From: Ivo Timmermans Date: Mon, 1 May 2000 21:47:12 +0000 (+0000) Subject: More tincd->tinc updates. X-Git-Tag: import-tinc-1.1~945 X-Git-Url: https://git.meshlink.io/?a=commitdiff_plain;h=bd0325655867b1dff740d52d0505773bba0606a6;p=meshlink More tincd->tinc updates. --- diff --git a/doc/Makefile.am b/doc/Makefile.am index 3caf69d6..09707ed6 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -5,14 +5,14 @@ info_TEXINFOS = tinc.texi dyn_MANS = tincd.8 man_aux = $(dyn_MANS:.8=.x) -man_MANS = tincd.conf.5 genauth.8 $(dyn_MANS) +man_MANS = tinc.conf.5 genauth.8 $(dyn_MANS) PERL = @PERL@ HELP2MAN = help2man MAINTAINERCLEANFILES = $(dyn_MANS) EXTRA_DIST = $(man_MANS) $(HELP2MAN) $(man_aux) \ - Makefile.maint GNUmakefile Makefile.summ tincd.conf.sample + Makefile.maint GNUmakefile Makefile.summ tinc.conf.sample # Use `ginstall' in the definition of man_MANS to avoid # confusion with the `install' target. The install rule transforms `ginstall' diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 new file mode 100644 index 00000000..d6d8f504 --- /dev/null +++ b/doc/tinc.conf.5 @@ -0,0 +1,159 @@ +.TH TINC 5 "March 1999" "tinc version 0.2.16" "FSF" +.SH NAME +tincd.conf \- tinc daemon configuration +.SH "DESCRIPTION" +The files in the \fI/etc/tinc\fR directory contain runtime and +security information for the \fBtinc\fR(8) daemon. +.PP +.SH "NETWORKS" +It is perfectly ok for you to run more than one tinc daemon. However, +in its default form, you will soon notice that you can't use two +different configuration files without the \fI-c\fR option. + +We have thought of another way of dealing with this: network +names. This means that you call \fBtincd\fR with the \fI-n\fR argument, +which will assign a name to this daemon. + +The effect of this is that the daemon will set its configuration +``root'' to \fI/etc/tinc/\fBnn\fI/\fR, where \fBnn\fR is your argument +to the \fI-n\fR option. You'll notice that it appears in syslog as +``tincd.\fBnn\fR''. + +However, it is not strictly necessary that you call tinc with the -n +option. In this case, the network name would just be empty, and it +will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, +instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be +\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be +in \fI/etc/tinc/passphrases/\fR. + +But it is highly recommended that you use this feature of tinc, +because it will be so much clearer whom your daemon talks to. Hence, +we will assume that you use it. +.PP +.SH "PASSPHRASES" +You should use the \fBgenauth\fR(8) program to generate passphrases. +with, it accepts a single parameter, which is the number of bits the +passphrase should be. Its output should be stored in +\fI/etc/tinc/\fBnn\fI/passphrases/local\fR \-\- where \fBnn\fR stands +for the network (See under \fBNETWORKS\fR) above. + +Please see the manpage for \fBgenauth\fR to learn more about setting +up an authentication scheme. +.PP +.SH "CONFIGURATION" +The actual configuration of the daemon is done in the file +\fI/etc/tinc/\fBnn\fI/tincd.conf\fR. + +This file consists of comments (lines started with a \fB#\fR) or +assignments in the form of +.PP +.Vb 1 +\& \fIVariable \fB= \fIValue\fR. +.Ve +.PP +The variable names are case insensitive, and any spaces, tabs, +newlines and carriage returns are ignored. \fINote\fR: it is not +required that you put in the \fB=\fR sign, but doing so improves +readability. If you leave it out, remember to replace it with at least +one space character. +.PP +.SH "VARIABLES" +.PP +Here are all valid variables, listed in alphabetical order: +.TP +\fBAllowConnect = \fB(\fIyes\fB|\fIno\fB)\fR +If set to \fIyes\fR, anyone may try to connect to you. If you set this +to no, no incoming connections will be accepted. This does not affect +the outgoing connections. +.TP +\fBConnectPort = \fIport\fR +Connect to the upstream host (given with the \fBConnectTo\fR +directive) on port \fIport\fR. \fIport\fR may be given in decimal +(default), octal (when preceded by a single zero) or hexadecimal +(prefixed with \fB0x\fR). \fIport\fR is the port number for both the +UDP and the TCP (meta) connections. +.TP +\fBConnectTo = \fB(\fIIP address\fB|\fIhostname\fB)\fR +Specifies which host to connect to on startup. If the +\fBConnectPort\fR variable is omitted, then tinc will try to connect +to port 