X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.conf.5;fp=doc%2Ftinc.conf.5;h=0000000000000000000000000000000000000000;hp=42d9cf28606b955da61a510cd967e4a5de75a51d;hb=013a2e159e42c46808ea8d0b6abd57525db30a50;hpb=efa5148bc76effb440d807d653dda02de050fde0 diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 deleted file mode 100644 index 42d9cf28..00000000 --- a/doc/tinc.conf.5 +++ /dev/null @@ -1,196 +0,0 @@ -.TH TINC 5 "May 2000" "tinc version 1.0" "FSF" -.SH NAME -tincd.conf \- tinc daemon configuration -.SH "DESCRIPTION" -The files in the \fI/etc/tinc\fR directory contain runtime and -security information for the \fBtinc\fR(8) daemon. -.PP -.SH "NETWORKS" -It is perfectly ok for you to run more than one tinc daemon. However, -in its default form, you will soon notice that you can't use two -different configuration files without the \fI-c\fR option. - -We have thought of another way of dealing with this: network -names. This means that you call \fBtincd\fR with the \fI-n\fR argument, -which will assign a name to this daemon. - -The effect of this is that the daemon will set its configuration -``root'' to \fI/etc/tinc/\fBnn\fI/\fR, where \fBnn\fR is your argument -to the \fI-n\fR option. You'll notice that it appears in syslog as -``tincd.\fBnn\fR''. - -However, it is not strictly necessary that you call tinc with the -n -option. In this case, the network name would just be empty, and it -will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, -instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be -\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be -in \fI/etc/tinc/passphrases/\fR. - -But it is highly recommended that you use this feature of tinc, -because it will be so much clearer whom your daemon talks to. Hence, -we will assume that you use it. -.PP -.SH "PASSPHRASES" -You should use the \fBgenauth\fR(8) program to generate passphrases. -with, it accepts a single parameter, which is the number of bits the -passphrase should be. Its output should be stored in -\fI/etc/tinc/\fBnn\fI/passphrases/local\fR \-\- where \fBnn\fR stands -for the network (See under \fBNETWORKS\fR) above. - -Please see the manpage for \fBgenauth\fR to learn more about setting -up an authentication scheme. -.PP -.SH "CONFIGURATION" -The actual configuration of the daemon is done in the file -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR. - -This file consists of comments (lines started with a \fB#\fR) or -assignments in the form of -.PP -.Vb 1 -\& \fIVariable \fB= \fIValue\fR. -.Ve -.PP -The variable names are case insensitive, and any spaces, tabs, -newlines and carriage returns are ignored. \fINote\fR: it is not -required that you put in the \fB=\fR sign, but doing so improves -readability. If you leave it out, remember to replace it with at least -one space character. -.PP -.SH "VARIABLES" -.PP -Here are all valid variables, listed in alphabetical order. The default -value, required or optional is given between parentheses. -.TP -\fBConnectPort\fR = <\fIport\fR> (655) -Connect to the upstream host (given with the \fBConnectTo\fR directive) on -port \fIport\fR. port may be given in decimal (default), octal (when preceded -by a single zero) or hexadecimal (prefixed with 0x). \fIport\fR is the port -number for both the UDP and the TCP (meta) connections. -.TP -\fBConnectTo\fR = <\fIIP address|hostname\fR> (optional) -Specifies which host to connect to on startup. Multiple \fBConnectTo\fR variables -may be specified, if connecting to the first one fails then tinc will try -the next one, and so on. It is possible to specify hostnames for dynamic IP -addresses (like those given on dyndns.org), tinc will not cache the resolved -IP address. - -If you don't specify a host with \fBConnectTo\fR, regardless of whether a -value for \fBConnectPort\fR is given, tinc won't connect at all, and will -instead just listen for incoming connections. -.TP -\fBHostnames\fR = <\fIyes|no\fR> (no) -This option selects whether IP addresses (both real and on the VPN) should -be resolved. Since DNS lookups are blocking, it might affect tinc's -efficiency, even stopping the daemon for a few seconds everytime it does -a lookup if your DNS server is not responding. - -This does not affect resolving hostnames to IP addresses from the configuration -file. -.TP -\fBIndirectData\fR = <\fIyes|no\fR> (no) -This option specifies whether other tinc daemons besides the one you -specified with \fBConnectTo\fR can make a direct connection to you. This is -especially useful if you are behind a firewall and it is impossible -to make a connection from the outside to your tinc daemon. Otherwise, -it is best to leave this option out or set it to no. -.TP -\fBInterface\fR = <\fIdevice\fR> (optional) -If you have more than one network interface in your computer, tinc will by -default listen on all of them for incoming connections. It is possible to -bind tinc to a single interface like eth0 or ppp0 with this variable. -.TP -\fBInterfaceIP\fR = <\fIlocal address\fR> (optional) -If your computer has more than one IP address on a single interface (for example -if you are running virtual hosts), tinc will by default listen on all of them for -incoming connections. It is possible to bind tinc to a single IP address with -this variable. It is still possible to listen on several interfaces at the same -time though, if they share the same IP address. -.TP -\fBKeyExpire\fR = <\fIseconds\fR> (3600) -This option controls the time the encryption keys used to encrypt the data -are valid. It is common practice to change keys at regular intervals to -make it even harder for crackers, even though it is thought to be nearly -impossible to crack a single key. -.TP -\fBListenPort\fR = <\fIport\fR> (655) -Listen on local port \fIport\fR. The computer connecting to this daemon should -use this number as the argument for his \fBConnectPort\fR. -.TP -\fBMyOwnVPNIP\fR = <\fIlocal address[/maskbits]\fR> (required) -The \fIlocal address\fR is the number that the daemon will propagate to -other daemons on the network when it is identifying itself. Hence this -will be the file name of the passphrase file that the other end expects -to find the passphrase in. - -The local address is the IP address of the tap device, not the real IP -address of the host running tincd. Due to changes in recent kernels, it -is also necessary that you make the ethernet (also known as MAC) address -equal to the IP address (see the example). - -\fImaskbits\fR is the number of bits set to 1 in the netmask part. -.TP -\fBMyVirtualIP\fR = <\fIlocal address[/maskbits]> -This is an alias for \fBMyOwnVPNIP\fR. -.TP -\fBPassphrases\fR = <\fIdirectory\fR> (/etc/tinc/NETNAME/passphrases) -The directory where tinc will look for passphrases when someone tries to -connect. Please see the manpage for genauth(8) for more information -about passphrases as used by tinc. -.TP -\fBPingTimeout\fR = <\fIseconds\fR> (5) -The number of seconds of inactivity that tinc will wait before sending a -probe to the other end. If that other end doesn't answer within that -same amount of seconds, the connection is terminated, and the others -will be notified of this. -.TP -\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0) -The ethertap device to use. Note that you can only use one device per -daemon. The info pages of the tinc package contain more information -about configuring an ethertap device for Linux. -.TP -\fBTCPonly\fR = <\fIyes|no\fR> (no, experimental) -If this variable is set to yes, then the packets are tunnelled over a TCP -connection instead of a UDP connection. This is especially useful for those -who want to run a tinc daemon from behind a masquerading firewall, or if -UDP packet routing is disabled somehow. This is experimental code, -try this at your own risk. -.TP -\fBVpnMask\fR = <\fImask\fR> (optional) -The mask that defines the scope of the entire VPN. This option is not used -by the tinc daemon itself, but can be used by startup scripts to configure -the ethertap devices correctly. -.PP -.SH "FILES" -.TP -\fI/etc/tinc/\fR -The top directory for configuration files. -.TP -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR -The default name of the configuration file for net -\fBnn\fR. -.TP -\fI/etc/tinc/\fBnn\fI/passphrases/\fR -Passphrases are kept in this directory. (See the section -\fBPASSPHRASES\fR above). -.PP -.SH "SEE ALSO" -\fBtincd\fR(8), \fBgenauth\fR(8) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.PP -The full documentation for -.B tinc -is maintained as a Texinfo manual. If the -.B info -and -.B tinc -programs are properly installed at your site, the command -.IP -.B info tinc -.PP -should give you access to the complete manual. -.PP -tinc comes with ABSOLUTELY NO WARRANTY. This is free software, -and you are welcome to redistribute it under certain conditions; -see the file COPYING for details.