From 4bfe75290579bf58e1833c4d8cababb5952995ec Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Dec 2010 15:57:44 +0100 Subject: [PATCH 01/16] Add section about Subnet = 0.0.0.0/0 to the redirect-gateway example. --- examples/redirect-gateway.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/examples/redirect-gateway.mdwn b/examples/redirect-gateway.mdwn index a334463..180d572 100644 --- a/examples/redirect-gateway.mdwn +++ b/examples/redirect-gateway.mdwn @@ -86,3 +86,10 @@ These script use the iproute2 commands, because they are easier to work with. The `VPN_GATEWAY` variable has to be filled in by hand. The `ORIGINAL_GATEWAY` variable copies the relevant information from the original default route to create the exception route to the VPN server. + +### Further configuration + +The only thing left is to ensure the tinc daemons know which node to send all packets to. +Make sure the following line is in `/etc/tinc/myvpn/hosts/server`: + + Subnet = 0.0.0.0/0 -- 2.20.1 From 8b5ccf3258879e393213ffde1eeb950b279c080f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 13 Jan 2011 10:03:36 +0100 Subject: [PATCH 02/16] Add a link to the GitHub clone. --- repository.mdwn | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/repository.mdwn b/repository.mdwn index bbb771d..ca07bae 100644 --- a/repository.mdwn +++ b/repository.mdwn @@ -28,6 +28,15 @@ repository. If you have checked out a copy of the public repository, you can bring it up to date using the command `git pull`. +### GitHub repository + +There is also a clone of the official repository on GitHub: + +[https://github.com/gsliepen/tinc](https://github.com/gsliepen/tinc) + +You can use this to easily create your own forks and make your own commits public. +This allows us to review them and possibly merge them with the official tinc repository. + ### Log messages Whenever something is changed in the repository, a log message is -- 2.20.1 From 9accc18e156bbadc388f54b8f46caf9b8ae7bd5a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 13 Jan 2011 12:49:29 +0100 Subject: [PATCH 03/16] Add new FOSDEM banner image. --- news/fosdem-2011-devroom.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/news/fosdem-2011-devroom.mdwn b/news/fosdem-2011-devroom.mdwn index dfe615b..9b813c4 100644 --- a/news/fosdem-2011-devroom.mdwn +++ b/news/fosdem-2011-devroom.mdwn @@ -1,5 +1,7 @@ [[!meta author="guus"]] +

FOSDEM, the Free and Open Source Software Developers' European Meeting

+ At [FOSDEM 2011](http://fosdem.org/2011/), we will be present in the devroom [New challenges in Virtualization](http://nciv2011.v2.cs.unibo.it/). You are invited to come by and discuss tinc, VPNs and other virtualization issues here. -- 2.20.1 From bc776f59ff2046aa616f781bce2778034232d45e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 13 Jan 2011 12:50:14 +0100 Subject: [PATCH 04/16] A GitHub clone of the official tinc repository is now available. --- news/2011-01-13.mdwn | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 news/2011-01-13.mdwn diff --git a/news/2011-01-13.mdwn b/news/2011-01-13.mdwn new file mode 100644 index 0000000..6ca3567 --- /dev/null +++ b/news/2011-01-13.mdwn @@ -0,0 +1,9 @@ +[[!meta date="January 13th 2011"]] + +A clone of the official tinc repository is now available at GitHub: + +[https://github.com/gsliepen/tinc](https://github.com/gsliepen/tinc) + +Developers can use this to make their own public "fork" of the git repository, +and push their own commits to GitHub. One can still send regular patches or use +other git workflows. -- 2.20.1 From 34c10d8040cd55752e5bab6de05b8bafc2099fef Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 5 Feb 2011 11:36:40 +0100 Subject: [PATCH 05/16] Add overview of the tinc related FOSDEM 2011 talks to the news. --- news/fosdem-2011-talks.mdwn | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 news/fosdem-2011-talks.mdwn diff --git a/news/fosdem-2011-talks.mdwn b/news/fosdem-2011-talks.mdwn new file mode 100644 index 0000000..632550a --- /dev/null +++ b/news/fosdem-2011-talks.mdwn @@ -0,0 +1,13 @@ +[[!meta author="guus"]] + +

