No description
0f3c45c5cc
tinc (1.0pre7-2) unstable; urgency=low * Dutch translation wasn't being installed. tinc (1.0pre7-1) unstable; urgency=medium * New upstream release. tinc (1.0pre6-3) unstable; urgency=medium * Synched with upstream CVS. * Added build dependency on zlib1g-dev. (Closes: #141705) tinc (1.0pre6-2) unstable; urgency=low * The Section was non-US again, so changed it back to main/net. tinc (1.0pre6-1) unstable; urgency=low * New upstream release. * Fixed text in debian/copyright tinc (1.0pre5-4) unstable; urgency=low * Added a debconf question for restarting on upgrade. * Added reload option to init.d, start with EXTRA='-d' default. * Moved from non-US to main. * Install example configuration files. * The HTML documentation wasn't installed; fixed. tinc (1.0pre5-3) unstable; urgency=low * Config variables are now treated case sentitivly again. * Added a forgotten xstrdup. tinc (1.0pre5-2) unstable; urgency=low * MaxTimeout accidentally wasn't configurable. (Closes: #119653) tinc (1.0pre5-1) unstable; urgency=low * New upstream version. (Closes: #119653) * Init script redone in sh. tinc (1.0pre4-1.cvs010621.6) unstable; urgency=low * Somehow po-Makefile.in.in.diff got lost, readded. (Closes: #119157) tinc (1.0pre4-1.cvs010621.5) unstable; urgency=low * Fix a typo in postinst that let it MAKEDEV even on devfs. (Closes: #116034) tinc (1.0pre4-1.cvs010621.4) unstable; urgency=low * Ask before creating the device files. (Closes: #111099) * Add a section to the info file. tinc (1.0pre4-1.cvs010621.3) unstable; urgency=low * Build and install html documentation. (Closes: #106843) * Remove build-time dependency on libc6-dev. tinc (1.0pre4-1.cvs010621.2) unstable; urgency=low * Changed location of the pidfile. (Closes: #102798) tinc (1.0pre4-1.cvs010621.1) unstable; urgency=low * New upstream version. (Closes: #98730) * Rebuilding automatically inserted new config.{sub|guess}. (Closes: #98165) * Updated Standards-Version. * Don't include a sample configuration file. tinc (1.0pre3-5) unstable; urgency=low * Fixed an error in the init script that prevented tinc from starting correctly. tinc (1.0pre3-4) unstable; urgency=low * Change build-depends for OpenSSL to libssl096-dev (Closes: #84197, #84873). tinc (1.0pre3-3) unstable; urgency=low * Set architecture to any (really this time!) (Closes: #80451). * Section set to non-US tinc (1.0pre3-2) unstable; urgency=low * Set architecture to any (Closes: #80451). * Added tinc.modules with some useful module aliases. tinc (1.0pre3-1) unstable; urgency=low * New upstream version (1.0pre3) (Closes: #71274). * Better Depends and Build-Depends lines. * Dropped dependencies on libgmp, added libssl. * doc-base.tinc: New file. * Deleted the file shlibs, as there on longer is a libblowfish. * Patch po/Makefile.in.in from po-Makefile.in.in.diff if necessary. * Use dh_perl to get accurate perl dependencies. tinc (1.0pre2-1.1) unstable; urgency=low * NMU at Ivo's request as his application is being processed, and his sponsor is based in the US. tinc (1.0pre2-1) unstable; urgency=low * postinst creates a file /etc/tinc/nets.boot, containing all networks to be started upon system startup; * init.d script starts all networks from that list. * postinst script creates tap devices. tinc (1.0pre1-0.4) unstable; urgency=low * postinst script. tinc (1.0pre1-0.3) unstable; urgency=low * system startup script. tinc (1.0pre1-0.2) unstable; urgency=low * Included the blowfish license. tinc (1.0pre1-0.1) unstable; urgency=low * Initial Release. |
||
---|---|---|
debian | ||
doc | ||
intl | ||
lib | ||
m4 | ||
po | ||
src | ||
ABOUT-NLS | ||
acconfig.h | ||
aclocal.m4 | ||
AUTHORS | ||
ChangeLog | ||
config.guess | ||
config.h.in | ||
config.sub | ||
configure | ||
configure.in | ||
COPYING | ||
COPYING.README | ||
depcomp | ||
INSTALL | ||
install-sh | ||
Makefile.am | ||
Makefile.in | ||
missing | ||
mkinstalldirs | ||
NEWS | ||
README | ||
stamp-h.in | ||
system.h | ||
THANKS | ||
TODO |
