\input texinfo @c -*-texinfo-*-
-@c $Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $
+@c $Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $
@c %**start of header
@setfilename tinc.info
@settitle tinc Manual
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>.
-$Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $
+$Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
<itimmermans@@bigfoot.com>, Guus Sliepen <guus@@sliepen.warande.net> and
Wessel Dankers <wsl@@nl.linux.org>.
-$Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $
+$Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $
Permission is granted to make and distribute verbatim copies of this
manual provided the copyright notice and this permission notice are
@example
mknod -m 600 /dev/tap0 c 36 16
chown 0.0 /dev/tap0
+mknod -m 600 /dev/tap1 c 36 17
+chown 0.0 /dev/tap0
+...
+mknod -m 600 /dev/tap@emph{N} c 36 @emph{N+16}
+chown 0.0 /dev/tap@emph{N}
@end example
-Any further ethertap devices have minor device number 16 through 31.
+There is a maximum of 16 ethertap devices.
If you use the universal TUN/TAP driver, you have to create the
-following device files (unless they already exist):
+following device file (unless it already exist):
@example
mknod -m 600 /dev/tun c 10 200
then the TUN/TAP device will probably be automatically generated as
@file{/dev/net/tun}.
+Unlike the ethertap device, you do not need multiple device files if
+you are planning to run multiple tinc daemons.
+
@c ==================================================================
@node Other files, , Device files, System files
out, remember to replace it with at least one space character.
In this section all valid variables are listed in alphabetical order.
-The default value is given between parentheses; required directives are
-given in @strong{bold}.
+The default value is given between parentheses,
+other comments are between square brackets and
+required directives are given in @strong{bold}.
@menu
* Main configuration variables::
make it even harder for crackers, even though it is thought to be nearly
impossible to crack a single key.
-@item ListenPort = <port> (655)
-@cindex ListenPort
-Listen on local port port. The computer connecting to this daemon should
-use this number as the argument for his ConnectPort.
-
@item @strong{Name = <name>}
@cindex Name
This is a symbolic name for this connection. It can be anything
-@item PingTimeout = <seconds> (5)
+@item PingTimeout = <seconds> (60)
@cindex PingTimeout
The number of seconds of inactivity that tinc will wait before sending a
probe to the other end. If that other end doesn't answer within that
same amount of seconds, the connection is terminated, and the others
will be notified of this.
-@item PrivateKey = <key> (obsolete)
+@item PrivateKey = <key> [obsolete]
@cindex PrivateKey
This is the RSA private key for tinc. However, for safety reasons it is
advised to store private keys of any kind in separate files. This prevents
accidental eavesdropping if you are editting the configuration file.
-@item @strong{PrivateKeyFile = <path>} (recommended)
+@item @strong{PrivateKeyFile = <path>} [recommended]
@cindex PrivateKeyFile
This is the full path name of the RSA private key file that was
generated by ``tincd --generate-keys''. It must be a full path, not a
relative directory.
-@item @strong{TapDevice = <device>} (/dev/tap0)
+@item @strong{TapDevice = <device>} (/dev/tap0 or /dev/net/tun)
@cindex TapDevice
The ethertap device to use. Note that you can only use one device per
daemon. The info pages of the tinc package contain more information
about configuring an ethertap device for Linux.
-@item TCPonly = <yes|no> (no, experimental)
-@cindex TCPonly
-If this variable is set to yes, then the packets are tunnelled over a TCP
-connection instead of a UDP connection. This is especially useful for those
-who want to run a tinc daemon from behind a masquerading firewall, or if
-UDP packet routing is disabled somehow. This is experimental code,
-try this at your own risk.
@end table
@subsection Host configuration variables
@table @asis
-@item @strong{Address = <IP address|hostname>}
+@item @strong{Address = <IP address|hostname>} [recommended]
@cindex Address
This variable is only required if you want to connect to this host. It
must resolve to the external IP address where the host can be reached,
not the one that is internal to the VPN.
-@item IndirectData = <yes|no> (no, experimental)
+@item IndirectData = <yes|no> (no) [experimental]
@cindex IndirectData
This option specifies whether other tinc daemons besides the one you
specified with ConnectTo can make a direct connection to you. This is
by a single zero) o hexadecimal (prefixed with 0x). port is the port
number for both the UDP and the TCP (meta) connections.
-@item PublicKey = <key> (obsolete)
+@item PublicKey = <key> [obsolete]
@cindex PublicKey
This is the RSA public key for this host.
-@item PublicKeyFile = <path> (obsolete)
+@item PublicKeyFile = <path> [obsolete]
@cindex PublicKeyFile
This is the full path name of the RSA public key file that was generated
by ``tincd --generate-keys''. It must be a full path, not a relative
/22. This conforms to standard CIDR notation as described in
@uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519}
-@item TCPonly = <yes|no> (no, experimental)
+@item TCPonly = <yes|no> (no) [experimental]
@cindex TCPonly
If this variable is set to yes, then the packets are tunnelled over a
TCP connection instead of a UDP connection. This is especially useful
for those who want to run a tinc daemon from behind a masquerading
firewall, or if UDP packet routing is disabled somehow. This is
experimental code, try this at your own risk. It may not work at all.
+Setting this options also implicitly sets IndirectData.
@end table