X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.conf.5.in;h=2bfd5fef94f8b2f6f0afa5f47540ef49b54362ef;hp=6f8db9c008f09ce14bf85169138f0bd4cd7d6f34;hb=ff71f289022ccb91abc2726f16522d55b5ccf0f6;hpb=5038964032ef55913b2d4741c67bf191b2208abb

diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index 6f8db9c0..2bfd5fef 100644
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -110,6 +110,13 @@ Note: it is not required that you put in the
 sign, but doing so improves readability.
 If you leave it out, remember to replace it with at least one space character.
 
+.Pp
+The server configuration is complemented with host specific configuration (see the next section).
+Although all configuration options for the local host listed in this document can also be put in
+.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf ,
+it is recommended to put host specific configuration options in the host configuration file,
+as this makes it easy to exchange with other nodes.
+
 .Pp
 Here are all valid variables, listed in alphabetical order.
 The default value is given between parentheses.
@@ -199,6 +206,32 @@ Tinc will expect packets read from the virtual network device
 to start with an Ethernet header.
 .El
 
+.It Va DirectOnly Li = yes | no Po no Pc Bq experimental
+When this option is enabled, packets that cannot be sent directly to the destination node,
+but which would have to be forwarded by an intermediate node, are dropped instead.
+When combined with the IndirectData option,
+packets for nodes for which we do not have a meta connection with are also dropped.
+
+.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
+This option selects the way indirect packets are forwarded.
+.Bl -tag -width indent
+
+.It off
+Incoming packets that are not meant for the local node,
+but which should be forwarded to another node, are dropped.
+
+.It internal
+Incoming packets that are meant for another node are forwarded by tinc internally.
+
+.Pp
+This is the default mode, and unless you really know you need another forwarding mode, don't change it.
+
+.It kernel
+Incoming packets are always sent to the TUN/TAP device, even if the packets are not for the local node.
+This is less efficient, but allows the kernel to apply its routing and firewall rules on them,
+and can also help debugging.
+.El
+
 .It Va GraphDumpFile Li = Ar filename Bq experimental
 If this option is present,
 .Nm tinc