X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.conf.5;h=8f0dc8966de8251c6785a0eb248567cfcbe81023;hp=930bb060f6a06d4d35892dca3e214ac4702a4099;hb=4493b0650bd487990ca9d2802496ad0ee7c06247;hpb=4811afa073c871f2a52dfd5139bd0171046365eb diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 930bb060..8f0dc896 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -1,9 +1,9 @@ -.TH TINC 5 "May 2000" "tinc version 1.0" "FSF" +.TH TINC 5 "Jan 2001" "tinc version 1.0pre4" "FSF" .SH NAME -tincd.conf \- tinc daemon configuration +tinc.conf \- tinc daemon configuration .SH "DESCRIPTION" The files in the \fI/etc/tinc\fR directory contain runtime and -security information for the \fBtinc\fR(8) daemon. +security information for the \fBtincd\fR(8) daemon. .PP .SH "NETWORKS" It is perfectly ok for you to run more than one tinc daemon. However, @@ -23,7 +23,7 @@ However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be -\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be +\fI/etc/tinc/tinc.conf\fR, and the passphrases are now expected to be in \fI/etc/tinc/passphrases/\fR. But it is highly recommended that you use this feature of tinc, @@ -36,8 +36,9 @@ it will be part of. The name will be used by other tinc daemons for identification. The name has to be declared in the \fI/etc/tinc/\fBnn\fI/tinc.conf\fR file. -To make things easy, choose something that will give unique names to -your tinc daemon(s): hostnames, owner surnames, location. +To make things easy, choose something that will give unique and easy +to rememebr names to your tinc daemon(s). +You could try things like hostnames, owner surnames or location names. .PP .SH "PUBLIC/PRIVATE KEYS" You should use \fBtincd --generate-keys\fR to generate public/private @@ -50,7 +51,7 @@ for the name of the tinc daemon (See \fBNAMES\fR). .PP .SH "SERVER CONFIGURATION" The server configuration of the daemon is done in the file -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR. +\fI/etc/tinc/\fBnn\fI/tinc.conf\fR. This file consists of comments (lines started with a \fB#\fR) or assignments in the form of @@ -87,18 +88,6 @@ a lookup if your DNS server is not responding. This does not affect resolving hostnames to IP addresses from the host configuration files. .TP -\fBInterface\fR = <\fIdevice\fR> (optional) -If you have more than one network interface in your computer, tinc will by -default listen on all of them for incoming connections. It is possible to -bind tinc to a single interface like eth0 or ppp0 with this variable. -.TP -\fBInterfaceIP\fR = <\fIlocal address\fR> (optional) -If your computer has more than one IP address on a single interface (for example -if you are running virtual hosts), tinc will by default listen on all of them for -incoming connections. It is possible to bind tinc to a single IP address with -this variable. It is still possible to listen on several interfaces at the same -time though, if they share the same IP address. -.TP \fBKeyExpire\fR = <\fIseconds\fR> (3600) This option controls the time the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to @@ -115,10 +104,16 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. .TP -\fBPrivateKey\fR = <\fIkey\fR> (required) +\fBPrivateKey\fR = <\fIkey\fR> The private RSA key of this tinc daemon. It will allow this tinc daemon to authenticate itself to other daemons. .TP +\fBPrivateKeyFile\fR = <\fIfilename\fR> +The file in which the private RSA key of this tinc daemon resides. + +Note that there must be exactly one of \fBPrivateKey\fR or \fBPrivateKeyFile\fR +specified in the configuration file. +.TP \fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0) The ethertap or tun/tap device to use. tinc will automatically detect what kind of tapdevice it is. @@ -145,10 +140,17 @@ The real address or hostname of this tinc daemon. \fBPort\fR = <\fIport number\fR> (655) The port on which this tinc daemon is listening for incoming connections. .TP -\fBPublicKey\fR = <\fIkey\fR> (required) +\fBPublicKey\fR = <\fIkey\fR> The public RSA key of this tinc daemon. It will be used to cryptographically verify it's identity and to set up a secure connection. .TP +\fBPublicKeyFile\fR = <\fIfilename\fR> +The file in which the public RSA key of this tinc daemon resides. + +Note that there must be exactly one of \fBPublicKey\fR or \fBPublicKeyFile\fR +specified in each host configuration file, if you want to be able to establish +a connection with that host. +.TP \fBSubnet\fR = <\fIaddress/masklength\fR> (optional) The subnet which this tinc daemon will serve. tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. If the @@ -193,7 +195,7 @@ tap device. .TP \fBhttp://tinc.nl.linux.org/\fR .TP -\fBhttp://www.kernelnotes.org/guides/NAG/\fR +\fBhttp://www.linuxdoc.org/LDP/nag2/\fR .PP The full documentation for .B tinc