From 0c879b8eeed3477b0f1cdd2f232e67e38bd9bce6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 13:38:02 +0000 Subject: [PATCH] Updated documentation. --- doc/tinc.conf.5 | 40 +++++++++++++++++++++++++++++----------- doc/tinc.texi | 25 +++++++++++++++++-------- 2 files changed, 46 insertions(+), 19 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 9a1ca75d..7633dca9 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -100,12 +100,15 @@ If you leave it out, remember to replace it with at least one space character. Here are all valid variables, listed in alphabetical order. The default value is given between parentheses. .Bl -tag -width indent -.It Va AddressFamily Li = ipv4 | ipv6 | any Pq ipv4 +.It Va AddressFamily Li = ipv4 | ipv6 | any Po ipv4 Pc Bq experimental This option affects the address family of listening and outgoing sockets. If .Qq any -is selected, then the listening sockets will be IPv6 sockets, -but on most platforms those will also accept IPv4 connections. +is selected, then depending on the operating system both IPv4 and IPv6 or just +IPv6 listening sockets will be created. +.Pp +Mixing IPv4 and IPv6 may not work as desired. +It's best to choose one address family and use that for all tinc daemons on the VPN. .It Va BindToInterface Li = Ar interface Bq experimental If your computer has more than one network interface, .Nm tinc @@ -127,8 +130,8 @@ This option may not work on all platforms. Specifies which other tinc daemon to connect to on startup. Multiple .Va ConnectTo -variables may be specified; -if connecting to the first one fails then tinc will try the next one, and so on. +variables may be specified, +in which case outgoing connections to each specified tinc daemon are made. The names should be known to this tinc daemon (i.e., there should be a host configuration file for the name on the .Va ConnectTo @@ -174,11 +177,13 @@ variables in the host configuration files will be used to form a routing table. Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. .It switch In this mode the MAC addresses of the packets on the VPN will be used to -dynamically create a routing table just like a network switch does. -Unicast, multicast and broadcast packets of every Ethernet protocol are supported in this mode +dynamically create a routing table just like an Ethernet switch does. +Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode at the cost of frequent broadcast ARP requests and routing table updates. .It hub -In this mode every packet will be broadcast to the other daemons. +This mode is almost the same as the switch mode, but instead +every packet will be broadcast to the other daemons +while no routing table is created. .El .It Va Name Li = Ar name Bq required This is the name which identifies this tinc daemon. @@ -190,6 +195,9 @@ will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of time, the connection is terminated, and the others will be notified of this. +.It Va PriorityInheritance Li = yes | no Po no Pc Bq experimental +When this option is enabled the value of the TOS field of tunneled IPv4 packets +will be inherited by the UDP packets that are sent out. .It Va PrivateKey Li = Ar key Bq obsolete The private RSA key of this tinc daemon. It will allow this tinc daemon to authenticate itself to other daemons. @@ -216,6 +224,11 @@ no secrets are revealed by sending out this information. .Bl -tag -width indent .It Va Address Li = Ar address Bq recommended The IP address or hostname of this tinc daemon on the real network. +This wil only be used when trying to make an outgoing connection to this tinc daemon. +Multiple +.Va Address +variables can be specified, in which case each address will be tried until a working +connection has been established. .It Va Cipher Li = Ar cipher Pq blowfish The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by OpenSSL is recognised. @@ -264,15 +277,20 @@ The subnet which this tinc daemon will serve. tries to look up which other daemon it should send a packet to by searching the appropriate subnet. If the packet matches a subnet, it will be sent to the daemon who has this subnet in his host configuration file. -Multiple subnet lines can be specified. +Multiple +.Va Subnet +variables can be specified. .Pp Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, or they can be a IPv4 or IPv6 network address with a masklength. +Shorthand notations are not supported. For example, IPv4 subnets must be in a form like 192.168.1.0/24, where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. Note that subnets like 192.168.1.1/24 are invalid! Read a networking HOWTO/FAQ/guide if you don't understand this. +IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64. +MAC addresses are notated like 0:1a:2b:3c:4d:5e. .It Va TCPOnly Li = yes | no Po no Pc Bq experimental If this variable is set to yes, then the packets are tunnelled over the TCP connection instead of a UDP connection. @@ -298,14 +316,14 @@ it will be executed right after the tinc daemon has connected to the virtual net It can be used to set up the corresponding network interface. .Pp The environment variable -.Ev NETNAME +.Ev $NETNAME will be passed to the executable. If specified with the .Va Interface configuration variable, or if the virtual network device is a Linux tun/tap device, the environment variable -.Ev INTERFACE +.Ev $INTERFACE will be set to the name of the network interface. .It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down If an executable file with this name exists, diff --git a/doc/tinc.texi b/doc/tinc.texi index d5ddbff0..dba07540 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ +$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ +$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -737,13 +737,17 @@ required directives are given in @strong{bold}. @table @asis @cindex AddressFamily -@item AddressFamily = (ipv4) +@item AddressFamily = (ipv4) [experimental] This option affects the address family of listening and outgoing sockets. -If "any" is selected, then the listening sockets will be IPv6 sockets, -but on most platforms those will also accept IPv4 connections. +If "any" is selected, then depending on the operating system +both IPv4 and IPv6 or just IPv6 listening sockets will be created. + +Mixing IPv4 and IPv6 may not work as desired. +It's best to choose one address family +and use that for all tinc daemons on the VPN. @cindex BindToInterface -@item BindToInterface = +@item BindToInterface = [experimental] If you have more than one network interface in your computer, tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to a single interface like eth0 or ppp0 with this @@ -752,7 +756,7 @@ variable. This option may not work on all platforms. @cindex BindToIP -@item BindToIP =
+@item BindToIP =
[experimental] If your computer has more than one IP address on a single interface (for example if you are running virtual hosts), tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to @@ -836,6 +840,11 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. +@cindex PriorityInheritance +@item PriorityInheritance = (no) [experimental] +When this option is enabled the value of the TOS field of tunneled IPv4 packets +will be inherited by the UDP packets that are sent out. + @cindex PrivateKey @item PrivateKey = [obsolete] This is the RSA private key for tinc. However, for safety reasons it is -- 2.20.1