns Ar NETNAME .
.Pp
However, it is not strictly necessary that you call tinc with the
.Fl n
option.
In this case, the network name would just be empty,
and it will be used as such.
.Nm tinc
now looks for files in
.Pa /etc/tinc/ ,
instead of
.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa / ;
the configuration file should be
.Pa /etc/tinc/tinc.conf ,
and the host configuration files are now expected to be in
.Pa /etc/tinc/hosts/ .
.Pp
But it is highly recommended that you use this feature of
.Nm tinc ,
because it will be so much clearer whom your daemon talks to.
Hence, we will assume that you use it.
.Sh NAMES
Each tinc daemon should have a name that is unique in the network which it will be part of.
The name will be used by other tinc daemons for identification.
The name has to be declared in the
.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
file.
.Pp
To make things easy,
choose something that will give unique and easy to remember names to your tinc daemon(s).
You could try things like hostnames, owner surnames or location names.
.Sh PUBLIC/PRIVATE KEYS
You should use
.Ic tincd -K
to generate public/private keypairs.
It will generate two keys.
The private key should be stored in a separate file
.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv
\-\- where
.Ar NETNAME
stands for the network (see
.Sx NETWORKS )
above.
The public key should be stored in the host configuration file
.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME
\-\- where
.Va NAME
stands for the name of the local tinc daemon (see
.Sx NAMES ) .
.Sh SERVER CONFIGURATION
The server configuration of the daemon is done in the file
.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf .
This file consists of comments (lines started with a
.Li # )
or assignments in the form of:
.Pp
.Va Variable Li = Ar Value .
.Pp
The variable names are case insensitive, and any spaces, tabs,
newlines and carriage returns are ignored.
Note: it is not required that you put in the
.Li =
sign, but doing so improves readability.
If you leave it out, remember to replace it with at least one space character.
.Pp
Here are all valid variables, listed in alphabetical order.
The default value is given between parentheses.
.Bl -tag -width indent
.It Va AddressFamily Li = ipv4 | ipv6 | any Po ipv4 Pc Bq experimental
This option affects the address family of listening and outgoing sockets.
If
.Qq any
is selected, then depending on the operating system both IPv4 and IPv6 or just
IPv6 listening sockets will be created.
.It Va BindToInterface Li = Ar interface Bq experimental
If your computer has more than one network interface,
.Nm tinc
will by default listen on all of them for incoming connections.
It is possible to bind only to a single interface with this variable.
.Pp
This option may not work on all platforms.
.It Va ConnectTo Li = Ar name
Specifies which other tinc daemon to connect to on startup.
Multiple
.Va ConnectTo
variables may be specified,
in which case outgoing connections to each specified tinc daemon are made.
The names should be known to this tinc daemon
(i.e., there should be a host configuration file for the name on the
.Va ConnectTo
line).
.Pp
If you don't specify a host with
.Va ConnectTo ,
.Nm tinc
won't try to connect to other daemons at all,
and will instead just listen for incoming connections.
.It Va Device Li = Ar device Po /dev/tap0 or /dev/misc/net/tun Pc
The virtual network device to use.
.Nm tinc
will automatically detect what kind of device it is.
Note that you can only use one device per daemon.
The info pages of the tinc package contain more information
about configuring the virtual network device.
.It Va Hostnames Li = yes | no Pq no
This option selects whether IP addresses (both real and on the VPN) should
be resolved. Since DNS lookups are blocking, it might affect tinc's
efficiency, even stopping the daemon for a few seconds every time it does
a lookup if your DNS server is not responding.
.Pp
This does not affect resolving hostnames to IP addresses from the
host configuration files.
.It Va Interface Li = Ar interface
Defines the name of the interface corresponding to the virtual network device.
Depending on the operating system and the type of device this may or may not actually set the name.
Currently this option only affects the Linux tun/tap device.
.It Va KeyExpire Li = Ar period Pq 3600
This option controls the period the encryption keys used to encrypt the data are valid.
It is common practice to change keys at regular intervals to make it even harder for crackers,
even though it is thought to be nearly impossible to crack a single key.
.It Va MACExpire Li = Ar period Pq 600
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when
.Va Mode
is set to
.Qq switch .
.It Va MaxTimeout Li = Ar period Pq 900
This is the maximum delay before trying to reconnect to other tinc daemons.
.It Va Mode Li = router | switch | hub Pq router
This option selects the way packets are routed to other daemons.
.Bl -tag -width indent
.It router
In this mode
.Va Subnet
variables in the host configuration files will be used to form a routing table.
Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode.
.It switch
In this mode the MAC addresses of the packets on the VPN will be used to
dynamically create a routing table just like an Ethernet switch does.
Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode
at the cost of frequent broadcast ARP requests and routing table updates.
.It hub
This mode is almost the same as the switch mode, but instead
every packet will be broadcast to the other daemons
while no routing table is managed.
.El
.It Va Name Li = Ar name Bq required
This is the name which identifies this tinc daemon.
It must be unique for the virtual private network this daemon will connect to.
.It Va PingTimeout Li = Ar period Pq 60
The number of seconds of inactivity that
.Nm tinc
will wait before sending a probe to the other end.
If that other end doesn't answer within that same amount of time,
the connection is terminated,
and the others will be notified of this.
.It Va PriorityInheritance Li = yes | no Po no Pc Bq experimental
When this option is enabled the value of the TOS field of tunneled IPv4 packets
will be inherited by the UDP packets that are sent out.
