-.Dd 2013-01-14
+.Dd 2014-01-29
.Dt TINC.CONF 5
.\" Manual page created by:
.\" Ivo Timmermans
.Sh PUBLIC/PRIVATE KEYS
The
.Nm tinc Li init
-command will have generated both RSA and ECDSA public/private keypairs.
+command will have generated both RSA and Ed25519 public/private keypairs.
The private keys should be stored in files named
.Pa rsa_key.priv
and
-.Pa ecdsa_key.priv
+.Pa ed25519_key.priv
in the directory
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /
The public keys should be stored in the host configuration file
.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME .
The RSA keys are used for backwards compatibility with tinc version 1.0.
If you are upgrading from version 1.0 to 1.1, you can keep the old configuration files,
-but you will need to create ECDSA keys using the following command:
+but you will need to create Ed25519 keys using the following command:
.Bd -literal -offset indent
-.Nm tinc Fl n Ar NETNAME Li generate-ecdsa-keys
+.Nm tinc Fl n Ar NETNAME Li generate-ed25519-keys
.Ed
.Sh SERVER CONFIGURATION
The server configuration of the daemon is done in the file
.Qq any
is selected, then depending on the operating system both IPv4 and IPv6 or just
IPv6 listening sockets will be created.
-.It Va AutoConnect Li = Ar count Po 0 Pc Bq experimental
-If set to a non-zero value,
+.It Va AutoConnect Li = yes | no Po no Pc Bq experimental
+If set to yes,
.Nm
-will try to only have
-.Ar count
-meta connections to other nodes,
-by automatically making or breaking connections to known nodes.
-Higher values increase redundancy but also increase meta data overhead.
-When using this option, a good value is 3.
+will automatically set up meta connections to other nodes,
+without requiring
+.Va ConnectTo
+variables.
.It Va BindToAddress Li = Ar address Op Ar port
This is the same as
.Va ListenAddress ,
line).
.Pp
If you don't specify a host with
-.Va ConnectTo ,
+.Va ConnectTo
+and don't enable
+.Va AutoConnect ,
.Nm tinc
won't try to connect to other daemons at all,
and will instead just listen for incoming connections.
but which would have to be forwarded by an intermediate node, are dropped instead.
When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.
-.It Va ECDSAPrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /ecdsa_key.priv Pc
-The file in which the private ECDSA key of this tinc daemon resides.
+.It Va Ed25519PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /ed25519_key.priv Pc
+The file in which the private Ed25519 key of this tinc daemon resides.
This is only used if
.Va ExperimentalProtocol
is enabled.
.It Va ExperimentalProtocol Li = yes | no Pq yes
When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
Ephemeral ECDH will be used for key exchanges,
-and ECDSA will be used instead of RSA for authentication.
-When enabled, an ECDSA key must have been generated before with
-.Nm tinc generate-ecdsa-keys .
+and Ed25519 will be used instead of RSA for authentication.
+When enabled, an Ed25519 key must have been generated before with
+.Nm tinc generate-ed25519-keys .
.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
This option selects the way indirect packets are forwarded.
.Bl -tag -width indent
.Pp
Since version 1.0.10, tinc will automatically detect whether communication via
UDP is possible or not.
+.It Va Weight Li = Ar weight
+If this variable is set, it overrides the weight given to connections made with
+another host. A higher
+.Ar weight
+means a lower priority is given to this connection when broadcasting or
+forwarding packets.
.El
.Sh SCRIPTS
Apart from reading the server and host configuration files,
projects / tinc / blobdiff