FOSDEM, the Free and Open Source Software Developers' European Meeting

+ +At [FOSDEM 2011](http://fosdem.org/2011/), on Sunday morning February 6, +there will be three tinc related talks in the +[New challenges in Virtualization](http://nciv2011.v2.cs.unibo.it/) devroom: + +* 10:00 Brandon Black: "Building VPNs in EC2" +* 10:20 Guus Sliepen: "The difficulties of a peer-to-peer VPN on the hostile Internet" +* 11:00 Saverio Proto: "FairVPN - Fairness-oriented Overlay VPN topology construction" + +You are invited to come by and discuss tinc, VPNs and other virtualization issues here. -- 2.20.1 From 534b97f47942986f4fde51d3d430ba8c450da924 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 May 2011 00:16:16 +0200 Subject: [PATCH 06/16] Releasing 1.0.14. --- activities.mdwn | 8 +++----- docs.mdwn | 4 ++-- download.mdwn | 21 +++++++++++++++------ index.mdwn | 2 +- news/release-1.0.14.mdwn | 16 ++++++++++++++++ platforms.mdwn | 1 + 6 files changed, 38 insertions(+), 14 deletions(-) create mode 100644 news/release-1.0.14.mdwn diff --git a/activities.mdwn b/activities.mdwn index 30a96dc..9d8118e 100644 --- a/activities.mdwn +++ b/activities.mdwn @@ -5,13 +5,11 @@ you are holding a meeting or writing an article about VPNs and also mention tinc, please [[tell us|contact]]. If you know of any we have not listed here, we would also like to hear about it. -* [FOSDEM](http://fosdem.org/2011/), - February 5 and 6, 2011, in Brussels, Belgium. - We will be present as part of the devroom [New challenges in Virtualization](http://nciv2011.v2.cs.unibo.it/). - You are welcome to come by and discuss tinc, VPNs and other virtualization issues here. - ### Past events +* [FOSDEM](http://fosdem.org/2011/), + February 5 and 6, 2011, in Brussels, Belgium. + We were present as part of the devroom [New challenges in Virtualization](http://nciv2011.v2.cs.unibo.it/). * [FOSDEM](http://fosdem.org/2010/), February 6, 2010, at 15:20 CET. At this event, Guus Sliepen gave a lightning talk titled diff --git a/docs.mdwn b/docs.mdwn index 79b6bf4..2b2fc03 100644 --- a/docs.mdwn +++ b/docs.mdwn @@ -17,12 +17,12 @@ The main source of information is the set up a VPN using tinc. It also contains a chapter with more technical details, which you may want to read, as well as the ideas behind tinc. This manual is currently up to date with version -1.0.13. +1.0.14. ### Manpages You can also view the HTML version of the manpages that come with -version 1.0.13 of tinc: +version 1.0.14 of tinc: - [tincd(8)](/documentation/tincd.8) - [tinc.conf(5)](/documentation/tinc.conf.5) diff --git a/download.mdwn b/download.mdwn index b8464bf..dda5412 100644 --- a/download.mdwn +++ b/download.mdwn @@ -12,15 +12,15 @@ packages you should contact its maintainer. ### Latest release -[[!inline pages="news/release-1.0.13" template=newsitemnoheader feeds="no"]] +[[!inline pages="news/release-1.0.14" template=newsitemnoheader feeds="no"]] - -
**Version**1.0.13 + +
**Version**1.0.14
**Source** -[tinc-1.0.13.tar.gz](/packages/tinc-1.0.13.tar.gz) -([sig](/packages/tinc-1.0.13.tar.gz.sig)) +[tinc-1.0.14.tar.gz](/packages/tinc-1.0.14.tar.gz) +([sig](/packages/tinc-1.0.14.tar.gz.sig))
**Packages** -[Windows XP/Vista/7](/packages/windows/tinc-1.0.13-install.exe) +[Windows XP/Vista/7](/packages/windows/tinc-1.0.14-install.exe)
### Mirror sites @@ -62,6 +62,15 @@ using one of these packages. ### Older versions + +
**Version**1.0.13 +
**Source** +[tinc-1.0.13.tar.gz](/packages/tinc-1.0.13.tar.gz) +([sig](/packages/tinc-1.0.13.tar.gz.sig)) +
**Packages** +[Windows XP/Vista/7](/packages/windows/tinc-1.0.13-install.exe) +
+
**Version**1.0.12
**Source** diff --git a/index.mdwn b/index.mdwn index e5251c5..5fc93c7 100644 --- a/index.mdwn +++ b/index.mdwn @@ -1,6 +1,6 @@ # Welcome to tinc! -### Latest version: [[1.0.13|download]] +### Latest version: [[1.0.14|download]] ### Latest news: diff --git a/news/release-1.0.14.mdwn b/news/release-1.0.14.mdwn new file mode 100644 index 0000000..adacf4a --- /dev/null +++ b/news/release-1.0.14.mdwn @@ -0,0 +1,16 @@ +[[!meta author="guus"]] +[[!meta date="May 8th 2010"]] + +Version 1.0.14 released. + +* Fixed reading configuration files that do not end with a newline. Again. +* Allow arbitrary configuration options being specified on the command line. +* Allow all options in both tinc.conf and the local host config file. +* Configurable replay window, UDP send and receive buffers for performance tuning. +* Try harder to get UDP communication back after falling back to TCP. +* Initial support for attaching tinc to a VDE switch. +* DragonFly BSD support. +* Allow linking with OpenSSL 1.0.0. + +Thanks to Brandon Black, Julien Muchembled, Michael Tokarev, Rumko and Timothy +Redaelli for their contributions to this version of tinc. diff --git a/platforms.mdwn b/platforms.mdwn index 36ea254..624e432 100644 --- a/platforms.mdwn +++ b/platforms.mdwn @@ -10,6 +10,7 @@ will make sure it will work on these in the future as well: | Solaris | sparc32 | | | OpenBSD | all | | | NetBSD | all | | +| DragonFlyBSD | all | | | Darwin (MacOS/X) | powerpc, i386, x86\_64 | See the [[tinc manual|docs]] for requirements. | | Windows (Cygwin) | i386, x86\_64 with tap64 driver | Runs in a Cygwin environment. | | Windows (MinGW) | i386, x86\_64 with tap64 driver | Runs natively under Windows 2000, XP, Vista and Windows 7. May need an updated TAP-Win32 driver to work. | -- 2.20.1 From 29779c8bd366dc5ef13113e2cd2779b7f932e321 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 May 2011 00:17:19 +0200 Subject: [PATCH 07/16] Fix date of 1.0.14 release. --- news/release-1.0.14.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/release-1.0.14.mdwn b/news/release-1.0.14.mdwn index adacf4a..91db762 100644 --- a/news/release-1.0.14.mdwn +++ b/news/release-1.0.14.mdwn @@ -1,5 +1,5 @@ [[!meta author="guus"]] -[[!meta date="May 8th 2010"]] +[[!meta date="May 8th 2011"]] Version 1.0.14 released. -- 2.20.1 From 620623b927aff63537c6a764c21dc8b817c2bc9f Mon Sep 17 00:00:00 2001 From: j_ohny_b Date: Mon, 9 May 2011 02:51:10 +0200 Subject: [PATCH 08/16] --- download.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/download.mdwn b/download.mdwn index dda5412..6886fd8 100644 --- a/download.mdwn +++ b/download.mdwn @@ -51,7 +51,7 @@ that provide packages for tinc: - [FreeBSD](http://www.freebsd.org/cgi/ports.cgi?query=tinc&stype=name&sektion=security) - [Gentoo](http://packages.gentoo.org/package/tinc) - [NetBSD](http://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/net/tinc/README.html) -- [openSUSE](http://software.opensuse.org/search?p=1&q=tinc) +- [openSUSE](http://software.opensuse.org/search?p=1&q=tinc&include_home=true) - [Ubuntu](http://packages.ubuntu.com/tinc) This