.It Va PrivateKey Li = Ar key Bq obsolete
The private RSA key of this tinc daemon.
It will allow this tinc daemon to authenticate itself to other daemons.
.It Va PrivateKeyFile Li = Ar filename Bq recommended
The file in which the private RSA key of this tinc daemon resides.
Note that there must be exactly one of
.Va PrivateKey
or
.Va PrivateKeyFile
specified in the configuration file.
.El
.Sh HOST CONFIGURATION FILES
The host configuration files contain all information needed
to establish a connection to those hosts.
A host configuration file is also required for the local tinc daemon,
it will use it to read in it's listen port, public key and subnets.
.Pp
The idea is that these files are portable.
You can safely mail your own host configuration file to someone else.
That other person can then copy it to his own hosts directory,
and now his tinc daemon will be able to connect to your tinc daemon.
Since host configuration files only contain public keys,
no secrets are revealed by sending out this information.
.Bl -tag -width indent
.It Va Address Li = Ar address Bq recommended
The IP address or hostname of this tinc daemon on the real network.
This wil only be used when trying to make an outgoing connection to this tinc daemon.
Multiple
.Va Address
variables can be specified, in which case each address will be tried until a working
connection has been established.
.It Va Cipher Li = Ar cipher Pq blowfish
The symmetric cipher algorithm used to encrypt UDP packets.
Any cipher supported by OpenSSL is recognised.
Furthermore, specifying
.Qq none
will turn off packet encryption.
.It Va Compression Li = Ar level Pq 0
This option sets the level of compression used for UDP packets.
Possible values are 0 (off), 1 (fast) and any integer up to 9 (best).
.It Va Digest Li = Ar digest Pq sha1
The digest algorithm used to authenticate UDP packets.
Any digest supported by OpenSSL is recognised.
Furthermore, specifying
.Qq none
will turn off packet authentication.
.It Va IndirectData Li = yes | no Pq no
This option specifies whether other tinc daemons besides the one you specified with
.Va ConnectTo
can make a direct connection to you.
This is especially useful if you are behind a firewall
and it is impossible to make a connection from the outside to your tinc daemon.
Otherwise, it is best to leave this option out or set it to no.
.It Va MACLength Li = Ar length Pq 4
The length of the message authentication code used to authenticate UDP packets.
Can be anything from
.Qq 0
up to the length of the digest produced by the digest algorithm.
.It Va Port Li = Ar port Pq 655
The port number on which this tinc daemon is listening for incoming connections.
.It Va PublicKey Li = Ar key Bq obsolete
The public RSA key of this tinc daemon.
It will be used to cryptographically verify it's identity and to set up a secure connection.
.It Va PublicKeyFile Li = Ar filename Bq obsolete
The file in which the public RSA key of this tinc daemon resides.
.Pp
From version 1.0pre4 on
.Nm tinc
will store the public key directly into the host configuration file in PEM format,
the above two options then are not necessary.
Either the PEM format is used, or exactly one of the above two options must be specified
in each host configuration file,
if you want to be able to establish a connection with that host.
.It Va Subnet Li = Ar address Ns Op Li / Ns Ar prefixlength
The subnet which this tinc daemon will serve.
.Nm tinc
tries to look up which other daemon it should send a packet to by searching the appropriate subnet.
If the packet matches a subnet,
it will be sent to the daemon who has this subnet in his host configuration file.
Multiple
.Va Subnet
variables can be specified.
.Pp
Subnets can either be single MAC, IPv4 or IPv6 addresses,
in which case a subnet consisting of only that single address is assumed,
or they can be a IPv4 or IPv6 network address with a prefixlength.
Shorthand notations are not supported.
For example, IPv4 subnets must be in a form like 192.168.1.0/24,
where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask.
Note that subnets like 192.168.1.1/24 are invalid!
Read a networking HOWTO/FAQ/guide if you don't understand this.
IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64.
MAC addresses are notated like 0:1a:2b:3c:4d:5e.
.It Va TCPOnly Li = yes | no Pq no
If this variable is set to yes,
then the packets are tunnelled over the TCP connection instead of a UDP connection.
This is especially useful for those who want to run a tinc daemon
from behind a masquerading firewall,
or if UDP packet routing is disabled somehow.
Setting this options also implicitly sets IndirectData.
.El
.Sh FILES
.Bl -tag -width indent
.It Pa /etc/tinc/
The top directory for configuration files.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
The default name of the server configuration file for net
.Ar NETNAME .
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/
Host configuration files are kept in this directory.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
If an executable file with this name exists,
it will be executed right after the tinc daemon has connected to the virtual network device.
It can be used to set up the corresponding network interface.
.Pp
The environment variable
.Ev $NETNAME
will be passed to the executable.
If specified with the
.Va Interface
configuration variable,
or if the virtual network device is a Linux tun/tap device,
the environment variable
.Ev $INTERFACE
will be set to the name of the network interface.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
If an executable file with this name exists,
it will be executed right before the tinc daemon is going to close
its connection to the virtual network device.
The same environment variables will be passed as mentioned above.
.El
.Sh SEE ALSO
.Xr tincd 8 ,
.Pa http://tinc.nl.linux.org/ ,
.Pa http://www.linuxdoc.org/LDP/nag2/ .
.Pp
The full documentation for
.Nm tinc
is maintained as a Texinfo manual.
If the info and tinc programs are properly installed at your site, the command
.Ic info tinc
should give you access to the complete manual.
.Pp
.Nm tinc
comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under certain conditions;
see the file COPYING for details.

