94 lines
3.3 KiB
Text
94 lines
3.3 KiB
Text
This is the README file for tinc version 1.1pre3. Installation
|
|
instructions may be found in the INSTALL file.
|
|
|
|
tinc is Copyright (C) 1998-2012 by:
|
|
|
|
Ivo Timmermans,
|
|
Guus Sliepen <guus@tinc-vpn.org>,
|
|
and others.
|
|
|
|
For a complete list of authors see the AUTHORS file.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or (at
|
|
your option) any later version. See the file COPYING for more details.
|
|
|
|
|
|
This is a pre-release
|
|
---------------------
|
|
|
|
Please note that this is NOT a stable release. Until version 1.1.0 is released,
|
|
please use one of the 1.0.x versions if you need a stable version of tinc.
|
|
|
|
Although tinc 1.1 will be protocol compatible with tinc 1.0.x, the
|
|
functionality of the tincctl program may still change, and the control socket
|
|
protocol is not fixed yet.
|
|
|
|
|
|
Security statement
|
|
------------------
|
|
|
|
This version uses an experimental and unfinished cryptographic protocol. Use it
|
|
at your own risk.
|
|
|
|
|
|
Compatibility
|
|
-------------
|
|
|
|
Version 1.1pre3 is compatible with 1.0pre8, 1.0 and later, but not with older
|
|
versions of tinc.
|
|
|
|
When the ExperimentalProtocol option is used, tinc is still compatible with
|
|
1.0.X and 1.1pre3 itself, but not with any other 1.1preX version.
|
|
|
|
|
|
Requirements
|
|
------------
|
|
|
|
In order to compile tinc, you will need a GNU C compiler environment. Please
|
|
ensure you have the latest stable versions of all the required libraries:
|
|
|
|
- OpenSSL (http://www.openssl.org/) version 1.0.0 or later.
|
|
- Libevent (http://monkey.org/~provos/libevent/)
|
|
|
|
The following libraries are used by default, but can be disabled if necessary:
|
|
|
|
- zlib (http://www.gzip.org/zlib/)
|
|
- lzo (http://www.oberhumer.com/opensource/lzo/)
|
|
- ncurses (http://invisible-island.net/ncurses/)
|
|
- readline (ftp://ftp.gnu.org/pub/gnu/readline/)
|
|
|
|
|
|
Features
|
|
--------
|
|
|
|
Tinc is a peer-to-peer VPN daemon that supports VPNs with an arbitrary number
|
|
of nodes. Instead of configuring tunnels, you give tinc the location and
|
|
public key of a few nodes in the VPN. After making the initial connections to
|
|
those nodes, tinc will learn about all other nodes on the VPN, and will make
|
|
connections automatically. When direct connections are not possible, data will
|
|
be forwarded by intermediate nodes.
|
|
|
|
By default, nodes authenticate each other using 2048 bit RSA (or 521 bit
|
|
ECDSA*) keys. Traffic is encrypted using Blowfish in CBC mode (or AES-256 in
|
|
CTR mode*), authenticated using HMAC-SHA1 (or HMAC-SHA-256*), and is protected
|
|
against replay attacks.
|
|
|
|
*) When using the ExperimentalProtocol option.
|
|
|
|
Tinc fully supports IPv6.
|
|
|
|
Tinc can operate in several routing modes. In the default mode, "router", every
|
|
node is associated with one or more IPv4 and/or IPv6 Subnets. The other two
|
|
modes, "switch" and "hub", let the tinc daemons work together to form a virtual
|
|
Ethernet network switch or hub.
|
|
|
|
Normally, when started tinc will detach and run in the background. In a native
|
|
Windows environment this means tinc will intall itself as a service, which will
|
|
restart after reboots. To prevent tinc from detaching or running as a service,
|
|
use the -D option.
|
|
|
|
The status of the VPN can be queried using the "tincctl" tool, which connects
|
|
to a running tinc daemon via a control connection. The same tool also makes it
|
|
easy to start and stop tinc, and to change its configuration.
|