list is not complete and may not be up to date. If you want to -- 2.20.1 From 1527b56ca72534790bd96d9f1c90e14466f05ef2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 May 2011 08:32:09 +0200 Subject: [PATCH 09/16] Add a link to the PDF version of the manual. --- docs.mdwn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs.mdwn b/docs.mdwn index 2b2fc03..64cf3b3 100644 --- a/docs.mdwn +++ b/docs.mdwn @@ -13,7 +13,8 @@ something else than the documentation says, please tell us! ### Manual The main source of information is the -[tinc manual](/documentation/tinc_toc). This text describes how to +manual ([HTML](/documentation/tinc_toc), [PDF](/documentation/tinc.pdf)). +This text describes how to set up a VPN using tinc. It also contains a chapter with more technical details, which you may want to read, as well as the ideas behind tinc. This manual is currently up to date with version -- 2.20.1 From 947ca065177ab9ae487cf42cc4358f227bbfb1c9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 10 May 2011 23:08:03 +0200 Subject: [PATCH 10/16] Update redirect-gateway example. - Correct some mistakes in the example output of "route -n". - One must add a route to a gateway before one can add gateway routes. - Make it more clear one must also set up masquerading or other ways of routing on the server, enable forwarding, and possibly modify firewall rules. - Add a note about the effect of router and switch mode on redirecting ther gateway. --- examples/redirect-gateway.mdwn | 50 ++++++++++++++++++++++++++++------ 1 file changed, 42 insertions(+), 8 deletions(-) diff --git a/examples/redirect-gateway.mdwn b/examples/redirect-gateway.mdwn index 180d572..a6b2001 100644 --- a/examples/redirect-gateway.mdwn +++ b/examples/redirect-gateway.mdwn @@ -23,7 +23,7 @@ An example output of `route -n` on Linux: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface - 192.168.1.42 0.0.0.0 255.255.255.0 U 0 0 0 eth0 + 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 Here, the LAN has the IPv4 address range 192.168.1.0/24, and the gateway is 192.168.1.1. @@ -35,11 +35,13 @@ Suppose its real address is 192.0.32.10, then the routing table should become: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface + 172.16.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 vpn 192.0.32.10 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0 - 192.168.1.42 0.0.0.0 255.255.255.0 U 0 0 0 eth0 - 0.0.0.0 192.0.32.10 0.0.0.0 UG 0 0 0 vpn + 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 + 0.0.0.0 172.16.1.1 0.0.0.0 UG 0 0 0 vpn This will ensure the local LAN is reachable, that the VPN server's real IP address is reachable via the original gateway, +that the VPN server's VPN IP address is reachable on the vpn interface, and that all other traffic goes via the server on the VPN. It is better not to remove the original default gateway route, @@ -48,10 +50,11 @@ Instead, we use a trick where we add two /1 routes instead of one /0 route: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface + 172.16.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 vpn 192.0.32.10 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0 - 192.168.1.42 0.0.0.0 255.255.255.0 U 0 0 0 eth0 - 128.0.0.0 192.0.32.10 128.0.0.0 UG 0 0 0 vpn - 0.0.0.0 192.0.32.10 128.0.0.0 UG 0 0 0 vpn + 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 + 128.0.0.0 172.16.1.1 128.0.0.0 UG 0 0 0 vpn + 0.0.0.0 172.16.1.1 128.0.0.0 UG 0 0 0 vpn 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 Since both /1 cover all possible addresses, the real default route will never be used while the two /1 routes are present. @@ -66,10 +69,11 @@ The following scripts are Linux specific: `/etc/tinc/myvpn/hosts/server-up`: #!