\input texinfo @c -*-texinfo-*-
-@c $Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $
+@c $Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
@c %**start of header
@setfilename tinc.info
@settitle tinc Manual
This is the info manual for tinc, a Virtual Private Network daemon.
-Copyright @copyright{} 1998,199,2000 Ivo Timmermans
+Copyright @copyright{} 1998-2001 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>.
-$Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $
+$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
@page
@vskip 0pt plus 1filll
@cindex copyright
-Copyright @copyright{} 1998,1999,2000 Ivo Timmermans
+Copyright @copyright{} 1998-2001 Ivo Timmermans
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>.
-$Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $
+$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
* Multiple networks::
* How connections work::
* Configuration file::
+* Required directives::
* Example::
@end menu
@c ==================================================================
-@node Configuration file, Example, How connections work, Configuring tinc
+@node Configuration file, Required directives, How connections work, Configuring tinc
@section Configuration file
The actual configuration of the daemon is done in the file
address.
@item KeyExpire = <seconds> (3600)
-This option controls the time the encryption keys used to encrypt the
-data are valid. It is common practice to change keys at regular
-intervals to make it even harder for crackers, even though it is thought
-to be nearly impossible to crack a single key.
+This option controls the time the encryption keys used to encrypt the data
+are valid. It is common practice to change keys at regular intervals to
+make it even harder for crackers, even though it is thought to be nearly
+impossible to crack a single key.
+
+@item ListenPort = <port> (655)
+Listen on local port port. The computer connecting to this daemon should
+use this number as the argument for his ConnectPort.
+
+@item MyOwnVPNIP = <local address[/maskbits]> (required)
+The local address is the number that the daemon will propagate to
+other daemons on the network when it is identifying itself. Hence this
+will be the file name of the passphrase file that the other end expects
+to find the passphrase in.
+
+The local address is the IP address of the tap device, not the real IP
+address of the host running tincd. Due to changes in recent kernels, it
+is also necessary that you make the ethernet (also known as MAC) address
+equal to the IP address (see the example).
+
+maskbits is the number of bits set to 1 in the netmask part.
+
+@item MyVirtualIP = <local address[/maskbits]>
+This is an alias for MyOwnVPNIP.
@item @strong{Name = <name>}
This is a symbolic name for this connection. It can be anything
same amount of seconds, the connection is terminated, and the others
will be notified of this.
-@item PrivateKey = <key>
+@item @strong{PrivateKey = <key>}
This is the RSA private key for tinc. However, for safety reasons it is
advised to store private keys of any kind in separate files. This prevents
accidental eavesdropping if you are editting the configuration file.
generated by ``tincd --generate-keys''. It must be a full path, not a
relative directory.
-Note that exactly @strong{one of the above two options} must be specified.
+@item PublicKey = <key>
+This is the full path name of the RSA public key file that was generated
+by ``tincd --generate-keys''. It must be a full path, not a relative
+directory. (NOTE: In version 1.0pre3, this variable was used to give
+the key inline. This is no longer supported.)
+
+@item Subnet = <IP address/maskbits>
+This is the subnet range of all IP addresses that will be accepted by
+the host that defines it. Please be careful that no two subnets
+overlap. Every host @strong{must} have a different range of IP
+addresses that it can handle, otherwise you will see messages like
+`packet comes back to us'.
@item TapDevice = <device> (/dev/tap0)
The ethertap device to use. Note that you can only use one device per
daemon. The info pages of the tinc package contain more information
about configuring an ethertap device for Linux.
-@item VpnMask = <mask>
-The mask that defines the scope of the entire VPN. This option is not
-used by the tinc daemon itself, but can be used by startup scripts to
-configure the ethertap devices correctly.
+@item TCPonly = <yes|no> (no, experimental)
+If this variable is set to yes, then the packets are tunnelled over a TCP
+connection instead of a UDP connection. This is especially useful for those
+who want to run a tinc daemon from behind a masquerading firewall, or if
+UDP packet routing is disabled somehow. This is experimental code,
+try this at your own risk.
+
+@item VpnMask = <mask> (optional)
+The mask that defines the scope of the entire VPN. This option is not used
+by the tinc daemon itself, but can be used by startup scripts to configure
+the ethertap devices correctly.
@end table
@c ==================================================================
-@node Example, , Configuration file, Configuring tinc
+@node Example, , Required directives, Configuring tinc
@section Example
@item Network address and subnet mask do not match!
@table @bullet
-@item The Subnet field must contain a network address. That means that
-the lower order bits of the address must be zero. For example, 192.168.1.1/24
-is wrong, you should use 192.168.1.0/24.
-@item If you only want to use one IP address, set the netmask to /32.
+@item The Subnet field must contain a network address
+If you only want to use one IP address, set the netmask to /32.
@end table
@item This is a bug: net.c:253: 24: Some error
@end table
+@end table
@c ==================================================================
@node Technical information, About us, Running tinc, Top
@chapter Technical information
+
@menu
* The Connection::
* Security::
projects / tinc / blobdiff