From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:40:46 +0000 (+0000) Subject: Merged documentation with various updates I had lying around X-Git-Tag: release-1.0pre4~55 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1d898e00a964ef922617683a1d29ff24e56ed8ff;p=oweals%2Ftinc.git Merged documentation with various updates I had lying around --- diff --git a/doc/tinc.texi b/doc/tinc.texi index 32ebec3..8087844 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ +$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ +$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -613,6 +613,7 @@ VpnMask configuration variable. * Multiple networks:: * How connections work:: * Configuration file:: +* Required directives:: * Example:: @end menu @@ -657,7 +658,7 @@ will try to connect to it, on the given port. If this fails, tinc exits. @c ================================================================== -@node Configuration file, Example, How connections work, Configuring tinc +@node Configuration file, Required directives, How connections work, Configuring tinc @section Configuration file The actual configuration of the daemon is done in the file @@ -726,10 +727,30 @@ on several interfaces at the same time though, if they share the same IP address. @item KeyExpire = (3600) -This option controls the time the encryption keys used to encrypt the -data are valid. It is common practice to change keys at regular -intervals to make it even harder for crackers, even though it is thought -to be nearly impossible to crack a single key. +This option controls the time the encryption keys used to encrypt the data +are valid. It is common practice to change keys at regular intervals to +make it even harder for crackers, even though it is thought to be nearly +impossible to crack a single key. + +@item ListenPort = (655) +Listen on local port port. The computer connecting to this daemon should +use this number as the argument for his ConnectPort. + +@item MyOwnVPNIP = (required) +The local address is the number that the daemon will propagate to +other daemons on the network when it is identifying itself. Hence this +will be the file name of the passphrase file that the other end expects +to find the passphrase in. + +The local address is the IP address of the tap device, not the real IP +address of the host running tincd. Due to changes in recent kernels, it +is also necessary that you make the ethernet (also known as MAC) address +equal to the IP address (see the example). + +maskbits is the number of bits set to 1 in the netmask part. + +@item MyVirtualIP = +This is an alias for MyOwnVPNIP. @item @strong{Name = } This is a symbolic name for this connection. It can be anything @@ -740,7 +761,7 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item PrivateKey = +@item @strong{PrivateKey = } This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. @@ -750,17 +771,35 @@ This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. -Note that exactly @strong{one of the above two options} must be specified. +@item PublicKey = +This is the full path name of the RSA public key file that was generated +by ``tincd --generate-keys''. It must be a full path, not a relative +directory. (NOTE: In version 1.0pre3, this variable was used to give +the key inline. This is no longer supported.) + +@item Subnet = +This is the subnet range of all IP addresses that will be accepted by +the host that defines it. Please be careful that no two subnets +overlap. Every host @strong{must} have a different range of IP +addresses that it can handle, otherwise you will see messages like +`packet comes back to us'. @item TapDevice = (/dev/tap0) The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. -@item VpnMask = -The mask that defines the scope of the entire VPN. This option is not -used by the tinc daemon itself, but can be used by startup scripts to -configure the ethertap devices correctly. +@item TCPonly = (no, experimental) +If this variable is set to yes, then the packets are tunnelled over a TCP +connection instead of a UDP connection. This is especially useful for those +who want to run a tinc daemon from behind a masquerading firewall, or if +UDP packet routing is disabled somehow. This is experimental code, +try this at your own risk. + +@item VpnMask = (optional) +The mask that defines the scope of the entire VPN. This option is not used +by the tinc daemon itself, but can be used by startup scripts to configure +the ethertap devices correctly. @end table @@ -892,7 +931,7 @@ there. If you get an error, you can check @ref{Error messages}. @c ================================================================== -@node Example, , Configuration file, Configuring tinc +@node Example, , Required directives, Configuring tinc @section Example @@ -1193,10 +1232,8 @@ level of 5 or higher! @item Network address and subnet mask do not match! @table @bullet -@item The Subnet field must contain a network address. That means that -the lower order bits of the address must be zero. For example, 192.168.1.1/24 -is wrong, you should use 192.168.1.0/24. -@item If you only want to use one IP address, set the netmask to /32. +@item The Subnet field must contain a network address +If you only want to use one IP address, set the netmask to /32. @end table @item This is a bug: net.c:253: 24: Some error @@ -1217,11 +1254,13 @@ files are bound to be in a different directory. @end table +@end table @c ================================================================== @node Technical information, About us, Running tinc, Top @chapter Technical information + @menu * The Connection:: * Security::