/bin/sh - VPN_GATEWAY=192.168.1.1 + VPN_GATEWAY=172.16.1.1 ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY + ip route add $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE @@ -79,6 +83,7 @@ The following scripts are Linux specific: ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY + ip route del $VPN_GATEWAY dev $INTERFACE ip route del 0.0.0.0/1 dev $INTERFACE ip route del 128.0.0.0/1 dev $INTERFACE @@ -89,7 +94,36 @@ to create the exception route to the VPN server. ### Further configuration -The only thing left is to ensure the tinc daemons know which node to send all packets to. +One must also ensure the tinc daemons know which node to send all packets to. Make sure the following line is in `/etc/tinc/myvpn/hosts/server`: Subnet = 0.0.0.0/0 + +Make sure you have masquerading or another form of routing set up on the server. +Do not forget to allow forwarding of packets; check your firewall settings, and +make sure forwarding is enabled in the kernel: + + echo 1 >/proc/sys/net/ipv4/ip_forward + +You can also set up portforwarding or proxies to be able to connect to services +running on the clients from the rest of the Internet. + +### Router versus switch mode + +The examples given above will work with both router and switch mode. +However, in router mode, there is actually no such thing as a gateway route. +For example, the following three lines in the tinc-up script: + + ip route add $VPN_GATEWAY dev $INTERFACE + ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE + ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE + +Can be replaced with the following two lines without any problem: + + ip route add 0.0.0.0/1 dev $INTERFACE + ip route add 128.0.0.0/1 dev $INTERFACE + +In fact, one does not have to set the VPN_GATEWAY variable at all. +In switch mode, the gateway routes are necessary. +However, since Subnet statements are ignored in switch mode, +you do not have to add `Subnet = 0.0.0.0/0` to `/etc/tinc/myvpn/hosts/server` in that case. -- 2.20.1 From 9c9765755b3d845f70ad41cc774721be7e310826 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 10 May 2011 23:13:31 +0200 Subject: [PATCH 11/16] Add a table of contents to the redirect-gateway example. --- examples/redirect-gateway.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/redirect-gateway.mdwn b/examples/redirect-gateway.mdwn index a6b2001..61b4888 100644 --- a/examples/redirect-gateway.mdwn +++ b/examples/redirect-gateway.mdwn @@ -9,6 +9,8 @@ With tinc, there is no such option, but the behaviour can be replicated with a h First there is an explaination of the theory behind redirecting the default gateway, then example scripts will follow. +[[!toc levels=2]] + ### Theory Normally, there are two entries in the routing table. -- 2.20.1 From 0e0a525a05c6919129ec0046f3144dfe9ec7cc6f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 14 May 2011 13:48:38 +0200 Subject: [PATCH 12/16] Update cross-compiling examples. - Make sure the mingw/mingw64 scripts are executable. - Execute quilt pop -a in the OpenSSL source tree to remove Debian-specific patches that might break cross-compilation. --- .../cross-compiling-64-bit-windows-binary.mdwn | 5 +++++ examples/cross-compiling-windows-binary.mdwn | 17 ++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/examples/cross-compiling-64-bit-windows-binary.mdwn b/examples/cross-compiling-64-bit-windows-binary.mdwn