79
doc/tinc.info Normal file
View file

@ -0,0 +1,79 @@
This is tinc.info, produced by makeinfo version 4.1 from tinc.texi.
INFO-DIR-SECTION Networking tools
START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc, a Virtual Private Network daemon.
Copyright (C) 1998-2002 Ivo Timmermans <itimmermans@bigfoot.com>,
Guus Sliepen <guus@sliepen.warande.net> and Wessel Dankers
<wsl@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
preserved on all copies.
Permission is granted to copy and distribute modified versions of
this manual under the conditions for verbatim copying, provided that the
entire resulting derived work is distributed under the terms of a
permission notice identical to this one.

Indirect:
tinc.info-1: 888
tinc.info-2: 49234

Tag Table:
(Indirect)
Node: Top888
Node: Introduction1186
Node: VPNs2034
Node: tinc3755
Node: Supported platforms5258
Node: Preparations7214
Node: Configuring the kernel7469
Node: Configuration of Linux kernels 2.1.60 up to 2.4.08812
Node: Configuration of Linux kernels 2.4.0 and higher10055
Node: Configuration of FreeBSD kernels11128
Node: Configuration of OpenBSD kernels11742
Node: Configuration of Solaris kernels12225
Node: Libraries12683
Node: OpenSSL13040
Node: zlib14878
Node: Installation15686
Node: Building and installing tinc16704
Node: System files17253
Node: Device files17513
Node: Other files18817
Node: Configuration19431
Node: Configuration introduction19738
Node: Multiple networks20972
Node: How connections work22387
Node: Configuration files23571
Node: Main configuration variables24605
Node: Host configuration variables29459
Node: How to configure33723
Node: Generating keypairs35062
Node: Network interfaces35558
Node: Example configuration37837
Node: Running tinc43704
Node: Runtime options44221
Node: Error messages45810
Node: Technical information48691
Node: The connection48897
Node: The UDP tunnel49234
Node: The meta-connection51531
Node: The meta-protocol52992
Node: Security57443
Node: Authentication protocol58648
Node: Encryption of network packets63939
Node: About us65262
Node: Contact Information65425
Node: Authors65820
Node: Concept Index66438

End Tag Table

1317
doc/tinc.info-1 Normal file
View file

File diff suppressed because it is too large Load diff

520
doc/tinc.info-2 Normal file
View file

@ -0,0 +1,520 @@
This is tinc.info, produced by makeinfo version 4.1 from tinc.texi.
INFO-DIR-SECTION Networking tools
START-INFO-DIR-ENTRY
* tinc: (tinc). The tinc Manual.
END-INFO-DIR-ENTRY
This is the info manual for tinc, a Virtual Private Network daemon.
Copyright (C) 1998-2002 Ivo Timmermans <itimmermans@bigfoot.com>,
Guus Sliepen <guus@sliepen.warande.net> and Wessel Dankers
<wsl@nl.linux.org>.
$Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
preserved on all copies.
Permission is granted to copy and distribute modified versions of
this manual under the conditions for verbatim copying, provided that the
entire resulting derived work is distributed under the terms of a
permission notice identical to this one.

