README 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. This is the README file for tinc version 1.0.36. Installation
  2. instructions may be found in the INSTALL file.
  3. tinc is Copyright (C) 1998-2019 by:
  4. Ivo Timmermans,
  5. Guus Sliepen <guus@tinc-vpn.org>,
  6. and others.
  7. For a complete list of authors see the AUTHORS file.
  8. This program is free software; you can redistribute it and/or modify
  9. it under the terms of the GNU General Public License as published by
  10. the Free Software Foundation; either version 2 of the License, or (at
  11. your option) any later version. See the file COPYING for more details.
  12. Security statement
  13. ------------------
  14. In August 2000, we discovered the existence of a security hole in all versions
  15. of tinc up to and including 1.0pre2. This had to do with the way we exchanged
  16. keys. Since then, we have been working on a new authentication scheme to make
  17. tinc as secure as possible. The current version uses the OpenSSL library and
  18. uses strong authentication with RSA keys.
  19. On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
  20. 1.0pre4. Due to a lack of sequence numbers and a message authentication code
  21. for each packet, an attacker could possibly disrupt certain network services or
  22. launch a denial of service attack by replaying intercepted packets. The current
  23. version adds sequence numbers and message authentication codes to prevent such
  24. attacks.
  25. On September the 15th of 2003, Peter Gutmann contacted us and showed us a
  26. writeup describing various security issues in several VPN daemons. He showed
  27. that tinc lacks perfect forward security, the connection authentication could
  28. be done more properly, that the sequence number we use as an IV is not the best
  29. practice and that the default length of the HMAC for packets is too short in
  30. his opinion. We do not know of a way to exploit these weaknesses, but these
  31. issues are being addressed in the tinc 1.1 branch.
  32. The Sweet32 attack affects versions of tinc prior to 1.0.30.
  33. On September 6th, 2018, Michael Yonly contacted us and provided
  34. proof-of-concept code that allowed a remote attacker to create an
  35. authenticated, one-way connection with a node, and also that there was a
  36. possibility for a man-in-the-middle to force UDP packets from a node to be sent
  37. in plaintext. The first issue was trivial to exploit on tinc versions prior to
  38. 1.0.30, but the changes in 1.0.30 to mitigate the Sweet32 attack made this
  39. weakness much harder to exploit. These issues have been fixed in tinc 1.0.35.
  40. The new protocol in the tinc 1.1 branch is not susceptible to these issues.
  41. Cryptography is a hard thing to get right. We cannot make any
  42. guarantees. Time, review and feedback are the only things that can
  43. prove the security of any cryptographic product. If you wish to review
  44. tinc or give us feedback, you are strongly encouraged to do so.
  45. Compatibility
  46. -------------
  47. Version 1.0.35 is compatible with 1.0pre8, 1.0 and later, but not with older
  48. versions of tinc. Note that since version 1.0.30, tinc requires all nodes in
  49. the VPN to be compiled with a version of LibreSSL or OpenSSL that supports the
  50. AES256 and SHA256 algorithms.
  51. Requirements
  52. ------------
  53. The OpenSSL library is used for all cryptographic functions. You can find it at
  54. https://www.openssl.org/. You will need version 1.1.0 or later with support for
  55. AES256 and SHA256 enabled. If this library is not installed on your system, the
  56. configure script will fail. The manual in doc/tinc.texi contains more detailed
  57. information on how to install this library. Alternatively, you may also use the
  58. LibreSSL library.
  59. The zlib library is used for optional compression. You can
  60. find it at https://zlib.net/. Because of a possible exploit in
  61. earlier versions we recommend that you download version 1.1.4 or later.
  62. The LZO library is also used for optional compression. You can
  63. find it at https://www.oberhumer.com/opensource/lzo/.
  64. In order to compile tinc, you will need a C99 compliant compiler.
  65. Features
  66. --------
  67. This version of tinc supports multiple virtual networks at once. To
  68. use this feature, you may supply a netname via the -n or --net
  69. options. The standard locations for the config files will then be
  70. /etc/tinc/<net>/.
  71. tincd regenerates its encryption key pairs. It does this on the first
  72. activity after the keys have expired. This period is adjustable in the
  73. configuration file, and the default time is 3600 seconds (one hour).
  74. This version supports multiple subnets at once. They are also sorted
  75. on subnet mask size. This means that it is possible to have
  76. overlapping subnets on the VPN, as long as their subnet mask sizes
  77. differ.
  78. Since pre5, tinc can operate in several routing modes. The default mode,
  79. "router", works exactly like the older version, and uses Subnet lines to
  80. determine the destination of packets. The other two modes, "switch" and "hub",
  81. allow the tinc daemons to work together like a single network switch or hub.
  82. This is useful for bridging networks. The latter modes only work properly on
  83. Linux, FreeBSD and Windows.
  84. The algorithms used for encryption and generating message authentication codes
  85. can now be changed in the configuration files. All cipher and digest algorithms
  86. supported by OpenSSL can be used. Useful ciphers are "blowfish" (default),
  87. "bf-ofb", "des", "des3", et cetera. Useful digests are "sha1" (default), "md5",
  88. et cetera.
  89. Support for routing IPv6 packets has been added. Just add Subnet lines with
  90. IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from
  91. the iproute package) to give the virtual network interface corresponding IPv6
  92. addresses. tinc does not provide autoconfiguration for IPv6 hosts. Consider
  93. using radvd or zebra if you need it.
  94. It is also possible to make tunnels to other tinc daemons over IPv6 networks,
  95. if the operating system supports IPv6. tinc will automatically use both IPv6
  96. and IPv4 when available, but this can be changed by adding the option
  97. "AddressFamily = ipv4" or "AddressFamily = ipv6" to the tinc.conf file.
  98. Normally, when started tinc will detach and run in the background. In a native
  99. Windows environment this means tinc will install itself as a service, which will
  100. restart after reboots. To prevent tinc from detaching or running as a service,
  101. use the -D option.