@node Controlling tinc
@chapter Controlling tinc
+@cindex command line interface
You can start, stop, control and inspect a running tincd through the tinc
command. A quick example:
tinc -n @var{netname} reload
@end example
+@cindex shell
If tinc is started without a command, it will act as a shell; it will display a
prompt, and commands can be entered on the prompt. If tinc is compiled with
libreadline, history and command completion are available on the prompt. One
@c from the manpage
@table @code
+@cindex init
@item init [@var{name}]
Create initial configuration files and RSA and ECDSA keypairs with default length.
If no @var{name} for this node is given, it will be asked for.
+@cindex get
@item get @var{variable}
Print the current value of configuration variable @var{variable}.
If more than one variable with the same name exists,
the value of each of them will be printed on a separate line.
+@cindex set
@item set @var{variable} @var{value}
Set configuration variable @var{variable} to the given @var{value}.
All previously existing configuration variables with the same name are removed.
To set a variable for a specific host, use the notation @var{host}.@var{variable}.
+@cindex add
@item add @var{variable} @var{value}
As above, but without removing any previously existing configuration variables.
+@cindex del
@item del @var{variable} [@var{value}]
Remove configuration variables with the same name and @var{value}.
If no @var{value} is given, all configuration variables with the same name will be removed.
+@cindex edit
@item edit @var{filename}
Start an editor for the given configuration file.
You do not need to specify the full path to the file.
+@cindex export
@item export
Export the host configuration file of the local node to standard output.
+@cindex export-all
@item export-all
Export all host configuration files to standard output.
+@cindex import
@item import [--force]
Import host configuration file(s) generated by the tinc export command from standard input.
Already existing host configuration files are not overwritten unless the option --force is used.
+@cindex exchange
@item exchange [--force]
The same as export followed by import.
+@cindex exchange-all
@item exchange-all [--force]
The same as export-all followed by import.
+@cindex invite
@item invite @var{name}
Prepares an invitation for a new node with the given @var{name},
and prints a short invitation URL that can be used with the join command.
+@cindex join
@item join [@var{URL}]
Join an existing VPN using an invitation URL created using the invite command.
If no @var{URL} is given, it will be read from standard input.
+@cindex start
@item start [tincd options]
Start @samp{tincd}, optionally with the given extra options.
+@cindex stop
@item stop
Stop @samp{tincd}.
+@cindex restart
@item restart [tincd options]
Restart @samp{tincd}, optionally with the given extra options.
+@cindex reload
@item reload
Partially rereads configuration files. Connections to hosts whose host
config files are removed are closed. New outgoing connections specified
in @file{tinc.conf} will be made.
+@cindex pid
@item pid
Shows the PID of the currently running @samp{tincd}.
+@cindex generate-keys
@item generate-keys [@var{bits}]
Generate both RSA and ECDSA keypairs (see below) and exit.
tinc will ask where you want to store the files, but will default to the
configuration directory (you can use the -c or -n option).
+@cindex generate-ecdsa-keys
@item generate-ecdsa-keys
Generate public/private ECDSA keypair and exit.
+@cindex generate-rsa-keys
@item generate-rsa-keys [@var{bits}]
Generate public/private RSA keypair and exit. If @var{bits} is omitted, the
default length will be 2048 bits. When saving keys to existing files, tinc
will not delete the old keys; you have to remove them manually.
+@cindex dump
@item dump [reachable] nodes
Dump a list of all known nodes in the VPN.
If the reachable keyword is used, only lists reachable nodes.
@item dump connections
Dump a list of all meta connections with ourself.
+@cindex graph
@item dump graph | digraph
Dump a graph of the VPN in dotty format.
Nodes are colored according to their reachability:
red nodes are unreachable, orange nodes are indirectly reachable, green nodes are directly reachable.
Black nodes are either directly or indirectly reachable, but direct reachability has not been tried yet.
+@cindex info
@item info @var{node} | @var{subnet} | @var{address}
Show information about a particular @var{node}, @var{subnet} or @var{address}.
If an @var{address} is given, any matching subnet will be shown.
+@cindex purge
@item purge
Purges all information remembered about unreachable nodes.
+@cindex debug
@item debug @var{level}
Sets debug level to @var{level}.
+@cindex log
@item log [@var{level}]
Capture log messages from a running tinc daemon.
An optional debug level can be given that will be applied only for log messages sent to tinc.
+@cindex retry
@item retry
Forces tinc to try to connect to all uplinks immediately.
Usually tinc attempts to do this itself,
and if tinc didn't succeed to connect to an uplink the first time after it started,
it defaults to the maximum time of 15 minutes.
+@cindex disconnect
@item disconnect @var{node}
Closes the meta connection with the given @var{node}.
+@cindex top
@item top
If tinc is compiled with libcurses support, this will display live traffic statistics for all the known nodes,
similar to the UNIX top command.
See below for more information.
+@cindex pcap
@item pcap
Dump VPN traffic going through the local tinc node in pcap-savefile format to standard output,
from where it can be redirected to a file or piped through a program that can parse it directly,
@node tinc top
@section tinc top
+@cindex top
The top command connects to a running tinc daemon and repeatedly queries its per-node traffic counters.
It displays a list of all the known nodes in the left-most column,
and the amount of bytes and packets read from and sent to each node in the other columns.