File: tinc.info, Node: The UDP tunnel, Next: The meta-connection, Prev: The connection, Up: The connection
The UDP tunnel
--------------
The data itself is read from a character device file, the so-called
_virtual network device_. This device is associated with a network
interface. Any data sent to this interface can be read from the device,
and any data written to the device gets sent from the interface. Data
to and from the device is formatted as if it were a normal Ethernet
card, so a frame is preceded by two MAC addresses and a _frame type_
field.
So when tinc reads an Ethernet frame from the device, it determines
its type. When tinc is in it's default routing mode, it can handle IPv4
and IPv6 packets. Depending on the Subnet lines, it will send the
packets off to their destination. In the `switch' and `hub' mode, tinc
will use broadcasts and MAC address discovery to deduce the destination
of the packets. Since the latter modes only depend on the link layer
information, any protocol that runs over Ethernet is supported (for
instance IPX and Appletalk).
After the destination has been determined, a sequence number will be
added to the packet. The packet will then be encrypted and a message
authentication code will be appended.
When that is done, time has come to actually transport the packet to
the destination computer. We do this by sending the packet over an UDP
connection to the destination host. This is called _encapsulating_,
the VPN packet (though now encrypted) is encapsulated in another IP
datagram.
When the destination receives this packet, the same thing happens,
only in reverse. So it checks the message authentication code,
decrypts the contents of the UDP datagram, checks the sequence number
and writes the decrypted information to its own virtual network device.
To let the kernel on the receiving end accept the packet, the
destination MAC address must match that of the virtual network
interface. If tinc is in it's default routing mode, ARP does not work,
so the correct destination MAC cannot be set by the sending daemons.
tinc solves this by always overwriting the destination MAC address with
fe:fd:0:0:0:0. That is also the reason why you must set the MAC address
of your tap interface to that address.

File: tinc.info, Node: The meta-connection, Prev: The UDP tunnel, Up: The connection
The meta-connection
-------------------
Having only an UDP connection available is not enough. Though
suitable for transmitting data, we want to be able to reliably send
other information, such as routing and session key information to
somebody.
TCP is a better alternative, because it already contains protection
against information being lost, unlike UDP.
So we establish two connections. One for the encrypted VPN data,
and one for other information, the meta-data. Hence, we call the second
connection the meta-connection. We can now be sure that the
meta-information doesn't get lost on the way to another computer.
Like with any communication, we must have a protocol, so that
everybody knows what everything stands for, and how she should react.
Because we have two connections, we also have two protocols. The
protocol used for the UDP data is the "data-protocol," the other one is
the "meta-protocol."
The reason we don't use TCP for both protocols is that UDP is much
better for encapsulation, even while it is less reliable. The real
problem is that when TCP would be used to encapsulate a TCP stream
that's on the private network, for every packet sent there would be
three ACKs sent instead of just one. Furthermore, if there would be a
timeout, both TCP streams would sense the timeout, and both would start
re-sending packets.

