-This is the README file for tinc version 1.1pre5. Installation
+This is the README file for tinc version 1.1pre11. Installation
instructions may be found in the INSTALL file.
-tinc is Copyright (C) 1998-2013 by:
+tinc is Copyright (C) 1998-2014 by:
Ivo Timmermans,
Guus Sliepen <guus@tinc-vpn.org>,
please use one of the 1.0.x versions if you need a stable version of tinc.
Although tinc 1.1 will be protocol compatible with tinc 1.0.x, the
-functionality of the tincctl program may still change, and the control socket
+functionality of the tinc program may still change, and the control socket
protocol is not fixed yet.
Compatibility
-------------
-Version 1.1pre5 is compatible with 1.0pre8, 1.0 and later, but not with older
+Version 1.1pre11 is compatible with 1.0pre8, 1.0 and later, but not with older
versions of tinc.
When the ExperimentalProtocol option is used, tinc is still compatible with
-1.0.X and 1.1pre5 itself, but not with any other 1.1preX version.
+1.0.X and 1.1pre11 itself, but not with any other 1.1preX version.
Requirements
In order to compile tinc, you will need a GNU C compiler environment. Please
ensure you have the latest stable versions of all the required libraries:
-- OpenSSL (http://www.openssl.org/) version 1.0.0 or later.
+- OpenSSL (http://www.openssl.org/) version 1.0.0 or later, with support for
+ elliptic curve cryptography (ECC) and Galois counter mode (GCM) enabled.
The following libraries are used by default, but can be disabled if necessary:
By default, nodes authenticate each other using 2048 bit RSA (or 521 bit
ECDSA*) keys. Traffic is encrypted using Blowfish in CBC mode (or AES-256 in
-CTR mode*), authenticated using HMAC-SHA1 (or HMAC-SHA-256*), and is protected
-against replay attacks.
+GCM mode*), authenticated using HMAC-SHA1 (or GCM*), and is protected against
+replay attacks.
*) When using the ExperimentalProtocol option.
restart after reboots. To prevent tinc from detaching or running as a service,
use the -D option.
-The status of the VPN can be queried using the "tincctl" tool, which connects
+The status of the VPN can be queried using the "tinc" command, which connects
to a running tinc daemon via a control connection. The same tool also makes it
easy to start and stop tinc, and to change its configuration.