X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.texi;h=b012cd9f353cf576e131250bc65e152632f54090;hp=57bff665bb6a23cc3056122440a990623ef6cbc4;hb=086e4ca46e5bff8f495ce4bd507f23e7091cff5f;hpb=fac5593f44e47f3bd4f4b425ada38ab49fbe3b42 diff --git a/doc/tinc.texi b/doc/tinc.texi index 57bff665..b012cd9f 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -15,7 +15,7 @@ This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2012 Ivo Timmermans, +Copyright @copyright{} 1998-2013 Ivo Timmermans, Guus Sliepen and Wessel Dankers . @@ -39,7 +39,7 @@ permission notice identical to this one. @vskip 0pt plus 1filll This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2012 Ivo Timmermans, +Copyright @copyright{} 1998-2013 Ivo Timmermans, Guus Sliepen and Wessel Dankers . @@ -350,7 +350,7 @@ For all cryptography-related functions, tinc uses the functions provided by the OpenSSL library. If this library is not installed, you wil get an error when configuring -tinc for build. Support for running tinc without having OpenSSL +tinc for build. Support for running tinc with other cryptographic libraries installed @emph{may} be added in the future. You can use your operating system's package manager to install this if @@ -413,9 +413,11 @@ Markus F.X.J. Oberhumer For the optional compression of UDP packets, tinc uses the functions provided by the zlib library. -If this library is not installed, you wil get an error when configuring -tinc for build. Support for running tinc without having zlib -installed @emph{may} be added in the future. +If this library is not installed, you wil get an error when running the +configure script. You can either install the zlib library, or disable support +for zlib compression by using the "--disable-zlib" option when running the +configure script. Note that if you disable support for zlib, the resulting +binary will not work correctly on VPNs where zlib compression is used. You can use your operating system's package manager to install this if available. Make sure you install the development AND runtime versions @@ -433,11 +435,13 @@ default). @subsection lzo @cindex lzo -Another form of compression is offered using the lzo library. +Another form of compression is offered using the LZO library. -If this library is not installed, you wil get an error when configuring -tinc for build. Support for running tinc without having lzo -installed @emph{may} be added in the future. +If this library is not installed, you wil get an error when running the +configure script. You can either install the LZO library, or disable support +for LZO compression by using the "--disable-lzo" option when running the +configure script. Note that if you disable support for LZO, the resulting +binary will not work correctly on VPNs where LZO compression is used. You can use your operating system's package manager to install this if available. Make sure you install the development AND runtime versions @@ -946,6 +950,10 @@ it does a lookup if your DNS server is not responding. This does not affect resolving hostnames to IP addresses from the configuration file, but whether hostnames should be resolved while logging. +@cindex IffOneQueue +@item IffOneQueue = (no) [experimental] +(Linux only) Set IFF_ONE_QUEUE flag on TUN/TAP devices. + @cindex Interface @item Interface = <@var{interface}> Defines the name of the interface corresponding to the virtual network device. @@ -953,6 +961,13 @@ Depending on the operating system and the type of device this may or may not act Under Windows, this variable is used to select which network interface will be used. If you specified a Device, this variable is almost always already correctly set. +@cindex KeyExpire +@item KeyExpire = <@var{seconds}> (3600) +This option controls the time the encryption keys used to encrypt the data +are valid. It is common practice to change keys at regular intervals to +make it even harder for crackers, even though it is thought to be nearly +impossible to crack a single key. + @cindex LocalDiscovery @item LocalDiscovery = (no) [experimental] When enabled, tinc will try to detect peers that are on the same local network. @@ -963,6 +978,15 @@ which normally would prevent the peers from learning each other's LAN address. Currently, local discovery is implemented by sending broadcast packets to the LAN during path MTU discovery. This feature may not work in all possible situations. +@cindex MACExpire +@item MACExpire = <@var{seconds}> (600) +This option controls the amount of time MAC addresses are kept before they are removed. +This only has effect when Mode is set to "switch". + +@cindex MaxTimeout +@item MaxTimeout = <@var{seconds}> (900) +This is the maximum delay before trying to reconnect to other tinc daemons. + @cindex Mode @item Mode = (router) This option selects the way packets are routed to other daemons. @@ -992,18 +1016,6 @@ every packet will be broadcast to the other daemons while no routing table is managed. @end table -@cindex KeyExpire -@item KeyExpire = <@var{seconds}> (3600) -This option controls the time the encryption keys used to encrypt the data -are valid. It is common practice to change keys at regular intervals to -make it even harder for crackers, even though it is thought to be nearly -impossible to crack a single key. - -@cindex MACExpire -@item MACExpire = <@var{seconds}> (600) -This option controls the amount of time MAC addresses are kept before they are removed. -This only has effect when Mode is set to "switch". - @cindex Name @item Name = <@var{name}> [required] This is a symbolic name for this connection. @@ -1042,17 +1054,13 @@ This is the full path name of the RSA private key file that was generated by @samp{tincd --generate-keys}. It must be a full path, not a relative directory. -Note that there must be exactly one of PrivateKey -or PrivateKeyFile -specified in the configuration file. - @cindex ProcessPriority @item ProcessPriority = When this option is used the priority of the tincd process will be adjusted. Increasing the priority may help to reduce latency and packet loss on the VPN. @cindex Proxy -@item Proxy = socks4 | socks4 | http | exec @var{...} [experimental] +@item Proxy = socks4 | socks5 | http | exec @var{...} [experimental] Use a proxy when making outgoing connections. The following proxy types are currently supported: @@ -1063,7 +1071,7 @@ Connects to the proxy using the SOCKS version 4 protocol. Optionally, a @var{username} can be supplied which will be passed on to the proxy server. @cindex socks5 -@item socks4 <@var{address}> <@var{port}> [<@var{username}> <@var{password}>] +@item socks5 <@var{address}> <@var{port}> [<@var{username}> <@var{password}>] Connect to the proxy using the SOCKS version 5 protocol. If a @var{username} and @var{password} are given, basic username/password authentication will be used, otherwise no authentication will be used. @@ -1089,9 +1097,8 @@ reordering. Setting this to zero will disable replay tracking completely and pass all traffic, but leaves tinc vulnerable to replay-based attacks on your traffic. - @cindex StrictSubnets -@item StrictSubnets (no) [experimental] +@item StrictSubnets = (no) [experimental] When this option is enabled tinc will only use Subnet statements which are present in the host config files in the local @file{@value{sysconfdir}/tinc/@var{netname}/hosts/} directory.