File: tinc.info, Node: The meta-protocol, Next: Security, Prev: The connection, Up: Technical information
The meta-protocol
=================
The meta protocol is used to tie all tinc daemons together, and
exchange information about which tinc daemon serves which virtual
subnet.
The meta protocol consists of requests that can be sent to the other
side. Each request has a unique number and several parameters. All
requests are represented in the standard ASCII character set. It is
possible to use tools such as telnet or netcat to connect to a tinc
daemon and to read and write requests by hand, provided that one
understands the numeric codes sent.
The authentication scheme is described in *Note Authentication
protocol::. After a successful authentication, the server and the
client will exchange all the information about other tinc daemons and
subnets they know of, so that both sides (and all the other tinc
daemons behind them) have their information synchronised.
daemon message
--------------------------------------------------------------------------
origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0
| | | \___________________/ | +-> options
| | | | +----> weight
| | | +----------------> see below
| | +--> UDP port
| +----------> real address
+------------------> name of node on one side of the edge
origin ADD_SUBNET node 192.168.1.0/24
| | +--> prefixlength
| +--------> IPv4 network address
+------------------> owner of this subnet
--------------------------------------------------------------------------
In case a connection between two daemons is closed or broken,
DEL_EDGE messages are sent to inform the other daemons of that fact.
Each daemon will calculate a new route to the the daemons, or mark them
unreachable if there isn't any.
The keys used to encrypt VPN packets are not sent out directly. This
is because it would generate a lot of traffic on VPNs with many
daemons, and chances are that not every tinc daemon will ever send a
packet to every other daemon. Instead, if a daemon needs a key it sends
a request for it via the meta connection of the nearest hop in the
direction of the destination. If any hop on the way has already learned
the key, it will act as a proxy and forward its copy back to the
requester.
daemon message
--------------------------------------------------------------------------
daemon REQ_KEY origin destination
| +--> name of the tinc daemon it wants the key from
+----------> name of the daemon that wants the key
daemon ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4
| | \______________/ | | +--> MAC length
| | | | +-----> digest algorithm
| | | +--------> cipher algorithm
| | +--> 128 bits key
| +--> name of the daemon that wants the key
+----------> name of the daemon that uses this key
daemon KEY_CHANGED origin
+--> daemon that has changed it's packet key
--------------------------------------------------------------------------
There is also a mechanism to check if hosts are still alive. Since
network failures or a crash can cause a daemon to be killed without
properly shutting down the TCP connection, this is necessary to keep an
up to date connection list. PINGs are sent at regular intervals, except
when there is also some other traffic. A little bit of salt (random
data) is added with each PING and PONG message, to make sure that long
sequences of PING/PONG messages without any other traffic won't result
in known plaintext.
daemon message
--------------------------------------------------------------------------
origin PING
dest. PONG
--------------------------------------------------------------------------
This basically covers what is sent over the meta connection by tinc.

File: tinc.info, Node: Security, Prev: The meta-protocol, Up: Technical information
About tinc's encryption and other security-related issues.
==========================================================
tinc got its name from "TINC," short for _There Is No Cabal_; the
alleged Cabal was/is an organisation that was said to keep an eye on the
entire Internet. As this is exactly what you _don't_ want, we named
the tinc project after TINC.
But in order to be "immune" to eavesdropping, you'll have to encrypt
your data. Because tinc is a _Secure_ VPN (SVPN) daemon, it does
exactly that: encrypt. tinc by default uses blowfish encryption with
128 bit keys in CBC mode, 32 bit sequence numbers and 4 byte long
message authentication codes to make sure eavesdroppers cannot get and
cannot change any information at all from the packets they can
intercept. The encryption algorithm and message authentication
algorithm can be changed in the configuration. The length of the message
authentication codes is also adjustable. The length of the key for the
encryption algorithm is always the default length used by OpenSSL.
* Menu:
* Authentication protocol::
* Encryption of network packets::