655. + +If you don't specify a host with \fBConnectTo\fR, tinc won't connect +at all, and will instead just listen for incoming connections. Only +the initiator of a tinc VPN should need this. +.TP +\fBKeyExpire = \fIs\fR +The secret (and public) key expires after \fIs\fR seconds. The default +is 3600 seconds, or one hour. + +If you make it shorter, a lot of time and bandwidth is spent +negotiating over the new keys. If you make it longer, you make +yourself more vulnerable to crackers, because they have more data to +work with. The best value depends on the speed of the link, and the +amount of data that goes over it. +.TP +\fBListenPort = \fIport\fR +Listen on local port \fIport\fR. The computer connecting to this +daemon should use this number as the argument for his +\fBConnectPort\fR. Again, the default is 655. +.TP +\fBMyOwnVPNIP = \fInetwork address\fR[\fB/\fImaskbits\fR] +The \fInetwork address\fR is the number that the daemon will propagate +to other daemons on the network when it is identifying itself. Hence +this will be the file name of the passphrase file that the other end +expects to find the passphrase in. + +\fImaskbits\fR is the number of bits set to 1 in the netmask part. +.TP +\fBMyVirtualIP = \fInetwork address\fR[\fB/\fImaskbits\fR] +This is an alias for \fBMyOwnVPNIP\fR. +.TP +\fBPassphrases = \fIdirectory\fR +The directory where tinc will look for passphrases when someone tries +to cennect. Please see the manpage for \fBgenauth\fR(8) for more +information about passphrases as used by tinc. +.TP +\fBPingTimeout = \fInumber\fR +The number of seconds of inactivity that tinc will wait before sending +a probe to the other end. If that other end doesn't answer within that +same amount of seconds, the connection is terminated, and the others +will be notified of this. +.TP +\fBTapDevice = \fIdevice\fR +The ethertap device to use. Note that you can only use one device per +daemon. The info pages of the tinc package contain more information +about configuring an ethertap device for linux. +.PP +.SH "FILES" +.TP +\fI/etc/tinc/\fR +The top directory for configuration files. +.TP +\fI/etc/tinc/\fBnn\fI/tincd.conf\fR +The default name of the configuration file for net +\fBnn\fR. +.TP +\fI/etc/tinc/\fBnn\fI/passphrases/\fR +Passphrases are kept in this directory. (See the section +\fBPASSPHRASES\fR above). +.PP +.SH "SEE ALSO" +\fBtincd\fR(8), \fBgenauth\fR(8) +.TP +\fBhttp://tinc.nl.linux.org/\fR +.PP +The full documentation for +.B tinc +is maintained as a Texinfo manual. If the +.B info +and +.B tinc +programs are properly installed at your site, the command +.IP +.B info tinc +.PP +should give you access to the complete manual. +.PP +tinc comes with ABSOLUTELY NO WARRANTY. This is free software, +and you are welcome to redistribute it under certain conditions; +see the file COPYING for details. diff --git a/doc/tinc.conf.sample b/doc/tinc.conf.sample new file mode 100644 index 00000000..df005fb7 --- /dev/null +++ b/doc/tinc.conf.sample @@ -0,0 +1,40 @@ +# Sample tinc configuration file + +# This is a comment. +# Lines can have a maximum of 80 characters. +# Spaces and tabs are eliminated. +# The = sign isn't strictly necessary any longer, though you may want +# to leave it in as it improves readability :) +# Variable names are treated case insensitive. + +# The internet host to connect with +# comment these out to make yourself a listen-only connection +# You may use an IP address or its FQDN. +ConnectTo = 1.2.3.4 + +# Connect to which port of the `ConnectTo' host + +# It is advised that you only connect to ports that are < 1024, +# because some malicious (non-root) user may run a fake tincd on ports +# above 1024. +# The default port is 655, the port that has been assigned to tinc +# by the IANA. If you want tincd to listen on any other port than 655, +# you can use ListenPort for the `server', and ConnectPort for the +# `client'. + +# You may use the prefixes 0x or 0 to denote a hexadecimal or octal +# number respectively. +ConnectPort = 0x300 + +# Listen on which port +ListenPort = 200 + +# My own VPN IP +# You may use the /nn notation to indicate the number of bits used for +# the mask, /8 is equivalent to the netmask 255.0.0.0 (the first 8 +# bits are set to 1). +MyOwnVPNIP = 10.x.x.x/8 + +# Which local file? +# Default is /dev/tap0 +TapDevice = /dev/tap1 diff --git a/doc/tincd.conf.5 b/doc/tincd.conf.5 deleted file mode 100644 index d6d8f504..00000000 --- a/doc/tincd.conf.5 +++ /dev/null @@ -1,159 +0,0 @@ -.TH TINC 5 "March 1999" "tinc version 0.2.16" "FSF" -.SH NAME -tincd.conf \- tinc daemon configuration -.SH "DESCRIPTION" -The files in the \fI/etc/tinc\fR directory contain runtime and -security information for the \fBtinc\fR(8) daemon. -.PP -.SH "NETWORKS" -It is perfectly ok for you to run more than one tinc daemon. However, -in its default form, you will soon notice that you can't use two -different configuration files without the \fI-c\fR option. - -We have thought of another way of dealing with this: network -names. This means that you call \fBtincd\fR with the \fI-n\fR argument, -which will assign a name to this daemon. - -The effect of this is that the daemon will set its configuration -``root'' to \fI/etc/tinc/\fBnn\fI/\fR, where \fBnn\fR is your argument -to the \fI-n\fR option. You'll notice that it appears in syslog as -``tincd.\fBnn\fR''. - -However, it is not strictly necessary that you call tinc with the -n -option. In this case, the network name would just be empty, and it -will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, -instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be -\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be -in \fI/etc/tinc/passphrases/\fR. - -But it is highly recommended that you use this feature of tinc, -because it will be so much clearer whom your daemon talks to. Hence, -we will assume that you use it. -.PP -.SH "PASSPHRASES" -You should use the \fBgenauth\fR(8) program to generate passphrases. -with, it accepts a single parameter, which is the number of bits the -passphrase should be. Its output should be stored in -\fI/etc/tinc/\fBnn\fI/passphrases/local\fR \-\- where \fBnn\fR stands -for the network (See under \fBNETWORKS\fR) above. - -Please see the manpage for \fBgenauth\fR to learn more about setting -up an authentication scheme. -.PP -.SH "CONFIGURATION" -The actual configuration of the daemon is done in the file -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR. - -This file consists of comments (lines started with a \fB#\fR) or -assignments in the form of -.PP -.Vb 1 -\& \fIVariable \fB= \fIValue\fR. -.Ve -.PP -The variable names are case insensitive, and any spaces, tabs, -newlines and carriage returns are ignored. \fINote\fR: it is not -required that you put in the \fB=\fR sign, but doing so improves -readability. If you leave it out, remember to replace it with at least -one space character. -.PP -.SH "VARIABLES" -.PP -Here are all valid variables, listed in alphabetical order: -.TP -\fBAllowConnect = \fB(\fIyes\fB|\fIno\fB)\fR -If set to \fIyes\fR, anyone may try to connect to you. If you set this -to no, no incoming connections will be accepted. This does not affect -the outgoing connections. -.TP -\fBConnectPort = \fIport\fR -Connect to the upstream host (given with the \fBConnectTo\fR -directive) on port \fIport\fR. \fIport\fR may be given in decimal -(default), octal (when preceded by a single zero) or hexadecimal -(prefixed with \fB0x\fR). \fIport\fR is the port number for both the -UDP and the TCP (meta) connections. -.TP -\fBConnectTo = \fB(\fIIP address\fB|\fIhostname\fB)\fR -Specifies which host to connect to on startup. If the -\fBConnectPort\fR variable is omitted, then tinc will try to connect -to port 655. - -If you don't specify a host with \fBConnectTo\fR, tinc won't connect -at all, and will instead just listen for incoming connections. Only -the initiator of a tinc VPN should need this. -.TP -\fBKeyExpire = \fIs\fR -The secret (and public) key expires after \fIs\fR seconds. The default -is 3600 seconds, or one hour. - -If you make it shorter, a lot of time and bandwidth is spent -negotiating over the new keys. If you make it longer, you make -yourself more vulnerable to crackers, because they have more data to -work with. The best value depends on the speed of the link, and the -amount of data that goes over it. -.TP -\fBListenPort = \fIport\fR -Listen on local port \fIport\fR. The computer connecting to this -daemon should use this number as the argument for his -\fBConnectPort\fR. Again, the default is 655. -.TP -\fBMyOwnVPNIP = \fInetwork address\fR[\fB/\fImaskbits\fR] -The \fInetwork address\fR is the