-This option controls the time the encryption keys used to encrypt the
-data are valid. It is common practice to change keys at regular
-intervals to make it even harder for crackers, even though it is thought
-to be nearly impossible to crack a single key.
+This option controls the time the encryption keys used to encrypt the data
+are valid. It is common practice to change keys at regular intervals to
+make it even harder for crackers, even though it is thought to be nearly
+impossible to crack a single key.
+
+@item ListenPort = <port> (655)
+Listen on local port port. The computer connecting to this daemon should
+use this number as the argument for his ConnectPort.
+
+@item MyOwnVPNIP = <local address[/maskbits]> (required)
+The local address is the number that the daemon will propagate to
+other daemons on the network when it is identifying itself. Hence this
+will be the file name of the passphrase file that the other end expects
+to find the passphrase in.
+
+The local address is the IP address of the tap device, not the real IP
+address of the host running tincd. Due to changes in recent kernels, it
+is also necessary that you make the ethernet (also known as MAC) address
+equal to the IP address (see the example).
+
+maskbits is the number of bits set to 1 in the netmask part.
+
+@item MyVirtualIP = <local address[/maskbits]>
+This is an alias for MyOwnVPNIP.