File: tinc.info, Node: Authentication protocol, Next: Encryption of network packets, Prev: Security, Up: Security
Authentication protocol
-----------------------
A new scheme for authentication in tinc has been devised, which
offers some improvements over the protocol used in 1.0pre2 and 1.0pre3.
Explanation is below.
daemon message
--------------------------------------------------------------------------
client <attempts connection>
server <accepts connection>
client ID client 12
| +---> version
+-------> name of tinc daemon
server ID server 12
| +---> version
+-------> name of tinc daemon
client META_KEY 5f0823a93e35b69e...7086ec7866ce582b
\_________________________________/
+-> RSAKEYLEN bits totally random string S1,
encrypted with server's public RSA key
server META_KEY 6ab9c1640388f8f0...45d1a07f8a672630
\_________________________________/
+-> RSAKEYLEN bits totally random string S2,
encrypted with client's public RSA key
From now on:
- the client will symmetrically encrypt outgoing traffic using S1
- the server will symmetrically encrypt outgoing traffic using S2
client CHALLENGE da02add1817c1920989ba6ae2a49cecbda0
\_________________________________/
+-> CHALLEN bits totally random string H1
server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d57f
\_________________________________/
+-> CHALLEN bits totally random string H2
client CHAL_REPLY 816a86
+-> 160 bits SHA1 of H2
server CHAL_REPLY 928ffe
+-> 160 bits SHA1 of H1
After the correct challenge replies are received, both ends have proved
their identity. Further information is exchanged.
client ACK 655 12.23.34.45 123 0
| | | +-> options
| | +----> estimated weight
| +------------> IP address of server as seen by client
+--------------------> UDP port of client
server ACK 655 21.32.43.54 321 0
| | | +-> options
| | +----> estimated weight
| +------------> IP address of client as seen by server
+--------------------> UDP port of server
--------------------------------------------------------------------------
This new scheme has several improvements, both in efficiency and
security.
First of all, the server sends exactly the same kind of messages
over the wire as the client. The previous versions of tinc first
authenticated the client, and then the server. This scheme even allows
both sides to send their messages simultaneously, there is no need to
wait for the other to send something first. This means that any
calculations that need to be done upon sending or receiving a message
can also be done in parallel. This is especially important when doing
RSA encryption/decryption. Given that these calculations are the main
part of the CPU time spent for the authentication, speed is improved by
a factor 2.
Second, only one RSA encrypted message is sent instead of two. This
reduces the amount of information attackers can see (and thus use for a
cryptographic attack). It also improves speed by a factor two, making
the total speedup a factor 4.
Third, and most important: The symmetric cipher keys are exchanged
first, the challenge is done afterwards. In the previous authentication
scheme, because a man-in-the-middle could pass the challenge/chal_reply
phase (by just copying the messages between the two real tinc daemons),
but no information was exchanged that was really needed to read the
rest of the messages, the challenge/chal_reply phase was of no real
use. The man-in-the-middle was only stopped by the fact that only after
the ACK messages were encrypted with the symmetric cipher. Potentially,
it could even send it's own symmetric key to the server (if it knew the
server's public key) and read some of the metadata the server would
send it (it was impossible for the mitm to read actual network packets
though). The new scheme however prevents this.
This new scheme makes sure that first of all, symmetric keys are
exchanged. The rest of the messages are then encrypted with the
symmetric cipher. Then, each side can only read received messages if
they have their private key. The challenge is there to let the other
side know that the private key is really known, because a challenge
reply can only be sent back if the challenge is decrypted correctly,
and that can only be done with knowledge of the private key.
Fourth: the first thing that is send via the symmetric cipher
encrypted connection is a totally random string, so that there is no
known plaintext (for an attacker) in the beginning of the encrypted
stream.

File: tinc.info, Node: Encryption of network packets, Prev: Authentication protocol, Up: Security
Encryption of network packet
----------------------------
A data packet can only be sent if the encryption key is known to both
parties, and the connection is activated. If the encryption key is not
known, a request is sent to the destination using the meta connection
to retrieve it. The packet is stored in a queue while waiting for the
key to arrive.
The UDP packet containing the network packet from the VPN has the
following layout:
... | IP header | UDP header | seqno | VPN packet | MAC | UDP trailer
\___________________/\_____/
| |
V +---> digest algorithm
Encrypted with symmetric cipher
So, the entire VPN packet is encrypted using a symmetric cipher. A
32 bits sequence number is added in front of the actual VPN packet, to
act as a unique IV for each packet and to prevent replay attacks. A
message authentication code is added to the UDP packet to prevent
alteration of packets. By default the first 4 bytes of the digest are
used for this, but this can be changed using the MACLength
configuration variable.

File: tinc.info, Node: About us, Next: Concept Index, Prev: Technical information, Up: Top
About us
********
* Menu:
* Contact Information::
* Authors::

File: tinc.info, Node: Contact Information, Next: Authors, Prev: About us, Up: About us
Contact information
===================
tinc's website is at <http://tinc.nl.linux.org/>, this server is
located in the Netherlands.
We have an IRC channel on the Open Projects IRC network. Connect to
irc.openprojects.net (http://openprojects.nu/services/irc.html), and
join channel #tinc.

File: tinc.info, Node: Authors, Prev: Contact Information, Up: About us
Authors
=======
Ivo Timmermans (zarq) (<itimmermans@bigfoot.com>)
Main coder/hacker and maintainer of the package.
Guus Sliepen (guus) (<guus@sliepen.warande.net>)
Originator of it all, co-author.
Wessel Dankers (Ubiq) (<wsl@nl.linux.org>)
For the name `tinc' and various suggestions.
We have received a lot of valuable input from users. With their
help, tinc has become the flexible and robust tool that it is today.
We have composed a list of contributions, in the file called `THANKS' in
the source distribution.

