X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.texi;h=9e0f978da942b4aaf1bfd59bd474a069c438481e;hp=5d0bf31fb42939e2b99f44965046f065d88cc8eb;hb=ff71f289022ccb91abc2726f16522d55b5ccf0f6;hpb=5038964032ef55913b2d4741c67bf191b2208abb diff --git a/doc/tinc.texi b/doc/tinc.texi index 5d0bf31f..9e0f978d 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -725,6 +725,13 @@ and carriage returns are ignored. Note: it is not required that you put in the `=' sign, but doing so improves readability. If you leave it out, remember to replace it with at least one space character. +The server configuration is complemented with host specific configuration (see +the next section). Although all host configuration options for the local node +listed in this document can also be put in +@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf}, it is recommended to +put host specific configuration options in the host configuration file, as this +makes it easy to exchange with other nodes. + In this section all valid variables are listed in alphabetical order. The default value is given between parentheses, other comments are between square brackets. @@ -818,6 +825,33 @@ Tinc will expect packets read from the virtual network device to start with an Ethernet header. @end table +@cindex DirectOnly +@item DirectOnly = (no) [experimental] +When this option is enabled, packets that cannot be sent directly to the destination node, +but which would have to be forwarded by an intermediate node, are dropped instead. +When combined with the IndirectData option, +packets for nodes for which we do not have a meta connection with are also dropped. + +@cindex Forwarding +@item Forwarding = (internal) [experimental] +This option selects the way indirect packets are forwarded. + +@table @asis +@item off +Incoming packets that are not meant for the local node, +but which should be forwarded to another node, are dropped. + +@item internal +Incoming packets that are meant for another node are forwarded by tinc internally. + +This is the default mode, and unless you really know you need another forwarding mode, don't change it. + +@item kernel +Incoming packets are always sent to the TUN/TAP device, even if the packets are not for the local node. +This is less efficient, but allows the kernel to apply its routing and firewall rules on them, +and can also help debugging. +@end table + @cindex GraphDumpFile @item GraphDumpFile = <@var{filename}> [experimental] If this option is present, @@ -1321,7 +1355,7 @@ Address = 1.2.3.4 Note that the IP addresses of eth0 and tap0 are the same. This is quite possible, if you make sure that the netmasks of the interfaces are different. -It is in fact recommended to give give both real internal network interfaces and tap interfaces the same IP address, +It is in fact recommended to give both real internal network interfaces and tap interfaces the same IP address, since that will make things a lot easier to remember and set up. @@ -1344,8 +1378,8 @@ ConnectTo = BranchA @end example Note here that the internal address (on eth0) doesn't have to be the -same as on the tap0 device. Also, ConnectTo is given so that no-one can -connect to this node. +same as on the tap0 device. Also, ConnectTo is given so that this node will +always try to connect to BranchA. On all hosts, in @file{@value{sysconfdir}/tinc/company/hosts/BranchB}: