3 .\" Manual page created by:
5 .\" Guus Sliepen <guus@tinc-vpn.org>
12 .Op Fl -config Ns = Ns Ar DIR
14 .Op Fl -debug Ns Op = Ns Ar LEVEL
15 .Op Fl -net Ns = Ns Ar NETNAME
16 .Op Fl -option Ns = Ns Ar [HOST.]KEY=VALUE
18 .Op Fl -logfile Ns Op = Ns Ar FILE
19 .Op Fl -bypass-security
21 .Op Fl -user Ns = Ns Ar USER
25 This is the daemon of tinc, a secure virtual private network (VPN) project.
28 will read it's configuration file to determine what virtual subnets it has to serve
29 and to what other tinc daemons it should connect.
30 It will connect to the ethertap or tun/tap device
31 and set up a socket for incoming connections.
32 Optionally a script will be executed to further configure the virtual device.
34 it will detach from the controlling terminal and continue in the background,
35 accepting and setting up connections to other tinc daemons
36 that are part of the virtual private network.
37 Under Windows (not Cygwin) tinc will install itself as a service,
38 which will be restarted automatically after reboots.
40 .Bl -tag -width indent
41 .It Fl c, -config Ns = Ns Ar DIR
42 Read configuration files from
45 .Pa @sysconfdir@/tinc/ .
47 Don't fork and detach.
48 This will also disable the automatic restart mechanism for fatal errors.
49 If not mentioned otherwise, this will show log messages on the standard error output.
50 .It Fl d, -debug Ns Op = Ns Ar LEVEL
51 Increase debug level or set it to
54 .It Fl n, -net Ns = Ns Ar NETNAME
57 This will let tinc read all configuration files from
58 .Pa @sysconfdir@/tinc/ Ar NETNAME .
63 is the same as not specifying any
65 .It Fl o, -option Ns = Ns Ar [HOST.]KEY=VALUE
68 this will set server configuration variable
74 this will set the host configuration variable
80 This option can be used more than once to specify multiple configuration variables.
82 Lock tinc into main memory.
83 This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
84 .It Fl -logfile Ns Op = Ns Ar FILE
85 Write log entries to a file instead of to the system logging facility.
88 is omitted, the default is
89 .Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
90 .It Fl -pidfile Ns = Ns Ar FILENAME
98 is omitted, the default is
99 .Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid.
100 .It Fl -bypass-security
101 Disables encryption and authentication of the meta protocol.
102 Only useful for debugging.
104 With this option tinc chroots into the directory where network
105 config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
106 or to the directory specified with -c option) after initialization.
107 .It Fl U, -user Ns = Ns Ar USER
108 setuid to the specified
110 after initialization.
112 Display short list of options.
114 Output version information and exit.
117 .Bl -tag -width indent
121 to try to connect to all uplinks immediately.
124 attempts to do this itself,
125 but increases the time it waits between the attempts each time it failed,
128 didn't succeed to connect to an uplink the first time after it started,
129 it defaults to the maximum time of 15 minutes.
131 Partially rereads configuration files.
132 Connections to hosts whose host config file are removed are closed.
133 New outgoing connections specified in
138 option is used, this will also close and reopen the log file,
139 useful when log rotation is used.
142 The tinc daemon can send a lot of messages to the syslog.
143 The higher the debug level,
144 the more messages it will log.
145 Each level inherits all messages of the previous level:
146 .Bl -tag -width indent
148 This will log a message indicating
150 has started along with a version number.
151 It will also log any serious error.
153 This will log all connections that are made with other tinc daemons.
155 This will log status and error messages from scripts and other tinc daemons.
157 This will log all requests that are exchanged with other tinc daemons. These include
158 authentication, key exchange and connection list updates.
160 This will log a copy of everything received on the meta socket.
162 This will log all network traffic over the virtual private network.
165 .Bl -tag -width indent
166 .It Pa @sysconfdir@/tinc/
167 Directory containing the configuration files tinc uses.
168 For more information, see
170 .It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid
171 The PID of the currently running
173 is stored in this file.
178 option may not work correctly.
180 .Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
182 If you find any bugs, report them to tinc@tinc-vpn.org.
184 A lot, especially security auditing.
188 .Pa http://www.tinc-vpn.org/ ,
189 .Pa http://www.cabal.org/ .
191 The full documentation for tinc is maintained as a Texinfo manual.
192 If the info and tinc programs are properly installed at your site,
195 should give you access to the complete manual.
197 tinc comes with ABSOLUTELY NO WARRANTY.
198 This is free software, and you are welcome to redistribute it under certain conditions;
199 see the file COPYING for details.
202 .An "Guus Sliepen" Aq guus@tinc-vpn.org
204 And thanks to many others for their contributions to tinc!