From b5b38381c643632aa88c677236cace8c60e8344e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 9 Apr 2002 16:11:48 +0000 Subject: [PATCH] Last bits (hopefully) --- doc/Makefile.am | 4 +- doc/Makefile.maint | 3 + doc/tincd.8 | 174 +++++++++++++++++++++++++++++++++++++++++++++ m4/Makefile.am | 15 ---- 4 files changed, 179 insertions(+), 17 deletions(-) create mode 100644 doc/tincd.8 delete mode 100644 m4/Makefile.am diff --git a/doc/Makefile.am b/doc/Makefile.am index 9f3f7ebd..b62feb7e 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -7,14 +7,14 @@ info_TEXINFOS = tinc.texi dyn_MANS = man_aux = $(dyn_MANS:.8=.x) -man_MANS = tincd.8 tinc.conf.5 genauth.8 $(dyn_MANS) +man_MANS = tincd.8 tinc.conf.5 $(dyn_MANS) PERL = @PERL@ HELP2MAN = help2man MAINTAINERCLEANFILES = $(dyn_MANS) EXTRA_DIST = $(man_MANS) $(HELP2MAN) $(man_aux) \ - Makefile.maint GNUmakefile Makefile.summ tinc.conf.sample + Makefile.maint GNUmakefile Makefile.summ sample-config.tar.gz # Use `ginstall' in the definition of man_MANS to avoid # confusion with the `install' target. The install rule transforms `ginstall' diff --git a/doc/Makefile.maint b/doc/Makefile.maint index e620be4a..75804f0a 100644 --- a/doc/Makefile.maint +++ b/doc/Makefile.maint @@ -33,3 +33,6 @@ $(dyn_MANS): %.8: %.x $(HELP2MAN) echo "WARNING: The man page $@ cannot be updated yet."; \ echo " Retry once the corresponding executable is built."; \ fi + +sample-config.tar.gz: + GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz sample-config diff --git a/doc/tincd.8 b/doc/tincd.8 new file mode 100644 index 00000000..831bbb1d --- /dev/null +++ b/doc/tincd.8 @@ -0,0 +1,174 @@ +.Dd 2002-03-25 +.Dt TINCD 8 +.\" Manual page created by: +.\" Ivo Timmermans +.\" Guus Sliepen +.Sh NAME +.Nm tincd +.Nd tinc VPN daemon +.Sh SYNOPSIS +.Nm +.Op Fl cdDkKn +.Op Fl -bypass-security +.Op Fl -config Ns = Ns Ar DIR +.Op Fl -debug Ns = Ns Ar LEVEL +.Op Fl -generate-keys Ns Op = Ns Ar BITS +.Op Fl -help +.Op Fl -kill Ns = Ns Ar SIGNAL +.Op Fl -net Ns = Ns Ar NETNAME +.Op Fl -no-detach +.Op Fl -version +.Sh DESCRIPTION +This is the daemon of tinc, a secure virtual private network (VPN) project. +When started, +.Nm +will read it's configuration file to determine what virtual subnets it has to serve +and to what other tinc daemons it should connect. +It will connect to the ethertap or tun/tap device +and set up a socket for incoming connections. +Optionally a script will be executed to further configure the virtual device. +If that succeeds, +it will detach from the controlling terminal and continue in the background, +accepting and setting up connections to other tinc daemons +that are part of the virtual private network. +.Sh OPTIONS +.Bl -tag -width indent +.It Fl -bypass-security +Disables encryption and authentication. +Only useful for debugging. +.It Fl c, -config Ns = Ns Ar DIR +Read configuration options from +.Ar DIR . +.It Fl d, -debug Ns Op = Ns Ar LEVEL +Increase debug level or set it to +.Ar LEVEL +(see below). +.It Fl K, -generate-keys Ns Op = Ns Ar BITS +Generate public/private RSA keypair and exit. +If +.Ar BITS +is omitted, the default length will be 1024 bits. +.It Fl -help +Display short list of options. +.It Fl k, -kill Ns Op = Ns Ar SIGNAL +Attempt to kill a running +.Nm +(optionally with the specified +.Ar SIGNAL +instead of SIGTERM) and exit. +.It Fl n, -net Ns = Ns Ar NETNAME +Connect to net +.Ar NETNAME . +.It Fl D, -no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. +.It Fl -version +Output version information and exit. +.El +.Sh SIGNALS +.Bl -tag -width indent +.It ALRM +Forces +.Nm +to try to connect to all uplinks immediately. +Usually +.Nm +attempts to do this itself, +but increases the time it waits between the attempts each time it failed, +and if +.Nm +didn't succeed to connect to an uplink the first time after it started, +it defaults to the maximum time of 15 minutes. +.It HUP +Closes all connections, rereads the configuration file and restarts the daemon. +.It INT +Temporarily increases debug level to 5. +Send this signal again to revert to the original level. +.It USR1 +Dumps the connection list to syslog. +.It USR2 +Dumps virtual network device statistics, all known nodes, edges and subnets to syslog. +.It WINCH +Purges all information remembered about unreachable nodes. +.El +.Sh DEBUG LEVELS +The tinc daemon can send a lot of messages to the syslog. +The higher the debug level, +the more messages it will log. +Each level inherits all messages of the previous level: +.Bl -tag -width indent +.It 0 +This will log a message indicating +.Nm +has started along with a version number. +It will also any serious error. +.It 1 +This will log all connections that are made with other tinc daemons. +.It 2 +This will log status and error messages from other tinc daemons. +.It 3 +This will log all requests that are exchanged with other tinc daemons. These include +authentication, key exchange and connection list updates. +.It 4 +This will log a copy of everything received on the meta socket. +.It 5 +This will log all network traffic over the virtual private network. +.El +.Sh FILES +.Bl -tag -width indent +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +The configuration file for +.Nm . +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +Script which is executed as soon as the virtual network device has been allocated. +Purpose is to further configure that device. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +Script which is executed when +.Nm +exits. +Purpose is to cleanly shut down the virtual network device before it will be deallocated. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/* +The directory containing the host configuration files +used to authenticate other tinc daemons. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up +Script which is executed as soon as host +.Ar NAME +becomes reachable. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down +Script which is executed as soon as host +.Ar NAME +becomes unreachable. +.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid +The PID of the currently running +.Nm +is stored in this file. +.El +.Sh BUGS +The +.Va BindToInterface +option may not work correctly. +.Pp +.Sy The cryptography in tinc is not well tested yet. Use it at your own risk! +.Pp +If you find any bugs, report them to tinc@nl.linux.org. +.Sh TODO +A lot, especially security auditing. +.Sh SEE ALSO +.Xr tinc.conf 5 , +.Pa http://tinc.nl.linux.org/ , +.Pa http://www.cabal.org/ . +.Pp +The full documentation for tinc is maintained as a Texinfo manual. +If the info and tinc programs are properly installed at your site, +the command +.Ic info tinc +should give you access to the complete manual. +.Pp +tinc comes with ABSOLUTELY NO WARRANTY. +This is free software, and you are welcome to redistribute it under certain conditions; +see the file COPYING for details. +.Sh AUTHORS +.An "Ivo Timmermans" Aq itimmermans@bigfoot.com +.An "Guus Sliepen" Aq guus@sliepen.warande.net +.Pp +And thanks to many others for their contributions to tinc! diff --git a/m4/Makefile.am b/m4/Makefile.am deleted file mode 100644 index b0028d74..00000000 --- a/m4/Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ -## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.3 2002/04/09 15:48:54 zarq Exp $ - -noinst_LIBRARIES = libvpn.a - -INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -I$(top_srcdir)/intl - -libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c - -libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ -libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) - -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h - -EXTRA_DIST = README -- 2.39.5