ff4039db4b
tinc (1.1~pre11-1) experimental; urgency=medium
* New upstream release.
* Update NEWS.Debian to reflect that tincctl has been renamed to tinc.
Closes: #729889
* Warn about incompatibility with previous 1.1preX releases, and that new
Ed25519 keys should be generated.
* Add native systemd service files.
* Automatically convert networks listed in nets.boot to systemd service
instances on upgrade.
* Don't restart tinc on upgrade for now.
78 lines
2.5 KiB
Text
78 lines
2.5 KiB
Text
tinc for Debian
|
|
---------------
|
|
|
|
The manual for tinc is also available as info pages, type `info tinc'
|
|
to read it.
|
|
|
|
There are several ways in which tinc may be automatically started at boot:
|
|
|
|
Systemd
|
|
-------
|
|
|
|
Since 1.1~pre11-1, the tinc package comes with native systemd service files.
|
|
To enable and start a net, call:
|
|
|
|
systemctl enable tinc@<netname>
|
|
systemctl start tinc@<netname>
|
|
|
|
This will cause a tincd to be started which uses the configuration from
|
|
/etc/tinc/<netname>, and also makes sure that it will be started next time your
|
|
system boots.
|
|
|
|
Apart from controlling individual instances, you can also start/stop/reload all
|
|
enabled instances simultaneously by omitting @<netname>, for example:
|
|
|
|
systemctl reload tinc
|
|
|
|
Note that when you have systemd installed on your system, the file
|
|
/etc/tinc/nets.boot will not be used anymore to automatically start tinc
|
|
daemons. If the variable EXTRA is defined in /etc/default/tinc, it will be
|
|
passed on to tinc. The variable LIMITS is however not used.
|
|
|
|
The service files that come with this package start tinc unconditionally.
|
|
However, tinc does support socket activation. If you wish to write a socket
|
|
unit for tinc, use the ListenStream option to specify on which port(s) and
|
|
address(es) tinc should listen.
|
|
|
|
SysVinit
|
|
--------
|
|
|
|
The system startup script for tinc, /etc/init.d/tinc, uses the file
|
|
/etc/tinc/nets.boot to find out which networks have to be started. Use one
|
|
netname per line. Lines starting with a # are ignored.
|
|
|
|
/etc/network/interfaces
|
|
-----------------------
|
|
|
|
You can create a stanza in /etc/network/interfaces, and add a line with
|
|
"tinc-net <netname>". This will cause a tincd to be started which uses the
|
|
configuration from /etc/tinc/<netname>. You can use an inet static (with
|
|
address and netmask options) or inet dhcp stanza, in which case the ifup will
|
|
configure the VPN interface and you do not need to have a tinc-up script.
|
|
|
|
The following options are also recognized and map directly to the corresponding
|
|
command line options for tincd:
|
|
|
|
tinc-config <directory>
|
|
tinc-debug <level>
|
|
tinc-mlock yes
|
|
tinc-logfile <filename>
|
|
tinc-chroot yes
|
|
tinc-user <username>
|
|
|
|
An example stanza:
|
|
|
|
iface vpn inet static
|
|
address 192.168.2.42
|
|
netmask 255.255.0.0
|
|
tinc-net myvpn
|
|
tinc-debug 1
|
|
tinc-mlock yes
|
|
tinc-user nobody
|
|
|
|
This will start a tinc daemon that reads its configuration from
|
|
/etc/tinc/myvpn, logs at debug level 1, locks itself in RAM, runs as user
|
|
nobody, and creates a network interface called "vpn". Ifup then sets the
|
|
address and netmask on that interface.
|
|
|
|
-- Guus Sliepen <guus@debian.org>, Thu, 8 January 2015, 13:37:46 +0100
|