X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=doc%2Ftinc.texi;h=581da6eade277fc6b0ab0e6c36dcdfd1bbc2afa5;hb=833a8a048b22612cd12d703d55a71448b7179b4a;hp=81cc8c5cc74868df8f6e1f431d163cdfdf7fbce6;hpb=f0e7e6b03e34e69cac5b01a2d943ad3b9b59d36c;p=tinc diff --git a/doc/tinc.texi b/doc/tinc.texi index 81cc8c5c..581da6ea 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -884,6 +884,18 @@ Broadcast packets received from other nodes are never forwarded. If the IndirectData option is also set, broadcast packets will only be sent to nodes which we have a meta connection to. @end table +@cindex BroadcastSubnet +@item BroadcastSubnet = @var{address}[/@var{prefixlength}] +Declares a broadcast subnet. +Any packet with a destination address falling into such a subnet will be routed as a broadcast +(provided all nodes have it declared). +This is most useful to declare subnet broadcast addresses (e.g. 10.42.255.255), +otherwise tinc won't know what to do with them. + +Note that global broadcast addresses (MAC ff:ff:ff:ff:ff:ff, IPv4 255.255.255.255), +as well as multicast space (IPv4 224.0.0.0/4, IPv6 ff00::/8) +are always considered broadcast addresses and don't need to be declared. + @cindex ConnectTo @item ConnectTo = <@var{name}> Specifies which other tinc daemon to connect to on startup. @@ -914,6 +926,13 @@ Under Windows, use @var{Interface} instead of @var{Device}. Note that you can only use one device per daemon. See also @ref{Device files}. +@cindex DeviceStandby +@item DeviceStandby = (no) +When disabled, tinc calls @file{tinc-up} on startup, and @file{tinc-down} on shutdown. +When enabled, tinc will only call @file{tinc-up} when at least one node is reachable, +and will call @file{tinc-down} as soon as no nodes are reachable. +On Windows, this also determines when the virtual network interface "cable" is "plugged". + @cindex DeviceType @item DeviceType = <@var{type}> (platform dependent) The type of the virtual network device. @@ -1062,8 +1081,8 @@ This will allow direct communication using LAN addresses, even if both peers are and they only ConnectTo a third node outside the NAT, which normally would prevent the peers from learning each other's LAN address. -Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery. -This feature may not work in all possible situations. +Currently, local discovery is implemented by sending some packets to the local address of the node during UDP discovery. +This will not work with old nodes that don't transmit their local address. @cindex LocalDiscoveryAddress @item LocalDiscoveryAddress <@var{address}> @@ -1213,6 +1232,27 @@ and will only allow connections with nodes for which host config files are prese @file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory. Setting this options also implicitly sets StrictSubnets. +@cindex UDPDiscovey +@item UDPDiscovery = (yes) +When this option is enabled tinc will try to establish UDP connectivity to nodes, +using TCP while it determines if a node is reachable over UDP. If it is disabled, +tinc always assumes a node is reachable over UDP. +Note that tinc will never use UDP with nodes that have TCPOnly enabled. + +@cindex UDPDiscoveryKeepaliveInterval +@item UDPDiscoveryKeepaliveInterval = (9) +The minimum amount of time between sending UDP ping datagrams to check UDP connectivity once it has been established. +Note that these pings are large, since they are used to verify link MTU as well. + +@cindex UDPDiscoveryInterval +@item UDPDiscoveryInterval = (2) +The minimum amount of time between sending UDP ping datagrams to try to establish UDP connectivity. + +@cindex UDPDiscoveryTimeout +@item UDPDiscoveryTimeout = (30) +If tinc doesn't receive any UDP ping replies over the specified interval, +it will assume UDP communication is broken and will fall back to TCP. + @cindex UDPRcvBuf @item UDPRcvBuf = (OS default) Sets the socket receive buffer size for the UDP socket, in bytes. @@ -2207,6 +2247,9 @@ Use the cookie from @var{filename} to authenticate with a running tinc daemon. If unspecified, the default is @file{@value{localstatedir}/run/tinc.@var{netname}.pid}. +@item --force +Force some commands to work despite warnings. + @item --help Display a short reminder of runtime options and commands, then terminate. @@ -2253,6 +2296,7 @@ To set a variable for a specific host, use the notation @var{host}.@var{variable @cindex add @item add @var{variable} @var{value} As above, but without removing any previously existing configuration variables. +If the variable already exists with the given value, nothing happens. @cindex del @item del @var{variable} [@var{value}] @@ -2273,16 +2317,16 @@ Export the host configuration file of the local node to standard output. Export all host configuration files to standard output. @cindex import -@item import [--force] +@item import Import host configuration file(s) generated by the tinc export command from standard input. Already existing host configuration files are not overwritten unless the option --force is used. @cindex exchange -@item exchange [--force] +@item exchange The same as export followed by import. @cindex exchange-all -@item exchange-all [--force] +@item exchange-all The same as export-all followed by import. @cindex invite @@ -2396,11 +2440,21 @@ Dump VPN traffic going through the local tinc node in pcap-savefile format to st from where it can be redirected to a file or piped through a program that can parse it directly, such as tcpdump. -@cindex network [@var{netname}] -@item network +@cindex network +@item network [@var{netname}] If @var{netname} is given, switch to that network. Otherwise, display a list of all networks for which configuration files exist. +@cindex fsck +@item fsck +This will check the configuration files for possible problems, +such as unsafe file permissions, missing executable bit on script, +unknown and obsolete configuration variables, wrong public and/or private keys, and so on. + +When problems are found, this will be printed on a line with WARNING or ERROR in front of it. +Most problems must be corrected by the user itself, however in some cases (like file permissions and missing public keys), +tinc will ask if it should fix the problem. + @end table @c ==================================================================