-This is the README file for tinc version 1.0.8. Installation
+This is the README file for tinc version 1.1pre2. Installation
instructions may be found in the INSTALL file.
-tinc is Copyright (C) 1998-2007 by:
+tinc is Copyright (C) 1998-2011 by:
Ivo Timmermans,
Guus Sliepen <guus@tinc-vpn.org>,
your option) any later version. See the file COPYING for more details.
-Security statement
-------------------
+This is a pre-release
+---------------------
-In August 2000, we discovered the existence of a security hole in all versions
-of tinc up to and including 1.0pre2. This had to do with the way we exchanged
-keys. Since then, we have been working on a new authentication scheme to make
-tinc as secure as possible. The current version uses the OpenSSL library and
-uses strong authentication with RSA keys.
+Please note that this is NOT a stable release. Until version 1.1.0 is released,
+please use one of the 1.0.x versions if you need a stable version of tinc.
-On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
-1.0pre4. Due to a lack of sequence numbers and a message authentication code
-for each packet, an attacker could possibly disrupt certain network services or
-launch a denial of service attack by replaying intercepted packets. The current
-version adds sequence numbers and message authentication codes to prevent such
-attacks.
+Although tinc 1.1 will be protocol compatible with tinc 1.0.x, the
+functionality of the tincctl program may still change, and the control socket
+protocol is not fixed yet.
-On September the 15th of 2003, Peter Gutmann contacted us and showed us a
-writeup describing various security issues in several VPN daemons. He showed
-that tinc lacks perfect forward security, the connection authentication could
-be done more properly, that the sequence number we use as an IV is not the best
-practice and that the default length of the HMAC for packets is too short in
-his opinion. We do not know of a way to exploit these weaknesses, but we will
-address these issues in tinc 2.0.
-
-Cryptography is a hard thing to get right. We cannot make any
-guarantees. Time, review and feedback are the only things that can
-prove the security of any cryptographic product. If you wish to review
-tinc or give us feedback, you are stronly encouraged to do so.
+Security statement
+------------------
-Changes to configuration file format since 1.0pre5
---------------------------------------------------
+This version uses an experimental and unfinished cryptographic protocol. Use
+it at your own risk.
-Some configuration variables have different names now. Most notably "TapDevice"
-should be changed into "Device", and "Device" should be changed into
-"BindToDevice".
Compatibility
-------------
-Version 1.0.8 is compatible with 1.0pre8, 1.0 and later, but not with older
+Version 1.1pre2 is compatible with 1.0pre8, 1.0 and later, but not with older
versions of tinc.
+When the ExperimentalProtocol option is used, tinc is still compatible with
+1.0.X and 1.1pre2 itself, but not with any other 1.1preX version.
+
Requirements
------------
-Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you
-need to install this library first; grab it from
-http://www.openssl.org/. You will need version 0.9.7 or later. If
-this library is not installed on you system, configure will fail. The
-manual in doc/tinc.texi contains more detailed information on how to
-install this library.
+Either OpenSSL (http://www.openssl.org/) or libgcrypt
+(http://www.gnupg.org/download/#libgcrypt).
-Since 1.0pre6, the zlib library is used for optional compression. You need this
-library whether or not you plan to enable the compression. You can find it at
-http://www.gzip.org/zlib/. Because of a possible exploit in earlier versions we
-recommand that you download version 1.1.4 or later.
+The zlib library is used for optional compression. You can find it at
+http://www.gzip.org/zlib/.
-Since 1.0, the lzo library is also used for optional compression. You need this
-library whether or not you plan to enable compression. You can find it at
+The lzo library is also used for optional compression. You can find it at
http://www.oberhumer.com/opensource/lzo/.
-In order to compile tinc, you will need a GNU C compiler environment.
+Since 1.1, the libevent library is used for the main event loop. You can find
+it at http://monkey.org/~provos/libevent/.
+
+In order to compile tinc, you will need a GNU C compiler environment. Please
+ensure you have the latest stable versions of all the required libraries.
Features
IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from
the iproute package) to give the virtual network interface corresponding IPv6
addresses. tinc does not provide autoconfiguration for IPv6 hosts, if you need
-it use radvd or zebra. Tunneling IPv6 packets only works on Linux, FreeBSD,
-Windows and possibly OpenBSD.
+it use radvd or zebra.
It is also possible to make tunnels to other tinc daemons over IPv6 networks,
if the operating system supports IPv6. tinc will automatically use both IPv6
projects / tinc / blobdiff