-.Dd 2016-04-11
+.Dd 2017-09-02
.Dt TINC.CONF 5
.\" Manual page created by:
.\" Ivo Timmermans
.Qq any
is selected, then depending on the operating system both IPv4 and IPv6 or just
IPv6 listening sockets will be created.
-.It Va AutoConnect Li = yes | no Po no Pc Bq experimental
+.It Va AutoConnect Li = yes | no Pq yes
If set to yes,
.Nm tinc
will automatically set up meta connections to other nodes,
.Pp
If you don't specify a host with
.Va ConnectTo
-and don't enable
+and have disabled
.Va AutoConnect ,
.Nm tinc
won't try to connect to other daemons at all,
daemons to the same multicast address, this will very likely cause routing loops.
Also note that this can cause decrypted VPN packets to be sent out on a real network if misconfigured.
.It fd
-Use a file descriptor.
+Use a file descriptor, given directly as an integer or passed through a unix domain socket.
+On Linux, an abstract socket address can be specified by using "@" as a prefix.
All packets are read from this interface.
Packets received for the local node are written to it.
.It uml Pq not compiled in by default
Create a UNIX socket with the filename specified by
.Va Device ,
or
-.Pa @localstatedir@/run/ Ns Ar NETNAME Ns Pa .umlsocket
+.Pa @runstatedir@/ Ns Ar NETNAME Ns Pa .umlsocket
if not specified.
.Nm tinc
will wait for a User Mode Linux instance to connect to this socket.
using the UNIX socket specified by
.Va Device ,
or
-.Pa @localstatedir@/run/vde.ctl
+.Pa @runstatedir@/vde.ctl
if not specified.
.El
Also, in case tinc does not seem to correctly interpret packets received from the virtual network device,
.Pp
This is the default mode, and unless you really know you need another forwarding mode, don't change it.
.It kernel
-Incoming packets are always sent to the TUN/TAP device, even if the packets are not for the local node.
+Incoming packets using the legacy protocol are always sent to the TUN/TAP device,
+even if the packets are not for the local node.
This is less efficient, but allows the kernel to apply its routing and firewall rules on them,
and can also help debugging.
+Incoming packets using the SPTPS protocol are dropped, since they are end-to-end encrypted.
.El
+.It Va FWMark Li = Ar value Po 0 Pc Bq experimental
+When set to a non-zero value, all TCP and UDP sockets created by tinc will use the given value as the firewall mark.
+This can be used for mark-based routing or for packet filtering.
+This option is currently only supported on Linux.
.It Va Hostnames Li = yes | no Pq no
This option selects whether IP addresses (both real and on the VPN) should
be resolved. Since DNS lookups are blocking, it might affect tinc's
which normally would prevent the peers from learning each other's LAN address.
.Pp
Currently, local discovery is implemented by sending some packets to the local address of the node during UDP discovery. This will not work with old nodes that don't transmit their local address.
+.It Va LogLevel Li = level Pq 0
+This option controls the verbosity of the logging. The higher the debug level, the more messages it will log.
.It Va MACExpire Li = Ar seconds Pq 600
This option controls the amount of time MAC addresses are kept before they are removed.
This only has effect when
This guarantees that scripts will execute in the exact same order as the events that trigger them.
If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background.
.Pp
-Under Windows (not Cygwin), the scripts must have the extension
+Under Windows, the scripts must have the extension
.Pa .bat
or
.Pa .cmd .
If an executable file with this name exists,
it will be executed right before the tinc daemon is going to close
its connection to the virtual network device.
+.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /invitations/
+This directory contains outstanding invitations.
+.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /invitation-data
+After a successful join, this file contains a copy of the invitation data received.
.El
.Sh SEE ALSO
.Xr tincd 8 ,
projects / tinc / blobdiff