index be17ae2..cf4a9b5 100644 --- a/examples/cross-compiling-64-bit-windows-binary.mdwn +++ b/examples/cross-compiling-64-bit-windows-binary.mdwn @@ -67,6 +67,7 @@ use the 64-bit MinGW version of GCC and binutils: export PATH="/usr/amd64-mingw32msvc/bin:$PATH" exec "$@" EOF + chmod u+x $HOME/bin/mingw64 If `$HOME/bin` is not already part of your `$PATH`, you need to add it: @@ -105,9 +106,13 @@ tests, so we only build the static library here: ### Compiling OpenSSL Although older versions will not compile, OpenSSL 1.0.0 is easy. +However, `apt-get source` will have applied +Debian-specific patches that break cross-compiling a Windows binary. +You need to undo those patches first. Do not use the `-j` option when compiling OpenSSL, it will break. cd $HOME/mingw64/openssl-1.0.0 + quilt pop -a mingw64 ./Configure --openssldir=$HOME/mingw64/usr/local mingw64 mingw64 make mingw64 make install diff --git a/examples/cross-compiling-windows-binary.mdwn b/examples/cross-compiling-windows-binary.mdwn index fbfba1e..5574306 100644 --- a/examples/cross-compiling-windows-binary.mdwn +++ b/examples/cross-compiling-windows-binary.mdwn @@ -61,6 +61,7 @@ use the MinGW version of GCC and binutils: export PATH="/usr/i586-mingw32msvc/bin:$PATH" exec "$@" EOF + chmod u+x $HOME/bin/mingw If `$HOME/bin` is not already part of your `$PATH`, you need to add it: @@ -97,13 +98,23 @@ tests, so we only build the static library here: OpenSSL is always a bit hard to compile, because they have their own `Configure` script that needs some tweaking. There is also a small bug in -e_os2.h that breaks compilation with recent versions of GCC. First download +e_os2.h in OpenSSL 0.9.8 that breaks compilation with recent versions of GCC. +If you have this version of OpenSSL, then first download this [[openssl-cross-compilation.diff]] to your home directory, then patch -OpenSSL, and then compile as usual. Do not use the `-j` option when compiling -OpenSSL, it will break. +OpenSSL: cd $HOME/mingw/openssl-0.9.8k patch < $HOME/openssl-cross-compilation.diff + +With OpenSSL 1.0.0, this problem is no longer present. However, `apt-get source` will have applied +Debian-specific patches that break cross-compiling a Windows binary. You need to undo those patches first: + + cd $HOME/mingw/openssl-0.9.8k + quilt pop -a + +Now you can compile OpenSSL. +Do not use the `-j` option when compiling OpenSSL, it will break. + mingw ./Configure --openssldir=$HOME/mingw/usr/local mingw mingw make mingw make install -- 2.20.1 From 95121789553b6b1c804921846caefe2bca8f7e06 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 25 May 2011 21:15:18 +0200 Subject: [PATCH 13/16] Add initial roadmap and tasks pages. --- roadmap.mdwn | 27 +++++++++++++++++++++++++++ tasks.mdwn | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 roadmap.mdwn create mode 100644 tasks.mdwn diff --git a/roadmap.mdwn b/roadmap.mdwn new file mode 100644 index 0000000..c4be786 --- /dev/null +++ b/roadmap.mdwn @@ -0,0 +1,27 @@ +## Roadmap + +This is a tentative list of features that will be added to future versions of tinc. + +### Tinc 1.0.15 + +* Reading public/private keys from the commandline. +* Reading configuration from standard input. + +### Tinc 1.1.0 + +* CLI to running tincd instance. +* GUI to running tincd instance. + +### Tinc 1.1.X + +* HTML administration. +* CLI and/or GUI wizard to set up a VPN more easily. +* NetworkManager support. +* RSA key propagation. +* Allow TLS to be used for meta-connections. + +### Tinc 2.0 + +* Integration with libfides. +* Use TLS for meta-connections. +* PFS. diff --git