X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;ds=sidebyside;f=doc%2Ftinc.texi;h=db35b4a30b851b0c29a32cd55daa2b6b933c581b;hb=e4ae9c4b0dc4735dde5b0944a1ca6994075a2478;hp=90cc380ca9720ac28af001b7959a4a23f6308bbe;hpb=ba25e899d0f13f84a0300240b8f67df818dcafa6;p=tinc

diff --git a/doc/tinc.texi b/doc/tinc.texi
index 90cc380c..db35b4a3 100644
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@@ -15,7 +15,7 @@
 
 This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
 
-Copyright @copyright{} 1998-2016 Ivo Timmermans,
+Copyright @copyright{} 1998-2017 Ivo Timmermans,
 Guus Sliepen <guus@@tinc-vpn.org> and
 Wessel Dankers <wsl@@tinc-vpn.org>.
 
@@ -39,7 +39,7 @@ permission notice identical to this one.
 @vskip 0pt plus 1filll
 This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon.
 
-Copyright @copyright{} 1998-2016 Ivo Timmermans,
+Copyright @copyright{} 1998-2017 Ivo Timmermans,
 Guus Sliepen <guus@@tinc-vpn.org> and
 Wessel Dankers <wsl@@tinc-vpn.org>.
 
@@ -1143,7 +1143,7 @@ Multiple Address variables can be specified, in which case each address will be
 tried until a working connection has been established.
 
 @cindex Cipher
-@item Cipher = <@var{cipher}> (blowfish)
+@item Cipher = <@var{cipher}> (aes-256-cbc)
 The symmetric cipher algorithm used to encrypt UDP packets.
 Any cipher supported by LibreSSL or OpenSSL is recognized.
 Furthermore, specifying "none" will turn off packet encryption.
@@ -1162,7 +1162,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
 10 (fast lzo) and 11 (best lzo).
 
 @cindex Digest
-@item Digest = <@var{digest}> (sha1)
+@item Digest = <@var{digest}> (sha256)
 The digest algorithm used to authenticate UDP packets.
 Any digest supported by LibreSSL or OpenSSL is recognized.
 Furthermore, specifying "none" will turn off packet authentication.
@@ -1743,10 +1743,14 @@ located (@file{@value{sysconfdir}/tinc/@var{netname}/} as determined by
 The chroot is performed after all the initialization is done, after
 writing pid files and opening network sockets.
 
-Note that this option alone does not do any good without -U/--user, below.
+This option is best used in combination with the -U/--user option described below.
 
-Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
-unless it's setup to be runnable inside chroot environment.
+You will need to ensure the chroot environment contains all the files necessary
+for tinc to run correctly.
+Most importantly, for tinc to be able to resolve hostnames inside the chroot environment,
+you must copy @file{/etc/resolv.conf} into the chroot directory.
+If you want to be able to run scripts other than @file{tinc-up} in the chroot,
+you must ensure the appropriate shell is also installed in the chroot, along with all its dependencies.
 
 @item -U, --user=@var{user}
 Switch to the given @var{user} after initialization, at the same time as