number that the daemon will propagate -to other daemons on the network when it is identifying itself. Hence -this will be the file name of the passphrase file that the other end -expects to find the passphrase in. - -\fImaskbits\fR is the number of bits set to 1 in the netmask part. -.TP -\fBMyVirtualIP = \fInetwork address\fR[\fB/\fImaskbits\fR] -This is an alias for \fBMyOwnVPNIP\fR. -.TP -\fBPassphrases = \fIdirectory\fR -The directory where tinc will look for passphrases when someone tries -to cennect. Please see the manpage for \fBgenauth\fR(8) for more -information about passphrases as used by tinc. -.TP -\fBPingTimeout = \fInumber\fR -The number of seconds of inactivity that tinc will wait before sending -a probe to the other end. If that other end doesn't answer within that -same amount of seconds, the connection is terminated, and the others -will be notified of this. -.TP -\fBTapDevice = \fIdevice\fR -The ethertap device to use. Note that you can only use one device per -daemon. The info pages of the tinc package contain more information -about configuring an ethertap device for linux. -.PP -.SH "FILES" -.TP -\fI/etc/tinc/\fR -The top directory for configuration files. -.TP -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR -The default name of the configuration file for net -\fBnn\fR. -.TP -\fI/etc/tinc/\fBnn\fI/passphrases/\fR -Passphrases are kept in this directory. (See the section -\fBPASSPHRASES\fR above). -.PP -.SH "SEE ALSO" -\fBtincd\fR(8), \fBgenauth\fR(8) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.PP -The full documentation for -.B tinc -is maintained as a Texinfo manual. If the -.B info -and -.B tinc -programs are properly installed at your site, the command -.IP -.B info tinc -.PP -should give you access to the complete manual. -.PP -tinc comes with ABSOLUTELY NO WARRANTY. This is free software, -and you are welcome to redistribute it under certain conditions; -see the file COPYING for details. diff --git a/doc/tincd.conf.sample b/doc/tincd.conf.sample deleted file mode 100644 index df005fb7..00000000 --- a/doc/tincd.conf.sample +++ /dev/null @@ -1,40 +0,0 @@ -# Sample tinc configuration file - -# This is a comment. -# Lines can have a maximum of 80 characters. -# Spaces and tabs are eliminated. -# The = sign isn't strictly necessary any longer, though you may want -# to leave it in as it improves readability :) -# Variable names are treated case insensitive. - -# The internet host to connect with -# comment these out to make yourself a listen-only connection -# You may use an IP address or its FQDN. -ConnectTo = 1.2.3.4 - -# Connect to which port of the `ConnectTo' host - -# It is advised that you only connect to ports that are < 1024, -# because some malicious (non-root) user may run a fake tincd on ports -# above 1024. -# The default port is 655, the port that has been assigned to tinc -# by the IANA. If you want tincd to listen on any other port than 655, -# you can use ListenPort for the `server', and ConnectPort for the -# `client'. - -# You may use the prefixes 0x or 0 to denote a hexadecimal or octal -# number respectively. -ConnectPort = 0x300 - -# Listen on which port -ListenPort = 200 - -# My own VPN IP -# You may use the /nn notation to indicate the number of bits used for -# the mask, /8 is equivalent to the netmask 255.0.0.0 (the first 8 -# bits are set to 1). -MyOwnVPNIP = 10.x.x.x/8 - -# Which local file? -# Default is /dev/tap0 -TapDevice = /dev/tap1 diff --git a/redhat/tinc.spec b/redhat/tinc.spec index 376599df..24bdde48 100644 --- a/redhat/tinc.spec +++ b/redhat/tinc.spec @@ -83,7 +83,7 @@ grep -q '^tinc[[:space:]]' /etc/services || patch -s /etc/services << END hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS hmmp-ind 612/udp dqs313_intercell# HMMP Indication / DQS + tinc 655/tcp TINC # tinc vpn -+ tinc 655/udp TINC # tinc.nl.linux.org ++ tinc 655/udp TINC # http://tinc.nl.linux.org/ # # UNIX specific services END @@ -101,13 +101,13 @@ END %postun %files -%doc AUTHORS ChangeLog NEWS README THANKS *.html doc/tincd.conf.sample +%doc AUTHORS ChangeLog NEWS README THANKS *.html doc/tinc.conf.sample %config /etc/tinc/ /etc/rc.d/init.d/tinc /usr/sbin/genauth /usr/sbin/tincd /usr/lib/tinc/ -/usr/man/man5/tincd.conf.5 +/usr/man/man5/tinc.conf.5 /usr/man/man8/genauth.8 /usr/man/man8/tincd.8 /usr/info/tinc.info.gz