File: tinc.info, Node: Concept Index, Prev: About us, Up: Top
Concept Index
*************
* Menu:
* ACK: Authentication protocol.
* ADD_EDGE: The meta-protocol.
* ADD_SUBNET: The meta-protocol.
* Address: Host configuration variables.
* AddressFamily: Main configuration variables.
* ANS_KEY: The meta-protocol.
* arp <1>: Error messages.
* arp: Network interfaces.
* authentication: Authentication protocol.
* binary package: Building and installing tinc.
* BindToInterface: Main configuration variables.
* Cabal: Security.
* CHAL_REPLY: Authentication protocol.
* CHALLENGE: Authentication protocol.
* CIDR notation: Host configuration variables.
* Cipher: Host configuration variables.
* client: How connections work.
* command line: Runtime options.
* Compression: Host configuration variables.
* connection: The connection.
* ConnectTo: Main configuration variables.
* daemon: Running tinc.
* data-protocol: The meta-connection.
* Debian: Configuring the kernel.
* debug level: Runtime options.
* DEL_EDGE: The meta-protocol.
* Device: Main configuration variables.
* device files: Device files.
* Digest: Host configuration variables.
* encapsulating: The UDP tunnel.
* encryption: Encryption of network packets.
* ethertap: Configuring the kernel.
* example: Example configuration.
* frame type: The UDP tunnel.
* FreeBSD: Supported platforms.
* hardware address: Network interfaces.
* Hostnames: Main configuration variables.
* hub: Main configuration variables.
* ID: Authentication protocol.
* ifconfig: Network interfaces.
* IndirectData: Host configuration variables.
* Interface: Main configuration variables.
* IRC: Contact Information.
* Kernel-HOWTO: Configuring the kernel.
* key generation: Generating keypairs.
* KEY_CHANGED: The meta-protocol.
* KeyExpire: Main configuration variables.
* libraries: Libraries.
* license: OpenSSL.
* Linux: Supported platforms.
* MAC address: Network interfaces.
* MACExpire: Main configuration variables.
* MACLength: Host configuration variables.
* meta-protocol: The meta-connection.
* META_KEY: Authentication protocol.
* Mode: Main configuration variables.
* multiple networks: Multiple networks.
* Name: Main configuration variables.
* netlink_dev: Configuring the kernel.
* netmask: Network interfaces.
* netname: Multiple networks.
* Network Administrators Guide: Configuration introduction.
* OpenBSD: Supported platforms.
* OpenSSL: OpenSSL.
* options: Runtime options.
* PEM format: Host configuration variables.
* PING: The meta-protocol.
* PingTimeout: Main configuration variables.
* platforms: Supported platforms.
* PONG: The meta-protocol.
* Port: Host configuration variables.
* port numbers: Other files.
* PriorityInheritance: Main configuration variables.
* private: VPNs.
* PrivateKey: Main configuration variables.
* PrivateKeyFile: Main configuration variables.
* PublicKey: Host configuration variables.
* PublicKeyFile: Host configuration variables.
* RedHat: Configuring the kernel.
* release: Supported platforms.
* REQ_KEY: The meta-protocol.
* requirements: Libraries.
* router: Main configuration variables.
* runtime options: Runtime options.
* scalability: tinc.
* server: How connections work.
* Solaris: Supported platforms.
* Subnet: Host configuration variables.
* SVPN: Security.
* switch: Main configuration variables.
* TCP: The meta-connection.
* TCPonly: Host configuration variables.
* TINC: Security.
* tinc: Introduction.
* tinc-up: Network interfaces.
* tincd: tinc.
* Traditional VPNs: tinc.
* tun: Configuring the kernel.
* UDP <1>: Encryption of network packets.
* UDP: The UDP tunnel.
* virtual: VPNs.
* virtual network device: The UDP tunnel.
* VPN: VPNs.
* vpnd: tinc.
* website: Contact Information.
* zlib: zlib.

