X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=doc%2Ftinc.conf.5.in;h=8f19de068ba90d4caaa29d09eab5356f836bccb4;hb=86c2990327fdf7ec1197aa73cb2b9a926a734db4;hp=d5757c82ee7e30d669ffdad7ccbc2f3d711e508a;hpb=c373de2e9812700c0568640727ad917b6fc7d758;p=meshlink

diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index d5757c82..8f19de06 100644
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -180,13 +180,15 @@ If you don't specify a host with
 won't try to connect to other daemons at all,
 and will instead just listen for incoming connections.
 
-.It Va DecrementTTL Li = yes | no Po yes Pc
+.It Va DecrementTTL Li = yes | no Po no Pc Bq experimental
 When enabled,
 .Nm tinc
 will decrement the Time To Live field in IPv4 packets, or the Hop Limit field in IPv6 packets,
 before forwarding a received packet to the virtual network device or to another node,
 and will drop packets that have a TTL value of zero,
 in which case it will send an ICMP Time Exceeded packet back.
+.Pp
+Do not use this option if you use switch mode and want to use IPv6.
 
 .It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc
 The virtual network device to use.
@@ -280,6 +282,21 @@ but which would have to be forwarded by an intermediate node, are dropped instea
 When combined with the IndirectData option,
 packets for nodes for which we do not have a meta connection with are also dropped.
 
+.It Va ECDSAPrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /ecdsa_key.priv Pc
+The file in which the private ECDSA key of this tinc daemon resides.
+This is only used if
+.Va ExperimentalProtocol
+is enabled.
+
+.It Va ExperimentalProtocol Li = yes | no Po no Pc Bq experimental
+When this option is enabled, experimental protocol enhancements will be used.
+Ephemeral ECDH will be used for key exchanges,
+and ECDSA will be used instead of RSA for authentication.
+When enabled, an ECDSA key must have been generated before with
+.Nm tincctl generate-ecdsa-keys .
+The experimental protocol may change at any time,
+and there is no guarantee that tinc will run stable when it is used.
+
 .It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
 This option selects the way indirect packets are forwarded.
 .Bl -tag -width indent
@@ -562,12 +579,11 @@ variables can be specified.
 Subnets can either be single MAC, IPv4 or IPv6 addresses,
 in which case a subnet consisting of only that single address is assumed,
 or they can be a IPv4 or IPv6 network address with a prefixlength.
-Shorthand notations are not supported.
 For example, IPv4 subnets must be in a form like 192.168.1.0/24,
 where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask.
 Note that subnets like 192.168.1.1/24 are invalid!
 Read a networking HOWTO/FAQ/guide if you don't understand this.
-IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64.
+IPv6 subnets are notated like fec0:0:0:1::/64.
 MAC addresses are notated like 0:1a:2b:3c:4d:5e.
 
 .Pp