TINC.CONF(5)                                         BSD File Formats Manual                                        TINC.CONF(5)

     tinc.conf — tinc daemon configuration

     The files in the /etc/tinc/ directory contain runtime and security information for the tinc daemon.

     To distinguish multiple instances of tinc running on one computer, you can use the -n option to assign a network name to
     each tinc daemon.

     The effect of this option is that the daemon will set its configuration root to /etc/tinc/NETNAME/, where NETNAME is your
     argument to the -n option.  You'll notice that messages appear in syslog as coming from tincd.NETNAME, and on Linux, unless
     specified otherwise, the name of the virtual network interface will be the same as the network name.

     It is recommended that you use network names even if you run only one instance of tinc.  However, you can choose not to use
     the -n option.  In this case, the network name would just be empty, and tinc now looks for files in /etc/tinc/, instead of
     /etc/tinc/NETNAME/; the configuration file should be /etc/tinc/tinc.conf, and the host configuration files are now expected
     to be in /etc/tinc/hosts/.

     Each tinc daemon must have a name that is unique in the network which it will be part of.  The name will be used by other
     tinc daemons for identification.  The name has to be declared in the /etc/tinc/NETNAME/tinc.conf file.

     To make things easy, choose something that will give unique and easy to remember names to your tinc daemon(s).  You could
     try things like hostnames, owner surnames or location names.  However, you are only allowed to use alphanumerical charac‐
     ters (a-z, A-Z, and 0-9) and underscores (_) in the name.
     If you have not configured tinc yet, you can easily create a basic configuration using the following command:

           tinc -n NETNAME init NAME

     You can further change the configuration as needed either by manually editing the configuration files, or by using tinc(8).
     The tinc init command will have generated both RSA and Ed25519 public/private keypairs.  The private keys should be stored
     in files named rsa_key.priv and ed25519_key.priv in the directory /etc/tinc/NETNAME/ The public keys should be stored in
     the host configuration file /etc/tinc/NETNAME/hosts/NAME.  The RSA keys are used for backwards compatibility with tinc ver‐
     sion 1.0.  If you are upgrading from version 1.0 to 1.1, you can keep the old configuration files, but you will need to
     create Ed25519 keys using the following command:

           tinc -n NETNAME generate-ed25519-keys
     The server configuration of the daemon is done in the file /etc/tinc/NETNAME/tinc.conf.  This file consists of comments
     (lines started with a #) or assignments in the form of:

     Variable = Value.

     The variable names are case insensitive, and any spaces, tabs, newlines and carriage returns are ignored.  Note: it is not
     required that you put in the = sign, but doing so improves readability.  If you leave it out, remember to replace it with
     at least one space character.

     The server configuration is complemented with host specific configuration (see the next section).  Although all configura‐
     tion options for the local host listed in this document can also be put in /etc/tinc/NETNAME/tinc.conf, it is recommended
     to put host specific configuration options in the host configuration file, as this makes it easy to exchange with other

     You can edit the config file manually, but it is recommended that you use tinc(8) to change configuration variables for

     Here are all valid variables, listed in alphabetical order.  The default value is given between parentheses.

     AddressFamily = ipv4 | ipv6 | any (any)
             This option affects the address family of listening and outgoing sockets.  If "any" is selected, then depending on
             the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created.