1893
doc/tinc.texi Normal file
View file

File diff suppressed because it is too large Load diff

174
doc/tincd.8 Normal file
View file

@ -0,0 +1,174 @@
.Dd 2002-03-25
.Dt TINCD 8
.\" Manual page created by:
.\" Ivo Timmermans <itimmermans@bigfoot.com>
.\" Guus Sliepen <guus@sliepen.warande.net>
.Sh NAME
.Nm tincd
.Nd tinc VPN daemon
.Sh SYNOPSIS
.Nm
.Op Fl cdDkKn
.Op Fl -bypass-security
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -debug Ns = Ns Ar LEVEL
.Op Fl -generate-keys Ns Op = Ns Ar BITS
.Op Fl -help
.Op Fl -kill Ns = Ns Ar SIGNAL
.Op Fl -net Ns = Ns Ar NETNAME
.Op Fl -no-detach
.Op Fl -version
.Sh DESCRIPTION
This is the daemon of tinc, a secure virtual private network (VPN) project.
When started,
.Nm
will read it's configuration file to determine what virtual subnets it has to serve
and to what other tinc daemons it should connect.
It will connect to the ethertap or tun/tap device
and set up a socket for incoming connections.
Optionally a script will be executed to further configure the virtual device.
If that succeeds,
it will detach from the controlling terminal and continue in the background,
accepting and setting up connections to other tinc daemons
that are part of the virtual private network.
.Sh OPTIONS
.Bl -tag -width indent
.It Fl -bypass-security
Disables encryption and authentication.
Only useful for debugging.
.It Fl c, -config Ns = Ns Ar DIR
Read configuration options from
.Ar DIR .
.It Fl d, -debug Ns Op = Ns Ar LEVEL
Increase debug level or set it to
.Ar LEVEL
(see below).
.It Fl K, -generate-keys Ns Op = Ns Ar BITS
Generate public/private RSA keypair and exit.
If
.Ar BITS
is omitted, the default length will be 1024 bits.
.It Fl -help
Display short list of options.
.It Fl k, -kill Ns Op = Ns Ar SIGNAL
Attempt to kill a running
.Nm
(optionally with the specified
.Ar SIGNAL
instead of SIGTERM) and exit.
.It Fl n, -net Ns = Ns Ar NETNAME
Connect to net
.Ar NETNAME .
.It Fl D, -no-detach
Don't fork and detach.
This will also disable the automatic restart mechanism for fatal errors.
.It Fl -version
Output version information and exit.
.El
.Sh SIGNALS
.Bl -tag -width indent
.It ALRM
Forces
.Nm
to try to connect to all uplinks immediately.
Usually
.Nm
attempts to do this itself,
but increases the time it waits between the attempts each time it failed,
and if
.Nm
didn't succeed to connect to an uplink the first time after it started,
it defaults to the maximum time of 15 minutes.
.It HUP
Closes all connections, rereads the configuration file and restarts the daemon.
.It INT
Temporarily increases debug level to 5.
Send this signal again to revert to the original level.
.It USR1
Dumps the connection list to syslog.
.It USR2
Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.
.It WINCH
Purges all information remembered about unreachable nodes.
.El
.Sh DEBUG LEVELS
The tinc daemon can send a lot of messages to the syslog.
The higher the debug level,
the more messages it will log.
Each level inherits all messages of the previous level:
.Bl -tag -width indent
.It 0
This will log a message indicating
.Nm
has started along with a version number.
It will also any serious error.
.It 1
This will log all connections that are made with other tinc daemons.
.It 2
This will log status and error messages from other tinc daemons.
.It 3
This will log all requests that are exchanged with other tinc daemons. These include
authentication, key exchange and connection list updates.
.It 4
This will log a copy of everything received on the meta socket.
.It 5
This will log all network traffic over the virtual private network.
.El
.Sh FILES
.Bl -tag -width indent
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
The configuration file for
.Nm .
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
Script which is executed as soon as the virtual network device has been allocated.
Purpose is to further configure that device.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
Script which is executed when
.Nm
exits.
Purpose is to cleanly shut down the virtual network device before it will be deallocated.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/*
The directory containing the host configuration files
used to authenticate other tinc daemons.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up
Script which is executed as soon as host
.Ar NAME
becomes reachable.
.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down
Script which is executed as soon as host
.Ar NAME
becomes unreachable.
.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid
The PID of the currently running
.Nm
is stored in this file.
.El
.Sh BUGS
The
.Va BindToInterface
option may not work correctly.
.Pp
.Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
.Pp
If you find any bugs, report them to tinc@nl.linux.org.
.Sh TODO
A lot, especially security auditing.
.Sh SEE ALSO
.Xr tinc.conf 5 ,
.Pa http://tinc.nl.linux.org/ ,
.Pa http://www.cabal.org/ .
.Pp
The full documentation for tinc is maintained as a Texinfo manual.
If the info and tinc programs are properly installed at your site,
the command
.Ic info tinc
should give you access to the complete manual.
.Pp
tinc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under certain conditions;
see the file COPYING for details.
.Sh AUTHORS
.An "Ivo Timmermans" Aq itimmermans@bigfoot.com
.An "Guus Sliepen" Aq guus@sliepen.warande.net
.Pp
And thanks to many others for their contributions to tinc!