TINC.CONF(5) BSD File Formats Manual TINC.CONF(5) NAME tinc.conf — tinc daemon configuration DESCRIPTION The files in the /etc/tinc/ directory contain runtime and security information for the tinc daemon. NETWORKS To distinguish multiple instances of tinc running on one computer, you can use the -n option to assign a network name to each tinc daemon. The effect of this option is that the daemon will set its configuration root to /etc/tinc/NETNAME/, where NETNAME is your argument to the -n option. You'll notice that messages appear in syslog as coming from tincd.NETNAME, and on Linux, unless specified otherwise, the name of the virtual network interface will be the same as the network name. It is recommended that you use network names even if you run only one instance of tinc. However, you can choose not to use the -n option. In this case, the network name would just be empty, and tinc now looks for files in /etc/tinc/, instead of /etc/tinc/NETNAME/; the configuration file should be /etc/tinc/tinc.conf, and the host configuration files are now expected to be in /etc/tinc/hosts/. NAMES Each tinc daemon must have a name that is unique in the network which it will be part of. The name will be used by other tinc daemons for identification. The name has to be declared in the /etc/tinc/NETNAME/tinc.conf file. To make things easy, choose something that will give unique and easy to remember names to your tinc daemon(s). You could try things like hostnames, owner surnames or location names. However, you are only allowed to use alphanumerical charac‐ ters (a-z, A-Z, and 0-9) and underscores (_) in the name. If you have not configured tinc yet, you can easily create a basic configuration using the following command: tinc -n NETNAME init NAME You can further change the configuration as needed either by manually editing the configuration files, or by using tinc(8). The tinc init command will have generated both RSA and Ed25519 public/private keypairs. The private keys should be stored in files named rsa_key.priv and ed25519_key.priv in the directory /etc/tinc/NETNAME/ The public keys should be stored in the host configuration file /etc/tinc/NETNAME/hosts/NAME. The RSA keys are used for backwards compatibility with tinc ver‐ sion 1.0. If you are upgrading from version 1.0 to 1.1, you can keep the old configuration files, but you will need to create Ed25519 keys using the following command: tinc -n NETNAME generate-ed25519-keys The server configuration of the daemon is done in the file /etc/tinc/NETNAME/tinc.conf. This file consists of comments (lines started with a #) or assignments in the form of: Variable = Value. The variable names are case insensitive, and any spaces, tabs, newlines and carriage returns are ignored. Note: it is not required that you put in the = sign, but doing so improves readability. If you leave it out, remember to replace it with at least one space character. The server configuration is complemented with host specific configuration (see the next section). Although all configura‐ tion options for the local host listed in this document can also be put in /etc/tinc/NETNAME/tinc.conf, it is recommended to put host specific configuration options in the host configuration file, as this makes it easy to exchange with other nodes. You can edit the config file manually, but it is recommended that you use tinc(8) to change configuration variables for you. Here are all valid variables, listed in alphabetical order. The default value is given between parentheses. AddressFamily = ipv4 | ipv6 | any (any) This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created.