a/tasks.mdwn b/tasks.mdwn new file mode 100644 index 0000000..338053d --- /dev/null +++ b/tasks.mdwn @@ -0,0 +1,44 @@ +## Tasks + +What follows is a list of tasks that interested persons could perform to improve tinc. +If you want to work on a task, join the tinc-devel [[mailing list|mail]], and state your intention. +We can give further help there. + +It is recommended that you use [[repository|git]] to create your own branch of a stable tinc release, +and make your changes public, +either by setting up your own git server or using [github](https://github.com/gsliepen/tinc), for example. +This allows us to review the changes, and when they are ready merge them into the official git repository. +But sending patches privately via email is also possible. + +You can also suggest tasks. + +### Non-coding tasks + +* Update the documentation. +Currently not all features are documented, or they are not documented clearly. +Platform-specific information (such as how to configure the network interfaces, routes, firewall, etc.) could be improved. +Some [[examples]] could be included in the manual. +One might also try to improve the visual appearance (for example, the PDF generated from the texinfo manual is very bland). + +* Add more [[examples]] to the wiki. + +* Update the logo. +Having the current logo in a vector graphics format would be very helpful. +It could also be made a little more stylistic, or perhaps replaced with something else entirely. +Keeping it simple and related to [There Is No Cabal](http://en.wikipedia.org/wiki/Tinc) +and [black helicopters](http://en.wikipedia.org/wiki/Black_helicopter) would be preferred. + +* Update the visual appearence of the wiki. +The current style is very simple. +It could do with a little more color to break the monochrome look, +and the top and sidebars could be made a little more fancy with the appropriate amount of CSS. +The website should not be cluttered, should load fast, must work with small and big screen sizes, +and must work in text browsers. + +### Basic coding tasks + +### Advanced coding tasks + +### GUI tasks + +* Write a NetworkManager GUI for tinc. -- 2.20.1 From 9dac714840027e4b504b976e3cb439be48d7f0a5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 21 Jun 2011 23:12:17 +0200 Subject: [PATCH 14/16] Remove confusing text at end of redirect-gateway example. --- examples/redirect-gateway.mdwn | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/examples/redirect-gateway.mdwn b/examples/redirect-gateway.mdwn index 61b4888..7fb1691 100644 --- a/examples/redirect-gateway.mdwn +++ b/examples/redirect-gateway.mdwn @@ -114,8 +114,10 @@ running on the clients from the rest of the Internet. The examples given above will work with both router and switch mode. However, in router mode, there is actually no such thing as a gateway route. -For example, the following three lines in the tinc-up script: +In that mode, the following four lines in the tinc-up script: + VPN_GATEWAY=... + ip route add $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE @@ -124,8 +126,3 @@ Can be replaced with the following two lines without any problem: ip route add 0.0.0.0/1 dev $INTERFACE ip route add 128.0.0.0/1 dev $INTERFACE - -In fact, one does not have to set the VPN_GATEWAY variable at all. -In switch mode, the gateway routes are necessary. -However, since Subnet statements are ignored in switch mode, -you do not have to add `Subnet = 0.0.0.0/0` to `/etc/tinc/myvpn/hosts/server` in that case. -- 2.20.1 From 6a82785faf7490c0812345d13c33f8a3d9afe43a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 