X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.texi;h=726655d337be8e6d6c105debfcbcb361a407542d;hp=8f73e9f93492d32df313768a1bde4a153216fdb9;hb=efd29fde85481e080a676f2ba780a528a90a9925;hpb=89a2f761a6d8ae4912c2dd2e9178589001487ef5 diff --git a/doc/tinc.texi b/doc/tinc.texi index 8f73e9f9..726655d3 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +$Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +$Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -961,6 +961,7 @@ Multiple subnet lines can be specified for each daemon. Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, or they can be a IPv4 or IPv6 network address with a masklength. +Shorthand notations are not supported. For example, IPv4 subnets must be in a form like 192.168.1.0/24, where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. Note that subnets like 192.168.1.1/24 are invalid! @@ -979,8 +980,7 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading -firewall, or if UDP packet routing is disabled somehow. This is -experimental code, try this at your own risk. It may not work at all. +firewall, or if UDP packet routing is disabled somehow. Setting this options also implicitly sets IndirectData. @end table @@ -1673,8 +1673,13 @@ the tinc project after TINC. But in order to be ``immune'' to eavesdropping, you'll have to encrypt your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. -tinc uses blowfish encryption in CBC mode, sequence numbers and message authentication codes -to make sure eavesdroppers cannot get and cannot change any information at all from the packets they can intercept. +tinc by default uses blowfish encryption with 128 bit keys in CBC mode, 32 bit +sequence numbers and 4 byte long message authentication codes to make sure +eavesdroppers cannot get and cannot change any information at all from the +packets they can intercept. The encryption algorithm and message authentication +algorithm can be changed in the configuration. The length of the message +authentication codes is also adjustable. The length of the key for the +encryption algorithm is always the default length used by OpenSSL. @menu * Authentication protocol::