3 .\" Manual page created by:
5 .\" Guus Sliepen <guus@tinc-vpn.org>
12 .Op Fl -config Ns = Ns Ar DIR
14 .Op Fl -debug Ns Op = Ns Ar LEVEL
15 .Op Fl -net Ns = Ns Ar NETNAME
17 .Op Fl -logfile Ns Op = Ns Ar FILE
18 .Op Fl -bypass-security
22 This is the daemon of tinc, a secure virtual private network (VPN) project.
25 will read it's configuration file to determine what virtual subnets it has to serve
26 and to what other tinc daemons it should connect.
27 It will connect to the ethertap or tun/tap device
28 and set up a socket for incoming connections.
29 Optionally a script will be executed to further configure the virtual device.
31 it will detach from the controlling terminal and continue in the background,
32 accepting and setting up connections to other tinc daemons
33 that are part of the virtual private network.
34 Under Windows (not Cygwin) tinc will install itself as a service,
35 which will be restarted automatically after reboots.
37 .Bl -tag -width indent
38 .It Fl c, -config Ns = Ns Ar DIR
39 Read configuration files from
42 .Pa @sysconfdir@/tinc/ .
44 Don't fork and detach.
45 This will also disable the automatic restart mechanism for fatal errors.
46 If not mentioned otherwise, this will show log messages on the standard error output.
47 .It Fl d, -debug Ns Op = Ns Ar LEVEL
48 Increase debug level or set it to
51 .It Fl n, -net Ns = Ns Ar NETNAME
55 Lock tinc into main memory.
56 This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
57 .It Fl -logfile Ns Op = Ns Ar FILE
58 Write log entries to a file instead of to the system logging facility.
61 is omitted, the default is
62 .Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
63 .It Fl -controlsocket Ns = Ns Ar FILENAME
64 Open control socket at
68 is omitted, the default is
69 .Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .control.
70 .It Fl -bypass-security
71 Disables encryption and authentication of the meta protocol.
72 Only useful for debugging.
74 Display short list of options.
76 Output version information and exit.
79 .Bl -tag -width indent
83 to try to connect to all uplinks immediately.
86 attempts to do this itself,
87 but increases the time it waits between the attempts each time it failed,
90 didn't succeed to connect to an uplink the first time after it started,
91 it defaults to the maximum time of 15 minutes.
93 Partially rereads configuration files.
94 Connections to hosts whose host config file are removed are closed.
95 New outgoing connections specified in
99 Temporarily increases debug level to 5.
100 Send this signal again to revert to the original level.
102 Dumps the connection list to syslog.
104 Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.
106 Purges all information remembered about unreachable nodes.
109 The tinc daemon can send a lot of messages to the syslog.
110 The higher the debug level,
111 the more messages it will log.
112 Each level inherits all messages of the previous level:
113 .Bl -tag -width indent
115 This will log a message indicating
117 has started along with a version number.
118 It will also log any serious error.
120 This will log all connections that are made with other tinc daemons.
122 This will log status and error messages from scripts and other tinc daemons.
124 This will log all requests that are exchanged with other tinc daemons. These include
125 authentication, key exchange and connection list updates.
127 This will log a copy of everything received on the meta socket.
129 This will log all network traffic over the virtual private network.
132 .Bl -tag -width indent
133 .It Pa @sysconfdir@/tinc/
134 Directory containing the configuration files tinc uses.
135 For more information, see
137 .It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid
138 The PID of the currently running
140 is stored in this file.
145 option may not work correctly.
147 .Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
149 If you find any bugs, report them to tinc@tinc-vpn.org.
151 A lot, especially security auditing.
155 .Pa http://www.tinc-vpn.org/ ,
156 .Pa http://www.cabal.org/ .
158 The full documentation for tinc is maintained as a Texinfo manual.
159 If the info and tinc programs are properly installed at your site,
162 should give you access to the complete manual.
164 tinc comes with ABSOLUTELY NO WARRANTY.
165 This is free software, and you are welcome to redistribute it under certain conditions;
166 see the file COPYING for details.
169 .An "Guus Sliepen" Aq guus@tinc-vpn.org
171 And thanks to many others for their contributions to tinc!