24 Jun 2011 16:31:21 +0200 Subject: [PATCH 15/16] Releasing 1.0.15. --- docs.mdwn | 4 ++-- download.mdwn | 21 +++++++++++++++------ index.mdwn | 2 +- news/release-1.0.15.mdwn | 10 ++++++++++ 4 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 news/release-1.0.15.mdwn diff --git a/docs.mdwn b/docs.mdwn index 64cf3b3..3a6fa59 100644 --- a/docs.mdwn +++ b/docs.mdwn @@ -18,12 +18,12 @@ This text describes how to set up a VPN using tinc. It also contains a chapter with more technical details, which you may want to read, as well as the ideas behind tinc. This manual is currently up to date with version -1.0.14. +1.0.15. ### Manpages You can also view the HTML version of the manpages that come with -version 1.0.14 of tinc: +version 1.0.15 of tinc: - [tincd(8)](/documentation/tincd.8) - [tinc.conf(5)](/documentation/tinc.conf.5) diff --git a/download.mdwn b/download.mdwn index 6886fd8..da75d53 100644 --- a/download.mdwn +++ b/download.mdwn @@ -12,15 +12,15 @@ packages you should contact its maintainer. ### Latest release -[[!inline pages="news/release-1.0.14" template=newsitemnoheader feeds="no"]] +[[!inline pages="news/release-1.0.15" template=newsitemnoheader feeds="no"]] - -
**Version**1.0.14 + +
**Version**1.0.15
**Source** -[tinc-1.0.14.tar.gz](/packages/tinc-1.0.14.tar.gz) -([sig](/packages/tinc-1.0.14.tar.gz.sig)) +[tinc-1.0.15.tar.gz](/packages/tinc-1.0.15.tar.gz) +([sig](/packages/tinc-1.0.15.tar.gz.sig))
**Packages** -[Windows XP/Vista/7](/packages/windows/tinc-1.0.14-install.exe) +[Windows XP/Vista/7](/packages/windows/tinc-1.0.15-install.exe)
### Mirror sites @@ -62,6 +62,15 @@ using one of these packages. ### Older versions + +
**Version**1.0.14 +
**Source** +[tinc-1.0.14.tar.gz](/packages/tinc-1.0.14.tar.gz) +([sig](/packages/tinc-1.0.14.tar.gz.sig)) +
**Packages** +[Windows XP/Vista/7](/packages/windows/tinc-1.0.14-install.exe) +
+
**Version**1.0.13
**Source** diff --git a/index.mdwn b/index.mdwn index 5fc93c7..81207da 100644 --- a/index.mdwn +++ b/index.mdwn @@ -1,6 +1,6 @@ # Welcome to tinc! -### Latest version: [[1.0.14|download]] +### Latest version: [[1.0.15|download]] ### Latest news: diff --git a/news/release-1.0.15.mdwn b/news/release-1.0.15.mdwn new file mode 100644 index 0000000..289c21d --- /dev/null +++ b/news/release-1.0.15.mdwn @@ -0,0 +1,10 @@ +[[!meta author="guus"]] +[[!meta date="June 24th 2011"]] + +Version 1.0.15 released. + +* Improved logging to file. +* Reduced amount of process wakeups on platforms which support pselect(). +* Fixed ProcessPriority option under Windows. + +Thanks to Loïc Grenié for his contribution to this version of tinc. -- 2.20.1 From 88ee1b36fdb4dc15070d298b3666fcd4fca026b9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 24 Jun 2011 22:29:28 +0200 Subject: [PATCH 16/16] Update links to CloudVPN and GVPE. --- vpnlinks.mdwn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vpnlinks.mdwn b/vpnlinks.mdwn index 9218ec2..017d466 100644 --- a/vpnlinks.mdwn +++ b/vpnlinks.mdwn @@ -19,10 +19,10 @@ here, please [[tell us|contact]]. - [Amrita VPN](http://amvpn.sourceforge.net/) - [CIPE](http://cipe-linux.sourceforge.net/) -- [CloudVPN](http://dev.e-x-a.org/projects/cloudvpn/) +- [CloudVPN](http://dev.e-x-a.org/projects/cloudvpn/wiki) - [FairVPN](http://minerva.netgroup.uniroma2.it/fairvpn) - [FreeS/WAN](http://www.freeswan.org/) -- [GVPE](http://savannah.gnu.org/projects/gvpe/) +- [GVPE](http://software.schmorp.de/pkg/gvpe.html) - [l2tpd](http://sourceforge.net/projects/l2tpd) - [Nest](http://www.targeted.org/nest/) - [OpenS/WAN](http://www.openswan.org/) -- 2.20.1