This is the README file for tinc version 1.0pre7. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2002 by: Ivo Timmermans <itimmermans@bigfoot.com>, Guus Sliepen <guus@sliepen.warande.net>, and others. For a complete list of authors see the AUTHORS file. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See the file COPYING for more details. Security statement ------------------ In August 2000, we discovered the existence of a security hole in all versions of tinc up to and including 1.0pre2. This had to do with the way we exchanged keys. Since then, we have been working on a new authentication scheme to make tinc as secure as possible. The current version uses the OpenSSL library and uses strong authentication with RSA keys. On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc 1.0pre4. Due to a lack of sequence numbers and a message authentication code for each packet, an attacker could possibly disrupt certain network services or launch a denial of service attack by replaying intercepted packets. The current version adds sequence numbers and message authentication codes to prevent such attacks. Cryptography is a hard thing to get right. We cannot make any guarantees. Time, review and feedback are the only things that can prove the security of any cryptographic product. If you wish to review tinc or give us feedback, you are stronly encouraged to do so. Changes to configuration file format since 1.0pre5 -------------------------------------------------- Some configuration variables have different names now. Most notably "TapDevice" should be changed into "Device", and "Device" should be changed into "BindToDevice". Requirements ------------ Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to install this library first; grab it from http://www.openssl.org/. We recommend version 0.9.5 or better. If this library is not installed on you system, configure will fail. The manual in doc/tinc.texi contains more detailed information on how to install this library. Since 1.0pre6, the zlib library is used for optional compression. You need this library whether or not you plan to enable the compression. You can find it at http://www.gzip.org/zlib/. Because of a possible exploit in earlier versions we recommand that you download version 1.1.4 or later. In order to compile tinc, you will also need autoconf, automake, GNU make, m4 and gettext. Features -------- This version of tinc supports multiple virtual networks at once. To use this feature, you may supply a netname via the -n or --net options. The standard locations for the config files will then be /etc/tinc/<net>/. Because of this feature, tinc will send packets directly to their destinations, instead of to the uplink. If this behaviour is undesirable (for instance because of firewalls or other restrictions), please use an older version of tinc (I would recommend tinc-0.2.19). In order to force the kernel to accept received packets, the destination MAC address will be set to FE:FD:00:00:00:00 upon reception. The MAC address of the ethertap or tun/tap interface must also be set to this address. See the manual for more detailed information. tincd regenerates its encryption key pairs. It does this on the first activity after the keys have expired. This period is adjustable in the configuration file, and the default time is 3600 seconds (one hour). This version supports multiple subnets at once. They are also sorted on subnet mask size. This means that it is possible to have overlapping subnets on the VPN, as long as their subnet mask sizes differ. Since pre5, tinc can operate in several routing modes. The default mode, "router", works exactly like the older version, and uses Subnet lines to determine the destination of packets. The other two modes, "switch" and "hub", allow the tinc daemons to work together like a single network switch or hub. This is useful for bridging networks. The latter modes only work properly on Linux and FreeBSD. The algorithms used for encryption and generating message authentication codes can now be changed in the configuration files. All cipher and digest algorithms supported by OpenSSL can be used. Useful ciphers are "blowfish" (default), "bf-ofb", "des", "des3", etcetera. Useful digests are "sha1" (default), "md5", etcetera. Support for routing IPv6 packets has been added. Just add Subnet lines with IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from the iproute package) to give the virtual network interface corresponding IPv6 addresses. Autoconfiguration will not work in router mode. Tunneling IPv6 packets only works on Linux, FreeBSD and possibly OpenBSD. It is also possible to make tunnels to other tinc daemons over IPv6 networks. In order to enable this feature the option "AddressFamily = any" or "AddressFamily = ipv6" must be added to the tinc.conf file. The host configuration files should contain IPv6 addresses for the "Address" variables, or hostnames which have an AAAA or A6 record.