This is only used if
.Va ExperimentalProtocol
is enabled.
-.It Va ExperimentalProtocol Li = yes | no Po no Pc Bq experimental
-When this option is enabled, experimental protocol enhancements will be used.
+.It Va ExperimentalProtocol Li = yes | no Pq yes
+When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
Ephemeral ECDH will be used for key exchanges,
and ECDSA will be used instead of RSA for authentication.
When enabled, an ECDSA key must have been generated before with
.Nm tinc generate-ecdsa-keys .
-The experimental protocol may change at any time,
-and there is no guarantee that tinc will run stable when it is used.
.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
This option selects the way indirect packets are forwarded.
.Bl -tag -width indent
.Qq none
will turn off packet encryption.
It is best to use only those ciphers which support CBC mode.
+This option has no effect for connections between nodes using
+.Va ExperimentalProtocol .
.It Va ClampMSS Li = yes | no Pq yes
This option specifies whether tinc should clamp the maximum segment size (MSS)
of TCP packets to the path MTU. This helps in situations where ICMP
Furthermore, specifying
.Qq none
will turn off packet authentication.
+This option has no effect for connections between nodes using
+.Va ExperimentalProtocol .
.It Va IndirectData Li = yes | no Pq no
When set to yes, other nodes which do not already have a meta connection to you
will not try to establish direct communication with you.
Can be anything from
.Qq 0
up to the length of the digest produced by the digest algorithm.
+This option has no effect for connections between nodes using
+.Va ExperimentalProtocol .
.It Va PMTU Li = Ar mtu Po 1514 Pc
This option controls the initial path MTU to this node.
.It Va PMTUDiscovery Li = yes | no Po yes Pc